From d05f00bf405e9c0f4f6431ba923e7b4001de9cb6 Mon Sep 17 00:00:00 2001 From: elijah Date: Sun, 3 Jul 2016 23:24:47 -0700 Subject: bugfix: work-around for problem with upload file permissions (#8235) --- lib/leap_cli/ssh/backend.rb | 23 +++++++++++++++++++++++ lib/leap_cli/ssh/scripts.rb | 8 ++++---- 2 files changed, 27 insertions(+), 4 deletions(-) (limited to 'lib/leap_cli/ssh') diff --git a/lib/leap_cli/ssh/backend.rb b/lib/leap_cli/ssh/backend.rb index 67c6ec9a..80203b61 100644 --- a/lib/leap_cli/ssh/backend.rb +++ b/lib/leap_cli/ssh/backend.rb @@ -4,6 +4,7 @@ # common exceptions. # +require 'stringio' require 'timeout' require 'sshkit' require 'leap_cli/ssh/formatter' @@ -97,6 +98,28 @@ module LeapCli @scripts ||= LeapCli::SSH::Scripts.new(self, @host.hostname) end + # + # sshkit just passes upload! and download! to Net::SCP, but Net::SCP + # make it impossible to set the file permissions. Here is how the mode + # is determined, from upload.rb: + # + # mode = channel[:stat] ? channel[:stat].mode & 07777 : channel[:options][:mode] + # + # The stat info from the file always overrides the mode you pass in options. + # However, the channel[:options][:mode] will be applied for pure in-memory + # uploads. So, if the mode is set, we convert the upload to be a memory + # upload instead of a file upload. + # + # Stupid, but blame Net::SCP. + # + def upload!(src, dest, options={}) + if options[:mode] + super(StringIO.new(File.read(src)), dest, options) + else + super(src, dest, options) + end + end + private # diff --git a/lib/leap_cli/ssh/scripts.rb b/lib/leap_cli/ssh/scripts.rb index feefdd46..7b76285b 100644 --- a/lib/leap_cli/ssh/scripts.rb +++ b/lib/leap_cli/ssh/scripts.rb @@ -88,7 +88,7 @@ module LeapCli def install_authorized_keys ssh.log :updating, "authorized_keys" do mkdirs '/root/.ssh' - ssh.upload! LeapCli::Path.named_path(:authorized_keys), '/root/.ssh/authorized_keys', :mode => '600' + ssh.upload! LeapCli::Path.named_path(:authorized_keys), '/root/.ssh/authorized_keys', :mode => 0600 end end @@ -105,7 +105,7 @@ module LeapCli def install_insecure_vagrant_key ssh.log :installing, "insecure vagrant key" do mkdirs '/root/.ssh' - ssh.upload! LeapCli::Path.vagrant_ssh_pub_key_file, '/root/.ssh/authorized_keys2', :mode => '600' + ssh.upload! LeapCli::Path.vagrant_ssh_pub_key_file, '/root/.ssh/authorized_keys2', :mode => 0600 end end @@ -114,8 +114,8 @@ module LeapCli node_init_path = File.join(bin_dir, 'node_init') ssh.log :running, "node_init script" do mkdirs bin_dir - ssh.upload! LeapCli::Path.node_init_script, node_init_path, :mode => '500' - ssh.stream node_init_path + ssh.upload! LeapCli::Path.node_init_script, node_init_path, :mode => 0700 + ssh.stream node_init_path, :log_wrap => true end end -- cgit v1.2.3