From bf51dd049a7c70bc7f4a8e97985fc148b38c0a1d Mon Sep 17 00:00:00 2001 From: Magnus Lindvall Date: Wed, 31 May 2017 16:47:48 +0200 Subject: [PATCH 01/11] Add setting to disable authorized_keys backup when rewriting public keys Signed-off-by: Magnus Lindvall --- conf/app.ini | 2 ++ models/ssh_key.go | 2 +- modules/setting/setting.go | 24 +++++++++++++----------- 3 files changed, 16 insertions(+), 12 deletions(-) diff --git a/conf/app.ini b/conf/app.ini index b3b306ccc37e..79dcd21795bf 100644 --- a/conf/app.ini +++ b/conf/app.ini @@ -120,6 +120,8 @@ SSH_ROOT_PATH = SSH_KEY_TEST_PATH = ; Path to ssh-keygen, default is 'ssh-keygen' and let shell find out which one to call. SSH_KEYGEN_PATH = ssh-keygen +; Disable SSH Authorized Key Backup when rewriting all keys, default is false +SSH_DISABLE_AUTHORIZED_KEYS_BACKUP = true ; Indicate whether to check minimum key size with corresponding type MINIMUM_KEY_SIZE_CHECK = false ; Disable CDN even in "prod" mode diff --git a/models/ssh_key.go b/models/ssh_key.go index fa33cd4c1531..c68f44b09329 100644 --- a/models/ssh_key.go +++ b/models/ssh_key.go @@ -576,7 +576,7 @@ func RewriteAllPublicKeys() error { return err } - if com.IsExist(fpath) { + if com.IsExist(fpath) && !setting.SSH.DisableAuthorizedKeysBackup { bakPath := fpath + fmt.Sprintf("_%d.gitea_bak", time.Now().Unix()) if err = com.Copy(fpath, bakPath); err != nil { return err diff --git a/modules/setting/setting.go b/modules/setting/setting.go index a948527a2cca..9a5a0dc3ae04 100644 --- a/modules/setting/setting.go +++ b/modules/setting/setting.go @@ -87,17 +87,18 @@ var ( EnablePprof bool SSH = struct { - Disabled bool `ini:"DISABLE_SSH"` - StartBuiltinServer bool `ini:"START_SSH_SERVER"` - Domain string `ini:"SSH_DOMAIN"` - Port int `ini:"SSH_PORT"` - ListenHost string `ini:"SSH_LISTEN_HOST"` - ListenPort int `ini:"SSH_LISTEN_PORT"` - RootPath string `ini:"SSH_ROOT_PATH"` - KeyTestPath string `ini:"SSH_KEY_TEST_PATH"` - KeygenPath string `ini:"SSH_KEYGEN_PATH"` - MinimumKeySizeCheck bool `ini:"-"` - MinimumKeySizes map[string]int `ini:"-"` + Disabled bool `ini:"DISABLE_SSH"` + StartBuiltinServer bool `ini:"START_SSH_SERVER"` + Domain string `ini:"SSH_DOMAIN"` + Port int `ini:"SSH_PORT"` + ListenHost string `ini:"SSH_LISTEN_HOST"` + ListenPort int `ini:"SSH_LISTEN_PORT"` + RootPath string `ini:"SSH_ROOT_PATH"` + KeyTestPath string `ini:"SSH_KEY_TEST_PATH"` + KeygenPath string `ini:"SSH_KEYGEN_PATH"` + DisableAuthorizedKeysBackup bool `ini:"SSH_DISABLE_AUTHORIZED_KEYS_BACKUP"` + MinimumKeySizeCheck bool `ini:"-"` + MinimumKeySizes map[string]int `ini:"-"` }{ Disabled: false, StartBuiltinServer: false, @@ -693,6 +694,7 @@ please consider changing to GITEA_CUSTOM`) SSH.MinimumKeySizes[strings.ToLower(key.Name())] = key.MustInt() } } + SSH.DisableAuthorizedKeysBackup = sec.Key("SSH_DISABLE_AUTHORIZED_KEYS_BACKUP").MustBool(false) if err = Cfg.Section("server").MapTo(&LFS); err != nil { log.Fatal(4, "Failed to map LFS settings: %v", err) From 