Update host keys config so it can be fully overridden if necessary

pjcdawkins · pjcdawkins · commit 437ece904e21 · 2023-12-23T14:55:24.000Z
diff --git a/config-defaults.yaml b/config-defaults.yaml
@@ -288,10 +288,16 @@ api:
   # The timeout in seconds for a "git push" command. Set to null for no timeout.
   git_push_timeout: 3600
 
+ssh:
   # A file containing SSH host keys to install for the user.
-  # If a relative path is given, it is considered relative to the CLI source
-  # code root. Note this will need to be built into the Phar.
-  ssh_host_keys_file: resources/ssh/host-keys
+  # The filename is relative to the CLI root. Note it would need to be built
+  # into the Phar.
+  host_keys_file: resources/ssh/host-keys
+
+  # A list of SSH host keys to install for the user.
+  # They should be set as a string (one per line).
+  # If a "host_keys_file" is also specified, both will be used.
+  host_keys: ''
 
 # How the CLI detects and configures Git repositories as projects.
 detection:
diff --git a/src/Service/SshConfig.php b/src/Service/SshConfig.php
@@ -35,19 +35,21 @@ public function __construct(Config $config, Filesystem $fs, OutputInterface $out
      */
     public function configureHostKeys()
     {
-        $keysSourceFile = (string) $this->config->getWithDefault('api.ssh_host_keys_file', '');
-        if (!$keysSourceFile) {
-            return null;
-        }
-        if (!(new \Symfony\Component\Filesystem\Filesystem())->isAbsolutePath($keysSourceFile)) {
-            $keysSourceFile = CLI_ROOT . DIRECTORY_SEPARATOR . $keysSourceFile;
-        }
         $hostKeys = '';
-        if (file_exists($keysSourceFile)) {
-            $hostKeys = file_get_contents($keysSourceFile);
+        if ($hostKeysFile = $this->config->getWithDefault('ssh.host_keys_file', '')) {
+            $hostKeysFile = CLI_ROOT . DIRECTORY_SEPARATOR . $hostKeysFile;
+            $hostKeys = file_get_contents($hostKeysFile);
+            if ($hostKeys === false) {
+                trigger_error('Failed to load host keys file: ' . $hostKeysFile, E_USER_WARNING);
+                return null;
+            }
         }
-        if (!$hostKeys) {
-            return null;
+        if ($additionalKeys = $this->config->getWithDefault('ssh.host_keys', '')) {
+            if (!is_string($additionalKeys)) {
+                trigger_error('Invalid value for ssh.host_keys config (it must be a string)', E_USER_WARNING);
+                return null;
+            }
+            $hostKeys = rtrim($hostKeys, "\n") . "\n" . $additionalKeys;
         }
 
         // Write the keys.
