oppi.li / perf-test
loading up the forgejo repo on tangled to test page performance
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

Refactor SSH init code, fix directory creation for TrustedUserCAKeys file (#20299)

* Refactor SSH init code, fix directory creation for TrustedUserCAKeys file

* Update modules/ssh/init.go

Co-authored-by: zeripath <art27@cantab.net>

* fix lint copyright

* Update modules/ssh/init.go

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>

authored by

wxiaoguang
zeripath
Lunny Xiao and committed by
GitHub 27e2def5 a9e66cfd

+63 -29
+4 -17
modules/setting/setting.go
··· 840 840 SSH.StartBuiltinServer = false 841 841 } 842 842 843 - trustedUserCaKeys := sec.Key("SSH_TRUSTED_USER_CA_KEYS").Strings(",") 844 - for _, caKey := range trustedUserCaKeys { 843 + SSH.TrustedUserCAKeysFile = sec.Key("SSH_TRUSTED_USER_CA_KEYS_FILENAME").MustString(filepath.Join(SSH.RootPath, "gitea-trusted-user-ca-keys.pem")) 844 + 845 + for _, caKey := range SSH.TrustedUserCAKeys { 845 846 pubKey, _, _, _, err := gossh.ParseAuthorizedKey([]byte(caKey)) 846 847 if err != nil { 847 848 log.Fatal("Failed to parse TrustedUserCaKeys: %s %v", caKey, err) ··· 849 850 850 851 SSH.TrustedUserCAKeysParsed = append(SSH.TrustedUserCAKeysParsed, pubKey) 851 852 } 852 - if len(trustedUserCaKeys) > 0 { 853 + if len(SSH.TrustedUserCAKeys) > 0 { 853 854 // Set the default as email,username otherwise we can leave it empty 854 855 sec.Key("SSH_AUTHORIZED_PRINCIPALS_ALLOW").MustString("username,email") 855 856 } else { ··· 857 858 } 858 859 859 860 SSH.AuthorizedPrincipalsAllow, SSH.AuthorizedPrincipalsEnabled = parseAuthorizedPrincipalsAllow(sec.Key("SSH_AUTHORIZED_PRINCIPALS_ALLOW").Strings(",")) 860 - 861 - if !SSH.Disabled && !SSH.StartBuiltinServer { 862 - if err = os.MkdirAll(SSH.KeyTestPath, 0o644); err != nil { 863 - log.Fatal("Failed to create '%s': %v", SSH.KeyTestPath, err) 864 - } 865 - 866 - if len(trustedUserCaKeys) > 0 && SSH.AuthorizedPrincipalsEnabled { 867 - fname := sec.Key("SSH_TRUSTED_USER_CA_KEYS_FILENAME").MustString(filepath.Join(SSH.RootPath, "gitea-trusted-user-ca-keys.pem")) 868 - if err := os.WriteFile(fname, 869 - []byte(strings.Join(trustedUserCaKeys, "\n")), 0o600); err != nil { 870 - log.Fatal("Failed to create '%s': %v", fname, err) 871 - } 872 - } 873 - } 874 861 875 862 SSH.MinimumKeySizeCheck = sec.Key("MINIMUM_KEY_SIZE_CHECK").MustBool(SSH.MinimumKeySizeCheck) 876 863 minimumKeySizes := Cfg.Section("ssh.minimum_key_sizes").Keys()
+55
modules/ssh/init.go
··· 1 + // Copyright 2022 The Gitea Authors. All rights reserved. 2 + // Use of this source code is governed by a MIT-style 3 + // license that can be found in the LICENSE file. 4 + 5 + package ssh 6 + 7 + import ( 8 + "fmt" 9 + "net" 10 + "os" 11 + "path/filepath" 12 + "strconv" 13 + "strings" 14 + 15 + "code.gitea.io/gitea/modules/log" 16 + "code.gitea.io/gitea/modules/setting" 17 + ) 18 + 19 + func Init() error { 20 + if setting.SSH.Disabled { 21 + return nil 22 + } 23 + 24 + if setting.SSH.StartBuiltinServer { 25 + Listen(setting.SSH.ListenHost, setting.SSH.ListenPort, setting.SSH.ServerCiphers, setting.SSH.ServerKeyExchanges, setting.SSH.ServerMACs) 26 + log.Info("SSH server started on %s. Cipher list (%v), key exchange algorithms (%v), MACs (%v)", 27 + net.JoinHostPort(setting.SSH.ListenHost, strconv.Itoa(setting.SSH.ListenPort)), 28 + setting.SSH.ServerCiphers, setting.SSH.ServerKeyExchanges, setting.SSH.ServerMACs, 29 + ) 30 + return nil 31 + } 32 + 33 + builtinUnused() 34 + 35 + // FIXME: why 0o644 for a directory ..... 36 + if err := os.MkdirAll(setting.SSH.KeyTestPath, 0o644); err != nil { 37 + return fmt.Errorf("failed to create directory %q for ssh key test: %w", setting.SSH.KeyTestPath, err) 38 + } 39 + 40 + if len(setting.SSH.TrustedUserCAKeys) > 0 && setting.SSH.AuthorizedPrincipalsEnabled { 41 + caKeysFileName := setting.SSH.TrustedUserCAKeysFile 42 + caKeysFileDir := filepath.Dir(caKeysFileName) 43 + 44 + err := os.MkdirAll(caKeysFileDir, 0o700) // SSH.RootPath by default (That is `~/.ssh` in most cases) 45 + if err != nil { 46 + return fmt.Errorf("failed to create directory %q for ssh trusted ca keys: %w", caKeysFileDir, err) 47 + } 48 + 49 + if err := os.WriteFile(caKeysFileName, []byte(strings.Join(setting.SSH.TrustedUserCAKeys, "\n")), 0o600); err != nil { 50 + return fmt.Errorf("failed to write ssh trusted ca keys to %q: %w", caKeysFileName, err) 51 + } 52 + } 53 + 54 + return nil 55 + }
+2 -2
modules/ssh/ssh_graceful.go
··· 29 29 log.Info("SSH Listener: %s Closed", server.Addr) 30 30 } 31 31 32 - // Unused informs our cleanup routine that we will not be using a ssh port 33 - func Unused() { 32 + // builtinUnused informs our cleanup routine that we will not be using a ssh port 33 + func builtinUnused() { 34 34 graceful.GetManager().InformCleanup() 35 35 }
+2 -10
routers/init.go
··· 6 6 7 7 import ( 8 8 "context" 9 - "net" 10 9 "reflect" 11 10 "runtime" 12 - "strconv" 13 11 14 12 "code.gitea.io/gitea/models" 15 13 asymkey_model "code.gitea.io/gitea/models/asymkey" ··· 158 156 159 157 mustInitCtx(ctx, syncAppPathForGit) 160 158 161 - if setting.SSH.StartBuiltinServer { 162 - ssh.Listen(setting.SSH.ListenHost, setting.SSH.ListenPort, setting.SSH.ServerCiphers, setting.SSH.ServerKeyExchanges, setting.SSH.ServerMACs) 163 - log.Info("SSH server started on %s. Cipher list (%v), key exchange algorithms (%v), MACs (%v)", 164 - net.JoinHostPort(setting.SSH.ListenHost, strconv.Itoa(setting.SSH.ListenPort)), 165 - setting.SSH.ServerCiphers, setting.SSH.ServerKeyExchanges, setting.SSH.ServerMACs) 166 - } else { 167 - ssh.Unused() 168 - } 159 + mustInit(ssh.Init) 160 + 169 161 auth.Init() 170 162 svg.Init() 171 163 }