Merge f9b0b6266f into ed36f1456f

2023-05-06 11:35:30 +02:00 · 2023-05-06 11:35:30 +02:00 · a40d881b45
commit a40d881b45
parent ed36f1456f f9b0b6266f
3 changed files with 22 additions and 1 deletions
--- a/docs/features/authorized-keys.rst
+++ b/docs/features/authorized-keys.rst
@ -13,3 +13,13 @@ If you select this package, add a list of authorized keys to ``site.conf`` like
    ...
 Existing keys in ``/etc/dropbear/authorized_keys`` will be preserved.
 If you want to remove specific keys in the future, specify them like this:::
  {
    unauthorized_keys = { 'ssh-rsa AAA.... user1@host',
                          'ssh-rsa AAA.... user2@host' },
    authorized_keys = { 'ssh-rsa AAA.... user3@host',
                        'ssh-rsa AAA.... user4@host' },
    hostname_prefix = ...
    ...
--- a/package/gluon-authorized-keys/check_site.lua
+++ b/package/gluon-authorized-keys/check_site.lua
@ -1 +1,2 @@
 need_string_array(in_site({'authorized_keys'}))
 need_string_array(in_site({'unauthorized_keys'}), false)
--- a/package/gluon-authorized-keys/luasrc/lib/gluon/upgrade/100-authorized-keys
+++ b/package/gluon-authorized-keys/luasrc/lib/gluon/upgrade/100-authorized-keys
@ -4,6 +4,7 @@ local site = require 'gluon.site'
 local file = '/etc/dropbear/authorized_keys'
 local keys = {}
 local rm_keys = {}
 local function load_keys()
 	for line in io.lines(file) do
@ -11,12 +12,21 @@ local function load_keys()
 	end
 end
 for _, key in ipairs(site.unauthorized_keys({})) do
 	rm_keys[key] = true
 end
 pcall(load_keys)
-local f = io.open(file, 'a')
+local f = io.open(file, 'w')
 for _, key in ipairs(site.authorized_keys()) do
 	if not keys[key] then
 		f:write(key .. '\n')
 	end
 end
 for key, _ in pairs(keys) do
 	if not rm_keys[key] then
 		f:write(key .. '\n')
 	end
 end
 f:close()
`@ -1 +1,2 @@`
	`need_string_array(in_site({'authorized_keys'}))`	`need_string_array(in_site({'authorized_keys'}))`
		`need_string_array(in_site({'unauthorized_keys'}), false)`