makebuildserver: add workaround to Ubuntu/trusty's old paramiko

[fdroidserver.git] / buildserver / cookbooks / fdroidbuild-general / recipes / default.rb

diff --git a/buildserver/cookbooks/fdroidbuild-general/recipes/default.rb b/buildserver/cookbooks/fdroidbuild-general/recipes/default.rb
index ce46c6b6da1d937e2a6fddf0b9373c3c9bfda2b1..27a271a34c72cfbdf233565a35c435e1a4b563f8 100644 (file)
--- a/buildserver/cookbooks/fdroidbuild-general/recipes/default.rb
+++ b/buildserver/cookbooks/fdroidbuild-general/recipes/default.rb
@@ -7,7 +7,7 @@ execute 'set_debian_mirror' do
 end
 
 execute "jessie_backports" do
-  command "echo 'deb http://http.debian.net/debian jessie-backports main' > /etc/apt/sources.list.d/backports.list"
+  command "echo 'deb #{debian_mirror} jessie-backports main' > /etc/apt/sources.list.d/backports.list"
   only_if "grep jessie /etc/apt/sources.list"
 end
 
@@ -38,6 +38,8 @@ end
     inkscape
     javacc
     libarchive-zip-perl
+    libexpat1-dev
+    libglib2.0-dev
     liblzma-dev
     librsvg2-bin
     libsaxonb-java
@@ -103,3 +105,11 @@ execute "set-default-java" do
   command "update-java-alternatives --set java-1.7.0-openjdk-i386"
 end
 
+# Ubuntu trusty 14.04's paramiko does not work with jessie's openssh's default settings
+# https://stackoverflow.com/questions/7286929/paramiko-incompatible-ssh-peer-no-acceptable-kex-algorithm/32691055#32691055
+execute "support-ubuntu-trusty-paramiko" do
+  only_if { node[:settings][:ubuntu_trusty] == 'true' }
+  command "echo Ciphers aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes128-ctr >> /etc/ssh/sshd_config"
+  command "echo MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,hmac-sha1 >> /etc/ssh/sshd_config"
+  command "echo KexAlgorithms diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1 >> /etc/ssh/sshd_config"
+end