Commit 4fd8e44b authored by Jacob Vosmaer's avatar Jacob Vosmaer

Remove keys from authorized_keys in-place

This will speed up the rm-key operation. The downside is that
authorized_keys will not shrink when you remove a key. If this ever
becomes a problem it can be fixed by running 'rake gitlab:shell:setup'.
parent 4d30c0c5
v2.6.4
- Remove keys from authorized_keys in-place
v2.6.3 v2.6.3
- Prevent keys with a very specific comment from accidentally being deleted. - Prevent keys with a very specific comment from accidentally being deleted.
......
require 'tempfile'
require 'timeout' require 'timeout'
require_relative 'gitlab_config' require_relative 'gitlab_config'
...@@ -82,15 +81,15 @@ class GitlabKeys ...@@ -82,15 +81,15 @@ class GitlabKeys
def rm_key def rm_key
lock do lock do
$logger.info "Removing key #{@key_id}" $logger.info "Removing key #{@key_id}"
Tempfile.open('authorized_keys') do |temp| open(auth_file, 'r+') do |f|
open(auth_file, 'r+') do |current| while line = f.gets do
current.each do |line| next unless line.start_with?("command=\"#{key_command(@key_id)}\"")
temp.puts(line) unless line.start_with?("command=\"#{key_command(@key_id)}\"") f.seek(-line.length, IO::SEEK_CUR)
# Overwrite the line with #'s. Because the 'line' variable contains
# a terminating '\n', we write line.length - 1 '#' characters.
f.write('#' * (line.length - 1))
end end
end end
temp.close
FileUtils.cp(temp.path, auth_file)
end
end end
true true
end end
......
...@@ -109,17 +109,19 @@ describe GitlabKeys do ...@@ -109,17 +109,19 @@ describe GitlabKeys do
it "removes the right line" do it "removes the right line" do
create_authorized_keys_fixture create_authorized_keys_fixture
other_line = "command=\"#{ROOT_PATH}/bin/gitlab-shell key-742\",options ssh-rsa AAAAB3NzaDAxx2E" other_line = "command=\"#{ROOT_PATH}/bin/gitlab-shell key-742\",options ssh-rsa AAAAB3NzaDAxx2E"
delete_line = "command=\"#{ROOT_PATH}/bin/gitlab-shell key-741\",options ssh-rsa AAAAB3NzaDAxx2E"
open(tmp_authorized_keys_path, 'a') do |auth_file| open(tmp_authorized_keys_path, 'a') do |auth_file|
auth_file.puts "command=\"#{ROOT_PATH}/bin/gitlab-shell key-741\",options ssh-rsa AAAAB3NzaDAxx2E" auth_file.puts delete_line
auth_file.puts other_line auth_file.puts other_line
end end
gitlab_keys.send :rm_key gitlab_keys.send :rm_key
File.read(tmp_authorized_keys_path).should == "existing content\n#{other_line}\n" erased_line = delete_line.gsub(/./, '#')
File.read(tmp_authorized_keys_path).should == "existing content\n#{erased_line}\n#{other_line}\n"
end end
context "without file writing" do context "without file writing" do
before do before do
Tempfile.stub(:open) gitlab_keys.stub(:open)
gitlab_keys.stub(:lock).and_yield gitlab_keys.stub(:lock).and_yield
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment