pub-solar/os
5
0
Fork 2
Code Issues 4 Pull requests Packages Projects 1 Releases Wiki Activity

ci: fix Host key verification failed
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/pr Build is passing
Details

Browse source 
- Fix missing SSH known_hosts in deploy pipeline
- SSH tries to use Trust-On-First-Use (TOFU) interactively to add a new
  host key
- Verbose SSH logs show:
debug1: Server host key: ssh-ed25519 SHA256:1bbksDNYBWSh/rIFP7MMfs557kWn1dM64bpXdnfBE5E
debug1: read_passphrase: can't open /dev/tty: No such device or address
- deploy-rs uses nix, which uses SSH which doesn't use the environment variable
HOME, but rather /etc/passwd to find a user's HOME
- To solve this, we override SSH options using UserKnownHostsFile and
  the -i flag
This commit is contained in:
teutat3s 2023-03-08 14:10:19 +01:00
parent f5239c042b
commit b21b98dadd
Signed by: teutat3s
GPG key ID: 4FA1D3FA524F22C1
1 changed files with 2 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
.drone.yml
View file

@ -33,9 +33,7 @@ steps:
- echo "$$PRIVATE_SSH_KEY" > $$HOME/.ssh/id_ed25519 && chmod 600 $$HOME/.ssh/id_ed25519
- echo "$$SSH_HOST_KEY" > $$HOME/.ssh/known_hosts
# SSH uses HOME from /etc/passwd, not from the environment, so override it
- export SSHOPTS="-o UserKnownHostsFile=$$HOME/.ssh/known_hosts -i $$HOME/.ssh/id_ed25519 -v"
- echo DEBUG SSHOPTS
- echo $$SSHOPTS
- export SSHOPTS="-o UserKnownHostsFile=$$HOME/.ssh/known_hosts -i $$HOME/.ssh/id_ed25519"
- "echo DEBUG: Using NIX_FLAGS: $$NIX_FLAGS"
- nix $$NIX_FLAGS develop --command deploy --magic-rollback false --skip-checks --targets '.#host_001_momo_koeln' --ssh-opts="$$SSHOPTS"
@ -163,6 +161,6 @@ volumes:
---
kind: signature
hmac: 6d2495181ae2acd3f3a44d34591ba79315862d22c1e62c580bfba1a4c4fe822a
hmac: 3edb1779f39db0416f8395a1b0d52bd07cf51b4a181059ecdcf6f1dbfc595a49
...