From patchwork Thu Dec 1 06:04:49 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Donnellan X-Patchwork-Id: 701367 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3tTmwT06F2z9t37 for ; Thu, 1 Dec 2016 17:05:13 +1100 (AEDT) Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 3tTmwS5DdyzDvyF for ; Thu, 1 Dec 2016 17:05:12 +1100 (AEDT) X-Original-To: snowpatch@lists.ozlabs.org Delivered-To: snowpatch@lists.ozlabs.org Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 3tTmwL3XhczDvy9 for ; Thu, 1 Dec 2016 17:05:05 +1100 (AEDT) Received: from pps.filterd (m0098416.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.17/8.16.0.17) with SMTP id uB164Yn2041991 for ; Thu, 1 Dec 2016 01:05:02 -0500 Received: from e23smtp04.au.ibm.com (e23smtp04.au.ibm.com [202.81.31.146]) by mx0b-001b2d01.pphosted.com with ESMTP id 272dt6220h-1 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT) for ; Thu, 01 Dec 2016 01:05:02 -0500 Received: from localhost by e23smtp04.au.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Thu, 1 Dec 2016 16:04:59 +1000 Received: from d23dlp03.au.ibm.com (202.81.31.214) by e23smtp04.au.ibm.com (202.81.31.210) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Thu, 1 Dec 2016 16:04:59 +1000 Received: from d23relay07.au.ibm.com (d23relay07.au.ibm.com [9.190.26.37]) by d23dlp03.au.ibm.com (Postfix) with ESMTP id 7B7C63578052 for ; Thu, 1 Dec 2016 17:04:58 +1100 (EST) Received: from d23av06.au.ibm.com (d23av06.au.ibm.com [9.190.235.151]) by d23relay07.au.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id uB164wnJ31195270 for ; Thu, 1 Dec 2016 17:04:58 +1100 Received: from d23av06.au.ibm.com (localhost [127.0.0.1]) by d23av06.au.ibm.com (8.14.4/8.14.4/NCO v10.0 AVout) with ESMTP id uB164wj9024546 for ; Thu, 1 Dec 2016 17:04:58 +1100 Received: from ozlabs.au.ibm.com (ozlabs.au.ibm.com [9.192.253.14]) by d23av06.au.ibm.com (8.14.4/8.14.4/NCO v10.0 AVin) with ESMTP id uB164vuW024540; Thu, 1 Dec 2016 17:04:57 +1100 Received: from ajd.ozlabs.ibm.com (haven.au.ibm.com [9.192.254.114]) (using TLSv1.2 with cipher AES128-SHA256 (128/128 bits)) (No client certificate requested) by ozlabs.au.ibm.com (Postfix) with ESMTPSA id 2ADBCA0183; Thu, 1 Dec 2016 17:04:57 +1100 (AEDT) From: Andrew Donnellan To: snowpatch@lists.ozlabs.org Date: Thu, 1 Dec 2016 17:04:49 +1100 X-Mailer: git-send-email 2.10.2 X-TM-AS-MML: disable X-Content-Scanned: Fidelis XPS MAILER x-cbid: 16120106-0012-0000-0000-000001F219DA X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 16120106-0013-0000-0000-0000068D507C Message-Id: <20161201060449.2742-1-andrew.donnellan@au1.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2016-12-01_04:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=1 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1609300000 definitions=main-1612010109 Subject: [snowpatch] [PATCH] Replace ssh agent authentication with explicit key X-BeenThere: snowpatch@lists.ozlabs.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Continuous Integration for patch-based workflows List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: snowpatch-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "snowpatch" From: Russell Currey libgit2 has a long-standing obscure bug where it gets in an infinite loop calling ssh-agent. ssh-agent has been a pain point in snowpatch for a while now, so let's just not use it - instead, manually specify public and private keys. This adds the benefit of configuring the user ("git" was hardcoded for GitHub/GitLab previously) as well as passphrase support. Future possibility: support parsing "~/" in the settings file. Signed-off-by: Russell Currey --- examples/openpower.toml | 5 +++++ src/git.rs | 15 ++++++++++++++- src/main.rs | 4 ++-- src/settings.rs | 9 +++++++++ 4 files changed, 30 insertions(+), 3 deletions(-) diff --git a/examples/openpower.toml b/examples/openpower.toml index 5c0ba40..d582576 100644 --- a/examples/openpower.toml +++ b/examples/openpower.toml @@ -14,6 +14,11 @@ # openpower.toml - example configuration file # +[git] +user = "git" +public_key = "/home/ruscur/.ssh/id_rsa.pub" +private_key = "/home/ruscur/.ssh/id_rsa" + [patchwork] url = "https://russell.cc/patchwork" port = 443 #optional diff --git a/src/git.rs b/src/git.rs index 679d387..ac4c95e 100644 --- a/src/git.rs +++ b/src/git.rs @@ -14,13 +14,15 @@ // git.rs - snowpatch git functionality // -use git2::{Repository, Commit, Remote, Error, PushOptions}; +use git2::{Repository, Commit, Remote, Error, PushOptions, Cred}; use git2::build::CheckoutBuilder; use std::result::Result; use std::path::Path; use std::process::{Command, Output}; +use settings::Git; + pub static GIT_REF_BASE: &'static str = "refs/heads"; pub fn get_latest_commit(repo: &Repository) -> Commit { @@ -85,6 +87,17 @@ pub fn apply_patch(repo: &Repository, path: &Path) } } +pub fn cred_from_settings(settings: &Git) -> Result { + // We have to convert from Option to Option<&str> + let public_key = settings.public_key.as_ref().map(String::as_ref); + let passphrase = settings.passphrase.as_ref().map(String::as_ref); + + Cred::ssh_key(&settings.user, + public_key, + Path::new(&settings.private_key), + passphrase) +} + #[cfg(test)] mod tests { #[test] diff --git a/src/main.rs b/src/main.rs index 426bfdf..07fd32e 100644 --- a/src/main.rs +++ b/src/main.rs @@ -30,7 +30,7 @@ extern crate url; extern crate log; extern crate env_logger; -use git2::{Cred, BranchType, RemoteCallbacks, PushOptions}; +use git2::{BranchType, RemoteCallbacks, PushOptions}; use hyper::Client; @@ -150,7 +150,7 @@ fn test_patch(settings: &Config, client: &Arc, project: &Project, path: let mut push_callbacks = RemoteCallbacks::new(); push_callbacks.credentials(|_, _, _| { - return Cred::ssh_key_from_agent("git"); + git::cred_from_settings(&settings.git) }); let mut push_opts = PushOptions::new(); diff --git a/src/settings.rs b/src/settings.rs index a4a5614..b440885 100644 --- a/src/settings.rs +++ b/src/settings.rs @@ -28,6 +28,14 @@ use std::collections::BTreeMap; // TODO: Give more informative error messages when we fail to parse. #[derive(RustcDecodable, Clone)] +pub struct Git { + pub user: String, + pub public_key: Option, + pub private_key: String, + pub passphrase: Option +} + +#[derive(RustcDecodable, Clone)] pub struct Patchwork { pub url: String, pub port: Option, @@ -65,6 +73,7 @@ impl Project { #[derive(RustcDecodable, Clone)] pub struct Config { + pub git: Git, pub patchwork: Patchwork, pub jenkins: Jenkins, pub projects: BTreeMap