Merge pull request #1873 from kubiko/console-conf-use-ready-fingerprints

console_conf: identity: use prepared fingerprints

console_conf/controllers/identity.py

@@ -21,6 +21,7 @@ import shlex
 import sys
 
 from console_conf.ui.views import IdentityView, LoginView
+from subiquitycore import snap
 from subiquitycore.snapd import SnapdConnection
 from subiquitycore.ssh import get_ips_standalone, host_key_info
 from subiquitycore.tuicontroller import TuiController
@@ -102,7 +103,7 @@ Personalize your account at https://login.ubuntu.com.
 """
 
 
-def write_login_details(fp, username, ips):
+def write_login_details(fp, username, ips, state_dir=None):
     sshcommands = "\n"
     for ip in ips:
         sshcommands += "    ssh %s@%s\n" % (username, ip)
@@ -116,10 +117,11 @@ def write_login_details(fp, username, ips):
         )
     else:
         first_ip = ips[0]
+        key_info = host_key_info(runtime_state_dir=state_dir)
         fp.write(
             login_details_tmpl.format(
                 sshcommands=sshcommands,
-                host_key_info=host_key_info(),
+                host_key_info=key_info,
                 tty_name=tty_name,
                 first_ip=first_ip,
                 version=version,
@@ -142,7 +144,13 @@ def write_login_details_standalone():
     if owner is None:
         print("device managed without user @ {}".format(", ".join(ips)))
     else:
-        write_login_details(sys.stdout, owner["username"], ips)
+        if snap.is_snap() and snap.is_snap_strictly_confined():
+            # normally this is set by the application context, but here we are
+            # executing standalone
+            runtime_state = os.path.join("/run", snap.snap_name())
+        else:
+            runtime_state = None
+        write_login_details(sys.stdout, owner["username"], ips, state_dir=runtime_state)
     return 0
 
 
@@ -190,7 +198,9 @@ class IdentityController(TuiController):
         for dev in net_model.get_all_netdevs():
             ips.extend(dev.actual_global_ip_addresses)
         with open(login_details_path, "w") as fp:
-            write_login_details(fp, result["username"], ips)
+            write_login_details(
+                fp, result["username"], ips, state_dir=self.app.state_dir
+            )
         self.login()
 
     def cancel(self):

subiquitycore/ssh.py

@@ -16,6 +16,7 @@
 import logging
 import os
 import pwd
+from pathlib import Path
 
 from subiquitycore.utils import run_command
 
@@ -76,7 +77,20 @@ The {keytype} host key fingerprint is:
 )
 
 
-def host_key_info():
+def host_key_info(runtime_state_dir=None):
+    if runtime_state_dir:
+        # host fingerprints information may have already been prepared by the
+        # platform glue
+        host_fingerprints = Path(runtime_state_dir) / "host-fingerprints.txt"
+        log.debug(
+            "pre-made host finterprints %s present: %s",
+            host_fingerprints,
+            host_fingerprints.is_file(),
+        )
+        if host_fingerprints.is_file():
+            with open(host_fingerprints, "r") as fp:
+                return fp.read()
+
     return summarize_host_keys(host_key_fingerprints())
 
 

subiquitycore/tests/test_ssh.py

@@ -0,0 +1,53 @@
+# Copyright 2024 Canonical, Ltd.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+import os.path
+import tempfile
+import unittest
+from unittest.mock import patch
+
+from subiquitycore import ssh
+
+
+class TestSSH(unittest.TestCase):
+    @patch(
+        "subiquitycore.ssh.host_key_fingerprints",
+        return_value=[("key1-type", "key1-value"), ("key2-type", "key2-value")],
+    )
+    def test_host_key_info_premade(self, hkf):
+        # premade fingerprints are present
+        with tempfile.TemporaryDirectory(suffix="subiquity-ssh") as td:
+            fpfile = os.path.join(td, "host-fingerprints.txt")
+            with open(fpfile, "w") as outf:
+                outf.write("mock host fingerprints")
+
+            # fingerprints are pulled from the pre-made file
+            self.assertEqual(
+                ssh.host_key_info(runtime_state_dir=td), "mock host fingerprints"
+            )
+
+            # but are pulled from the system if the file is not there
+            os.remove(fpfile)
+            self.assertIn(
+                "key1-type key1-value", ssh.host_key_info(runtime_state_dir=td)
+            )
+
+    @patch(
+        "subiquitycore.ssh.host_key_fingerprints",
+        return_value=[("key1-type", "key1-value"), ("key2-type", "key2-value")],
+    )
+    def test_host_key_info_query(self, hkf):
+        self.assertIn("key1-type key1-value", ssh.host_key_info())
+        self.assertIn("key2-type key2-value", ssh.host_key_info())