Remove keys from authorized_keys in-place

This will speed up the rm-key operation. The downside is that authorized_keys will not shrink when you remove a key. If this ever becomes a problem it can be fixed by running 'rake gitlab:shell:setup'.

Remove keys from authorized_keys in-place
This will speed up the rm-key operation. The downside is that authorized_keys will not shrink when you remove a key. If this ever becomes a problem it can be fixed by running 'rake gitlab:shell:setup'.
4fd8e44b · Jacob Vosmaer · 4d30c0c5 · 4fd8e44b · 4fd8e44b · 4fd8e44b
Commit 4fd8e44b authored Jul 16, 2015 by Jacob Vosmaer
Hide whitespace changes
Inline Side-by-side

Showing with 14 additions and 11 deletions

CHANGELOG CHANGELOG +2 -0

lib/gitlab_keys.rb lib/gitlab_keys.rb +7 -8

spec/gitlab_keys_spec.rb spec/gitlab_keys_spec.rb +5 -3

No files found.
--- a/CHANGELOG
+++ b/CHANGELOG
+v2.6.4
+  - Remove keys from authorized_keys in-place
 v2.6.3
  - Prevent keys with a very specific comment from accidentally being deleted.

--- a/lib/gitlab_keys.rb
+++ b/lib/gitlab_keys.rb
-require 'tempfile'
 require 'timeout'
 require_relative 'gitlab_config'
@@ -82,14 +81,14 @@ class GitlabKeys
  def rm_key
    lock do
      $logger.info "Removing key #{@key_id}"
-      Tempfile.open('authorized_keys') do |temp|
+      open(auth_file, 'r+') do |f|
-        open(auth_file, 'r+') do |current|
+        while line = f.gets do
-          current.each do |line|
+          next unless line.start_with?("command=\"#{key_command(@key_id)}\"")
-            temp.puts(line) unless line.start_with?("command=\"#{key_command(@key_id)}\"")
+          f.seek(-line.length, IO::SEEK_CUR)
-          end
+          # Overwrite the line with #'s. Because the 'line' variable contains
+          # a terminating '\n', we write line.length - 1 '#' characters.
+          f.write('#' * (line.length - 1))
        end
-        temp.close
-        FileUtils.cp(temp.path, auth_file)
      end
    end
    true

--- a/spec/gitlab_keys_spec.rb
+++ b/spec/gitlab_keys_spec.rb
@@ -109,17 +109,19 @@ describe GitlabKeys do
    it "removes the right line" do
      create_authorized_keys_fixture
      other_line = "command=\"#{ROOT_PATH}/bin/gitlab-shell key-742\",options ssh-rsa AAAAB3NzaDAxx2E"
+      delete_line = "command=\"#{ROOT_PATH}/bin/gitlab-shell key-741\",options ssh-rsa AAAAB3NzaDAxx2E"
      open(tmp_authorized_keys_path, 'a') do |auth_file|
-        auth_file.puts "command=\"#{ROOT_PATH}/bin/gitlab-shell key-741\",options ssh-rsa AAAAB3NzaDAxx2E"
+        auth_file.puts delete_line
        auth_file.puts other_line
      end
      gitlab_keys.send :rm_key
-      File.read(tmp_authorized_keys_path).should == "existing content\n#{other_line}\n"
+      erased_line = delete_line.gsub(/./, '#')
+      File.read(tmp_authorized_keys_path).should == "existing content\n#{erased_line}\n#{other_line}\n"
    end
    context "without file writing" do
      before do
-        Tempfile.stub(:open)
+        gitlab_keys.stub(:open)
        gitlab_keys.stub(:lock).and_yield
      end