mirrors/github.com_openSUSE_osc
1
0
Fork 0
mirror of https://github.com/openSUSE/osc.git synced 2025-08-11 17:54:06 +02:00
Code Activity

Properly handle missing ssh-keygen and ssh-add

Browse Source
This commit is contained in:
Daniel Mach
2022-09-07 10:09:20 +02:00
parent bbb2746657
commit 2496b3e987
1 changed files with 14 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
osc/connection.py
View File

@@ -2,6 +2,7 @@ import base64
import fcntl import fcntl
import os import os
import re import re
import shutil
import subprocess import subprocess
import ssl import ssl
import sys import sys
@@ -510,6 +511,9 @@ class SignatureAuthHandler(AuthHandlerBase):
self.user = user self.user = user
self.sshkey = sshkey self.sshkey = sshkey
self.ssh_keygen_path = shutil.which("ssh-keygen")
self.ssh_add_path = shutil.which("ssh-add")
apiurl = conf.config["apiurl"] apiurl = conf.config["apiurl"]
if conf.config["api_host_options"][apiurl].get("credentials_mgr_class", None) == "osc.credentials.TransientCredentialsManager": if conf.config["api_host_options"][apiurl].get("credentials_mgr_class", None) == "osc.credentials.TransientCredentialsManager":
self.basic_auth_password = False self.basic_auth_password = False
@@ -520,12 +524,10 @@ class SignatureAuthHandler(AuthHandlerBase):
self.temp_pubkey = None self.temp_pubkey = None
def list_ssh_agent_keys(self): def list_ssh_agent_keys(self):
cmd = ['ssh-add', '-L'] if not self.ssh_add_path:
try:
proc = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
except OSError:
# ssh-add is not available
return [] return []
cmd = [self.ssh_add_path, '-L']
proc = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
stdout, _ = proc.communicate() stdout, _ = proc.communicate()
if proc.returncode == 0 and stdout.strip(): if proc.returncode == 0 and stdout.strip():
return stdout.strip().splitlines() return stdout.strip().splitlines()
@@ -569,7 +571,7 @@ class SignatureAuthHandler(AuthHandlerBase):
keyfile = '~/.ssh/' + keyfile keyfile = '~/.ssh/' + keyfile
keyfile = os.path.expanduser(keyfile) keyfile = os.path.expanduser(keyfile)
cmd = ['ssh-keygen', '-Y', 'sign', '-f', keyfile, '-n', namespace, '-q'] cmd = [self.ssh_keygen_path, '-Y', 'sign', '-f', keyfile, '-n', namespace, '-q']
proc = subprocess.Popen(cmd, stdin=subprocess.PIPE, stdout=subprocess.PIPE) proc = subprocess.Popen(cmd, stdin=subprocess.PIPE, stdout=subprocess.PIPE)
stdout, _ = proc.communicate(data) stdout, _ = proc.communicate(data)
@@ -622,6 +624,12 @@ class SignatureAuthHandler(AuthHandlerBase):
# prefer basic auth, but only if password is set # prefer basic auth, but only if password is set
return False return False
if not self.ssh_keygen_path:
if conf.config["debug"]:
msg = "Skipping signature auth because ssh-keygen is not available"
print(msg, file=sys.stderr)
return False
if not self.sshkey_known(): if not self.sshkey_known():
# ssh key not set, try to guess it # ssh key not set, try to guess it
self.sshkey = self.guess_keyfile() self.sshkey = self.guess_keyfile()