Run ssh-keygen in a temporary directory (#65)

JuliaDocs · Sep 14, 2022 · 3937ab5 · 3937ab5 · mortenpi · Sep 14, 2022
1 parent da698c1
commit 3937ab5
Show file tree

Hide file tree

Showing 3 changed files with 48 additions and 23 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,9 @@
 # DocumenterTools.jl changelog
 
+## Version `v0.1.16`
+
+* ![Bugfix][badge-bugfix] DocumenterTools now runs `ssh-keygen` in a temporary directory (rather than current working directory), avoiding issues with filesystem permissions or existing files. ([#64][github-64], [#65][github-65])
+
 ## Version `v0.1.15`
 
 * Declare compatibility with DocStringExtensions 0.9. ([#59][github-59])
@@ -91,6 +95,8 @@ Maintenance release declaring compatibility with Documenter 0.25. ([#39][github-
 [github-54]: https://github.com/JuliaDocs/DocumenterTools.jl/pull/54
 [github-55]: https://github.com/JuliaDocs/DocumenterTools.jl/pull/55
 [github-56]: https://github.com/JuliaDocs/DocumenterTools.jl/pull/56
+[github-64]: https://github.com/JuliaDocs/DocumenterTools.jl/issues/64
+[github-65]: https://github.com/JuliaDocs/DocumenterTools.jl/pull/65
 
 
 [badge-breaking]: https://img.shields.io/badge/BREAKING-red.svg

diff --git a/Project.toml b/Project.toml
@@ -1,6 +1,6 @@
 name = "DocumenterTools"
 uuid = "35a29f4d-8980-5a13-9543-d66fff28ecb8"
-version = "0.1.15"
+version = "0.1.16"
 
 [deps]
 AbstractTrees = "1520ce14-60c1-5f80-bbc7-55ef81b5835c"

diff --git a/src/genkeys.jl b/src/genkeys.jl
@@ -58,28 +58,47 @@ function genkeys(; user="\$USER", repo="\$REPO")
     isfile("$(filename).pub") && error("temporary file '$(filename).pub' already exists in working directory")
 
     # Generate the ssh key pair.
-    success(`$(sshkeygen) -N "" -C Documenter -m PEM -f $filename`) || error("failed to generate a SSH key pair.")
-
-    # Prompt user to add public key to github then remove the public key.
-    let url = "https://github.com/$user/$repo/settings/keys"
-        @info """
-        add the public key below to $url with read and write access
-        the title can be left empty as GitHub can infer it from the key comment
-        """
-        println("\n", read("$filename.pub", String))
-        rm("$filename.pub")
-    end
-
-    # Base64 encode the private key and prompt user to add it to travis. The key is
-    # *not* encoded for the sake of security, but instead to make it easier to
-    # copy/paste it over to travis without having to worry about whitespace.
-    let travis_url = "https://travis-ci.com/$user/$repo/settings",
-        github_url = "https://github.com/$user/$repo/settings/secrets"
-        @info("add a secure environment variable named 'DOCUMENTER_KEY' to " *
-              "$(travis_url) (if you deploy using Travis CI) or " *
-              "$(github_url) (if you deploy using GitHub Actions) with value:")
-        println("\n", base64encode(read(filename, String)), "\n")
-        rm(filename)
+    mktempdir() do path
+        cd(path) do
+            cmd = `$(sshkeygen) -N "" -C Documenter -m PEM -f $filename`
+            out, err = IOBuffer(), IOBuffer()
+            try
+                run(pipeline(cmd, stdout=out, stderr=err))
+
+                # Prompt user to add public key to github then remove the public key.
+                let url = "https://github.com/$user/$repo/settings/keys"
+                    @info """
+                    add the public key below to $url with read and write access
+                    the title can be left empty as GitHub can infer it from the key comment
+                    """
+                    println("\n", read("$filename.pub", String))
+                end
+
+                # Base64 encode the private key and prompt user to add it to travis. The key is
+                # *not* encoded for the sake of security, but instead to make it easier to
+                # copy/paste it over to travis without having to worry about whitespace.
+                let travis_url = "https://travis-ci.com/$user/$repo/settings",
+                    github_url = "https://github.com/$user/$repo/settings/secrets"
+                    @info("add a secure environment variable named 'DOCUMENTER_KEY' to " *
+                        "$(travis_url) (if you deploy using Travis CI) or " *
+                        "$(github_url) (if you deploy using GitHub Actions) with value:")
+                    println("\n", base64encode(read(filename, String)), "\n")
+                end
+            catch e
+                @error """
+                Failed to generate a SSH key pair.
+                > stdout from ssh-keygen:
+                $(String(take!(out)))
+                > stderr from ssh-keygen:
+                $(String(take!(err)))
+                """ isfile(filename) isfile("$(filename).pub") exception = (e, catch_backtrace())
+                rethrow(e)
+            finally
+                # mktempdir() should clean up the the files, but just in case..
+                rm(filename, force=true)
+                rm("$(filename).pub", force=true)
+            end
+        end
     end
 end