recaptime.dev / phorge
@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.) hq.recaptime.dev/wiki/Phorge
phorge phabricator
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Correct private key permissions before extracting public key in bin/almanac register

Summary: `ssh-keygen` declines to run on a too-public key. Write the correctly-restricted key a little earlier in the workflow.

Test Plan:
```
epriestley@orbital ~/dev/phabricator $ chmod 644 ~/dev/core/conf/keys/daemon.key
epriestley@orbital ~/dev/phabricator $ ./bin/almanac register --private-key ~/dev/core/conf/keys/daemon.key --identify-as local.phacility.net --device daemon.phacility.net --force --allow-key-reuse
Installing public key...
Installing private key...
Installing device ID...
HOST REGISTERED This host has been registered as "local.phacility.net" and a trusted keypair has been installed.
epriestley@orbital ~/dev/phabricator $
```

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D11700

epriestley 57f1ab70 74ea5923

+10 -6
+10 -6
src/applications/almanac/management/AlmanacManagementRegisterWorkflow.php
··· 115 115 } 116 116 } 117 117 118 - list($raw_public_key) = execx('ssh-keygen -y -f %s', $private_key_path); 118 + // NOTE: We're writing the private key here so we can change permissions 119 + // on it without causing weird side effects to the file specified with 120 + // the `--private-key` flag. The file needs to have restrictive permissions 121 + // before `ssh-keygen` will willingly operate on it. 122 + $tmp_private = new TempFile(); 123 + Filesystem::changePermissions($tmp_private, 0600); 124 + execx('chown %s %s', $phd_user, $tmp_private); 125 + Filesystem::writeFile($tmp_private, $raw_private_key); 126 + 127 + list($raw_public_key) = execx('ssh-keygen -y -f %s', $tmp_private); 119 128 120 129 $key_object = PhabricatorAuthSSHPublicKey::newFromRawKey($raw_public_key); 121 130 ··· 173 182 $console->writeOut( 174 183 "%s\n", 175 184 pht('Installing private key...')); 176 - 177 - $tmp_private = new TempFile(); 178 - Filesystem::changePermissions($tmp_private, 0600); 179 - execx('chown %s %s', $phd_user, $tmp_private); 180 - Filesystem::writeFile($tmp_private, $raw_private_key); 181 185 execx('mv -f %s %s', $tmp_private, $stored_private_path); 182 186 183 187 $raw_device = $device_name;