[Patchew-devel] [PATCH] deploy: make ssh private key mandatory

Paolo Bonzini posted 1 patch 30 weeks ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/patchew next tags/patchew/20190315160751.25569-1-pbonzini@redhat.com
docs/patchew.rst                       | 5 +++++
scripts/dockerfiles/importer.docker    | 5 +----
scripts/playbooks/deploy-importers.yml | 1 -
3 files changed, 6 insertions(+), 5 deletions(-)

[Patchew-devel] [PATCH] deploy: make ssh private key mandatory

Posted by Paolo Bonzini 30 weeks ago
Now that patchew.org has switched from password to SSH authentication,
stop the transitory period and just require ssh authentication.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 docs/patchew.rst                       | 5 +++++
 scripts/dockerfiles/importer.docker    | 5 +----
 scripts/playbooks/deploy-importers.yml | 1 -
 3 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/docs/patchew.rst b/docs/patchew.rst
index aa51c7f..8def637 100644
--- a/docs/patchew.rst
+++ b/docs/patchew.rst
@@ -94,6 +94,10 @@ command line).  Note that the fingerprint format, as printed by
 bytes separated by colons; offlineimap and thus ``scripts/deploy``
 do not use colons.
 
+The importer will also need a private key that is allowed to push to the
+git repository.  Right now, the private key must not have a passphrase;
+SSH agents are not supported.
+
 You can also specify all the variables directly on the command line
 using the ``-e`` option::
 
@@ -102,6 +106,7 @@ using the ``-e`` option::
         patchew_server=http://patchew.example.com/
         importer_user=importer
         importer_pass=gotsomepatches
+        importer_identity=/path/to/id_rsa
         imap_server=imap.example.com
         imap_user=username@example.com
         imap_pass=hunter2
diff --git a/scripts/dockerfiles/importer.docker b/scripts/dockerfiles/importer.docker
index ab15d45..0021d93 100644
--- a/scripts/dockerfiles/importer.docker
+++ b/scripts/dockerfiles/importer.docker
@@ -3,10 +3,7 @@ RUN dnf install -y python offlineimap findutils git wget
 RUN git config --global user.email "importer@patchew.org"
 RUN git config --global user.name "Patchew Importer"
 RUN mkdir -p -m 0700 ~/.ssh
-RUN test -f /data/patchew/id_rsa || ssh-keygen -t rsa -q -C patchew-importer -f ~/.ssh/id_rsa
-RUN if test -f /data/patchew/identity; then \
-        echo IdentityFile=/data/patchew/identity > ~/.ssh/config; \
-    fi
+RUN echo IdentityFile=/data/patchew/identity > ~/.ssh/config
 RUN echo StrictHostKeyChecking no >> ~/.ssh/config
 RUN echo UserKnownHostsFile=/dev/null >> ~/.ssh/config
 ENV LC_ALL en_US.UTF-8
diff --git a/scripts/playbooks/deploy-importers.yml b/scripts/playbooks/deploy-importers.yml
index 48d1798..2e45db8 100644
--- a/scripts/playbooks/deploy-importers.yml
+++ b/scripts/playbooks/deploy-importers.yml
@@ -64,7 +64,6 @@
         dest: "{{ identity_file }}"
         validate: test -f %s
         mode: 0400
-      when: importer_identity != ""
     - name: Create config
       template:
         src: "templates/importer-config.j2"
-- 
2.20.1

_______________________________________________
Patchew-devel mailing list
Patchew-devel@redhat.com
https://www.redhat.com/mailman/listinfo/patchew-devel