deac/gitolite
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

compile: better message when authkeys absent

Browse source 
for security reasons, we refuse to create ~/.ssh/authorized_keys if it doesn't
exist.  Explain this better and point to the documentation
This commit is contained in:
Sitaram Chamarty 2009-09-17 10:39:13 +05:30 committed by Sitaram Chamarty
parent f54c6c7a52
commit fde9708cbf
2 changed files with 9 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
doc/2-admin.mkd
View file

@ -29,7 +29,9 @@
familiar with ssh and authkeys etc. If so, please read up at least familiar with ssh and authkeys etc. If so, please read up at least
[this](http://sitaramc.github.com/0-installing/9-gitolite-basics.html#IMPORTANT_overview_of_ssh), [this](http://sitaramc.github.com/0-installing/9-gitolite-basics.html#IMPORTANT_overview_of_ssh),
and preferably also the man pages for sshd and sshd\_config, to make and preferably also the man pages for sshd and sshd\_config, to make
sure you understand the security implications of what you are doing sure you understand the security implications of what you are doing.
Once you have understood that, create at least an empty
`~/.ssh/authorized_keys` file before proceeding to the next step
* cd to `$GL_ADMINDIR` and run `src/gl-compile-conf` * cd to `$GL_ADMINDIR` and run `src/gl-compile-conf`

9
src/gl-compile-conf
View file

@ -46,7 +46,7 @@ our ($GL_ADMINDIR, $GL_CONF, $GL_KEYDIR, $GL_CONF_COMPILED, $REPO_BASE);
# now that this thing *may* be run via "push to admin", any errors have to # now that this thing *may* be run via "push to admin", any errors have to
# grab the admin's ATTENTION so he won't miss them among the other messages a # grab the admin's ATTENTION so he won't miss them among the other messages a
# typical push generates # typical push generates
my $ATTN = "\n\t\t***** ERROR ***** "; my $ATTN = "\n\t\t***** ERROR *****\n ";
my $glrc = $ENV{HOME} . "/.gitolite.rc"; my $glrc = $ENV{HOME} . "/.gitolite.rc";
die "$ATTN parse $glrc failed: " . ($! or $@) unless do $glrc; die "$ATTN parse $glrc failed: " . ($! or $@) unless do $glrc;
@ -75,7 +75,8 @@ sub wrap_chdir {
} }
sub wrap_open { sub wrap_open {
open (my $fh, $_[0], $_[1]) or die "$ATTN open $_[1] failed: $! at ", (caller)[1], " line ", (caller)[2], "\n"; open (my $fh, $_[0], $_[1]) or die "$ATTN open $_[1] failed: $! at ", (caller)[1], " line ", (caller)[2], "\n" .
( $_[2] || '' ); # suffix custom error message if given
return $fh; return $fh;
} }
@ -203,7 +204,9 @@ for my $repo (keys %repos)
# "compile" ssh authorized_keys # "compile" ssh authorized_keys
# ---------------------------------------------------------------------------- # ----------------------------------------------------------------------------
my $authkeys_fh = wrap_open( "<", $ENV{HOME} . "/.ssh/authorized_keys" ); my $authkeys_fh = wrap_open( "<", $ENV{HOME} . "/.ssh/authorized_keys",
"\tFor security reasons, gitolite will not *create* this file if it does\n" .
"\tnot already exist. Please see the \"admin\" document for details\n");
my $newkeys_fh = wrap_open( ">", $ENV{HOME} . "/.ssh/new_authkeys" ); my $newkeys_fh = wrap_open( ">", $ENV{HOME} . "/.ssh/new_authkeys" );
# save existing authkeys minus the GL-added stuff # save existing authkeys minus the GL-added stuff
while (<$authkeys_fh>) while (<$authkeys_fh>)