launchpad-reviewers team mailing list archive

Thread
Date

[Merge] ~cjwatson/lp-codeimport:cvs-no-host-key-check into lp-codeimport:master

To: mp+405034@xxxxxxxxxxxxxxxxxx
From: Colin Watson <cjwatson@xxxxxxxxxxxxx>
Date: Thu, 01 Jul 2021 11:00:47 -0000
Reply-to: mp+405034@xxxxxxxxxxxxxxxxxx
Sender: bounces@xxxxxxxxxxxxx

Colin Watson has proposed merging ~cjwatson/lp-codeimport:cvs-no-host-key-check into lp-codeimport:master.

Commit message:
Disable SSH host key checks for CVS imports

Requested reviews:
  Launchpad code reviewers (launchpad-reviewers)
Related bugs:
  Bug #726834 in Launchpad code imports: "LOSA intervention needed to set up code import over empty-password SSH"
  https://bugs.launchpad.net/lp-codeimport/+bug/726834

For more details, see:
https://code.launchpad.net/~cjwatson/lp-codeimport/+git/lp-codeimport/+merge/405034

It doesn't seem worth having people manually go around accepting host key prompts here.
-- 
Your team Launchpad code reviewers is requested to review the proposed merge of ~cjwatson/lp-codeimport:cvs-no-host-key-check into lp-codeimport:master.

diff --git a/charm/lp-codeimport/reactive/lp-codeimport.py b/charm/lp-codeimport/reactive/lp-codeimport.py
index e35106a..a6d8b1e 100644
--- a/charm/lp-codeimport/reactive/lp-codeimport.py
+++ b/charm/lp-codeimport/reactive/lp-codeimport.py
@@ -128,7 +128,7 @@ def install_scripts(config):
     dst = scripts_dir()
     if not os.path.exists(dst):
         host.mkdir(dst, perms=0o755)
-    for name in ('ps_dump.sh', 'ps_dump_clean.sh'):
+    for name in ('ps_dump.sh', 'ps_dump_clean.sh', 'ssh-no-host-key'):
         shutil.copy2(os.path.join(src, name), os.path.join(dst, name))
     templating.render(
         'clean_importd_logs.sh.j2',
diff --git a/charm/lp-codeimport/scripts/ssh-no-host-key b/charm/lp-codeimport/scripts/ssh-no-host-key
new file mode 100755
index 0000000..8e6db7e
--- /dev/null
+++ b/charm/lp-codeimport/scripts/ssh-no-host-key
@@ -0,0 +1,2 @@
+#! /bin/sh
+exec ssh -oStrictHostKeyChecking=no "$@"
diff --git a/charm/lp-codeimport/templates/codeimport-lazr.conf.j2 b/charm/lp-codeimport/templates/codeimport-lazr.conf.j2
index 47e9a3f..09fd743 100644
--- a/charm/lp-codeimport/templates/codeimport-lazr.conf.j2
+++ b/charm/lp-codeimport/templates/codeimport-lazr.conf.j2
@@ -14,6 +14,7 @@ worker_log_dir: {{ logs_dir }}
 
 [codeimportworker]
 working_directory_root: {{ data_dir }}
+cvs_rsh: {{ scripts_dir }}/ssh-no-host-key
 
 [error_reports]
 oops_prefix: {{ oops_prefix }}
diff --git a/lib/lp/services/config/schema-lazr.conf b/lib/lp/services/config/schema-lazr.conf
index f9a78a2..3041d6c 100644
--- a/lib/lp/services/config/schema-lazr.conf
+++ b/lib/lp/services/config/schema-lazr.conf
@@ -63,6 +63,11 @@ heartbeat_update_interval: 30
 # worker-for-branch-${BRANCH_ID} in this directory.
 working_directory_root: /var/tmp/codeimport/data
 
+# A path to a program to set as CVS_RSH in the code import worker's
+# environment.  This can be used to override CVS-specific connection
+# behaviour.
+cvs_rsh: none
+
 
 [error_reports]
 # A prefix for "OOPS" codes for this process instance.
diff --git a/scripts/code-import-worker.py b/scripts/code-import-worker.py
index 434b449..7259f32 100755
--- a/scripts/code-import-worker.py
+++ b/scripts/code-import-worker.py
@@ -18,6 +18,7 @@ __metaclass__ = type
 import _pythonpath
 
 from optparse import OptionParser
+import os
 import sys
 
 from bzrlib.transport import get_transport
@@ -75,6 +76,8 @@ class CodeImportWorker:
     def main(self):
         force_bzr_to_use_urllib()
         set_default_timeout_function(lambda: 60.0)
+        if config.codeimportworker.cvs_rsh:
+            os.environ['CVS_RSH'] = config.codeimportworker.cvs_rsh
         source_details = CodeImportSourceDetails.fromArguments(self.args)
         if source_details.rcstype == 'git':
             if source_details.target_rcstype == 'bzr':