After adding a new key with
ssh-keygen -C '' -N '' -f ssh_host_ed25519_key -t ed25519
And making propellor aware of this with the property
Ssh.hostKeys "myhost" [ (SshEd25519, "ssh-ed25519 ...") ]
and running
cat ssh_host_ed25519_key | propellor --set 'SshPrivKey SshEd25519 ""' 'myhost'
propellor --spin myhost
I got the following error in my auth.log:
error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
after adding a newline at the end of /etc/ssh/ssh_host_ed25519_key, everything works well...
Is that a bug in propellor?
If you look at
setPrivDataTo
, it explicitly chomps all trailing newlines from the value. I think that I did that because it's easy to accidentially add a newline you don't want when eg, pasting in a password.So, one solution might be to make --set --from-file load a file into privdata as-is. But, that seems like complication; you'd need to remember when to use it.
I think it's better for the ssh property (and any other affected properties) to be changed, to add a final newline to the value from privdata when one is missing. Does this problem only affect ed25519 keys, or others too? Only private keys or also public?
I am currently extremely busy, so a patch would be great.
I'm not sure for the other key types, it affects ed25519 private keys (but not public keys), and apparently not rsa keys... But I'm not sure what other properties (present or future) would be affected: that seems like an ugly hack :(.
Why not just removing the chomping stuff from setPrivDataTo? Pasting a password, pressing , and then <ctrl-D> is obviously different from pasting a password and pressing <ctrl-D>. Maybe another solution would be to print a warning with this information ("do not press " before <ctrl-D> unless you want to have a newline in your privdata")?
I've fixed this bug. I thought about adding a type based validation when privdata is being set, but in the end decided against it for a couple reasons:
Instead, I settled on making PrivData a newtype, and adding some accessor functions for it:
This helps document the issue, and like
lines "a"
is the same aslines "a\n"
, using privDataLines will give the same result whether the trailing newline was chomped or not. So, propellor no longer removes trailing newlines when the user is inputting privdata.The ssh property is adjusted to use privDataLines and add a trailing newline when writing files, and problem solved.