thaloco/banger
1
Fork 0
Code Pull requests Releases Packages Activity Actions

config: put the default SSH key under the state dir, not ConfigDir/ssh

Browse source 
Bug: every daemon Open deleted the freshly-generated default SSH key
before returning, so the next VM create failed reading it.

Sequence:
  1. Open → config.Load → resolveSSHKeyPath generates
     ~/.config/banger/ssh/id_ed25519
  2. Open → ensureVMSSHClientConfig → syncVMSSHClientConfig scrubs
     ~/.config/banger/ssh entirely as a migration step for the
     pre-opt-in layout (commit 108f7a0)

The scrub was added for a file that used to live at
ConfigDir/ssh/ssh_config, but it os.RemoveAll'd the whole
ConfigDir/ssh dir — including the id_ed25519 the key generator had
just put there.

Fix: point the default key at layout.SSHDir (a StateDir-rooted path
that paths.Ensure already creates). The scrub can keep cleaning up
ConfigDir/ssh because nothing banger writes under it anymore.

Users whose ssh_key_path is explicitly set in config.toml are
unaffected — configured wins. Users on the default path will get a
fresh key at StateDir/ssh/id_ed25519 on their next daemon Open;
existing VMs' authorized_keys re-sync on next start/create through
ensureAuthorizedKeyOnWorkDisk, so no manual intervention is needed
beyond restarting the daemon.

Regression test pins the new placement and asserts the legacy path
stays empty.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Thales Maciel 2026-04-22 14:29:34 -03:00
parent 80ae4d6667
commit ebe651762f
No known key found for this signature in database
GPG key ID: 33112E6833C34679
4 changed files with 25 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

11
internal/config/config.go
View file

@ -260,7 +260,16 @@ func resolveSSHKeyPath(layout paths.Layout, configured string) (string, error) {
if configured != "" {
return configured, nil
}
return ensureDefaultSSHKey(filepath.Join(layout.ConfigDir, "ssh", "id_ed25519"))
// Key lives under the state dir, not the config dir. The daemon's
// ensureVMSSHClientConfig scrubs ConfigDir/ssh on every Open as
// part of migrating off the pre-state-dir layout — putting the
// default key there would race with that cleanup (create → delete
// → next VM create fails to read the key).
sshDir := strings.TrimSpace(layout.SSHDir)
if sshDir == "" {
sshDir = filepath.Join(layout.StateDir, "ssh")
}
return ensureDefaultSSHKey(filepath.Join(sshDir, "id_ed25519"))
}
func ensureDefaultSSHKey(path string) (string, error) {