Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Refactor SSH init code, fix directory creation for TrustedUserCAKeys file #20299

Merged
merged 5 commits into from
Jul 10, 2022

Conversation

wxiaoguang
Copy link
Contributor

@wxiaoguang wxiaoguang commented Jul 9, 2022

Follow #20289

In #20289, the ~/.ssh is not created automatically, but that PR is not ideal: indeed, only the GlobalInitInstalled function should prepare the SSH files for external server or starts the builtin server.

This PR should make the logic clear and reduce some dependencies between modules.

Major changes:

  1. trustedUserCaKeys is removed, use SSH.TrustedUserCAKeys directly, it has been parsed by ini module correctly
  2. introduce ssh.Init, move the SSH init code from routers/init.go to it
  3. ssh.Init will start builtin SSH server or prepare external SSH server files

This PR could also to be considered as a bug fix for #20289, otherwise the os.WriteFile(fname/*ca file*/, might fail.

And a strange FIXME:

  • FIXME: why 0o644 for a directory ..... os.MkdirAll(setting.SSH.KeyTestPath, 0o644)

@wxiaoguang wxiaoguang added type/bug type/refactoring Existing code has been cleaned up. There should be no new functionality. labels Jul 9, 2022
@wxiaoguang wxiaoguang added this to the 1.18.0 milestone Jul 9, 2022
modules/ssh/init.go Outdated Show resolved Hide resolved
@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Jul 9, 2022
modules/ssh/init.go Outdated Show resolved Hide resolved
@GiteaBot GiteaBot added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels Jul 9, 2022
@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Jul 10, 2022
@codecov-commenter
Copy link

Codecov Report

Merging #20299 (c3b347e) into main (711cbcc) will decrease coverage by 0.00%.
The diff coverage is 47.24%.

@@            Coverage Diff             @@
##             main   #20299      +/-   ##
==========================================
- Coverage   46.91%   46.91%   -0.01%     
==========================================
  Files         973      976       +3     
  Lines      134721   135007     +286     
==========================================
+ Hits        63204    63334     +130     
- Misses      63768    63911     +143     
- Partials     7749     7762      +13     
Impacted Files Coverage Δ
cmd/dump_repo.go 0.00% <0.00%> (ø)
cmd/restore_repo.go 0.00% <0.00%> (ø)
models/issues/issue_project.go 30.00% <0.00%> (-2.24%) ⬇️
models/unittest/testdb.go 14.38% <0.00%> (-1.59%) ⬇️
models/user/user.go 51.54% <0.00%> (-2.81%) ⬇️
modules/indexer/code/elastic_search.go 1.12% <0.00%> (ø)
modules/markup/html.go 35.67% <0.00%> (-0.05%) ⬇️
modules/markup/markdown/toc.go 0.00% <0.00%> (ø)
modules/migration/null_downloader.go 31.42% <0.00%> (ø)
modules/setting/i18n.go 100.00% <ø> (ø)
... and 78 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update a9e66cf...c3b347e. Read the comment docs.

@lunny lunny merged commit 27e2def into go-gitea:main Jul 10, 2022
@wxiaoguang wxiaoguang deleted the ssh-init branch July 10, 2022 12:51
wxiaoguang added a commit to wxiaoguang/gitea that referenced this pull request Jul 10, 2022
…file (go-gitea#20299)