78314cc1cdbcf2ba88bcf124de578c3b830af085 Mon Sep 17 00:00:00 2001 From: Magnus Lindvall Date: Fri, 2 Jun 2017 11:00:46 +0200 Subject: [PATCH 02/11] Update default value to comply with documentation Signed-off-by: Magnus Lindvall --- conf/app.ini | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/app.ini b/conf/app.ini index 79dcd21795bf..16082764fe21 100644 --- a/conf/app.ini +++ b/conf/app.ini @@ -121,7 +121,7 @@ SSH_KEY_TEST_PATH = ; Path to ssh-keygen, default is 'ssh-keygen' and let shell find out which one to call. SSH_KEYGEN_PATH = ssh-keygen ; Disable SSH Authorized Key Backup when rewriting all keys, default is false -SSH_DISABLE_AUTHORIZED_KEYS_BACKUP = true +SSH_DISABLE_AUTHORIZED_KEYS_BACKUP = false ; Indicate whether to check minimum key size with corresponding type MINIMUM_KEY_SIZE_CHECK = false ; Disable CDN even in "prod" mode From 714e98b36064ad2664fedac99b494debca683fae Mon Sep 17 00:00:00 2001 From: Magnus Lindvall Date: Thu, 8 Jun 2017 09:14:03 +0200 Subject: [PATCH 03/11] Use tmp-file instead of bak-file for saving manually added keys. Signed-off-by: Magnus Lindvall --- models/ssh_key.go | 37 +++++++++++++++++++------------------ 1 file changed, 19 insertions(+), 18 deletions(-) diff --git a/models/ssh_key.go b/models/ssh_key.go index c68f44b09329..bfa23a06c897 100644 --- a/models/ssh_key.go +++ b/models/ssh_key.go @@ -557,53 +557,54 @@ func RewriteAllPublicKeys() error { sshOpLocker.Lock() defer sshOpLocker.Unlock() - fpath := filepath.Join(setting.SSH.RootPath, "authorized_keys") - tmpPath := fpath + ".tmp" - f, err := os.OpenFile(tmpPath, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0600) + fPath := filepath.Join(setting.SSH.RootPath, "authorized_keys") + tmpPath := fPath + ".tmp" + t, err := os.OpenFile(tmpPath, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0600) if err != nil { return err } defer func() { - f.Close() + t.Close() os.Remove(tmpPath) }() + if com.IsExist(fPath) && !setting.SSH.DisableAuthorizedKeysBackup { + bakPath := fPath + fmt.Sprintf("_%d.gitea_bak", time.Now().Unix()) + if err = com.Copy(fPath, bakPath); err != nil { + return err + } + } + err = x.Iterate(new(PublicKey), func(idx int, bean interface{}) (err error) { - _, err = f.WriteString((bean.(*PublicKey)).AuthorizedString()) + _, err = t.WriteString((bean.(*PublicKey)).AuthorizedString()) return err }) if err != nil { return err } - if com.IsExist(fpath) && !setting.SSH.DisableAuthorizedKeysBackup { - bakPath := fpath + fmt.Sprintf("_%d.gitea_bak", time.Now().Unix()) - if err = com.Copy(fpath, bakPath); err != nil { - return err - } - - p, err := os.Open(bakPath) + if com.IsExist(fPath) { + f, err := os.Open(fPath) if err != nil { return err } - defer p.Close() - - scanner := bufio.NewScanner(p) + scanner := bufio.NewScanner(f) for scanner.Scan() { line := scanner.Text() if strings.HasPrefix(line, tplCommentPrefix) { scanner.Scan() continue } - _, err = f.WriteString(line + "\n") + _, err = t.WriteString(line + "\n") if err != nil { return err } } + defer