[Patchew-devel] [PATCH] deploy: make ssh private key mandatory

Paolo Bonzini posted 1 patch 5 weeks ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/patchew next tags/patchew/20190315160751.25569-1-pbonzini@redhat.com
docs/patchew.rst                       | 5 +++++
scripts/dockerfiles/importer.docker    | 5 +----
scripts/playbooks/deploy-importers.yml | 1 -
3 files changed, 6 insertions(+), 5 deletions(-)

[Patchew-devel] [PATCH] deploy: make ssh private key mandatory

Posted by Paolo Bonzini 5 weeks ago
Now that patchew.org has switched from password to SSH authentication,
stop the transitory period and just require ssh authentication.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 docs/patchew.rst                       | 5 +++++
 scripts/dockerfiles/importer.docker    | 5 +----
 scripts/playbooks/deploy-importers.yml | 1 -
 3 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/docs/patchew.rst b/docs/patchew.rst
index aa51c7f..8def637 100644
--- a/docs/patchew.rst
+++ b/docs/patchew.rst
@@ -94,6 +94,10 @@ command line).  Note that the fingerprint format, as printed by
 bytes separated by colons; offlineimap and thus ``scripts/deploy``
 do not use colons.
 
+The importer will also need a private key that is allowed to push to the
+git repository.  Right now, the private key must not have a passphrase;
+SSH agents are not supported.
+
 You can also specify all the variables directly on the command line
 using the ``-e`` option::
 
@@ -102,6 +106,7 @@ using the ``-e`` option::
         patchew_server=http://patchew.example.com/
         importer_user=importer
         importer_pass=gotsomepatches
+        importer_identity=/path/to/id_rsa
         imap_server=imap.example.com
         imap_user=username@example.com
         imap_pass=hunter2
diff --git a/scripts/dockerfiles/importer.docker b/scripts/dockerfiles/importer.docker
index ab15d45..0021d93 100644
--- a/scripts/dockerfiles/importer.docker
+++ b/scripts/dockerfiles/importer.docker
@@ -3,10 +3,7 @@ RUN dnf install -y python offlineimap findutils git wget
 RUN git config --global user.email "importer@patchew.org"
 RUN git config --global user.name "Patchew Importer"
 RUN mkdir -p -m 0700 ~/.ssh
-RUN test -f /data/patchew/id_rsa || ssh-keygen -t rsa -q -C patchew-importer -f ~/.ssh/id_rsa
-RUN if test -f /data/patchew/identity; then \
-        echo IdentityFile=/data/patchew/identity > ~/.ssh/config; \
-    fi
+RUN echo IdentityFile=/data/patchew/identity > ~/.ssh/config
 RUN echo StrictHostKeyChecking no >> ~/.ssh/config
 RUN echo UserKnownHostsFile=/dev/null >> ~/.ssh/config
 ENV LC_ALL en_US.UTF-8
diff --git a/scripts/playbooks/deploy-importers.yml b/scripts/playbooks/deploy-importers.yml
index 48d1798..2e45db8 100644
--- a/scripts/playbooks/deploy-importers.yml
+++ b/scripts/playbooks/deploy-importers.yml
@@ -64,7 +64,6 @@
         dest: "{{ identity_file }}"
         validate: test -f %s
         mode: 0400
-      when: importer_identity != ""
     - name: Create config
       template:
         src: "templates/importer-config.j2"
-- 
2.20.1

_______________________________________________
Patchew-devel mailing list
Patchew-devel@redhat.com
https://www.redhat.com/mailman/listinfo/patchew-devel