Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Delete Public SSH Key tmp file after calculating fingerprint #1855

Merged
merged 5 commits into from Jun 8, 2017
Merged

Delete Public SSH Key tmp file after calculating fingerprint #1855

merged 5 commits into from Jun 8, 2017

Conversation

dnmgns
Copy link
Contributor

@dnmgns dnmgns commented Jun 2, 2017
edited

When using LDAP User Synchronization (#1478) with LDAP Public SSH Keys synchronization (#1844), the public key fingerprint calculation might be running with a quite high frequency.

As the tmp-files for calculating public key fingerprint is not deleted, the system could end up with lots of public tmp files causing inode issue and running out of disk space.

This PR addresses this issue by cleaning up the tmp file after the fingerprint has been calculated.

@dnmgns
Delete public key tmp file after calculating fingerprint
2a1b51e 
Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
@dnmgns dnmgns mentioned this pull request Jun 2, 2017
Merged
@sapk
Copy link
Member

sapk commented Jun 4, 2017

LGTM
overall we should use ssh-keygen -lf - and pass keycontent in those cases. This will limit write for performance and maybe preserve some fragile fs like sd card (ex: rpi)

@tboerger tboerger added the lgtm/need 1 This PR needs approval from one additional maintainer to be merged. label Jun 4, 2017
lafriks
lafriks reviewed Jun 4, 2017
View reviewed changes
Copy link
Member

@lafriks lafriks left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It should be after check for error as on error writeTmpKeyFile will return empty string.

@lunny lunny added this to the 1.2.0 milestone Jun 5, 2017
@dnmgns
Move line
0d0f6e4 
Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
@dnmgns
Copy link
Contributor Author

dnmgns commented Jun 5, 2017

@lafriks - Yeah, nice catch. And if writeTmpKeyFile returns an empty string, there's no file to remove. The defer statement will cause the remove to run even if empty string is returned, thus I guess it's better to put it right before the last return statement and remove the defer statement.

@dnmgns
Remove defer statement
0cecf3e 
Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
sapk
sapk reviewed Jun 5, 2017
View reviewed changes
models/ssh_key.go Outdated
@@ -382,6 +382,7 @@ func calcFingerprint(publicKeyContent string) (string, error) {
} else if len(stdout) < 2 {
return "", errors.New("not enough output for calculating fingerprint: " + stdout)
}
os.Remove(tmpPath)
Copy link
Member

@sapk sapk Jun 5, 2017
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You should still use defer before executing ssh-keygen (after checking empty string) since if the check failed the file is not removed otherwise.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See SSHKeyGenParsePublicKey on where to place defer remove

lafriks
lafriks requested changes Jun 5, 2017
View reviewed changes
models/ssh_key.go Outdated
@@ -382,6 +382,7 @@ func calcFingerprint(publicKeyContent string) (string, error) {
} else if len(stdout) < 2 {
return "", errors.New("not enough output for calculating fingerprint: " + stdout)
}
os.Remove(tmpPath)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See SSHKeyGenParsePublicKey on where to place defer remove

@dnmgns
Readd defer statement and move remove
f84bc06 
Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
@dnmgns
Copy link
Contributor Author

dnmgns commented Jun 7, 2017

Thanks guys! @lafriks @sapk

@dnmgns
Delete space
b03b204 
Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
@lafriks
Copy link
Member

lafriks commented Jun 7, 2017

LGTM

@tboerger tboerger added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Jun 7, 2017
@lunny lunny merged commit ff74241 into go-gitea:master Jun 8, 2017
@lunny lunny added the type/enhancement An improvement of existing functionality label Aug 25, 2017
@go-gitea go-gitea locked and limited conversation to collaborators Nov 23, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@sapk sapk sapk left review comments

@lafriks lafriks lafriks approved these changes

Assignees
No one assigned
Labels
lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. type/enhancement An improvement of existing functionality
Projects
None yet
Milestone
1.2.0
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@dnmgns @sapk @lafriks @lunny @tboerger