From e489d2d532fc6960ecdfe6a56b5f5a12ffd4e0c6 Mon Sep 17 00:00:00 2001
From: Jarrod Johnson <jjohnson2@lenovo.com>
Date: Wed, 18 Jun 2025 08:55:13 -0400
Subject: [PATCH] Fix setupssh behavior on nearly full /tmp/

---
 confluent_osdeploy/common/profile/scripts/setupssh          | 3 ++-
 confluent_osdeploy/debian/profiles/default/scripts/setupssh | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/confluent_osdeploy/common/profile/scripts/setupssh b/confluent_osdeploy/common/profile/scripts/setupssh
index 06ae3e01..6215a1d7 100644
--- a/confluent_osdeploy/common/profile/scripts/setupssh
+++ b/confluent_osdeploy/common/profile/scripts/setupssh
@@ -7,7 +7,6 @@ for pubkey in /etc/ssh/ssh_host*key.pub; do
         continue
     fi
     certfile=${pubkey/.pub/-cert.pub}
-    rm $certfile
     confluentpython $confapiclient /confluent-api/self/sshcert $pubkey -o $certfile
 done
 if [ -d /etc/ssh/sshd_config.d/ -a ! -e /etc/ssh/sshd_config.d/90-confluent.conf ]; then
@@ -25,6 +24,7 @@ confluentpython $confapiclient /confluent-public/site/initramfs.tgz -o initramfs
 tar xf initramfs.tgz
 for ca in ssh/*.ca; do
 	LINE=$(cat $ca)
+        if [ -z "$LINE" ]; then continue; fi
 	cp -af /etc/ssh/ssh_known_hosts /etc/ssh/ssh_known_hosts.new
 	grep -v "$LINE" /etc/ssh/ssh_known_hosts > /etc/ssh/ssh_known_hosts.new
 	echo '@cert-authority *' $LINE >> /etc/ssh/ssh_known_hosts.new
@@ -32,6 +32,7 @@ for ca in ssh/*.ca; do
 done
 for pubkey in ssh/*.*pubkey; do
 	LINE=$(cat $pubkey)
+        if [ -z "$LINE" ]; then continue; fi
 	cp -af /root/.ssh/authorized_keys /root/.ssh/authorized_keys.new
 	grep -v "$LINE" /root/.ssh/authorized_keys > /root/.ssh/authorized_keys.new
 	echo "$LINE" >> /root/.ssh/authorized_keys.new
diff --git a/confluent_osdeploy/debian/profiles/default/scripts/setupssh b/confluent_osdeploy/debian/profiles/default/scripts/setupssh
index 06ae3e01..6215a1d7 100644
--- a/confluent_osdeploy/debian/profiles/default/scripts/setupssh
+++ b/confluent_osdeploy/debian/profiles/default/scripts/setupssh
@@ -7,7 +7,6 @@ for pubkey in /etc/ssh/ssh_host*key.pub; do
         continue
     fi
     certfile=${pubkey/.pub/-cert.pub}
-    rm $certfile
     confluentpython $confapiclient /confluent-api/self/sshcert $pubkey -o $certfile
 done
 if [ -d /etc/ssh/sshd_config.d/ -a ! -e /etc/ssh/sshd_config.d/90-confluent.conf ]; then
@@ -25,6 +24,7 @@ confluentpython $confapiclient /confluent-public/site/initramfs.tgz -o initramfs
 tar xf initramfs.tgz
 for ca in ssh/*.ca; do
 	LINE=$(cat $ca)
+        if [ -z "$LINE" ]; then continue; fi
 	cp -af /etc/ssh/ssh_known_hosts /etc/ssh/ssh_known_hosts.new
 	grep -v "$LINE" /etc/ssh/ssh_known_hosts > /etc/ssh/ssh_known_hosts.new
 	echo '@cert-authority *' $LINE >> /etc/ssh/ssh_known_hosts.new
@@ -32,6 +32,7 @@ for ca in ssh/*.ca; do
 done
 for pubkey in ssh/*.*pubkey; do
 	LINE=$(cat $pubkey)
+        if [ -z "$LINE" ]; then continue; fi
 	cp -af /root/.ssh/authorized_keys /root/.ssh/authorized_keys.new
 	grep -v "$LINE" /root/.ssh/authorized_keys > /root/.ssh/authorized_keys.new
 	echo "$LINE" >> /root/.ssh/authorized_keys.new