SiegfriedSiegert/PTU5KAS
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add environment variable SSH_PRIVATE_KEY_FILE

Browse Source 
Additionally to the variable SSH_PRIVATE_KEY, which can be used to
reference a private key saved as a string within a variable (the previous
documentation falsely stated, that it references a path and has been
adjusted), the new variable SSH_PRIVATE_KEY_FILE can now be used to reference
the path to a file containing the private key.

Signed-off-by: Jasper Orschulko <jasper@fancydomain.eu>
[Jan: Fix logic for detecting set env vars]
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
This commit is contained in:
Jasper Orschulko 2021-07-03 23:35:40 +02:00 committed by Jan Kiszka
parent 4d2b16e04d
commit 15de0142d4
3 changed files with 105 additions and 69 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

134
docs/command-line.rst
View File

@ -10,67 +10,79 @@ Command line usage
Environment variables Environment variables
--------------------- ---------------------
+-----------------------+-----------------------------------------------------+ +--------------------------+--------------------------------------------------+
| Environment variables | Description | | Environment variables | Description |
+=======================+=====================================================+ +==========================+==================================================+
| ``KAS_WORK_DIR`` | The path of the kas work directory, current work | | ``KAS_WORK_DIR`` | The path of the kas work directory, current work |
| | directory is the default. | | | directory is the default. |
+-----------------------+-----------------------------------------------------+ +--------------------------+--------------------------------------------------+
| ``KAS_BUILD_DIR`` | The path build directory, ``${KAS_WORK_DIR}/build`` | | ``KAS_BUILD_DIR`` | The path build directory, |
| | is the default. | | | ``${KAS_WORK_DIR}/build`` is the default. |
+-----------------------+-----------------------------------------------------+ +--------------------------+--------------------------------------------------+
| ``KAS_REPO_REF_DIR`` | The path to the repository reference directory. | | ``KAS_REPO_REF_DIR`` | The path to the repository reference directory. |
| | Repositories in this directory are used as | | | Repositories in this directory are used as |
| | references when cloning. In order for kas to find | | | references when cloning. In order for kas to |
| | those repositories, they have to be named in a | | | find those repositories, they have to be named |
| | specific way. The repo URLs are translated like | | | in a specific way. The repo URLs are translated |
| | this: "https://github.com/siemens/meta-iot2000.git" | | | like this: |
| | resolves to the name | | | "https://github.com/siemens/meta-iot2000.git" |
| | "github.com.siemens.meta-iot2000.git". | | | resolves to the name |
+-----------------------+-----------------------------------------------------+ | | "github.com.siemens.meta-iot2000.git". |
| ``KAS_DISTRO`` | This overwrites the respective setting in the | +--------------------------+--------------------------------------------------+
| ``KAS_MACHINE`` | configuration file. | | ``KAS_DISTRO`` | This overwrites the respective setting in the |
| ``KAS_TARGET`` | | | ``KAS_MACHINE`` | configuration file. |
| ``KAS_TASK`` | | | ``KAS_TARGET`` | |
+-----------------------+-----------------------------------------------------+ | ``KAS_TASK`` | |
| ``KAS_PREMIRRORS`` | Specifies alternatives for repo URLs. Just like | +--------------------------+--------------------------------------------------+
| | bitbake ``PREMIRRORS``, this variable consists of | | ``KAS_PREMIRRORS`` | Specifies alternatives for repo URLs. Just like |
| | new-line separated entries. Each entry defines a | | | bitbake ``PREMIRRORS``, this variable consists |
| | regular expression to match a URL and, space- | | | of new-line separated entries. Each entry |
| | separated, its replacement. E.g.: | | | defines a regular expression to match a URL and, |
| | "https://.*\.somehost\.io/ https://localmirror.net/"| | | space-separated, its replacement. E.g.: |
+-----------------------+-----------------------------------------------------+ | | "http://.*\.someurl\.io/ http://localmirror.net/"|
| ``SSH_PRIVATE_KEY`` | Path to the private key file that should be added | +--------------------------+--------------------------------------------------+
| | to an internal ssh-agent. This key cannot be | | ``SSH_PRIVATE_KEY`` | Variable containing the private key that should |
| | password protected. This setting is useful for CI | | | be added to an internal ssh-agent. This key |
| | build servers. On desktop machines, an ssh-agent | | | cannot be password protected. This setting is |
| | running outside the kas environment is more useful. | | | useful for CI build servers. On desktop |
+-----------------------+-----------------------------------------------------+ | | machines, an ssh-agent running outside the kas |
| ``SSH_AUTH_SOCK`` | SSH authentication socket. Used for cloning over | | | environment is more useful. |
| | SSH (alternative to ``SSH_PRIVATE_KEY``). | +--------------------------+--------------------------------------------------+
+-----------------------+-----------------------------------------------------+ | ``SSH_PRIVATE_KEY_FILE`` | Path to the private key file that should be |
| ``DL_DIR`` | Environment variables that are transferred to the | | | added to an internal ssh-agent. This key cannot |
| ``SSTATE_DIR`` | bitbake environment. | | | be password protected. This setting is useful |
| ``TMPDIR`` | | | | for CI build servers. On desktop machines, an |
+-----------------------+-----------------------------------------------------+ | | ssh-agent running outside the kas environment is |
| ``http_proxy`` | This overwrites the proxy configuration in the | | | more useful. |
| ``https_proxy`` | configuration file. | +--------------------------+--------------------------------------------------+
| ``ftp_proxy`` | | | ``SSH_AUTH_SOCK`` | SSH authentication socket. Used for cloning over |
| ``no_proxy`` | | | | SSH (alternative to ``SSH_PRIVATE_KEY`` or |
+-----------------------+-----------------------------------------------------+ | | ``SSH_PRIVATE_KEY_FILE``). |
| ``GIT_PROXY_COMMAND`` | Set proxy for native git fetches. ``NO_PROXY`` is | +--------------------------+--------------------------------------------------+
| ``NO_PROXY`` | evaluated by OpenEmbedded's oe-git-proxy script. | | ``DL_DIR`` | Environment variables that are transferred to |
+-----------------------+-----------------------------------------------------+ | ``SSTATE_DIR`` | the bitbake environment. |
| ``SHELL`` | The shell to start when using the `shell` plugin. | | ``TMPDIR`` | |
+-----------------------+-----------------------------------------------------+ +--------------------------+--------------------------------------------------+
| ``TERM`` | The terminal options used in the `shell` plugin. | | ``http_proxy`` | This overwrites the proxy configuration in the |
+-----------------------+-----------------------------------------------------+ | ``https_proxy`` | configuration file. |
| ``AWS_CONFIG_FILE`` | Path to the awscli configuration and credentials | | ``ftp_proxy`` | |
| |aws_cred| | file that are copied to the kas home dir. | | ``no_proxy`` | |
+-----------------------+-----------------------------------------------------+ +--------------------------+--------------------------------------------------+
| |git_cred| | Allows to set the git credential helper in the | | ``GIT_PROXY_COMMAND`` | Set proxy for native git fetches. ``NO_PROXY`` |
| | `.gitconfig` of the kas user. | | ``NO_PROXY`` | is evaluated by OpenEmbedded's oe-git-proxy |
+-----------------------+-----------------------------------------------------+ | | script. |
+--------------------------+--------------------------------------------------+
| ``SHELL`` | The shell to start when using the `shell` |
| | plugin. |
+--------------------------+--------------------------------------------------+
| ``TERM`` | The terminal options used in the `shell` plugin. |
+--------------------------+--------------------------------------------------+
| ``AWS_CONFIG_FILE`` | Path to the awscli configuration and credentials |
| |aws_cred| | file that are copied to the kas home dir. |
+--------------------------+--------------------------------------------------+
| |git_cred| | Allows to set the git credential helper in the |
| | `.gitconfig` of the kas user. |
+--------------------------+--------------------------------------------------+
.. |aws_cred| replace:: ``AWS_SHARED_CREDENTIALS_FILE`` .. |aws_cred| replace:: ``AWS_SHARED_CREDENTIALS_FILE``
.. |git_cred| replace:: ``GIT_CREDENTIAL_HELPER`` .. |git_cred| replace:: ``GIT_CREDENTIAL_HELPER``

7
kas/libcmds.py
View File

@ -50,7 +50,8 @@ class Macro:
SetupDir(), SetupDir(),
] ]
if 'SSH_PRIVATE_KEY' in os.environ: if ('SSH_PRIVATE_KEY' in os.environ
or 'SSH_PRIVATE_KEY_FILE' in os.environ):
self.setup_commands.append(SetupSSHAgent()) self.setup_commands.append(SetupSSHAgent())
self.setup_commands += [ self.setup_commands += [
@ -65,7 +66,9 @@ class Macro:
else: else:
self.setup_commands = [] self.setup_commands = []
if use_common_cleanup and 'SSH_PRIVATE_KEY' in os.environ: if (use_common_cleanup
and ('SSH_PRIVATE_KEY' in os.environ
or 'SSH_PRIVATE_KEY_FILE' in os.environ)):
self.cleanup_commands = [ self.cleanup_commands = [
CleanupSSHAgent(), CleanupSSHAgent(),
] ]

33
kas/libkas.py
View File

@ -268,6 +268,15 @@ def get_build_environ(build_system):
return env return env
def ssh_add_key_file(env, key_path):
"""
Adds an ssh key file to the ssh-agent
"""
with open(key_path) as f:
key = f.read()
ssh_add_key(env, key)
def ssh_add_key(env, key): def ssh_add_key(env, key):
""" """
Adds an ssh key to the ssh-agent Adds an ssh key to the ssh-agent
@ -307,20 +316,32 @@ def ssh_setup_agent(envkeys=None):
Starts the ssh-agent Starts the ssh-agent
""" """
env = get_context().environ env = get_context().environ
envkeys = envkeys or ['SSH_PRIVATE_KEY'] envkeys = envkeys or ['SSH_PRIVATE_KEY', 'SSH_PRIVATE_KEY_FILE']
output = os.popen('ssh-agent -s').readlines() output = os.popen('ssh-agent -s').readlines()
for line in output: for line in output:
matches = re.search(r"(\S+)\=(\S+)\;", line) matches = re.search(r"(\S+)\=(\S+)\;", line)
if matches: if matches:
env[matches.group(1)] = matches.group(2) env[matches.group(1)] = matches.group(2)
found = False
for envkey in envkeys: for envkey in envkeys:
key = os.environ.get(envkey) if envkey == 'SSH_PRIVATE_KEY_FILE':
if key: key_path = os.environ.get(envkey)
logging.info("adding SSH key") if key_path:
ssh_add_key(env, key) found = True
logging.info("adding SSH key")
ssh_add_key_file(env, key_path)
else: else:
logging.warning('%s is missing', envkey) key = os.environ.get(envkey)
if key:
found = True
logging.info("adding SSH key")
ssh_add_key(env, key)
if found is not True:
warning = "None of the following environment keys were set: " + \
", ".join(envkeys)
logging.warning(warning)
def ssh_no_host_key_check(): def ssh_no_host_key_check():