Commit f8cf4981 authored by Douwe Maan's avatar Douwe Maan

Merge branch 'keys-chmod' into 'master'

Manage authorized_keys permissions continuously

We can lazily create authorized_keys and set its permissions. This
adds negligible overhead and it allows us to remove a setup step from
GitLab both on source and in omnibus-gitlab.

See merge request !78
parents c3cfebcf d12d210f
......@@ -13,8 +13,6 @@ repository_storage_paths = ARGV
commands = [
%W(mkdir -p #{key_dir}),
%W(chmod 700 #{key_dir}),
%W(touch #{config.auth_file}),
%W(chmod 600 #{config.auth_file}),
]
repository_storage_paths.each do |repository_storage_path|
......
......@@ -34,7 +34,7 @@ class GitlabKeys
lock do
$logger.info "Adding key #{@key_id} => #{@key.inspect}"
auth_line = @gitlab_key.key_line(@key_id, @key)
open(auth_file, 'a') { |file| file.puts(auth_line) }
open_auth_file('a') { |file| file.puts(auth_line) }
end
true
end
......@@ -54,7 +54,7 @@ class GitlabKeys
def batch_add_keys
lock(300) do # Allow 300 seconds (5 minutes) for batch_add_keys
open(auth_file, 'a') do |file|
open_auth_file('a') do |file|
stdin.each_line do |input|
tokens = input.strip.split("\t")
abort("#{$0}: invalid input #{input.inspect}") unless tokens.count == 2
......@@ -74,7 +74,7 @@ class GitlabKeys
def rm_key
lock do
$logger.info "Removing key #{@key_id}"
open(auth_file, 'r+') do |f|
open_auth_file('r+') do |f|
while line = f.gets do
next unless line.start_with?("command=\"#{@gitlab_key.command(@key_id)}\"")
f.seek(-line.length, IO::SEEK_CUR)
......@@ -88,7 +88,7 @@ class GitlabKeys
end
def clear
open(auth_file, 'w') { |file| file.puts '# Managed by gitlab-shell' }
open_auth_file('w') { |file| file.puts '# Managed by gitlab-shell' }
true
end
......@@ -107,6 +107,13 @@ class GitlabKeys
def lock_file
@lock_file ||= auth_file + '.lock'
end
def open_auth_file(mode)
open(auth_file, mode, 0600) do |file|
file.chmod(0600)
yield file
end
end
end
......
......@@ -80,7 +80,7 @@ describe GitlabKeys do
context "without file writing" do
before do
gitlab_keys.should_receive(:open).and_yield(mock(:file, puts: nil))
gitlab_keys.should_receive(:open).and_yield(mock(:file, puts: nil, chmod: nil))
end
it "should log an add-key event" do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment