Commit 7e425713 authored by Stan Hu's avatar Stan Hu

Merge branch 'da-fix-incorrect-path-for-openssh-expected-command' into 'master'

Fix incorrect path for OPENSSH_EXPECTED_COMMAND on gitlab:geo:check task

See merge request gitlab-org/gitlab-ee!4173
parents 09d16a36 cc941d8d
...@@ -22,7 +22,7 @@ module SystemCheck ...@@ -22,7 +22,7 @@ module SystemCheck
\s* # optional any amount of space character \s* # optional any amount of space character
(?:\#.*)?$ # optional start-comment symbol followed by optionally any character until end of line (?:\#.*)?$ # optional start-comment symbol followed by optionally any character until end of line
}x }x
OPENSSH_EXPECTED_COMMAND = '/opt/gitlab-shell/authorized_keys %u %k'.freeze OPENSSH_EXPECTED_COMMAND = '/opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell-authorized-keys-check %u %k'.freeze
def multi_check def multi_check
unless openssh_config_exists? unless openssh_config_exists?
......
...@@ -32,7 +32,7 @@ RSAAuthentication yes ...@@ -32,7 +32,7 @@ RSAAuthentication yes
PubkeyAuthentication yes PubkeyAuthentication yes
#AuthorizedKeysFile %h/.ssh/authorized_keys #AuthorizedKeysFile %h/.ssh/authorized_keys
#AuthorizedKeysCommand /opt/gitlab-shell/invalid_authorized_keys %u %k #AuthorizedKeysCommand /opt/gitlab-shell/invalid_authorized_keys %u %k
AuthorizedKeysCommand /opt/gitlab-shell/authorized_keys %u %k AuthorizedKeysCommand /opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell-authorized-keys-check %u %k
AuthorizedKeysCommandUser git AuthorizedKeysCommandUser git
# Don't read the user's ~/.rhosts and ~/.shosts files # Don't read the user's ~/.rhosts and ~/.shosts files
......
...@@ -4,5 +4,5 @@ ...@@ -4,5 +4,5 @@
RSAAuthentication yes RSAAuthentication yes
PubkeyAuthentication yes PubkeyAuthentication yes
#AuthorizedKeysFile %h/.ssh/authorized_keys #AuthorizedKeysFile %h/.ssh/authorized_keys
AuthorizedKeysCommand /opt/gitlab-shell/authorized_keys %u %k # comment AuthorizedKeysCommand /opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell-authorized-keys-check %u %k # comment
AuthorizedKeysCommandUser anotheruser #comment with more stuff# AuthorizedKeysCommandUser anotheruser #comment with more stuff#
...@@ -5,5 +5,5 @@ RSAAuthentication yes ...@@ -5,5 +5,5 @@ RSAAuthentication yes
PubkeyAuthentication yes PubkeyAuthentication yes
#AuthorizedKeysFile %h/.ssh/authorized_keys #AuthorizedKeysFile %h/.ssh/authorized_keys
#AuthorizedKeysCommand /opt/gitlab-shell/invalid_authorized_keys %u %k #AuthorizedKeysCommand /opt/gitlab-shell/invalid_authorized_keys %u %k
AuthorizedKeysCommand /opt/gitlab-shell/authorized_keys %u %k AuthorizedKeysCommand /opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell-authorized-keys-check %u %k
#AuthorizedKeysCommandUser git #AuthorizedKeysCommandUser git
...@@ -7,7 +7,7 @@ describe SystemCheck::Geo::AuthorizedKeysCheck do ...@@ -7,7 +7,7 @@ describe SystemCheck::Geo::AuthorizedKeysCheck do
before do before do
allow(File).to receive(:file?).and_call_original # provides a default behavior when mocking allow(File).to receive(:file?).and_call_original # provides a default behavior when mocking
allow(File).to receive(:file?).with('/opt/gitlab-shell/authorized_keys') { true } allow(File).to receive(:file?).with('/opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell-authorized-keys-check') { true }
end end
context 'OpenSSH config file' do context 'OpenSSH config file' do
...@@ -106,7 +106,7 @@ describe SystemCheck::Geo::AuthorizedKeysCheck do ...@@ -106,7 +106,7 @@ describe SystemCheck::Geo::AuthorizedKeysCheck do
it 'returns correct (uncommented) command' do it 'returns correct (uncommented) command' do
override_sshd_config('system_check/sshd_config') override_sshd_config('system_check/sshd_config')
expect(subject.extract_authorized_keys_command).to eq('/opt/gitlab-shell/authorized_keys %u %k') expect(subject.extract_authorized_keys_command).to eq('/opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell-authorized-keys-check %u %k')
end end
it 'returns command without comments and without quotes' do it 'returns command without comments and without quotes' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment