From 6843793205d96449af070b5c7b776eaf205f5ad7 Mon Sep 17 00:00:00 2001 From: Ralf Jung Date: Sun, 22 Feb 2015 21:11:19 +0100 Subject: add support for setting the SSH identity per-repo --- git_mirror.py | 15 ++++++++++++--- ssh-set-ident.sh | 28 ++++++++++++++++++++++++++++ 2 files changed, 40 insertions(+), 3 deletions(-) create mode 100644 ssh-set-ident.sh diff --git a/git_mirror.py b/git_mirror.py index 636672f..af963df 100644 --- a/git_mirror.py +++ b/git_mirror.py @@ -21,7 +21,7 @@ # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS # SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. #============================================================================== -import sys, os, subprocess +import sys, os, os.path, subprocess import configparser, itertools, json, re import email.mime.text, email.utils, smtplib @@ -91,6 +91,7 @@ class Repo: self.name = name self.local = conf['local'] self.owner = conf['owner'] # email address to notify in case of problems + self.deploy_key = conf['deploy-key'] # the SSH ky used for authenticating against remote hosts self.mirrors = {} # maps mirrors to their URLs mirror_prefix = 'mirror-' for name in filter(lambda s: s.startswith(mirror_prefix), conf.keys()): @@ -107,10 +108,18 @@ class Repo: return mirror return None + def setup_env(self): + '''Setup the environment to work with this repository''' + os.chdir(self.local) + ssh_set_ident = os.path.join(os.path.dirname(__file__), 'ssh-set-ident.conf') + os.setenv('GIT_SSH', ssh_set_ident) + ssh_ident = os.path.join(os.path.expanduser('~/.ssh'), self.deploy_key) + os.setenv('SSH_IDENT', ssh_ident) + def update_mirrors(self, ref, oldsha, newsha, except_mirrors = [], suppress_stderr = False): '''Update the from to on all mirrors. The update must already have happened locally.''' assert len(oldsha) == 40 and len(newsha) == 40, "These are not valid SHAs." - os.chdir(self.local) + self.setup_env() # check for a forced update is_forced = newsha != git_nullsha and oldsha != git_nullsha and git_is_forced_update(oldsha, newsha) # tell all the mirrors @@ -127,7 +136,7 @@ class Repo: def update_ref_from_mirror(self, ref, oldsha, newsha, mirror, suppress_stderr = False): '''Update the local version of this to what's currently on the given . and are checked. Then update all the other mirrors.''' - os.chdir(self.local) + self.setup_env() url = self.mirrors[mirror] # first check whether the remote really is at newsha remote_state, code = git.ls_remote(url, ref) diff --git a/ssh-set-ident.sh b/ssh-set-ident.sh new file mode 100644 index 0000000..58ba45e --- /dev/null +++ b/ssh-set-ident.sh @@ -0,0 +1,28 @@ +#!/bin/sh +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are met: +# +# 1. Redistributions of source code must retain the above copyright notice, this +# list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright notice, +# this list of conditions and the following disclaimer in the documentation +# and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR +# ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +#============================================================================== + +# This sets the SSH identitiy based on an environment variable. That makes it possible for the git-mirror +# scripts to use git with a particular SSH identity. + +exec ssh -i "$SSH_IDENT" "$@" -- cgit v1.2.3