From 3f109bb6aed1fae0c1690feec708c8e770b08278 Mon Sep 17 00:00:00 2001 From: Jameson Rollins Date: Mon, 18 Oct 2010 18:21:55 -0400 Subject: cleanup update_known_hosts * don't update if unchanged * proper trap setting * cleanup comments --- src/share/m/update_known_hosts | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/src/share/m/update_known_hosts b/src/share/m/update_known_hosts index 58cf78a..a031118 100644 --- a/src/share/m/update_known_hosts +++ b/src/share/m/update_known_hosts @@ -32,36 +32,33 @@ update_known_hosts() { || failure "Unable to create known_hosts file '$KNOWN_HOSTS'" fi - # check permissions on the known_hosts file path check_key_file_permissions $(whoami) "$KNOWN_HOSTS" \ || failure "Bad permissions governing known_hosts file '$KNOWN_HOSTS'" - # create a lockfile on known_hosts: lock create "$KNOWN_HOSTS" - # make temp file + # FIXME: we're discarding any pre-existing EXIT trap; is this bad? + trap "lock remove $KNOWN_HOSTS" EXIT + tmpFile=$(mktemp "${KNOWN_HOSTS}.monkeysphere.XXXXXX") - # FIXME: we're discarding any pre-existing EXIT trap; is this bad? trap "lock remove $KNOWN_HOSTS; rm -f $tmpFile" EXIT for host ; do FILE_TYPE='known_hosts' process_keys_for_file "$tmpFile" "ssh://${host}" - # touch the lockfile, for good measure. lock touch "$KNOWN_HOSTS" done - # note if the authorized_keys file was updated if [ "$(file_hash "$KNOWN_HOSTS")" != "$(file_hash "$tmpFile")" ] ; then + mv -f "$tmpFile" "$KNOWN_HOSTS" log debug "known_hosts file updated." + else + rm -f "$tmpFile" fi - mv -f "$tmpFile" "$KNOWN_HOSTS" - # remove the lockfile and the trap lock remove "$KNOWN_HOSTS" - # remove the trap trap - EXIT } @@ -69,7 +66,6 @@ update_known_hosts() { process_known_hosts() { local hosts - # exit if the known_hosts file does not exist if [ ! -e "$KNOWN_HOSTS" ] ; then failure "known_hosts file '$KNOWN_HOSTS' does not exist." fi -- cgit v1.2.3