From 0f406dc4d2a440b6109f07223f387bd11e2e7e80 Mon Sep 17 00:00:00 2001 From: Gusted Date: Sat, 30 Sep 2023 22:16:47 +0200 Subject: [PATCH] [GITEA] Make atomic ssh keys replacement robust - After stumbling upon https://github.com/golang/go/issues/22397 and reading the implementations I realized that Forgejo code doesn't have `Sync()` and it doesn't properly error handle the `Close` function. - (likely) Resolves https://codeberg.org/forgejo/forgejo/issues/1446 (cherry picked from commit 0efcb334c2f123d0869a30d684189eb31e8b983f) (cherry picked from commit 04ef02c0dd98c7437acb39383d311c0901366508) (cherry picked from commit 85f2065c9bc6ded9c21909ec76a9e8fc2d22f462) (cherry picked from commit 8d36b5cce66864e190bad3c9b0973e37ca774a22) --- models/asymkey/ssh_key_authorized_keys.go | 7 ++++++- models/asymkey/ssh_key_authorized_principals.go | 7 ++++++- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/models/asymkey/ssh_key_authorized_keys.go b/models/asymkey/ssh_key_authorized_keys.go index f0a3a77eaf..4c9cc1deab 100644 --- a/models/asymkey/ssh_key_authorized_keys.go +++ b/models/asymkey/ssh_key_authorized_keys.go @@ -169,7 +169,12 @@ func RewriteAllPublicKeys(ctx context.Context) error { return err } - t.Close() + if err := t.Sync(); err != nil { + return err + } + if err := t.Close(); err != nil { + return err + } return util.Rename(tmpPath, fPath) } diff --git a/models/asymkey/ssh_key_authorized_principals.go b/models/asymkey/ssh_key_authorized_principals.go index 592196c255..79915df7b5 100644 --- a/models/asymkey/ssh_key_authorized_principals.go +++ b/models/asymkey/ssh_key_authorized_principals.go @@ -92,7 +92,12 @@ func RewriteAllPrincipalKeys(ctx context.Context) error { return err } - t.Close() + if err := t.Sync(); err != nil { + return err + } + if err := t.Close(); err != nil { + return err + } return util.Rename(tmpPath, fPath) }