f.Close() } - f.Close() - if err = os.Rename(tmpPath, fpath); err != nil { + t.Close() + if err = os.Rename(tmpPath, fPath); err != nil { return err } From de19116cde221a546c7c9bb94dcb2d53ce21435a Mon Sep 17 00:00:00 2001 From: Magnus Lindvall Date: Tue, 13 Jun 2017 09:52:39 +0200 Subject: [PATCH 04/11] Change casing Signed-off-by: Magnus Lindvall --- models/ssh_key.go | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/models/ssh_key.go b/models/ssh_key.go index bfa23a06c897..d3761668f4a3 100644 --- a/models/ssh_key.go +++ b/models/ssh_key.go @@ -372,13 +372,13 @@ func checkKeyFingerprint(e Engine, fingerprint string) error { func calcFingerprint(publicKeyContent string) (string, error) { // Calculate fingerprint. - tmpPath, err := writeTmpKeyFile(publicKeyContent) + tmppath, err := writeTmpKeyFile(publicKeyContent) if err != nil { return "", err } - stdout, stderr, err := process.GetManager().Exec("AddPublicKey", "ssh-keygen", "-lf", tmpPath) + stdout, stderr, err := process.GetManager().Exec("AddPublicKey", "ssh-keygen", "-lf", tmppath) if err != nil { - return "", fmt.Errorf("'ssh-keygen -lf %s' failed with error '%s': %s", tmpPath, err, stderr) + return "", fmt.Errorf("'ssh-keygen -lf %s' failed with error '%s': %s", tmppath, err, stderr) } else if len(stdout) < 2 { return "", errors.New("not enough output for calculating fingerprint: " + stdout) } @@ -557,20 +557,20 @@ func RewriteAllPublicKeys() error { sshOpLocker.Lock() defer sshOpLocker.Unlock() - fPath := filepath.Join(setting.SSH.RootPath, "authorized_keys") - tmpPath := fPath + ".tmp" - t, err := os.OpenFile(tmpPath, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0600) + fpath := filepath.Join(setting.SSH.RootPath, "authorized_keys") + tmppath := fpath + ".tmp" + t, err := os.OpenFile(tmppath, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0600) if err != nil { return err } defer func() { t.Close() - os.Remove(tmpPath) + os.Remove(tmppath) }() - if com.IsExist(fPath) && !setting.SSH.DisableAuthorizedKeysBackup { - bakPath := fPath + fmt.Sprintf("_%d.gitea_bak", time.Now().Unix()) - if err = com.Copy(fPath, bakPath); err != nil { + if com.IsExist(fpath) && !setting.SSH.DisableAuthorizedKeysBackup { + bakPath := fmt.Sprintf("%s_%d.gitea_bak", fpath, time.Now().Unix()) + if err = com.Copy(fpath, bakPath); err != nil { return err } } @@ -583,8 +583,8 @@ func RewriteAllPublicKeys() error { return err } - if com.IsExist(fPath) { - f, err := os.Open(fPath) + if com.IsExist(fpath) { + f, err := os.Open(fpath) if err != nil { return err } @@ -604,7 +604,7 @@ func RewriteAllPublicKeys() error { } t.Close() - if err = os.Rename(tmpPath, fPath); err != nil { + if err = os.Rename(tmppath, fpath); err != nil { return err } From 15b88b7964a89baf5e2d281ea2bd28e29d874c00 Mon Sep 17 00:00:00 2001 From: Magnus Lindvall Date: Tue, 13 Jun 2017 09:53:52 +0200 Subject: [PATCH 05/11] Change casing and build bakpath with sprintf only Signed-off-by: Magnus Lindvall --- models/ssh_key.