summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorelijah <elijah@riseup.net>2016-07-03 23:24:47 -0700
committerelijah <elijah@riseup.net>2016-07-03 23:24:47 -0700
commitd05f00bf405e9c0f4f6431ba923e7b4001de9cb6 (patch)
tree2824b20f960808f806210a437334e435918ad741 /lib
parent88412ea2079d29fdc3390b17e7621724ef6520a6 (diff)
bugfix: work-around for problem with upload file permissions (#8235)
Diffstat (limited to 'lib')
-rw-r--r--lib/leap_cli/ssh/backend.rb23
-rw-r--r--lib/leap_cli/ssh/scripts.rb8
2 files changed, 27 insertions, 4 deletions
diff --git a/lib/leap_cli/ssh/backend.rb b/lib/leap_cli/ssh/backend.rb
index 67c6ec9a..80203b61 100644
--- a/lib/leap_cli/ssh/backend.rb
+++ b/lib/leap_cli/ssh/backend.rb
@@ -4,6 +4,7 @@
# common exceptions.
#
+require 'stringio'
require 'timeout'
require 'sshkit'
require 'leap_cli/ssh/formatter'
@@ -97,6 +98,28 @@ module LeapCli
@scripts ||= LeapCli::SSH::Scripts.new(self, @host.hostname)
end
+ #
+ # sshkit just passes upload! and download! to Net::SCP, but Net::SCP
+ # make it impossible to set the file permissions. Here is how the mode
+ # is determined, from upload.rb:
+ #
+ # mode = channel[:stat] ? channel[:stat].mode & 07777 : channel[:options][:mode]
+ #
+ # The stat info from the file always overrides the mode you pass in options.
+ # However, the channel[:options][:mode] will be applied for pure in-memory
+ # uploads. So, if the mode is set, we convert the upload to be a memory
+ # upload instead of a file upload.
+ #
+ # Stupid, but blame Net::SCP.
+ #
+ def upload!(src, dest, options={})
+ if options[:mode]
+ super(StringIO.new(File.read(src)), dest, options)
+ else
+ super(src, dest, options)
+ end
+ end
+
private
#
diff --git a/lib/leap_cli/ssh/scripts.rb b/lib/leap_cli/ssh/scripts.rb
index feefdd46..7b76285b 100644
--- a/lib/leap_cli/ssh/scripts.rb
+++ b/lib/leap_cli/ssh/scripts.rb
@@ -88,7 +88,7 @@ module LeapCli
def install_authorized_keys
ssh.log :updating, "authorized_keys" do
mkdirs '/root/.ssh'
- ssh.upload! LeapCli::Path.named_path(:authorized_keys), '/root/.ssh/authorized_keys', :mode => '600'
+ ssh.upload! LeapCli::Path.named_path(:authorized_keys), '/root/.ssh/authorized_keys', :mode => 0600
end
end
@@ -105,7 +105,7 @@ module LeapCli
def install_insecure_vagrant_key
ssh.log :installing, "insecure vagrant key" do
mkdirs '/root/.ssh'
- ssh.upload! LeapCli::Path.vagrant_ssh_pub_key_file, '/root/.ssh/authorized_keys2', :mode => '600'
+ ssh.upload! LeapCli::Path.vagrant_ssh_pub_key_file, '/root/.ssh/authorized_keys2', :mode => 0600
end
end
@@ -114,8 +114,8 @@ module LeapCli
node_init_path = File.join(bin_dir, 'node_init')
ssh.log :running, "node_init script" do
mkdirs bin_dir
- ssh.upload! LeapCli::Path.node_init_script, node_init_path, :mode => '500'
- ssh.stream node_init_path
+ ssh.upload! LeapCli::Path.node_init_script, node_init_path, :mode => 0700
+ ssh.stream node_init_path, :log_wrap => true
end
end