From 7f451a815b6b0e15dffb6b423443d48bdb4c06b0 Mon Sep 17 00:00:00 2001 From: Hans-Christoph Steiner Date: Thu, 4 Feb 2016 08:42:53 +0100 Subject: [PATCH 1/1] makebuildserver: add workaround to Ubuntu/trusty's old paramiko Ubuntu trusty 14.04's paramiko does not work with jessie's openssh's default settings, so they need to be tweaked in order to provide working ssh to the instance. https://stackoverflow.com/questions/7286929/paramiko-incompatible-ssh-peer-no-acceptable-kex-algorithm/32691055#32691055 --- .../cookbooks/fdroidbuild-general/recipes/default.rb | 8 ++++++++ makebuildserver | 4 +++- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/buildserver/cookbooks/fdroidbuild-general/recipes/default.rb b/buildserver/cookbooks/fdroidbuild-general/recipes/default.rb index 8b61c3fc..27a271a3 100644 --- a/buildserver/cookbooks/fdroidbuild-general/recipes/default.rb +++ b/buildserver/cookbooks/fdroidbuild-general/recipes/default.rb @@ -105,3 +105,11 @@ execute "set-default-java" do command "update-java-alternatives --set java-1.7.0-openjdk-i386" end +# Ubuntu trusty 14.04's paramiko does not work with jessie's openssh's default settings +# https://stackoverflow.com/questions/7286929/paramiko-incompatible-ssh-peer-no-acceptable-kex-algorithm/32691055#32691055 +execute "support-ubuntu-trusty-paramiko" do + only_if { node[:settings][:ubuntu_trusty] == 'true' } + command "echo Ciphers aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes128-ctr >> /etc/ssh/sshd_config" + command "echo MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,hmac-sha1 >> /etc/ssh/sshd_config" + command "echo KexAlgorithms diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1 >> /etc/ssh/sshd_config" +end diff --git a/makebuildserver b/makebuildserver index 0ec3eebe..a4fbd6d9 100755 --- a/makebuildserver +++ b/makebuildserver @@ -392,6 +392,7 @@ vagrantfile += """ :sdk_loc => "/home/vagrant/android-sdk", :ndk_loc => "/home/vagrant/android-ndk", :debian_mirror => "%s", + :ubuntu_trusty => "%s", :user => "vagrant" } } @@ -402,7 +403,8 @@ vagrantfile += """ chef.add_recipe "kivy" end end -""" % (config['debian_mirror']) +""" % (config['debian_mirror'], + str('14.04' in os.uname()[3]).lower()) # Check against the existing Vagrantfile, and if they differ, we need to # create a new box: -- 2.30.2