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/models/ssh_key.go b/models/ssh_key.go index d3761668f4a3..754f70795b2f 100644 --- a/models/ssh_key.go +++ b/models/ssh_key.go @@ -569,8 +569,8 @@ func RewriteAllPublicKeys() error { }() if com.IsExist(fpath) && !setting.SSH.DisableAuthorizedKeysBackup { - bakPath := fmt.Sprintf("%s_%d.gitea_bak", fpath, time.Now().Unix()) - if err = com.Copy(fpath, bakPath); err != nil { + bakpath := fmt.Sprintf("%s_%d.gitea_bak", fpath, time.Now().Unix()) + if err = com.Copy(fpath, bakpath); err != nil { return err } } From cbf811ac3dadaa393893c8204b4dbde921dbe369 Mon Sep 17 00:00:00 2001 From: Magnus Lindvall Date: Tue, 13 Jun 2017 09:55:30 +0200 Subject: [PATCH 06/11] Only close file once Signed-off-by: Magnus Lindvall --- models/ssh_key.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/models/ssh_key.go b/models/ssh_key.go index 754f70795b2f..41f196ac5337 100644 --- a/models/ssh_key.go +++ b/models/ssh_key.go @@ -602,8 +602,7 @@ func RewriteAllPublicKeys() error { } defer f.Close() } - - t.Close() + if err = os.Rename(tmppath, fpath); err != nil { return err } From 80a106c082e0223838761e4c86a94501e628f8fd Mon Sep 17 00:00:00 2001 From: Magnus Lindvall Date: Tue, 13 Jun 2017 10:00:18 +0200 Subject: [PATCH 07/11] Do not modify calcFingerprint Signed-off-by: Magnus Lindvall --- models/ssh_key.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/models/ssh_key.go b/models/ssh_key.go index 41f196ac5337..7094e0880e8e 100644 --- a/models/ssh_key.go +++ b/models/ssh_key.go @@ -372,13 +372,13 @@ func checkKeyFingerprint(e Engine, fingerprint string) error { func calcFingerprint(publicKeyContent string) (string, error) { // Calculate fingerprint. - tmppath, err := writeTmpKeyFile(publicKeyContent) + tmpPath, err := writeTmpKeyFile(publicKeyContent) if err != nil { return "", err } - stdout, stderr, err := process.GetManager().Exec("AddPublicKey", "ssh-keygen", "-lf", tmppath) + stdout, stderr, err := process.GetManager().Exec("AddPublicKey", "ssh-keygen", "-lf", tmpPath) if err != nil { - return "", fmt.Errorf("'ssh-keygen -lf %s' failed with error '%s': %s", tmppath, err, stderr) + return "", fmt.Errorf("'ssh-keygen -lf %s' failed with error '%s': %s", tmpPath, err, stderr) } else if len(stdout) < 2 { return "", errors.New("not enough output for calculating fingerprint: " + stdout) } @@ -602,7 +602,7 @@ func RewriteAllPublicKeys() error { } defer f.Close() } - + if err = os.Rename(tmppath, fpath); err != nil { return err } From 078f2a630651e7ee8d0d0fd30e9daf6fc9035b81 Mon Sep 17 00:00:00 2001 From: Magnus Lindvall Date: Thu, 15 Jun 2017 09:37:56 +0200 Subject: [PATCH 08/11] Fix casing Signed-off-by: Magnus Lindvall --- models/ssh_key.go | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/models/ssh_key.go b/models/ssh_key.go index 7094e0880e8e..c358a1e6cdaa 100644 --- a/models/ssh_key.go +++ b/models/ssh_key.go @@ -324,8 +324,8 @@ func appendAuthorizedKeysToFile(keys ...