chiark / gitweb /
~ianmdlvl / fdroidserver.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (from parent 1: fdbfb4d)
never wait for SSH prompts when running git commands
authorHans-Christoph Steiner <hans@eds.org>
Thu, 23 Nov 2017 20:19:45 +0000 (21:19 +0100)
committerHans-Christoph Steiner <hans@eds.org>
Thu, 23 Nov 2017 22:31:38 +0000 (23:31 +0100)
We never allow git via SSH or password/key access, and right now, this
causes things to hang forever.  This sets things up to fail quickly
with invalid ssh connections.

BatchMode=yes - passphrase/password querying will be disabled.

StrictHostKeyChecking=yes - never automatically prompt, or add host keys to
the ~/.ssh/known_hosts file, and refuse to connect to hosts whose host key
has changed.

buildserver/setup-env-vars patch | blob | history
fdroidserver/common.py patch | blob | history

diff --git a/buildserver/setup-env-vars b/buildserver/setup-env-vars
index 00220a234ccca6f5aa00b7bcf45966266d178ae2..66e3d7e6452220d23a00acad2657d1e0719665e5 100644 (file)
--- a/buildserver/setup-env-vars
+++ b/buildserver/setup-env-vars
@@ -13,3 +13,7 @@ echo export ANDROID_HOME=$1 >> $bsenv
 echo 'export PATH=$PATH:${ANDROID_HOME}/tools:${ANDROID_HOME}/platform-tools:/opt/gradle/bin' >> $bsenv
 
 chmod 0644 $bsenv
+
+# make sure that SSH never hangs at a password or key prompt
+printf '    StrictHostKeyChecking yes' >> /etc/ssh/ssh_config
+printf '    BatchMode yes' >> /etc/ssh/config
diff --git a/fdroidserver/common.py b/fdroidserver/common.py
index a6afc8b67422557b750be47c96acaa06a342eb28..49a31f3422505153012b7ff036b0dbac321ace3b 100644 (file)
--- a/fdroidserver/common.py
+++ b/fdroidserver/common.py
@@ -802,7 +802,14 @@ class vcs_git(vcs):
             git_config.append('url.https://u:p@' + domain + '.insteadOf=git://' + domain)
             git_config.append('-c')
             git_config.append('url.https://u:p@' + domain + '.insteadOf=https://' + domain)
-        envs.update({'GIT_TERMINAL_PROMPT': '0'})  # supported in git >= 2.3
+        # add helpful tricks supported in git >= 2.3
+        ssh_command = 'ssh -oBatchMode=yes -oStrictHostKeyChecking=yes'
+        git_config.append('-c')
+        git_config.append('core.sshCommand="' + ssh_command + '"')  # git >= 2.10
+        envs.update({
+            'GIT_TERMINAL_PROMPT': '0',
+            'GIT_SSH_COMMAND': ssh_command,  # git >= 2.3
+        })
         return FDroidPopen(['git', ] + git_config + gitargs,
                            envs=envs, cwd=cwd, output=output)
 
Unnamed repository; edit this file 'description' to name the repository.