Skip to content

Delete Public SSH Key tmp file after calculating fingerprint#1855

Merged
lunny merged 5 commits into
go-gitea:masterfrom
dnmgns:cleanup_pubkey_tmp
Jun 8, 2017
Merged

Delete Public SSH Key tmp file after calculating fingerprint#1855
lunny merged 5 commits into
go-gitea:masterfrom
dnmgns:cleanup_pubkey_tmp

Conversation

@dnmgns

@dnmgns dnmgns commented Jun 2, 2017
edited
Loading

Copy link
Copy Markdown
Contributor

When using LDAP User Synchronization (#1478) with LDAP Public SSH Keys synchronization (#1844), the public key fingerprint calculation might be running with a quite high frequency.

As the tmp-files for calculating public key fingerprint is not deleted, the system could end up with lots of public tmp files causing inode issue and running out of disk space.

This PR addresses this issue by cleaning up the tmp file after the fingerprint has been calculated.

@dnmgns
Delete public key tmp file after calculating fingerprint
2a1b51e 
Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
@dnmgns dnmgns mentioned this pull request Jun 2, 2017
Merged
@sapk

sapk commented Jun 4, 2017

Copy link
Copy Markdown
Member

LGTM
overall we should use ssh-keygen -lf - and pass keycontent in those cases. This will limit write for performance and maybe preserve some fragile fs like sd card (ex: rpi)

@tboerger tboerger added the lgtm/need 1 This PR needs approval from one additional maintainer to be merged. label Jun 4, 2017
lafriks
lafriks reviewed Jun 4, 2017
View reviewed changes

@lafriks lafriks left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It should be after check for error as on error writeTmpKeyFile will return empty string.

@lunny lunny added this to the 1.2.0 milestone Jun 5, 2017
@dnmgns
Move line
0d0f6e4 
Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
@dnmgns

dnmgns commented Jun 5, 2017

Copy link
Copy Markdown
Contributor Author

@lafriks - Yeah, nice catch. And if writeTmpKeyFile returns an empty string, there's no file to remove. The defer statement will cause the remove to run even if empty string is returned, thus I guess it's better to put it right before the last return statement and remove the defer statement.

@dnmgns
Remove defer statement
0cecf3e 
Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
sapk
sapk reviewed Jun 5, 2017
View reviewed changes
Comment thread models/ssh_key.go Outdated
} else if len(stdout) < 2 {
return "", errors.New("not enough output for calculating fingerprint: " + stdout)
}
os.Remove(tmpPath)

@sapk sapk Jun 5, 2017
edited
Loading

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You should still use defer before executing ssh-keygen (after checking empty string) since if the check failed the file is not removed otherwise.

@lafriks lafriks Jun 5, 2017

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See SSHKeyGenParsePublicKey on where to place defer remove

lafriks
lafriks requested changes Jun 5, 2017
View reviewed changes
Comment thread models/ssh_key.go Outdated
} else if len(stdout) < 2 {
return "", errors.New("not enough output for calculating fingerprint: " + stdout)
}
os.Remove(tmpPath)

@lafriks lafriks Jun 5, 2017

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See SSHKeyGenParsePublicKey on where to place defer remove

@dnmgns
Readd defer statement and move remove
f84bc06 
Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
@dnmgns

dnmgns commented Jun 7, 2017

Copy link
Copy Markdown
Contributor Author

Thanks guys! @lafriks @sapk

@dnmgns
Delete space
b03b204 
Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
@lafriks

lafriks commented Jun 7, 2017

Copy link
Copy Markdown
Member

LGTM

@tboerger tboerger added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Jun 7, 2017
@lunny lunny merged commit ff74241 into go-gitea:master Jun 8, 2017
@lunny lunny added the type/enhancement An improvement of existing functionality label Aug 25, 2017
@go-gitea go-gitea locked and limited conversation to collaborators Nov 23, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@lafriks lafriks lafriks approved these changes

+1 more reviewer

@sapk sapk sapk left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. type/enhancement An improvement of existing functionality

Projects

None yet

Milestone

1.2.0

Development

Successfully merging this pull request may close these issues.

5 participants

@dnmgns @sapk @lafriks @lunny @tboerger