Learn more about these different git repos.
Other Git URLs
As soon as someone creates a project or delete one, the authorized_keys file is truncated by gitolite until someone edits any authorized_keys or the admin click regenerate (aka, Pagure regenerates the authorized_keys file).
I think that gitolite is also trying to do The Right Thing by creating the authorized_keys file, but we don't provide it with the info to do so.
Either we should just call a regenerate_authorized_keys after calling gitolite config compile, or we should make sure to provide the list of authorized keys to gitolite, and just replace the regenerate_authorized_keys with another call to gitolite config compile.
Any idea which info we are not providing? AFAIK keys are placed in the right location where gitolite expects them.
Oh, I thought we wrote authorized_keys ourselves, but it seems that when regenerating the gitolite ACL, we do not give it the authorized keylist (which it will regenerate).
I have been able to reproduce the issue by creating a new project and having any non-admins try to ssh into it (their key will be removed).
We do write the authorized_keys file ourself when there is a key change, but we also write the key in the keydir, so I don't know what's missing for gitolite.
So the problem turned out to be that we also wrote a trailing \n in the file in the keydir, which makes gitolite ignore it. Fix is in PR#367.
Merged
Login to comment on this ticket.