Move key setup to configure hook to work around errors.

lhartung · lhartung · commit e47d37b8309b · 2018-09-17T11:23:38.000-05:00
diff --git a/snap/hooks/configure b/snap/hooks/configure
@@ -2,12 +2,17 @@
 
 import configparser
 import os
+import stat
 import subprocess
 
 
 SNAP_COMMON = os.environ['SNAP_COMMON']
 SETTINGS_FILE = "settings.ini"
 
+KEY_DIR_NAME = "keys"
+PRIVATE_KEY_FILE = "node.key"
+PUBLIC_KEY_FILE = "node.pub"
+
 # List of settings to apply.  Each item is a tuple:
 # (snap option, ini section, name).
 #
@@ -33,7 +38,29 @@ SETTINGS = [
 ]
 
 
-if __name__ == "__main__":
+def prepare_ssh_key():
+    key_dir = os.path.join(SNAP_COMMON, KEY_DIR_NAME)
+    if not os.path.isdir(key_dir):
+        os.mkdir(key_dir)
+
+    private_key_path = os.path.join(key_dir, PRIVATE_KEY_FILE)
+    if not os.path.isfile(private_key_path):
+        cmd = ["openssl", "genrsa", "-out", private_key_path, "4096"]
+        subprocess.call(cmd)
+
+        os.chmod(private_key_path, stat.S_IRUSR)
+
+    public_key_path = os.path.join(key_dir, PUBLIC_KEY_FILE)
+    if not os.path.isfile(public_key_path):
+        cmd = ["ssh-keygen", "-y", "-f", private_key_path]
+        result = subprocess.check_output(cmd)
+        pubkey = result.decode('ascii', 'ignore').strip()
+
+        with open(public_key_path, "w") as output:
+            output.write(pubkey)
+
+
+def prepare_settings_file():
     path = os.path.join(SNAP_COMMON, SETTINGS_FILE)
 
     config = configparser.ConfigParser()
@@ -50,7 +77,8 @@ if __name__ == "__main__":
             result = subprocess.check_output(cmd)
             if len(result) > 0:
                 value = result.decode('ascii', 'ignore').strip()
-                config.set(section, name, value)
+                if len(value) > 0:
+                    config.set(section, name, value)
         except subprocess.CalledProcessError:
             pass
 
@@ -65,3 +93,8 @@ if __name__ == "__main__":
             config.write(output)
     except OSError as error:
         print(error)
+
+
+if __name__ == "__main__":
+    prepare_ssh_key()
+    prepare_settings_file()
diff --git a/snap/hooks/install b/snap/hooks/install
@@ -5,21 +5,11 @@
 # unless the snap is completely removed and reinstalled.
 #
 
-
-KEY_DIR="$SNAP_COMMON/keys"
-
-
-# Generate a private key for the node. This will be used for SSH access to git
-# repositories and other authentication purposes.
-if [ ! -f "$KEY_DIR/node.key" ]; then
-    mkdir -p "$KEY_DIR"
-
-    openssl genrsa -out "$KEY_DIR/node.key" 4096
-    chmod 400 "$KEY_DIR/node.key"
-
-    ssh-keygen -y -f "$KEY_DIR/node.key" >"$KEY_DIR/node.pub"
-fi
-
+# Warning: do not touch files or directories in the SNAP_COMMON directory using
+# this install script. Even though the install script would seem like a logical
+# place to initialize that directory, it seems to interact strangely with
+# snap's unique filesystem layout. I believe this was the cause of write
+# failures with a "read-only filesystem" error message.
 
 # Initialize snap settings.
 #
