* don't rewrite non-gitea public keys * add comment for public keytags/v1.1.0
@@ -90,6 +90,8 @@ var migrations = []Migration{ | |||
NewMigration("generate and migrate Git hooks", generateAndMigrateGitHooks), | |||
// v20 -> v21 | |||
NewMigration("use new avatar path name for security reason", useNewNameAvatars), | |||
// v21 -> v22 | |||
NewMigration("rewrite authorized_keys file via new format", useNewPublickeyFormat), | |||
} | |||
// Migrate database to current version |
@@ -0,0 +1,53 @@ | |||
// Copyright 2017 Gitea. All rights reserved. | |||
// Use of this source code is governed by a MIT-style | |||
// license that can be found in the LICENSE file. | |||
package migrations | |||
import ( | |||
"fmt" | |||
"os" | |||
"path/filepath" | |||
"code.gitea.io/gitea/modules/setting" | |||
"github.com/go-xorm/xorm" | |||
) | |||
const ( | |||
tplCommentPrefix = `# gitea public key` | |||
tplPublicKey = tplCommentPrefix + "\n" + `command="%s serv key-%d --config='%s'",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty %s` + "\n" | |||
) | |||
func useNewPublickeyFormat(x *xorm.Engine) error { | |||
fpath := filepath.Join(setting.SSH.RootPath, "authorized_keys") | |||
tmpPath := fpath + ".tmp" | |||
f, err := os.OpenFile(tmpPath, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0600) | |||
if err != nil { | |||
return err | |||
} | |||
defer func() { | |||
f.Close() | |||
os.Remove(tmpPath) | |||
}() | |||
type PublicKey struct { | |||
ID int64 | |||
Content string | |||
} | |||
err = x.Iterate(new(PublicKey), func(idx int, bean interface{}) (err error) { | |||
key := bean.(*PublicKey) | |||
_, err = f.WriteString(fmt.Sprintf(tplPublicKey, setting.AppPath, key.ID, setting.CustomConf, key.Content)) | |||
return err | |||
}) | |||
if err != nil { | |||
return err | |||
} | |||
f.Close() | |||
if err = os.Rename(tmpPath, fpath); err != nil { | |||
return err | |||
} | |||
return nil | |||
} |
@@ -5,6 +5,7 @@ | |||
package models | |||
import ( | |||
"bufio" | |||
"encoding/base64" | |||
"encoding/binary" | |||
"errors" | |||
@@ -28,7 +29,8 @@ import ( | |||
) | |||
const ( | |||
tplPublicKey = `command="%s serv key-%d --config='%s'",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty %s` + "\n" | |||
tplCommentPrefix = `# gitea public key` | |||
tplPublicKey = tplCommentPrefix + "\n" + `command="%s serv key-%d --config='%s'",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty %s` + "\n" | |||
) | |||
var sshOpLocker sync.Mutex | |||
@@ -553,22 +555,46 @@ func RewriteAllPublicKeys() error { | |||
if err != nil { | |||
return err | |||
} | |||
defer os.Remove(tmpPath) | |||
defer func() { | |||
f.Close() | |||
os.Remove(tmpPath) | |||
}() | |||
err = x.Iterate(new(PublicKey), func(idx int, bean interface{}) (err error) { | |||
_, err = f.WriteString((bean.(*PublicKey)).AuthorizedString()) | |||
return err | |||
}) | |||
f.Close() | |||
if err != nil { | |||
return err | |||
} | |||
if com.IsExist(fpath) { | |||
if err = os.Remove(fpath); err != nil { | |||
bakPath := fpath + fmt.Sprintf("_%d.gitea_bak", time.Now().Unix()) | |||
if err = com.Copy(fpath, bakPath); err != nil { | |||
return err | |||
} | |||
p, err := os.Open(bakPath) | |||
if err != nil { | |||
return err | |||
} | |||
defer p.Close() | |||
scanner := bufio.NewScanner(p) | |||
for scanner.Scan() { | |||
line := scanner.Text() | |||
if strings.HasPrefix(line, tplCommentPrefix) { | |||
scanner.Scan() | |||
continue | |||
} | |||
_, err = f.WriteString(line + "\n") | |||
if err != nil { | |||
return err | |||
} | |||
} | |||
} | |||
f.Close() | |||
if err = os.Rename(tmpPath, fpath); err != nil { | |||
return err | |||
} |