Cleanup ssh authorized keys types

Optimize file creations, deletions and writes. Resolve #829.
2021-03-17 22:32:26 +01:00 · 2021-03-17 22:32:26 +01:00 · e1c5263c37
commit e1c5263c37
parent 17a9a86588
1 changed files with 45 additions and 23 deletions
--- a/cdist/conf/type/__ssh_authorized_keys/gencode-remote
+++ b/cdist/conf/type/__ssh_authorized_keys/gencode-remote
@ -24,9 +24,6 @@ state="$(cat "$__object/parameter/state" 2>/dev/null)"
 file="$(cat "$__object/explorer/file")"
 keys_file="$__object/explorer/keys"

-temp_file="${file}.tmp"
-work_file="${temp_file}.work"
-
 _type_and_key() {
    echo "$1" | tr ' ' '\n' | awk '/^(ssh|ecdsa)-[^ ]+/ { printf $1" "; getline; printf $1 }'
 }
@ -50,8 +47,18 @@ _gen_key_entry() {
    printf '\n'
 }

+
 cat << DONE
-cp -f "${file}" "${temp_file}"
+new_keys=\$(mktemp ${file}.cdist.XXXXXXXXXX)
+patterns=\$(mktemp ${file}.cdist.XXXXXXXXXX)
+
+tmpfile=\$(mktemp ${file}.cdist.XXXXXXXXXX)
+
+# preserve ownership and permissions of existing file
+if [ -f "${file}" ]
+then
+   cp -p "${file}" "\${tmpfile}"
+fi
 DONE

 while read -r key; do
@ -67,7 +74,7 @@ while read -r key; do

    # remove conflicting entries
    cat << DONE
-    grep -v "${type_and_key}\\([ \\n].*\\)*\$" "${temp_file}" > "${work_file}" || true
+echo '${type_and_key}\\([ \\\\n].*\\)*\$' >> "\${patterns}"
 DONE

    entry="$(_gen_key_entry "${key}")"
@ -77,15 +84,13 @@ DONE
            # escape single quotes
            _line_sanitised=$(echo "${entry}" | sed -e "s/'/'\"'\"'/g")
            cat << DONE
-            printf "%s\\n" "${_line_sanitised}" >> "${work_file}"
-            mv -f "${work_file}" "${temp_file}"
+printf "%s\\n" "${_line_sanitised}" >> "\${new_keys}"
 DONE
            echo "added to ${file} (${entry})" >> "$__messages_out"
        ;;
        absent)
            cat << DONE
-            grep -v "${entry}" "${work_file}" > "${temp_file}" || true
-            rm -f "${work_file}"
+echo "${entry}" >> "\${patterns}"
 DONE
            echo "removed from ${file} (${entry})" >> "$__messages_out"
        ;;
@ -94,8 +99,19 @@ done < "$__object/parameter/key"

 set --
 cat << DONE
-set --
+if [ -s "\${patterns}" ] && [ -f "${file}" ]
+then
+    grep -v -f "\${patterns}" "${file}" > "\${tmpfile}" || true
+fi
+if [ -s "\${new_keys}" ]
+then
+    cat "\${new_keys}" >> "\${tmpfile}"
+fi
+
+rm -f "\${patterns}"
+rm -f "\${new_keys}"
 DONE
+
 if [ -f "$__object/parameter/remove-unknown" ] && [ -s "${keys_file}" ]
 then
    while read -r key
@ -107,23 +123,29 @@ then
            continue
        fi

-        # build grep -e patterns
-        set -- "\$@" "-e" "${key}"
+        # build grep patterns
        cat << DONE
-        set -- "\$@" "-e" "${key}"
+echo "${key}" >> "\${patterns}"
 DONE
    done < "${keys_file}"
-
-    # if no pattern then nothing to remove
-    if [ $# -gt 0 ]
-    then
-        cat << DONE
-        grep -v -F -x "\$@" "${temp_file}" > "${work_file}" || true
-        mv -f "${work_file}" "${temp_file}"
-DONE
-    fi
 fi

 cat << DONE
-mv -f "${temp_file}" "${file}"
+if [ -s "\${patterns}" ] && [ -f "${file}" ]
+then
+    newfile=\$(mktemp ${file}.cdist.XXXXXXXXXX)
+    # preserve ownership and permissions of existing file
+    if [ -f "${file}" ]; then
+       cp -p "${file}" "\${newfile}"
+    fi
+
+    grep -v -F -x -f "\${patterns}" "\${tmpfile}" > "\${newfile}" || true
+    mv -f "\${newfile}" "${file}"
+    rm -f "\${tmpfile}"
+else
+    mv -f "\${tmpfile}" "${file}"
+fi
+
+rm -f "\${patterns}"
+rm -f "\${new_keys}"
 DONE