* Refactor SSH init code, fix directory creation for TrustedUserCAKeys file

* Update modules/ssh/init.go

Co-authored-by: zeripath <[email protected]>

* fix lint copyright

* Update modules/ssh/init.go

Co-authored-by: zeripath <[email protected]>
Co-authored-by: Lunny Xiao <[email protected]>
@wxiaoguang wxiaoguang added backport/done All backports for this PR have been created backport/v1.17 labels Jul 10, 2022
zjjhot added a commit to zjjhot/gitea that referenced this pull request Jul 11, 2022
* giteaofficial/main:
  [skip ci] Updated translations via Crowdin
  Vertical align avatar at middle (go-gitea#20302)
  Changed scroll to auto for some UI elements. (go-gitea#20294)
  Add hint to GNUPGHOME environment variable (go-gitea#20134)
  Refactor SSH init code, fix directory creation for TrustedUserCAKeys file (go-gitea#20299)
  [skip ci] Updated translations via Crowdin
  Use dedicated draft PR icon when possible (go-gitea#20303)
  Update goldmark (go-gitea#20300)
  Do not create empty ".ssh" directory when loading config (go-gitea#20289)
wxiaoguang added a commit that referenced this pull request Jul 11, 2022
…file (#20299) (#20306)

Backport #20299. Follow #20298. Only the `GlobalInitInstalled` function should prepare the SSH files for external server or starts the builtin server.
* `trustedUserCaKeys` is removed, use `SSH.TrustedUserCAKeys` directly
* introduce `ssh.Init`, move the SSH init code from `routers/init.go` to it
* `ssh.Init` will start builtin SSH server or prepare external SSH server files
vsysoev pushed a commit to IntegraSDL/gitea that referenced this pull request Aug 10, 2022
…file (go-gitea#20299)

* Refactor SSH init code, fix directory creation for TrustedUserCAKeys file

* Update modules/ssh/init.go

Co-authored-by: zeripath <[email protected]>

* fix lint copyright

* Update modules/ssh/init.go

Co-authored-by: zeripath <[email protected]>
Co-authored-by: Lunny Xiao <[email protected]>
zeripath pushed a commit that referenced this pull request Aug 20, 2022
The graceful manager waits for 4 listeners to be created or to be told that they are not needed. If it is not told about them it will indefinitely and timeout. 

This leads to SVC hosts not being told of being in the readyState but on Unix would lead to the termination of the process.

There was an unfortunate regression in #20299 which missed this subtly and in the case whereby SSH is disabled the `builtinUnused()` is not called.

This PR adds a call to `builtinUnused()` when not using the builtin ssh to allow `createServerWaitGroup.Done()` to be called. 

In addition it was noted that the if/else clauses for timeout informing of the SVC host were in the wrong order. These have been swapped.

Fix #20609
@wxiaoguang wxiaoguang mentioned this pull request Aug 21, 2022
wxiaoguang pushed a commit that referenced this pull request Aug 21, 2022
)

The graceful manager waits for 4 listeners to be created or to be told that they are not needed. If it is not told about them it will indefinitely and timeout. 

This leads to SVC hosts not being told of being in the readyState but on Unix would lead to the termination of the process.

There was an unfortunate regression in #20299 which missed this subtly and in the case whereby SSH is disabled the `builtinUnused()` is not called.

This PR adds a call to `builtinUnused()` when not using the builtin ssh to allow `createServerWaitGroup.Done()` to be called. 

In addition it was noted that the if/else clauses for timeout informing of the SVC host were in the wrong order. These have been swapped.

Fix #20609
vsysoev pushed a commit to IntegraSDL/gitea that referenced this pull request Aug 28, 2022
The graceful manager waits for 4 listeners to be created or to be told that they are not needed. If it is not told about them it will indefinitely and timeout. 

This leads to SVC hosts not being told of being in the readyState but on Unix would lead to the termination of the process.

There was an unfortunate regression in go-gitea#20299 which missed this subtly and in the case whereby SSH is disabled the `builtinUnused()` is not called.

This PR adds a call to `builtinUnused()` when not using the builtin ssh to allow `createServerWaitGroup.Done()` to be called. 

In addition it was noted that the if/else clauses for timeout informing of the SVC host were in the wrong order. These have been swapped.

Fix go-gitea#20609
@go-gitea go-gitea locked and limited conversation to collaborators May 3, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
backport/done All backports for this PR have been created lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. type/bug type/refactoring Existing code has been cleaned up. There should be no new functionality.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants