cherry picked copying ssh keys from an installed system (#773)

yast · Feb 1, 2019 · 595a11a · 595a11a
1 parent 9ab2633
commit 595a11a
Show file tree

Hide file tree

Showing 4 changed files with 41 additions and 2 deletions.
diff --git a/package/yast2-installation.changes b/package/yast2-installation.changes
@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Fri Feb  1 13:13:31 CET 2019 - schubi@suse.de
+
+- Copying SSH keys from a privious installation into the new one:
+  Set the right file permissions for the SSH deamon (bnc#1122303).
+- 4.1.35
+
 -------------------------------------------------------------------
 Thu Jan  3 10:51:28 UTC 2019 - jreidinger@suse.com
 

diff --git a/package/yast2-installation.spec b/package/yast2-installation.spec
@@ -16,7 +16,7 @@
 #
 
 Name:           yast2-installation
-Version:        4.1.34
+Version:        4.1.35
 Release:        0
 
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build

diff --git a/src/lib/installation/ssh_key.rb b/src/lib/installation/ssh_key.rb
@@ -47,7 +47,16 @@ def write_files(dir)
       files.each do |file|
         path = File.join(dir, file.filename)
         IO.write(path, file.content)
-        File.chmod(file.permissions, path)
+        if file.filename =~ /^ssh_host_.*key$/
+          # ssh deamon accepts only private keys with restricted
+          # file permissions.
+          log.info("Set permissions of #{file.filename} to 0o600")
+          File.chmod(0o600, path)
+        else
+          # Taking already given permissions
+          log.info("Set permissions of #{file.filename} to 0o#{file.permissions.to_s(8)}")
+          File.chmod(file.permissions, path)
+        end
       end
     end
 

diff --git a/test/ssh_key_test.rb b/test/ssh_key_test.rb
@@ -0,0 +1,23 @@
+#! /usr/bin/env rspec
+
+require_relative "./test_helper"
+require "installation/ssh_key"
+
+describe Installation::SshKey do
+  subject(:sshkey) { Installation::SshKey.new("ssh_host_ed25519_key") }
+
+  describe "#write_files" do
+    before do
+      sshkey.read_files(FIXTURES_DIR.join("root2/etc/ssh", subject.name).to_s)
+    end
+
+    it "writes ssh keys with the right permissions" do
+      expect(IO).to receive(:write).twice
+      expect(File).to receive(:chmod).with(0o600,
+        "/mnt/etc/ssh/ssh_host_ed25519_key")
+      expect(File).to receive(:chmod).with(sshkey.files[1].permissions,
+        "/mnt/etc/ssh/#{sshkey.files[1].filename}")
+      sshkey.write_files("/mnt/etc/ssh")
+    end
+  end
+end