[MediaWiki-commits] [Gerrit] operations/puppet[production]: Fix failing keyholder arming check

Tue, 24 Jan 2017 15:15:40 -0800 

Dzahn has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/312947 )

Change subject: Fix failing keyholder arming check
......................................................................


Fix failing keyholder arming check

The latest version of openssh-client no longer stores or outputs the
key filenames along with the ssh public-key fingerprint as part of
ssh-add -l.

This changes the keyholder check script to just compare public key
fingerprints rather than private-key filenames.

Bug: T154943
Change-Id: Ic6784e505d4734a725bda2a278745cf53575c11f
---
M modules/keyholder/files/check_keyholder
1 file changed, 4 insertions(+), 2 deletions(-)

Approvals:
  Paladox: Looks good to me, but someone else must approve
  Alex Monk: Looks good to me, but someone else must approve
  Muehlenhoff: Looks good to me, but someone else must approve
  Hashar: Looks good to me, but someone else must approve
  20after4: Looks good to me, but someone else must approve
  jenkins-bot: Verified
  Dzahn: Looks good to me, approved



diff --git a/modules/keyholder/files/check_keyholder 
b/modules/keyholder/files/check_keyholder
index 448d645..2361ddf 100755
--- a/modules/keyholder/files/check_keyholder
+++ b/modules/keyholder/files/check_keyholder
@@ -5,12 +5,14 @@
 
 configured_keys() {
   # Get a sorted list of all key files in /etc/keyholder.d
-  /usr/bin/find /etc/keyholder.d -type f -not -name '*.pub' 2>/dev/null | 
/usr/bin/sort
+  for key in /etc/keyholder.d/*.pub; do
+      /usr/bin/ssh-keygen -l -f "$key" | /usr/bin/cut -d' ' -f2 2>/dev/null;
+  done | sort
 }
 
 active_keys() {
   # Get a sorted list of all keys currently represented by the agent.
-  /usr/bin/ssh-add -l 2>/dev/null | /usr/bin/cut -d' ' -f 3 | /usr/bin/sort
+  /usr/bin/ssh-add -l 2>/dev/null | /usr/bin/cut -d' ' -f 2 | /usr/bin/sort
 }
 
 [ -S "$SSH_AUTH_SOCK" ] || {

-- 
To view, visit https://gerrit.wikimedia.org/r/312947
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Ic6784e505d4734a725bda2a278745cf53575c11f
Gerrit-PatchSet: 3
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Thcipriani <tcipri...@wikimedia.org>
Gerrit-Reviewer: 20after4 <mmod...@wikimedia.org>
Gerrit-Reviewer: Alex Monk <kren...@gmail.com>
Gerrit-Reviewer: Dzahn <dz...@wikimedia.org>
Gerrit-Reviewer: Hashar <has...@free.fr>
Gerrit-Reviewer: Muehlenhoff <mmuhlenh...@wikimedia.org>
Gerrit-Reviewer: Ori.livneh <o...@wikimedia.org>
Gerrit-Reviewer: Paladox <thomasmulhall...@yahoo.com>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to