*PublicKey) error { sshOpLocker.Lock() defer sshOpLocker.Unlock() - fpath := filepath.Join(setting.SSH.RootPath, "authorized_keys") - f, err := os.OpenFile(fpath, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0600) + fPath := filepath.Join(setting.SSH.RootPath, "authorized_keys") + f, err := os.OpenFile(fPath, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0600) if err != nil { return err } @@ -557,20 +557,20 @@ func RewriteAllPublicKeys() error { sshOpLocker.Lock() defer sshOpLocker.Unlock() - fpath := filepath.Join(setting.SSH.RootPath, "authorized_keys") - tmppath := fpath + ".tmp" - t, err := os.OpenFile(tmppath, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0600) + fPath := filepath.Join(setting.SSH.RootPath, "authorized_keys") + tmpPath := fPath + ".tmp" + t, err := os.OpenFile(tmpPath, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0600) if err != nil { return err } defer func() { t.Close() - os.Remove(tmppath) + os.Remove(tmpPath) }() - if com.IsExist(fpath) && !setting.SSH.DisableAuthorizedKeysBackup { - bakpath := fmt.Sprintf("%s_%d.gitea_bak", fpath, time.Now().Unix()) - if err = com.Copy(fpath, bakpath); err != nil { + if com.IsExist(fPath) && !setting.SSH.DisableAuthorizedKeysBackup { + bakPath := fmt.Sprintf("%s_%d.gitea_bak", fPath, time.Now().Unix()) + if err = com.Copy(fPath, bakPath); err != nil { return err } } @@ -583,8 +583,8 @@ func RewriteAllPublicKeys() error { return err } - if com.IsExist(fpath) { - f, err := os.Open(fpath) + if com.IsExist(fPath) { + f, err := os.Open(fPath) if err != nil { return err } @@ -603,7 +603,7 @@ func RewriteAllPublicKeys() error { defer f.Close() } - if err = os.Rename(tmppath, fpath); err != nil { + if err = os.Rename(tmpPath, fPath); err != nil { return err } From 56b37ad194677c40ee36852990048f260b1005cd Mon Sep 17 00:00:00 2001 From: Magnus Lindvall Date: Mon, 19 Jun 2017 11:47:43 +0200 Subject: [PATCH 09/11] Change style from disable to enable Signed-off-by: Magnus Lindvall --- conf/app.ini | 4 ++-- models/ssh_key.go | 2 +- modules/setting/setting.go | 26 +++++++++++++------------- 3 files changed, 16 insertions(+), 16 deletions(-) diff --git a/conf/app.ini b/conf/app.ini index 16082764fe21..0de9438f3a7e 100644 --- a/conf/app.ini +++ b/conf/app.ini @@ -120,8 +120,8 @@ SSH_ROOT_PATH = SSH_KEY_TEST_PATH = ; Path to ssh-keygen, default is 'ssh-keygen' and let shell find out which one to call. SSH_KEYGEN_PATH = ssh-keygen -; Disable SSH Authorized Key Backup when rewriting all keys, default is false -SSH_DISABLE_AUTHORIZED_KEYS_BACKUP = false +; Disable SSH Authorized Key Backup when rewriting all keys, default is true +SSH_ENABLE_AUTHORIZED_KEYS_BACKUP = true ; Indicate whether to check minimum key size with corresponding type MINIMUM_KEY_SIZE_CHECK = false ; Disable CDN even in "prod" mode diff --git a/models/ssh_key.go b/models/ssh_key.go index c358a1e6cdaa..1bf4122c25d1 100644 --- a/models/ssh_key.go +++ b/models/ssh_key.go @@ -568,7 +568,7 @@ func RewriteAllPublicKeys() error { os.Remove(tmpPath) }() - if com.IsExist(fPath) && !setting.SSH.DisableAuthorizedKeysBackup { + if com.IsExist(fPath) && setting.SSH.EnableAuthorizedKeysBackup { bakPath := fmt.Sprintf("%s_%d.gitea_bak", fPath, time.Now().Unix()) if err = com.Copy(fPath, bakPath); err != nil { return err diff --git a/modules/setting/setting.go b/modules/setting/setting.go index 9a5a0dc3ae04..05a4e8bce8b6 100644 --- a/modules/setting/setting.go +++ b/modules/setting/setting.go @@ -87,18 +87,18 @@ var ( EnablePprof bool SSH = struct { - Disabled bool `ini:"DISABLE_SSH"` - StartBuiltinServer bool `ini:"START_SSH_SERVER"` - Domain string `ini:"SSH_DOMAIN"` - Port int `ini:"SSH_PORT"` - ListenHost string `ini:"SSH_LISTEN_HOST"` - ListenPort int `ini:"SSH_LISTEN_PORT"` - RootPath string `ini:"SSH_ROOT_PATH"` - KeyTestPath string `ini:"SSH_KEY_TEST_PATH"` - KeygenPath string `ini:"SSH_KEYGEN_PATH"` - DisableAuthorizedKeysBackup bool `ini:"SSH_DISABLE_AUTHORIZED_KEYS_BACKUP"` - MinimumKeySizeCheck bool `ini:"-"` - MinimumKeySizes map[string]int `ini:"-"` + Disabled bool `ini:"DISABLE_SSH"` + StartBuiltinServer bool `ini:"START_SSH_SERVER"` + Domain string `ini:"SSH_DOMAIN"` + Port int `ini:"SSH_PORT"` + ListenHost string `ini:"SSH_LISTEN_HOST"` + ListenPort int `ini:"SSH_LISTEN_PORT"` + RootPath string `ini:"SSH_ROOT_PATH"` + KeyTestPath string `ini:"SSH_KEY_TEST_PATH"` + KeygenPath string `ini:"SSH_KEYGEN_PATH"` + EnableAuthorizedKeysBackup bool `ini:"SSH_ENABLE_AUTHORIZED_KEYS_BACKUP"` + MinimumKeySizeCheck bool `ini:"-"` + MinimumKeySizes map[string]int `ini:"-"` }{ Disabled: false, StartBuiltinServer: false, @@ -694,7 +694,7 @@ please consider changing to GITEA_CUSTOM`) SSH.MinimumKeySizes[strings.ToLower(key.Name())] = key.MustInt() } } - SSH.DisableAuthorizedKeysBackup = sec.Key("SSH_DISABLE_AUTHORIZED_KEYS_BACKUP").MustBool(false) + SSH.EnableAuthorizedKeysBackup = sec.Key("SSH_ENABLE_AUTHORIZED_KEYS_BACKUP").MustBool(true) if err = Cfg.Section("server").MapTo(&LFS); err != nil { log.Fatal(4, "Failed to map LFS settings: %v", err) From 4bd7c2bc5ba3acbcd39ec925458cce53268673c8 Mon Sep 17 00:00:00 2001 From: Magnus Lindvall Date: Mon, 19 Jun 2017 15:38:52 +0200 Subject: [PATCH 10/11] Change name, just SSH_BACKUP_AUTHORIZED_KEYS Signed-off-by: Magnus Lindvall --- conf/app.ini | 4 ++-- models/ssh_key.go | 2 +- modules/setting/setting.go | 26 +++++++++++++------------- 3 files changed, 16 insertions(+), 16 deletions(-) diff --git a/conf/app.ini b/conf/app.ini index 0de9438f3a7e..c36f86f27f40 100644 --- a/conf/app.ini +++ b/conf/app.ini @@ -120,8 +120,8 @@ SSH_ROOT_PATH = SSH_KEY_TEST_PATH = ; Path to ssh-keygen, default is 'ssh-keygen' and let shell find out which one to call. SSH_KEYGEN_PATH = ssh-keygen -; Disable SSH Authorized Key Backup when rewriting all keys, default is true -SSH_ENABLE_AUTHORIZED_KEYS_BACKUP = true +; Enable SSH Authorized Key Backup when rewriting all keys, default is true +SSH_BACKUP_AUTHORIZED_KEYS = true ; Indicate whether to check minimum key size with corresponding type MINIMUM_KEY_SIZE_CHECK = false ; Disable CDN even in "prod" mode diff --git a/models/ssh_key.go b/models/ssh_key.go index 1bf4122c25d1..e1f9321c5b65 100644 --- a/models/ssh_key.go +++ b/models/ssh_key.go @@ -568,7 +568,7 @@ func RewriteAllPublicKeys() error { os.Remove(tmpPath) }() - if com.IsExist(fPath) && setting.SSH.EnableAuthorizedKeysBackup { + if com.IsExist(fPath) && setting.SSH.AuthorizedKeysBackup { bakPath := fmt.Sprintf("%s_%d.gitea_bak", fPath, time.Now().Unix()) if err = com.Copy(fPath, bakPath); err != nil { return err diff --git a/modules/setting/setting.go b/modules/setting/setting.go index 05a4e8bce8b6..753e7786fbbd 100644 --- a/modules/setting/setting.go +++ b/modules/setting/setting.go @@ -87,18 +87,18 @@ var ( EnablePprof bool SSH = struct { - Disabled bool `ini:"DISABLE_SSH"` - StartBuiltinServer bool `ini:"START_SSH_SERVER"` - Domain string `ini:"SSH_DOMAIN"` - Port int `ini:"SSH_PORT"` - ListenHost string `ini:"SSH_LISTEN_HOST"` - ListenPort int `ini:"SSH_LISTEN_PORT"` - RootPath string `ini:"SSH_ROOT_PATH"` - KeyTestPath string `ini:"SSH_KEY_TEST_PATH"` - KeygenPath string `ini:"SSH_KEYGEN_PATH"` - EnableAuthorizedKeysBackup bool `ini:"SSH_ENABLE_AUTHORIZED_KEYS_BACKUP"` - MinimumKeySizeCheck bool `ini:"-"` - MinimumKeySizes map[string]int `ini:"-"` + Disabled bool `ini:"DISABLE_SSH"` + StartBuiltinServer bool `ini:"START_SSH_SERVER"` + Domain string `ini:"SSH_DOMAIN"` + Port int `ini:"SSH_PORT"` + ListenHost string `ini:"SSH_LISTEN_HOST"` + ListenPort int `ini:"SSH_LISTEN_PORT"` + RootPath string `ini:"SSH_ROOT_PATH"` + KeyTestPath string `ini:"SSH_KEY_TEST_PATH"` + KeygenPath string `ini:"SSH_KEYGEN_PATH"` + AuthorizedKeysBackup bool `ini:"SSH_AUTHORIZED_KEYS_BACKUP"` + MinimumKeySizeCheck bool `ini:"-"` + MinimumKeySizes map[string]int `ini:"-"` }{ Disabled: false, StartBuiltinServer: false, @@ -694,7 +694,7 @@ please consider changing to GITEA_CUSTOM`) SSH.MinimumKeySizes[strings.ToLower(key.Name())] = key.MustInt() } } - SSH.EnableAuthorizedKeysBackup = sec.Key("SSH_ENABLE_AUTHORIZED_KEYS_BACKUP").MustBool(true) + SSH.AuthorizedKeysBackup = sec.Key("SSH_AUTHORIZED_KEYS_BACKUP").MustBool(true) if err = Cfg.Section("server").MapTo(&LFS); err != nil { log.Fatal(4, "Failed to map LFS settings: %v", err) From 8b1f5b6b9342c004e5724d2dcc6878019577ec78 Mon Sep 17 00:00:00 2001 From: Magnus Lindvall Date: Tue, 20 Jun 2017 11:19:52 +0200 Subject: [PATCH 11/11] Do not check for directory existence if backup is disabled Signed-off-by: Magnus Lindvall --- models/ssh_key.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/models/ssh_key.go b/models/ssh_key.go index e1f9321c5b65..28771eb99f5c 100644 --- a/models/ssh_key.go +++ b/models/ssh_key.go @@ -568,7 +568,7 @@ func RewriteAllPublicKeys() error { os.Remove(tmpPath) }() - if com.IsExist(fPath) && setting.SSH.AuthorizedKeysBackup { + if setting.SSH.AuthorizedKeysBackup && com.IsExist(fPath) { bakPath := fmt.Sprintf("%s_%d.gitea_bak", fPath, time.Now().Unix()) if err = com.Copy(fPath, bakPath); err != nil { return err