gluon-authorized-keys: add unauthorized_keys to remove access

2022-12-13 22:40:23 +01:00 · 2022-12-13 22:40:23 +01:00 · c4ab768f4b
commit c4ab768f4b
parent 1780bafafc
2 changed files with 12 additions and 1 deletions
--- a/package/gluon-authorized-keys/check_site.lua
+++ b/package/gluon-authorized-keys/check_site.lua
@ -1 +1,2 @@
 need_string_array(in_site({'authorized_keys'}))
+need_string_array(in_site({'unauthorized_keys'}), false)
--- a/package/gluon-authorized-keys/luasrc/lib/gluon/upgrade/100-authorized-keys
+++ b/package/gluon-authorized-keys/luasrc/lib/gluon/upgrade/100-authorized-keys
@ -4,6 +4,7 @@ local site = require 'gluon.site'
 local file = '/etc/dropbear/authorized_keys'

 local keys = {}
+local rm_keys = {}

 local function load_keys()
 	for line in io.lines(file) do
@ -11,12 +12,21 @@ local function load_keys()
 	end
 end

+for _, key in ipairs(site.unauthorized_keys({})) do
+	rm_keys[key] = true
+end
+
 pcall(load_keys)

-local f = io.open(file, 'a')
+local f = io.open(file, 'w')
 for _, key in ipairs(site.authorized_keys()) do
 	if not keys[key] then
 		f:write(key .. '\n')
 	end
 end
+for key, _ in pairs(keys) do
+	if not rm_keys[key] then
+		f:write(key .. '\n')
+	end
+end
 f:close()