Changeset View
Changeset View
Standalone View
Standalone View
src/applications/auth/sshkey/PhabricatorAuthSSHPublicKey.php
Show First 20 Lines • Show All 93 Lines • ▼ Show 20 Lines | final class PhabricatorAuthSSHPublicKey extends Phobject { | ||||
public function getHash() { | public function getHash() { | ||||
$body = $this->getBody(); | $body = $this->getBody(); | ||||
$body = trim($body); | $body = trim($body); | ||||
$body = rtrim($body, '='); | $body = rtrim($body, '='); | ||||
return PhabricatorHash::digestForIndex($body); | return PhabricatorHash::digestForIndex($body); | ||||
} | } | ||||
public function getEntireKey() { | |||||
$key = $this->type.' '.$this->body; | |||||
if (strlen($this->comment)) { | |||||
$key = $key.' '.$this->comment; | |||||
} | |||||
return $key; | |||||
} | |||||
public function toPCKS8() { | |||||
// TODO: Put a cache in front of this. | |||||
$tmp = new TempFile(); | |||||
Filesystem::writeFile($tmp, $this->getEntireKey()); | |||||
list($pem_key) = execx( | |||||
'ssh-keygen -e -m pcks8 -f %s', | |||||
$tmp); | |||||
epriestley: The big messy issue here is that this doesn't work on OSX because `ssh-keygen` fails. We only… | |||||
Not Done Inline ActionsI know 3ish Mac OSX developers... :D I think it would be neat if we had some command like bin/almanac gen-and-prime-ssh-key <public-key> this command should fatal horribly on mac osx, letting you know it won't work, and then otherwise it should kind of collapse steps 2 and 3 from above. btrahan: I know 3ish Mac OSX developers... :D I think it would be neat if we had some command like… | |||||
Not Done Inline Actionswell, I meant fail horribly if the server is mac osx; clients can be whatever. btrahan: well, I meant fail horribly if the server is mac osx; clients can be whatever. | |||||
unset($tmp); | |||||
return $pem_key; | |||||
} | |||||
} | } |
The big messy issue here is that this doesn't work on OSX because ssh-keygen fails. We only need to do this on the host, so it's not a huge issue (you can still sign requests on an OSX client, and it's unlikely that anyone will want to deploy OSX host clusters too soon, so maybe this will get fixed by then). It does make testing on an OSX host a big pain, though.
My plan to partly reduce that is: