From 7fd7ba5aa15268623ae150468438f4f6b2bbd3a1 Mon Sep 17 00:00:00 2001
From: Nicolas Braud-Santoni <nicolas@braud-santoni.eu>
Date: Sun, 11 Sep 2016 23:38:43 +0200
Subject: [PATCH] admin_user: Properly validate SSH keys

---
 bootstrapvz/plugins/admin_user/tasks.py | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/bootstrapvz/plugins/admin_user/tasks.py b/bootstrapvz/plugins/admin_user/tasks.py
index b13bf13..9d7e012 100644
--- a/bootstrapvz/plugins/admin_user/tasks.py
+++ b/bootstrapvz/plugins/admin_user/tasks.py
@@ -18,10 +18,16 @@ class CheckPublicKeyFile(Task):
 
         pubkey = info.manifest.plugins['admin_user'].get('pubkey', None)
         if pubkey is not None:
-            if not os.path.isfile(rel_path(info.manifest.path, pubkey)):
+            abs_pubkey = rel_path(info.manifest.path, pubkey)
+            if not os.path.isfile(abs_pubkey):
                 msg = 'Could not find public key at %s' % pubkey
                 info.manifest.validation_error(msg, ['plugins', 'admin_user', 'pubkey'])
 
+            ret, _, stderr = log_call('ssh-keygen -l -f ' + abs_pubkey)
+            if ret != 0:
+                msg = 'Invalid public key file at %s' % pubkey
+                info.manifest.validation_error(msg, ['plugins', 'admin_user', 'pubkey'])
+
 
 class AddSudoPackage(Task):
     description = 'Adding `sudo\' to the image packages'