[users at bb.net] How to properly use private keys for access to git repositories?
Povilas Kanapickas
povilas at radix.lt
Sat Apr 10 09:20:28 UTC 2021
Hi Mojca,
On 4/10/21 9:39 AM, Mojca Miklavec wrote:
> Hi,
>
> I've been struggling to understand how to properly use sshPrivateKey
> to fetch the contents from a private repository on GitHub.
>
> (It would be really helpful to have an example more clearly listed in
> the documentation.)
>
> I followed
> https://docs.github.com/en/github/authenticating-to-github/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent#generating-a-new-ssh-key
> to generate a new private key via:
> ssh-keygen -t ed25519 -C "your_email at example.com"
> and stored it to "secrets/id_ed25519".
>
> I used the following code:
>
> c['secretsProviders'] = [secrets.SecretInAFile(dirname='secrets')]
> ...
> f.addStep(
> steps.Git(
> repourl = 'git at github.com:me/somerepo.git',
> mode = 'full',
> sshPrivateKey = util.Secret('id_ed25519'),
> sshKnownHosts = util.Secret('known_hosts'),
> )
> )
>
> I checked that the key (id_ed25519) actually works to clone the
> repository, and the following command works when executed manually on
> the worker:
>
> git -c 'core.sshCommand=ssh -o "BatchMode=yes" -i /path/to/ssh-key -o
> "UserKnownHostsFile=path/to/ssh-known-hosts"' clone --branch master
> git at github.com:me/somerepo.git . --progres
>
> But I'm getting
>
> Cloning into '.'...
> Load key "/path/to/worker/.workername.build.buildbot/ssh-key": invalid format
> Permission denied (publickey).
> fatal: Could not read from remote repository.
Could you replace _removeSshPrivateKeyIfNeeded function with an empty
function in master/buildbot/util/git.py (also remove the
@defer.inlineCallbacks decorator)? This would leave the private key on
the worker and you could manually check its contents and run the git
clone command. Hopefully this would reproduce the problem and we could
check what's wrong.
Cheers,
Povilas
More information about the users
mailing list