Don't rewrite non-gitea public keys (#906)
* don't rewrite non-gitea public keys * add comment for public key
This commit is contained in:
parent
341b3a0349
commit
ef13bbaf7d
|
@ -90,6 +90,8 @@ var migrations = []Migration{
|
|||
NewMigration("generate and migrate Git hooks", generateAndMigrateGitHooks),
|
||||
// v20 -> v21
|
||||
NewMigration("use new avatar path name for security reason", useNewNameAvatars),
|
||||
// v21 -> v22
|
||||
NewMigration("rewrite authorized_keys file via new format", useNewPublickeyFormat),
|
||||
}
|
||||
|
||||
// Migrate database to current version
|
||||
|
|
53
models/migrations/v21.go
Normal file
53
models/migrations/v21.go
Normal file
|
@ -0,0 +1,53 @@
|
|||
// Copyright 2017 Gitea. All rights reserved.
|
||||
// Use of this source code is governed by a MIT-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package migrations
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"os"
|
||||
"path/filepath"
|
||||
|
||||
"code.gitea.io/gitea/modules/setting"
|
||||
|
||||
"github.com/go-xorm/xorm"
|
||||
)
|
||||
|
||||
const (
|
||||
tplCommentPrefix = `# gitea public key`
|
||||
tplPublicKey = tplCommentPrefix + "\n" + `command="%s serv key-%d --config='%s'",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty %s` + "\n"
|
||||
)
|
||||
|
||||
func useNewPublickeyFormat(x *xorm.Engine) error {
|
||||
fpath := filepath.Join(setting.SSH.RootPath, "authorized_keys")
|
||||
tmpPath := fpath + ".tmp"
|
||||
f, err := os.OpenFile(tmpPath, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0600)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
defer func() {
|
||||
f.Close()
|
||||
os.Remove(tmpPath)
|
||||
}()
|
||||
|
||||
type PublicKey struct {
|
||||
ID int64
|
||||
Content string
|
||||
}
|
||||
|
||||
err = x.Iterate(new(PublicKey), func(idx int, bean interface{}) (err error) {
|
||||
key := bean.(*PublicKey)
|
||||
_, err = f.WriteString(fmt.Sprintf(tplPublicKey, setting.AppPath, key.ID, setting.CustomConf, key.Content))
|
||||
return err
|
||||
})
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
f.Close()
|
||||
if err = os.Rename(tmpPath, fpath); err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
}
|
|
@ -5,6 +5,7 @@
|
|||
package models
|
||||
|
||||
import (
|
||||
"bufio"
|
||||
"encoding/base64"
|
||||
"encoding/binary"
|
||||
"errors"
|
||||
|
@ -28,7 +29,8 @@ import (
|
|||
)
|
||||
|
||||
const (
|
||||
tplPublicKey = `command="%s serv key-%d --config='%s'",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty %s` + "\n"
|
||||
tplCommentPrefix = `# gitea public key`
|
||||
tplPublicKey = tplCommentPrefix + "\n" + `command="%s serv key-%d --config='%s'",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty %s` + "\n"
|
||||
)
|
||||
|
||||
var sshOpLocker sync.Mutex
|
||||
|
@ -553,22 +555,46 @@ func RewriteAllPublicKeys() error {
|
|||
if err != nil {
|
||||
return err
|
||||
}
|
||||
defer os.Remove(tmpPath)
|
||||
defer func() {
|
||||
f.Close()
|
||||
os.Remove(tmpPath)
|
||||
}()
|
||||
|
||||
err = x.Iterate(new(PublicKey), func(idx int, bean interface{}) (err error) {
|
||||
_, err = f.WriteString((bean.(*PublicKey)).AuthorizedString())
|
||||
return err
|
||||
})
|
||||
f.Close()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if com.IsExist(fpath) {
|
||||
if err = os.Remove(fpath); err != nil {
|
||||
bakPath := fpath + fmt.Sprintf("_%d.gitea_bak", time.Now().Unix())
|
||||
if err = com.Copy(fpath, bakPath); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
p, err := os.Open(bakPath)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
defer p.Close()
|
||||
|
||||
scanner := bufio.NewScanner(p)
|
||||
for scanner.Scan() {
|
||||
line := scanner.Text()
|
||||
if strings.HasPrefix(line, tplCommentPrefix) {
|
||||
scanner.Scan()
|
||||
continue
|
||||
}
|
||||
_, err = f.WriteString(line + "\n")
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
f.Close()
|
||||
if err = os.Rename(tmpPath, fpath); err != nil {
|
||||
return err
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue