add support for setting the SSH identity per-repo

2 files changed, 40 insertions, 3 deletions

diff --git a/git_mirror.py b/git_mirror.py
index 636672f..af963df 100644
--- a/git_mirror.py
+++ b/git_mirror.py
@@ -21,7 +21,7 @@
 # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 # SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 #==============================================================================
-import sys, os, subprocess
+import sys, os, os.path, subprocess
 import configparser, itertools, json, re
 import email.mime.text, email.utils, smtplib
 
@@ -91,6 +91,7 @@ class Repo:
         self.name = name
         self.local = conf['local']
         self.owner = conf['owner'] # email address to notify in case of problems
+        self.deploy_key = conf['deploy-key'] # the SSH ky used for authenticating against remote hosts
         self.mirrors = {} # maps mirrors to their URLs
         mirror_prefix = 'mirror-'
         for name in filter(lambda s: s.startswith(mirror_prefix), conf.keys()):
@@ -107,10 +108,18 @@ class Repo:
                 return mirror
         return None
     
+    def setup_env(self):
+        '''Setup the environment to work with this repository'''
+        os.chdir(self.local)
+        ssh_set_ident = os.path.join(os.path.dirname(__file__), 'ssh-set-ident.conf')
+        os.setenv('GIT_SSH', ssh_set_ident)
+        ssh_ident = os.path.join(os.path.expanduser('~/.ssh'), self.deploy_key)
+        os.setenv('SSH_IDENT', ssh_ident)
+    
     def update_mirrors(self, ref, oldsha, newsha, except_mirrors = [], suppress_stderr = False):
         '''Update the <ref> from <oldsha> to <newsha> on all mirrors. The update must already have happened locally.'''
         assert len(oldsha) == 40 and len(newsha) == 40, "These are not valid SHAs."
-        os.chdir(self.local)
+        self.setup_env()
         # check for a forced update
         is_forced = newsha != git_nullsha and oldsha != git_nullsha and git_is_forced_update(oldsha, newsha)
         # tell all the mirrors
@@ -127,7 +136,7 @@ class Repo:
     
     def update_ref_from_mirror(self, ref, oldsha, newsha, mirror, suppress_stderr = False):
         '''Update the local version of this <ref> to what's currently on the given <mirror>. <oldsha> and <newsha> are checked. Then update all the other mirrors.'''
-        os.chdir(self.local)
+        self.setup_env()
         url = self.mirrors[mirror]
         # first check whether the remote really is at newsha
         remote_state, code = git.ls_remote(url, ref)
diff --git a/ssh-set-ident.sh b/ssh-set-ident.sh
new file mode 100644
index 0000000..58ba45e
--- /dev/null
+++ b/ssh-set-ident.sh
@@ -0,0 +1,28 @@
+#!/bin/sh
+# All rights reserved.
+# 
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+# 
+# 1. Redistributions of source code must retain the above copyright notice, this
+#    list of conditions and the following disclaimer. 
+# 2. Redistributions in binary form must reproduce the above copyright notice,
+#    this list of conditions and the following disclaimer in the documentation
+#    and/or other materials provided with the distribution.
+# 
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+# ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#==============================================================================
+
+# This sets the SSH identitiy based on an environment variable. That makes it possible for the git-mirror
+# scripts to use git with a particular SSH identity.
+
+exec ssh -i "$SSH_IDENT" "$@"