From da0fa54d28f5113fe417df39cf2cf82bf42b735b Mon Sep 17 00:00:00 2001 From: Gerhard Hoffmann Date: Wed, 23 Oct 2024 12:58:48 +0200 Subject: [PATCH] gitPull(): Add important comment for the case that an remote host key change: 'git pull' handles the issue itself, and continues to pull the repository using the ssh-key provided in the .keys/ directory. --- UpdatePTUDevCtrl/git/git_client.cpp | 32 +++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/UpdatePTUDevCtrl/git/git_client.cpp b/UpdatePTUDevCtrl/git/git_client.cpp index a3cd5a5..856e62c 100644 --- a/UpdatePTUDevCtrl/git/git_client.cpp +++ b/UpdatePTUDevCtrl/git/git_client.cpp @@ -393,6 +393,38 @@ std::optional GitClient::gitPull() { if (QDir(m_customerRepository).exists()) { qInfo() << "BRANCH NAME" << m_branchName; +#if 0 + IMPORTANT COMMENT: + + If remote host keys are changed, then + + export GIT_SSH_COMMAND="ssh -i /opt/app/tools/atbupdate/.keys/id_ed25519_ptuConfig" + git pull + + leads to the following warning/error message: + + @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ + @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ + @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ + IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! + Someone could be eavesdropping on you right now (man-in-the-middle attack)! + It is also possible that a host key has just been changed. + The fingerprint for the ECDSA key sent by the remote host is + SHA256:vOD5jF2hglGktqLhK9ABxfEjwEgIK68/v9erdT05NDQ. + Please contact your system administrator. + Add correct host key in /home/root/.ssh/known_hosts to get rid of this message. + Offending ECDSA key in /home/root/.ssh/known_hosts:1 + Password authentication is disabled to avoid man-in-the-middle attacks. + Keyboard-interactive authentication is disabled to avoid man-in-the-middle attacks. + Agent forwarding is disabled to avoid man-in-the-middle attacks. + X11 forwarding is disabled to avoid man-in-the-middle attacks. + Already up to date. + + This first part is from ssh itself, and could not be fetched easily, as this + process is gone when git itself starts. + + Only the last line is the git message. +#endif Command c("git pull"); if (c.execute(m_customerRepository)) { QString const s = c.getCommandResult().trimmed();