mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2024-12-22 12:54:53 -05:00
Don't rewrite non-gitea public keys (#906)
* don't rewrite non-gitea public keys * add comment for public key
This commit is contained in:
parent
341b3a0349
commit
ef13bbaf7d
3 changed files with 85 additions and 4 deletions
|
@ -90,6 +90,8 @@ var migrations = []Migration{
|
||||||
NewMigration("generate and migrate Git hooks", generateAndMigrateGitHooks),
|
NewMigration("generate and migrate Git hooks", generateAndMigrateGitHooks),
|
||||||
// v20 -> v21
|
// v20 -> v21
|
||||||
NewMigration("use new avatar path name for security reason", useNewNameAvatars),
|
NewMigration("use new avatar path name for security reason", useNewNameAvatars),
|
||||||
|
// v21 -> v22
|
||||||
|
NewMigration("rewrite authorized_keys file via new format", useNewPublickeyFormat),
|
||||||
}
|
}
|
||||||
|
|
||||||
// Migrate database to current version
|
// Migrate database to current version
|
||||||
|
|
53
models/migrations/v21.go
Normal file
53
models/migrations/v21.go
Normal file
|
@ -0,0 +1,53 @@
|
||||||
|
// Copyright 2017 Gitea. All rights reserved.
|
||||||
|
// Use of this source code is governed by a MIT-style
|
||||||
|
// license that can be found in the LICENSE file.
|
||||||
|
|
||||||
|
package migrations
|
||||||
|
|
||||||
|
import (
|
||||||
|
"fmt"
|
||||||
|
"os"
|
||||||
|
"path/filepath"
|
||||||
|
|
||||||
|
"code.gitea.io/gitea/modules/setting"
|
||||||
|
|
||||||
|
"github.com/go-xorm/xorm"
|
||||||
|
)
|
||||||
|
|
||||||
|
const (
|
||||||
|
tplCommentPrefix = `# gitea public key`
|
||||||
|
tplPublicKey = tplCommentPrefix + "\n" + `command="%s serv key-%d --config='%s'",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty %s` + "\n"
|
||||||
|
)
|
||||||
|
|
||||||
|
func useNewPublickeyFormat(x *xorm.Engine) error {
|
||||||
|
fpath := filepath.Join(setting.SSH.RootPath, "authorized_keys")
|
||||||
|
tmpPath := fpath + ".tmp"
|
||||||
|
f, err := os.OpenFile(tmpPath, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0600)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
defer func() {
|
||||||
|
f.Close()
|
||||||
|
os.Remove(tmpPath)
|
||||||
|
}()
|
||||||
|
|
||||||
|
type PublicKey struct {
|
||||||
|
ID int64
|
||||||
|
Content string
|
||||||
|
}
|
||||||
|
|
||||||
|
err = x.Iterate(new(PublicKey), func(idx int, bean interface{}) (err error) {
|
||||||
|
key := bean.(*PublicKey)
|
||||||
|
_, err = f.WriteString(fmt.Sprintf(tplPublicKey, setting.AppPath, key.ID, setting.CustomConf, key.Content))
|
||||||
|
return err
|
||||||
|
})
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
f.Close()
|
||||||
|
if err = os.Rename(tmpPath, fpath); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
|
@ -5,6 +5,7 @@
|
||||||
package models
|
package models
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"bufio"
|
||||||
"encoding/base64"
|
"encoding/base64"
|
||||||
"encoding/binary"
|
"encoding/binary"
|
||||||
"errors"
|
"errors"
|
||||||
|
@ -28,7 +29,8 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
tplPublicKey = `command="%s serv key-%d --config='%s'",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty %s` + "\n"
|
tplCommentPrefix = `# gitea public key`
|
||||||
|
tplPublicKey = tplCommentPrefix + "\n" + `command="%s serv key-%d --config='%s'",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty %s` + "\n"
|
||||||
)
|
)
|
||||||
|
|
||||||
var sshOpLocker sync.Mutex
|
var sshOpLocker sync.Mutex
|
||||||
|
@ -553,22 +555,46 @@ func RewriteAllPublicKeys() error {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
defer os.Remove(tmpPath)
|
defer func() {
|
||||||
|
f.Close()
|
||||||
|
os.Remove(tmpPath)
|
||||||
|
}()
|
||||||
|
|
||||||
err = x.Iterate(new(PublicKey), func(idx int, bean interface{}) (err error) {
|
err = x.Iterate(new(PublicKey), func(idx int, bean interface{}) (err error) {
|
||||||
_, err = f.WriteString((bean.(*PublicKey)).AuthorizedString())
|
_, err = f.WriteString((bean.(*PublicKey)).AuthorizedString())
|
||||||
return err
|
return err
|
||||||
})
|
})
|
||||||
f.Close()
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
if com.IsExist(fpath) {
|
if com.IsExist(fpath) {
|
||||||
if err = os.Remove(fpath); err != nil {
|
bakPath := fpath + fmt.Sprintf("_%d.gitea_bak", time.Now().Unix())
|
||||||
|
if err = com.Copy(fpath, bakPath); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
p, err := os.Open(bakPath)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
defer p.Close()
|
||||||
|
|
||||||
|
scanner := bufio.NewScanner(p)
|
||||||
|
for scanner.Scan() {
|
||||||
|
line := scanner.Text()
|
||||||
|
if strings.HasPrefix(line, tplCommentPrefix) {
|
||||||
|
scanner.Scan()
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
_, err = f.WriteString(line + "\n")
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
f.Close()
|
||||||
if err = os.Rename(tmpPath, fpath); err != nil {
|
if err = os.Rename(tmpPath, fpath); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue