Remove use of && in fetch-ssh-keys service.

Scripts are run with -e so will abort when a command fails.
2015-04-28 21:28:16 +00:00 · 2015-04-28 21:28:16 +00:00 · 29b7d76ec8
parent 4744e3541a
commit 29b7d76ec8
1 changed files with 31 additions and 29 deletions
--- a/nixos/modules/virtualisation/google-compute-image.nix
+++ b/nixos/modules/virtualisation/google-compute-image.nix
@ -143,42 +143,44 @@ in
          # When dealing with cryptographic keys, we want to keep things private.
          umask 077
          # Don't download the SSH key if it has already been downloaded
-          if ! [ -e /root/.ssh/authorized_keys ]; then
+          if ! [ -s /root/.ssh/authorized_keys ]; then
              echo "obtaining SSH key..."
              mkdir -m 0700 -p /root/.ssh
-              AUTH_KEYS=$(${mktemp}) && {
+              AUTH_KEYS=$(${mktemp})
-                ${wget} -O $AUTH_KEYS http://metadata.google.internal/0.1/meta-data/authorized-keys
+              ${wget} -O $AUTH_KEYS http://metadata.google.internal/0.1/meta-data/authorized-keys
-                if [ $? -eq 0 -a -e $AUTH_KEYS ]; then
+              if [ -s $AUTH_KEYS ]; then
-                    KEY_PUB=$(${mktemp}) && {
+                  KEY_PUB=$(${mktemp})
-                      cat $AUTH_KEYS | cut -d: -f2- > $KEY_PUB
+                  cat $AUTH_KEYS | cut -d: -f2- > $KEY_PUB
-                      if ! grep -q -f $KEY_PUB /root/.ssh/authorized_keys; then
+                  if ! grep -q -f $KEY_PUB /root/.ssh/authorized_keys; then
-                          cat $KEY_PUB >> /root/.ssh/authorized_keys
+                      cat $KEY_PUB >> /root/.ssh/authorized_keys
-                          echo "new key added to authorized_keys"
+                      echo "New key added to authorized_keys."
-                      fi
+                  fi
-                      chmod 600 /root/.ssh/authorized_keys
+                  chmod 600 /root/.ssh/authorized_keys
-                      rm -f $KEY_PUB
+                  rm -f $KEY_PUB
-                    }
+              else
-                fi
+                  echo "Downloading http://metadata.google.internal/0.1/meta-data/authorized-keys failed."
-                rm -f $AUTH_KEYS
+                  false
-              }
+              fi
              rm -f $AUTH_KEYS
          fi
          countKeys=0
          ${flip concatMapStrings config.services.openssh.hostKeys (k :
            let kName = baseNameOf k.path; in ''
-              PRIV_KEY=$(${mktemp}) && {
+              PRIV_KEY=$(${mktemp})
-                echo "trying to obtain SSH private host key ${kName}"
+              echo "trying to obtain SSH private host key ${kName}"
-                ${wget} -O $PRIV_KEY http://metadata.google.internal/0.1/meta-data/attributes/${kName} && :
+              ${wget} -O $PRIV_KEY http://metadata.google.internal/0.1/meta-data/attributes/${kName} && :
-                if [ $? -eq 0 -a -e $PRIV_KEY ]; then
+              if [ $? -eq 0 -a -s $PRIV_KEY ]; then
-                    countKeys=$((countKeys+1))
+                  countKeys=$((countKeys+1))
-                    mv -f $PRIV_KEY ${k.path}
+                  mv -f $PRIV_KEY ${k.path}
-                    echo "downloaded ${k.path}"
+                  echo "Downloaded ${k.path}"
-                    chmod 600 ${k.path}
+                  chmod 600 ${k.path}
-                    ${config.programs.ssh.package}/bin/ssh-keygen -y -f ${k.path} > ${k.path}.pub
+                  ${config.programs.ssh.package}/bin/ssh-keygen -y -f ${k.path} > ${k.path}.pub
-                    chmod 644 ${k.path}.pub
+                  chmod 644 ${k.path}.pub
-                fi
+              else
-                rm -f $PRIV_KEY
+                  echo "Downloading http://metadata.google.internal/0.1/meta-data/attributes/${kName} failed."
-              }
+              fi
              rm -f $PRIV_KEY
            ''
          )}