diff options
| author | Russell O'Connor <oconnorr@google.com> | 2015-04-28 21:28:16 +0000 |
|---|---|---|
| committer | Russell O'Connor <oconnorr@google.com> | 2015-05-29 19:53:58 +0000 |
| commit | 29b7d76ec81b1ba6536d72415a853ff596d7b6b2 (patch) | |
| tree | aab38aca385fd2d73a8106cef60e5195c761c8bc /nixos/modules/virtualisation/google-compute-image.nix | |
| parent | 4744e3541ad2308625afd1d0ac53329efd947e6a (diff) | |
Remove use of && in fetch-ssh-keys service.
Scripts are run with -e so will abort when a command fails.
Diffstat (limited to 'nixos/modules/virtualisation/google-compute-image.nix')
| -rw-r--r-- | nixos/modules/virtualisation/google-compute-image.nix | 60 |
1 files changed, 31 insertions, 29 deletions
diff --git a/nixos/modules/virtualisation/google-compute-image.nix b/nixos/modules/virtualisation/google-compute-image.nix index cdcd7e5a126c..fcc71773deac 100644 --- a/nixos/modules/virtualisation/google-compute-image.nix +++ b/nixos/modules/virtualisation/google-compute-image.nix @@ -143,42 +143,44 @@ in # When dealing with cryptographic keys, we want to keep things private. umask 077 # Don't download the SSH key if it has already been downloaded - if ! [ -e /root/.ssh/authorized_keys ]; then + if ! [ -s /root/.ssh/authorized_keys ]; then echo "obtaining SSH key..." mkdir -m 0700 -p /root/.ssh - AUTH_KEYS=$(${mktemp}) && { - ${wget} -O $AUTH_KEYS http://metadata.google.internal/0.1/meta-data/authorized-keys - if [ $? -eq 0 -a -e $AUTH_KEYS ]; then - KEY_PUB=$(${mktemp}) && { - cat $AUTH_KEYS | cut -d: -f2- > $KEY_PUB - if ! grep -q -f $KEY_PUB /root/.ssh/authorized_keys; then - cat $KEY_PUB >> /root/.ssh/authorized_keys - echo "new key added to authorized_keys" - fi - chmod 600 /root/.ssh/authorized_keys - rm -f $KEY_PUB - } - fi - rm -f $AUTH_KEYS - } + AUTH_KEYS=$(${mktemp}) + ${wget} -O $AUTH_KEYS http://metadata.google.internal/0.1/meta-data/authorized-keys + if [ -s $AUTH_KEYS ]; then + KEY_PUB=$(${mktemp}) + cat $AUTH_KEYS | cut -d: -f2- > $KEY_PUB + if ! grep -q -f $KEY_PUB /root/.ssh/authorized_keys; then + cat $KEY_PUB >> /root/.ssh/authorized_keys + echo "New key added to authorized_keys." + fi + chmod 600 /root/.ssh/authorized_keys + rm -f $KEY_PUB + else + echo "Downloading http://metadata.google.internal/0.1/meta-data/authorized-keys failed." + false + fi + rm -f $AUTH_KEYS fi countKeys=0 ${flip concatMapStrings config.services.openssh.hostKeys (k : let kName = baseNameOf k.path; in '' - PRIV_KEY=$(${mktemp}) && { - echo "trying to obtain SSH private host key ${kName}" - ${wget} -O $PRIV_KEY http://metadata.google.internal/0.1/meta-data/attributes/${kName} && : - if [ $? -eq 0 -a -e $PRIV_KEY ]; then - countKeys=$((countKeys+1)) - mv -f $PRIV_KEY ${k.path} - echo "downloaded ${k.path}" - chmod 600 ${k.path} - ${config.programs.ssh.package}/bin/ssh-keygen -y -f ${k.path} > ${k.path}.pub - chmod 644 ${k.path}.pub - fi - rm -f $PRIV_KEY - } + PRIV_KEY=$(${mktemp}) + echo "trying to obtain SSH private host key ${kName}" + ${wget} -O $PRIV_KEY http://metadata.google.internal/0.1/meta-data/attributes/${kName} && : + if [ $? -eq 0 -a -s $PRIV_KEY ]; then + countKeys=$((countKeys+1)) + mv -f $PRIV_KEY ${k.path} + echo "Downloaded ${k.path}" + chmod 600 ${k.path} + ${config.programs.ssh.package}/bin/ssh-keygen -y -f ${k.path} > ${k.path}.pub + chmod 644 ${k.path}.pub + else + echo "Downloading http://metadata.google.internal/0.1/meta-data/attributes/${kName} failed." + fi + rm -f $PRIV_KEY '' )} |