71 lines
1.7 KiB
Ruby
71 lines
1.7 KiB
Ruby
|
module SystemCheck
|
||
|
module App
|
||
|
class GitUserDefaultSSHConfigCheck < SystemCheck::BaseCheck
|
||
|
# These files are allowed in the .ssh directory. The `config` file is not
|
||
|
# whitelisted as it may change the SSH client's behaviour dramatically.
|
||
|
WHITELIST = %w[
|
||
|
authorized_keys
|
||
|
authorized_keys.lock
|
||
|
authorized_keys2
|
||
|
known_hosts
|
||
|
].freeze
|
||
|
|
||
|
set_name 'Git user has default SSH configuration?'
|
||
|
set_skip_reason 'skipped (git user is not present / configured)'
|
||
|
|
||
|
def skip?
|
||
|
!home_dir || !File.directory?(home_dir)
|
||
|
end
|
||
|
|
||
|
def check?
|
||
|
forbidden_files.empty?
|
||
|
end
|
||
|
|
||
|
def show_error
|
||
|
backup_dir = "~/gitlab-check-backup-#{Time.now.to_i}"
|
||
|
|
||
|
instructions = forbidden_files.map do |filename|
|
||
|
"sudo mv #{Shellwords.escape(filename)} #{backup_dir}"
|
||
|
end
|
||
|
|
||
|
try_fixing_it("mkdir #{backup_dir}", *instructions)
|
||
|
for_more_information('doc/ssh/README.md in section "SSH on the GitLab server"')
|
||
|
fix_and_rerun
|
||
|
end
|
||
|
|
||
|
private
|
||
|
|
||
|
def git_user
|
||
|
Gitlab.config.gitlab.user
|
||
|
end
|
||
|
|
||
|
def home_dir
|
||
|
return @home_dir if defined?(@home_dir)
|
||
|
|
||
|
@home_dir =
|
||
|
begin
|
||
|
File.expand_path("~#{git_user}")
|
||
|
rescue ArgumentError
|
||
|
nil
|
||
|
end
|
||
|
end
|
||
|
|
||
|
def ssh_dir
|
||
|
return nil unless home_dir
|
||
|
|
||
|
File.join(home_dir, '.ssh')
|
||
|
end
|
||
|
|
||
|
def forbidden_files
|
||
|
@forbidden_files ||=
|
||
|
begin
|
||
|
present = Dir[File.join(ssh_dir, '*')]
|
||
|
whitelisted = WHITELIST.map { |basename| File.join(ssh_dir, basename) }
|
||
|
|
||
|
present - whitelisted
|
||
|
end
|
||
|
end
|
||
|
end
|
||
|
end
|
||
|
end
|