From 463c620c65b2b5e7dfbc71e594651b7b329b52b2 Mon Sep 17 00:00:00 2001
From: Sunil Mohan Adapa <sunil@medhas.org>
Date: Mon, 24 Jun 2019 17:10:20 -0700
Subject: [PATCH] backups: Remove known_hosts file from config file

- There is no compelling reason to make the file configurable. Simplifies
  configuration file if we make it relative to FreedomBox data directory.

Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
---
 data/etc/plinth/plinth.config              |  1 -
 plinth.config                              |  1 -
 plinth/cfg.py                              |  2 --
 plinth/modules/backups/__init__.py         | 12 +++++++++---
 plinth/modules/backups/repository.py       |  8 +++++---
 plinth/modules/backups/views.py            |  7 ++++---
 plinth/tests/data/etc/plinth/plinth.config |  1 -
 plinth/tests/test_cfg.py                   |  2 +-
 8 files changed, 19 insertions(+), 15 deletions(-)

diff --git a/data/etc/plinth/plinth.config b/data/etc/plinth/plinth.config
index c6120d5a5..2b874c152 100644
--- a/data/etc/plinth/plinth.config
+++ b/data/etc/plinth/plinth.config
@@ -7,7 +7,6 @@ server_dir = /plinth
 actions_dir = /usr/share/plinth/actions
 doc_dir = /usr/share/doc/freedombox
 custom_static_dir = /var/www/plinth/custom/static
-known_hosts = /var/lib/plinth/.ssh/known_hosts
 
 # file locations
 store_file = %(data_dir)s/plinth.sqlite3
diff --git a/plinth.config b/plinth.config
index c1ea0789f..340e92f53 100644
--- a/plinth.config
+++ b/plinth.config
@@ -7,7 +7,6 @@ server_dir = /plinth
 actions_dir = %(file_root)s/actions
 doc_dir = %(file_root)s/doc
 custom_static_dir = %(file_root)s/data/var/www/plinth/custom/static
-known_hosts = %(data_dir)s/.ssh/known_hosts
 
 # file locations
 store_file = %(data_dir)s/plinth.sqlite3
diff --git a/plinth/cfg.py b/plinth/cfg.py
index 31af8e238..95630da6a 100644
--- a/plinth/cfg.py
+++ b/plinth/cfg.py
@@ -38,7 +38,6 @@ secure_proxy_ssl_header = None
 develop = False
 server_dir = '/'
 danube_edition = False
-known_hosts = None
 
 config_file = None
 
@@ -97,7 +96,6 @@ def read(config_path=None, root_directory=None):
         ('Path', 'actions_dir', 'string'),
         ('Path', 'doc_dir', 'string'),
         ('Path', 'server_dir', 'string'),
-        ('Path', 'known_hosts', 'string'),
         ('Network', 'host', 'string'),
         ('Network', 'port', 'int'),
         ('Network', 'secure_proxy_ssl_header', 'string'),
diff --git a/plinth/modules/backups/__init__.py b/plinth/modules/backups/__init__.py
index d518ddc78..1a14a0540 100644
--- a/plinth/modules/backups/__init__.py
+++ b/plinth/modules/backups/__init__.py
@@ -20,6 +20,7 @@ FreedomBox app to manage backup archives.
 
 import json
 import os
+import pathlib
 import re
 
 import paramiko
@@ -146,17 +147,22 @@ def restore_from_upload(path, apps=None):
                      create_subvolume=False, backup_file=path)
 
 
+def get_known_hosts_path():
+    """Return the path to the known hosts file."""
+    return pathlib.Path(cfg.data_dir) / '.ssh' / 'known_hosts'
+
+
 def is_ssh_hostkey_verified(hostname):
     """Check whether SSH Hostkey has already been verified.
 
     hostname: Domain name or IP address of the host
 
     """
-    known_hosts_path = cfg.known_hosts
-    if not os.path.exists(known_hosts_path):
+    known_hosts_path = get_known_hosts_path()
+    if not known_hosts_path.exists():
         return False
 
-    known_hosts = paramiko.hostkeys.HostKeys(known_hosts_path)
+    known_hosts = paramiko.hostkeys.HostKeys(str(known_hosts_path))
     host_keys = known_hosts.lookup(hostname)
     return host_keys is not None
 
diff --git a/plinth/modules/backups/repository.py b/plinth/modules/backups/repository.py
index 5da08ac46..a1e4e1e27 100644
--- a/plinth/modules/backups/repository.py
+++ b/plinth/modules/backups/repository.py
@@ -26,11 +26,11 @@ from uuid import uuid1
 
 from django.utils.translation import ugettext_lazy as _
 
-from plinth import actions, cfg
+from plinth import actions
 from plinth.errors import ActionError
 
 from . import (ROOT_REPOSITORY, ROOT_REPOSITORY_NAME, ROOT_REPOSITORY_UUID,
-               _backup_handler, api, is_ssh_hostkey_verified, network_storage,
+               _backup_handler, api, get_known_hosts_path, network_storage,
                restore_archive_handler)
 from .errors import BorgError, BorgRepositoryDoesNotExistError, SshfsError
 
@@ -326,9 +326,11 @@ class SshBorgRepository(BorgRepository):
     def mount(self):
         if self.is_mounted:
             return
+        known_hosts_path = get_known_hosts_path()
         arguments = [
             'mount', '--mountpoint', self.mountpoint, '--path', self._path,
-            '--user-known-hosts-file', cfg.known_hosts
+            '--user-known-hosts-file',
+            str(known_hosts_path)
         ]
         arguments, kwargs = self._append_sshfs_arguments(
             arguments, self.credentials)
diff --git a/plinth/modules/backups/views.py b/plinth/modules/backups/views.py
index 7fa856a9c..4ae106096 100644
--- a/plinth/modules/backups/views.py
+++ b/plinth/modules/backups/views.py
@@ -43,7 +43,8 @@ from plinth.errors import PlinthError
 from plinth.modules import backups, storage
 
 from . import (ROOT_REPOSITORY, SESSION_PATH_VARIABLE, api, forms,
-               is_ssh_hostkey_verified, network_storage, split_path)
+               get_known_hosts_path, is_ssh_hostkey_verified, network_storage,
+               split_path)
 from .decorators import delete_tmp_backup_file
 from .errors import BorgRepositoryDoesNotExistError
 from .repository import (BorgRepository, SshBorgRepository, get_repository,
@@ -338,7 +339,7 @@ class VerifySshHostkeyView(SuccessMessageMixin, FormView):
     @staticmethod
     def _add_ssh_hostkey(hostname, key_type):
         """Add the given SSH key to known_hosts."""
-        known_hosts_path = pathlib.Path(cfg.known_hosts)
+        known_hosts_path = get_known_hosts_path()
         known_hosts_path.parent.mkdir(parents=True, exist_ok=True)
         known_hosts_path.touch()
 
@@ -449,7 +450,7 @@ def _create_remote_repository(repository, encryption, dir_contents):
 def _ssh_connection(hostname, username, password):
     """Context manager to create and close an SSH connection."""
     ssh_client = paramiko.SSHClient()
-    ssh_client.load_host_keys(cfg.known_hosts)
+    ssh_client.load_host_keys(str(get_known_hosts_path()))
 
     try:
         ssh_client.connect(hostname, username=username, password=password)
diff --git a/plinth/tests/data/etc/plinth/plinth.config b/plinth/tests/data/etc/plinth/plinth.config
index c1ea0789f..340e92f53 100644
--- a/plinth/tests/data/etc/plinth/plinth.config
+++ b/plinth/tests/data/etc/plinth/plinth.config
@@ -7,7 +7,6 @@ server_dir = /plinth
 actions_dir = %(file_root)s/actions
 doc_dir = %(file_root)s/doc
 custom_static_dir = %(file_root)s/data/var/www/plinth/custom/static
-known_hosts = %(data_dir)s/.ssh/known_hosts
 
 # file locations
 store_file = %(data_dir)s/plinth.sqlite3
diff --git a/plinth/tests/test_cfg.py b/plinth/tests/test_cfg.py
index 8a412565f..c01146f56 100644
--- a/plinth/tests/test_cfg.py
+++ b/plinth/tests/test_cfg.py
@@ -120,7 +120,7 @@ def compare_configurations(parser):
     """Compare two sets of configuration values."""
     # Note that the count of items within each section includes the number
     # of default items (1, for 'root').
-    assert len(parser.items('Path')) == 10
+    assert len(parser.items('Path')) == 9
     assert parser.get('Path', 'root') == cfg.root
     assert parser.get('Path', 'file_root') == cfg.file_root
     assert parser.get('Path', 'config_dir') == cfg.config_dir