Sovran_Systems/Sovran_SystemsOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore: use flock for ssh bootstrap repair

Browse Source
This commit is contained in:
copilot-swe-agent[bot]
2026-06-24 22:16:44 +00:00
committed by GitHub
parent 31abf40722
commit 7f975bc4f1
1 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/core/ssh-bootstrap.nix
+7 -7
View File
@@ -39,20 +39,20 @@ lib.mkIf userExists {
Type = "oneshot";
RemainAfterExit = true;
};
path = [ pkgs.openssh pkgs.coreutils ];
path = [ pkgs.openssh pkgs.coreutils pkgs.util-linux ];
script = ''
set -eu
PASSPHRASE=$(cat /var/lib/secrets/ssh-passphrase)
lock_dir="${keyPath}.lock"
lock_file="${keyPath}.lock"
if ! mkdir "$lock_dir"; then
exec 9>"$lock_file"
if ! flock -n 9; then
echo "Factory SSH key setup is already running." >&2
exit 1
fi
trap 'rmdir "$lock_dir"' EXIT
generate_factory_key() {
ssh-keygen -q -N "$PASSPHRASE" -t ed25519 -f "${keyPath}"
chown ${userName}:users "${keyPath}" "${keyPath}.pub"
@@ -63,8 +63,7 @@ lib.mkIf userExists {
if [ ! -f "${keyPath}" ]; then
generate_factory_key
elif ! ssh-keygen -y -P "$PASSPHRASE" -f "${keyPath}" >/dev/null 2>&1; then
echo "Existing factory SSH key does not match current passphrase; backing it up and generating a replacement."
backup_suffix=$(date -u +%Y%m%d_%H%M%S)
backup_suffix="$(date -u +%Y%m%d_%H%M%S)-$$"
backup_path="${keyPath}.bak-$backup_suffix"
backup_index=0
@@ -73,6 +72,7 @@ lib.mkIf userExists {
backup_path="${keyPath}.bak-$backup_suffix-$backup_index"
done
echo "Existing factory SSH key does not match current passphrase; backing it up to $backup_path and generating a replacement."
mv "${keyPath}" "$backup_path"
if [ -f "${keyPath}.pub" ]; then