allow ssh key import to fail

We import ssh keys by default if openssh is enabled. However if users are using age keys while using sops to deploy ssh keys we have a catch-22. While users could use lib.mkForce to empty the list, this is not intuitive
Mic92 · Jan 10, 2024 · 8804556 · 8804556
1 parent 0ded574
commit 8804556
Showing 1 changed file with 15 additions and 7 deletions.
diff --git a/pkgs/sops-install-secrets/main.go b/pkgs/sops-install-secrets/main.go
@@ -613,15 +613,19 @@ func importSSHKeys(logcfg loggingConfig, keyPaths []string, gpgHome string) erro
 	for _, p := range keyPaths {
 		sshKey, err := os.ReadFile(p)
 		if err != nil {
-			return fmt.Errorf("Cannot read ssh key '%s': %w", p, err)
+			fmt.Fprintf(os.Stderr, "Cannot read ssh key '%s': %s\n", p, err)
+			continue
 		}
 		gpgKey, err := sshkeys.SSHPrivateKeyToPGP(sshKey)
+		fmt.Fprintf(os.Stderr, "Cannot write secring: %s\n", err)
 		if err != nil {
-			return err
+			fmt.Fprintf(os.Stderr, "%s\n", err)
+			continue
 		}
 
 		if err := gpgKey.SerializePrivate(secring, nil); err != nil {
-			return fmt.Errorf("Cannot write secring: %w", err)
+			fmt.Fprintf(os.Stderr, "Cannot write secring: %s\n", err)
+			continue
 		}
 
 		if logcfg.KeyImport {
@@ -637,21 +641,25 @@ func importAgeSSHKeys(logcfg loggingConfig, keyPaths []string, ageFile os.File)
 		// Read the key
 		sshKey, err := os.ReadFile(p)
 		if err != nil {
-			return fmt.Errorf("Cannot read ssh key '%s': %w", p, err)
+			fmt.Fprintf(os.Stderr, "Cannot read ssh key '%s': %s\n", p, err)
+			continue
 		}
 		// Convert the key to age
 		privKey, pubKey, err := agessh.SSHPrivateKeyToAge(sshKey)
 		if err != nil {
-			return fmt.Errorf("Cannot convert ssh key '%s': %w", p, err)
+			fmt.Fprintf(os.Stderr, "Cannot convert ssh key '%s': %s\n", p, err)
+			continue
 		}
 		// Append it to the file
 		_, err = ageFile.WriteString(*privKey + "\n")
 		if err != nil {
-			return fmt.Errorf("Cannot write key to age file: %w", err)
+			fmt.Fprintf(os.Stderr, "Cannot write key to age file: %s\n", err)
+			continue
 		}
 
 		if logcfg.KeyImport {
-			fmt.Printf("%s: Imported %s as age key with fingerprint %s\n", path.Base(os.Args[0]), p, *pubKey)
+			fmt.Fprintf(os.Stderr, "%s: Imported %s as age key with fingerprint %s\n", path.Base(os.Args[0]), p, *pubKey)
+			continue
 		}
 	}