Commit 634a9a35 authored by Iustin Pop's avatar Iustin Pop

setup-ssh: fix updating of authorized_keys

Due to what seems like a bug (or inconsistency) in paramiko, files
opened with a+ over SFTP need a seek() in order for the user to be able
to read data from them. We implement this, and rely on the fact that we
do iterate over all lines before writing and that the file is opened in
append mode (which at least on Linux should work correctly).
Signed-off-by: default avatarIustin Pop <iustin@google.com>
Reviewed-by: default avatarMichael Hanselmann <hansmi@google.com>
parent 3dc66ebc
......@@ -137,6 +137,14 @@ def SetupSSH(transport):
authorized_keys = sftp.open(auth_keys, "a+")
try:
# Due to the way SFTPFile and BufferedFile are implemented,
# opening in a+ mode and then issuing a read(), readline() or
# iterating over the file (which uses read() internally) will see
# an empty file, since the paramiko internal file position and the
# OS-level file-position are desynchronized; therefore, we issue
# an explicit seek to resynchronize these; writes should (note
# should) still go to the right place
authorized_keys.seek(0, 0)
# We don't have to close, as the close happened already in AddAuthorizedKey
utils.AddAuthorizedKey(authorized_keys, filemap[pub_key][0])
finally:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment