diff options
author | Robert Speicher <robert@gitlab.com> | 2016-08-10 19:14:33 +0000 |
---|---|---|
committer | Robert Speicher <robert@gitlab.com> | 2016-08-10 19:14:33 +0000 |
commit | 1e3d15a71ed49a932c6539d1e783b5948f31192e (patch) | |
tree | e2b6d99a4a2c8c052f7bde59f061f46b1eda3413 | |
parent | 0b73855f1b83818683f5a1de83090bb043a51616 (diff) | |
parent | 6e4ada2e9e215256dffffc20ec14960c1bbf17e9 (diff) | |
download | gitlab-shell-1e3d15a71ed49a932c6539d1e783b5948f31192e.tar.gz |
Merge branch 'permissions-create-keys' into 'master'
Update the keys permission check to open the file in write mode.
That way the file is created if it does not exist.
This will help simplify the check being running from omnibus. Currently we create the authorized_keys, file in omnibus. We want to instead have omnibus call check-permissions as the git user, to get around nfs root_squash issues with the authorized_keys file.
See merge request !83
-rw-r--r-- | lib/gitlab_keys.rb | 4 | ||||
-rw-r--r-- | spec/gitlab_keys_spec.rb | 7 |
2 files changed, 9 insertions, 2 deletions
diff --git a/lib/gitlab_keys.rb b/lib/gitlab_keys.rb index d4c4102..eb359f8 100644 --- a/lib/gitlab_keys.rb +++ b/lib/gitlab_keys.rb @@ -106,7 +106,7 @@ class GitlabKeys end def check_permissions - open_auth_file('r+') { true } + open_auth_file(File::RDWR | File::CREAT) { true } rescue => ex puts "error: could not open #{auth_file}: #{ex}" if File.exist?(auth_file) @@ -132,7 +132,7 @@ class GitlabKeys def lock_file @lock_file ||= auth_file + '.lock' end - + def open_auth_file(mode) open(auth_file, mode, 0600) do |file| file.chmod(0600) diff --git a/spec/gitlab_keys_spec.rb b/spec/gitlab_keys_spec.rb index adff6b4..d944278 100644 --- a/spec/gitlab_keys_spec.rb +++ b/spec/gitlab_keys_spec.rb @@ -183,6 +183,13 @@ describe GitlabKeys do gitlab_keys.should_receive(:open_auth_file).and_raise("imaginary error") expect(gitlab_keys.exec).to eq(false) end + + it 'creates the keys file if it does not exist' do + create_authorized_keys_fixture + FileUtils.rm(tmp_authorized_keys_path) + expect(gitlab_keys.exec).to eq(true) + expect(File.exist?(tmp_authorized_keys_path)).to eq(true) + end end describe :exec do |