setup-ssh: fix updating of authorized_keys

Due to what seems like a bug (or inconsistency) in paramiko, files
opened with a+ over SFTP need a seek() in order for the user to be able
to read data from them. We implement this, and rely on the fact that we
do iterate over all lines before writing and that the file is opened in
append mode (which at least on Linux should work correctly).

Signed-off-by: Iustin Pop <iustin@google.com>
Reviewed-by: Michael Hanselmann <hansmi@google.com>

diff --git a/tools/setup-ssh b/tools/setup-ssh
index b7a56c5..e5a512b 100755 (executable)
--- a/tools/setup-ssh
+++ b/tools/setup-ssh
@@ -137,6 +137,14 @@ def SetupSSH(transport):
 
   authorized_keys = sftp.open(auth_keys, "a+")
   try:
+    # Due to the way SFTPFile and BufferedFile are implemented,
+    # opening in a+ mode and then issuing a read(), readline() or
+    # iterating over the file (which uses read() internally) will see
+    # an empty file, since the paramiko internal file position and the
+    # OS-level file-position are desynchronized; therefore, we issue
+    # an explicit seek to resynchronize these; writes should (note
+    # should) still go to the right place
+    authorized_keys.seek(0, 0)
     # We don't have to close, as the close happened already in AddAuthorizedKey
     utils.AddAuthorizedKey(authorized_keys, filemap[pub_key][0])
   finally: