actions/fluxcd-flux2
2
0
Fork 0
mirror of https://github.com/fluxcd/flux2.git synced 2026-05-23 09:55:55 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 9

fix: return clear error when --private-key-file path starts with '~'

Browse source 
The tilde character is expanded by the shell, not by the Flux CLI, so
paths like ~/.ssh/id_ecdsa passed with =value syntax were opened
verbatim and failed with a confusing "no such file or directory" error.
Detect the leading '~' up front and surface a message pointing users at
absolute paths or $HOME instead. Fixes #5591.

Signed-off-by: Rafael Peroco <rafaelperoco@gmail.com>
This commit is contained in:
Rafael Peroco 2026-04-21 16:36:34 -03:00
parent befe53a722
commit 566bbe6e00
3 changed files with 13 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

5
pkg/manifestgen/sourcesecret/sourcesecret.go
View file

@ -24,6 +24,7 @@ import (
"net"
"os"
"path"
"strings"
"time"
cryptssh "golang.org/x/crypto/ssh"
@ -265,6 +266,10 @@ func LoadKeyPairFromPath(path, password string) (*ssh.KeyPair, error) {
return nil, nil
}
if strings.HasPrefix(path, "~") {
return nil, fmt.Errorf("failed to open private key file: path %q starts with '~' which is not expanded; use an absolute path or $HOME", path)
}
b, err := os.ReadFile(path)
if err != nil {
return nil, fmt.Errorf("failed to open private key file: %w", err)