From 0738287dc4096d5209f94d12e57552c2e155c26d Mon Sep 17 00:00:00 2001
From: Patrick Uiterwijk <puiterwijk@redhat.com>
Date: Sep 30 2016 13:22:38 +0000
Subject: Check SSH keys before writing them out


This is needed because Gitolite will abort all ACL and keyfile regeneration
if there is a single invalid key in its keydir.

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>

---

diff --git a/pagure/lib/__init__.py b/pagure/lib/__init__.py
index 8473bd1..0364bc5 100644
--- a/pagure/lib/__init__.py
+++ b/pagure/lib/__init__.py
@@ -25,6 +25,7 @@ import markdown
 import os
 import shutil
 import tempfile
+import subprocess
 import urlparse
 import uuid
 
@@ -181,6 +182,18 @@ def search_user(session, username=None, email=None, token=None, pattern=None):
     return output
 
 
+def is_valid_ssh_key(key):
+    key = key.strip()
+    if not key:
+        return None
+    proc = subprocess.Popen(['/usr/bin/ssh-keygen', '-l', '-f', '-'],
+                            stdin=subprocess.PIPE,
+                            stdout=subprocess.PIPE,
+                            stderr=subprocess.PIPE)
+    proc.communicate(key)
+    return proc.returncode == 0
+
+
 def create_user_ssh_keys_on_disk(user, gitolite_keydir):
     ''' Create the ssh keys for the user on the specific folder.
 
@@ -211,6 +224,8 @@ def create_user_ssh_keys_on_disk(user, gitolite_keydir):
         for i in range(len(keys)):
             if not keys[i]:
                 continue
+            if not is_valid_ssh_key(keys[i]):
+                continue
             keyline_dir = os.path.join(gitolite_keydir, 'keys_%i' % i)
             if not os.path.exists(keyline_dir):
                 os.mkdir(keyline_dir)