From 09828f4a73aec248dc1f3d7b9250bc903c862996 Mon Sep 17 00:00:00 2001
From: Hans-Christoph Steiner <hans@eds.org>
Date: Thu, 23 Nov 2017 21:19:45 +0100
Subject: [PATCH] never wait for SSH prompts when running git commands

We never allow git via SSH or password/key access, and right now, this
causes things to hang forever.  This sets things up to fail quickly
with invalid ssh connections.

BatchMode=yes - passphrase/password querying will be disabled.

StrictHostKeyChecking=yes - never automatically prompt, or add host keys to
the ~/.ssh/known_hosts file, and refuse to connect to hosts whose host key
has changed.
---
 buildserver/setup-env-vars | 4 ++++
 fdroidserver/common.py     | 9 ++++++++-
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/buildserver/setup-env-vars b/buildserver/setup-env-vars
index 00220a23..66e3d7e6 100644
--- a/buildserver/setup-env-vars
+++ b/buildserver/setup-env-vars
@@ -13,3 +13,7 @@ echo export ANDROID_HOME=$1 >> $bsenv
 echo 'export PATH=$PATH:${ANDROID_HOME}/tools:${ANDROID_HOME}/platform-tools:/opt/gradle/bin' >> $bsenv
 
 chmod 0644 $bsenv
+
+# make sure that SSH never hangs at a password or key prompt
+printf '    StrictHostKeyChecking yes' >> /etc/ssh/ssh_config
+printf '    BatchMode yes' >> /etc/ssh/config
diff --git a/fdroidserver/common.py b/fdroidserver/common.py
index a6afc8b6..49a31f34 100644
--- a/fdroidserver/common.py
+++ b/fdroidserver/common.py
@@ -802,7 +802,14 @@ class vcs_git(vcs):
             git_config.append('url.https://u:p@' + domain + '.insteadOf=git://' + domain)
             git_config.append('-c')
             git_config.append('url.https://u:p@' + domain + '.insteadOf=https://' + domain)
-        envs.update({'GIT_TERMINAL_PROMPT': '0'})  # supported in git >= 2.3
+        # add helpful tricks supported in git >= 2.3
+        ssh_command = 'ssh -oBatchMode=yes -oStrictHostKeyChecking=yes'
+        git_config.append('-c')
+        git_config.append('core.sshCommand="' + ssh_command + '"')  # git >= 2.10
+        envs.update({
+            'GIT_TERMINAL_PROMPT': '0',
+            'GIT_SSH_COMMAND': ssh_command,  # git >= 2.3
+        })
         return FDroidPopen(['git', ] + git_config + gitargs,
                            envs=envs, cwd=cwd, output=output)
 
-- 
2.30.2