From 0d2766282f4ec43ffc9cbcb90fae886d898bf22f Mon Sep 17 00:00:00 2001 From: Patrick Uiterwijk Date: Aug 27 2015 00:09:35 +0000 Subject: Fix authorized_keys file creation Explanation is in the comments in the commit, but a short recap: gitolite when creating an authorized_keys file, will ignore any keyfiles that have more then a single line in them: "WARNING: keydir/.pub does not contain exactly 1 line; ignoring". So instead if relying only on gitolite to do this, we do it manually, since we do want people to be able to add multiple keys to their account. We do however also update the files in the keydir used by gitolite, so that if for some reason our regeneration fails, we at least have the first keys for users installed, which will likely be enough for the majority of users. Signed-off-by: Patrick Uiterwijk --- diff --git a/pagure/__init__.py b/pagure/__init__.py index 25531ff..befecc5 100644 --- a/pagure/__init__.py +++ b/pagure/__init__.py @@ -190,6 +190,10 @@ def generate_gitolite_acls(): stderr=subprocess.PIPE, cwd=gitolite_folder ) + # We need to do this because gitolite will also try to recreate the authorized_keys + # file, but it will ignore any keyfiles with more then a single line. So it will + # never create a authorized_keys file with more than one key for any single user. + generate_authorized_key_file() def generate_gitolite_key(user, key): # pragma: no cover @@ -199,7 +203,14 @@ def generate_gitolite_key(user, key): # pragma: no cover if gitolite_keydir: keyfile = os.path.join(gitolite_keydir, '%s.pub' % user) with open(keyfile, 'w') as stream: - stream.write(key + '\n') + # If we do more then one line, gitolite will ignore the key file. + # Symptom: WARNING: keydir/.pub does not contain exactly 1 line; ignoring + # Let us make sure we at least have the users first key in there until + # we manually recreate the authorized_keys file (should happen almost + # the same time, but to prevent issues in the most trivial case where + # a user just has a single key, we also use the gitolite system as + # fallback). + stream.write(key.split('\n')[0]) def generate_authorized_key_file(): # pragma: no cover