Harden dev provisioning scripts (ops-review fixes)

- Remove stderr suppression from ssh-keygen (show errors) - Add curl timeouts (--connect-timeout 5 --max-time 30) - Add || true to arithmetic increments for set -e safety Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-09 20:21:57 -08:00 · 2026-01-09 20:21:57 -08:00 · bde2aad939
parent d9c1848e88
commit bde2aad939
2 changed files with 7 additions and 4 deletions
--- a/scripts/dev-add.sh
+++ b/scripts/dev-add.sh
@ -95,7 +95,7 @@ create_user() {
            -f "$server_key" \
            -N '' \
            -C "$username@jrz1-server-DO-NOT-REUSE" \
-            >/dev/null 2>&1
+            >/dev/null
        log_info "Server-side SSH key generated"
    else
        log_info "Server-side SSH key already exists"
@ -212,6 +212,7 @@ upload_forgejo_key() {

    local http_code
    http_code=$(curl -s -o /dev/null -w "%{http_code}" \
+        --connect-timeout 5 --max-time 30 \
        -X POST "$forgejo_url/api/v1/admin/users/$username/keys" \
        -H "Authorization: token $token" \
        -H "Content-Type: application/json" \
@ -252,6 +253,7 @@ provision_forgejo() {

    local http_code
    http_code=$(curl -s -o /dev/null -w "%{http_code}" \
+        --connect-timeout 5 --max-time 30 \
        -X POST "$forgejo_url/api/v1/admin/users" \
        -H "Authorization: token $token" \
        -H "Content-Type: application/json" \
--- a/scripts/dev-remove.sh
+++ b/scripts/dev-remove.sh
@ -53,7 +53,7 @@ revoke_forgejo_keys() {

    # Get list of user's keys
    local keys_json
-    keys_json=$(curl -s \
+    keys_json=$(curl -s --connect-timeout 5 --max-time 30 \
        -H "Authorization: token $token" \
        "$forgejo_url/api/v1/admin/users/$username/keys" 2>/dev/null) || true

@ -77,14 +77,15 @@ revoke_forgejo_keys() {
    for key_id in $key_ids; do
        local http_code
        http_code=$(curl -s -o /dev/null -w "%{http_code}" \
+            --connect-timeout 5 --max-time 30 \
            -X DELETE "$forgejo_url/api/v1/admin/users/$username/keys/$key_id" \
            -H "Authorization: token $token" 2>/dev/null) || true

        if [[ "$http_code" == "204" ]]; then
-            ((revoked++))
+            ((revoked++)) || true
        else
            log_warn "Failed to revoke key $key_id (HTTP $http_code)"
-            ((failed++))
+            ((failed++)) || true
        fi
    done