From 0efcb334c2f123d0869a30d684189eb31e8b983f Mon Sep 17 00:00:00 2001 From: Gusted Date: Sat, 30 Sep 2023 22:16:47 +0200 Subject: [PATCH] [GITEA] Make atomic ssh keys replacement robust - After stumbling upon https://github.com/golang/go/issues/22397 and reading the implementations I realized that Forgejo code doesn't have `Sync()` and it doesn't properly error handle the `Close` function. - (likely) Resolves https://codeberg.org/forgejo/forgejo/issues/1446 --- models/asymkey/ssh_key_authorized_keys.go | 7 ++++++- models/asymkey/ssh_key_authorized_principals.go | 7 ++++++- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/models/asymkey/ssh_key_authorized_keys.go b/models/asymkey/ssh_key_authorized_keys.go index 77803d6709..6a1efb5efe 100644 --- a/models/asymkey/ssh_key_authorized_keys.go +++ b/models/asymkey/ssh_key_authorized_keys.go @@ -169,7 +169,12 @@ func RewriteAllPublicKeys() error { return err } - t.Close() + if err := t.Sync(); err != nil { + return err + } + if err := t.Close(); err != nil { + return err + } return util.Rename(tmpPath, fPath) } diff --git a/models/asymkey/ssh_key_authorized_principals.go b/models/asymkey/ssh_key_authorized_principals.go index 592196c255..79915df7b5 100644 --- a/models/asymkey/ssh_key_authorized_principals.go +++ b/models/asymkey/ssh_key_authorized_principals.go @@ -92,7 +92,12 @@ func RewriteAllPrincipalKeys(ctx context.Context) error { return err } - t.Close() + if err := t.Sync(); err != nil { + return err + } + if err := t.Close(); err != nil { + return err + } return util.Rename(tmpPath, fPath) }