- From:
- Stefan Sperling <stsp@stsp.name>
- Subject:
- add ssh -i support
- To:
- gameoftrees@openbsd.org
- Date:
- Fri, 10 Jan 2025 12:00:57 +0100
Download raw body.
Thread
add ssh -i support
Download raw body.
add ssh -i support
Add a -i option to got clone, fetch, send, as well as cvg clone,
update, commit. This allows ad-hoc use of SSH private keys without
having to create entries in ~/.ssh/config.
The test suite for an upcoming gotsysd(8) daemon needs this to log
into temporary test VMs with temporary SSH keys, both generated by
the test suite.
ok?
M cvg/cvg.1 | 21+ 0-
M cvg/cvg.c | 18+ 7-
M got/got.1 | 21+ 0-
M got/got.c | 17+ 8-
M include/got_fetch.h | 2+ 1-
M include/got_send.h | 2+ 1-
M include/got_worktree_cvg.h | 2+ 2-
M lib/dial.c | 6+ 2-
M lib/fetch.c | 3+ 2-
M lib/got_lib_dial.h | 2+ 1-
M lib/send.c | 2+ 2-
M lib/worktree_cvg.c | 10+ 8-
12 files changed, 106 insertions(+), 34 deletions(-)
commit - 3333ce96c5559c5c1cfe8b4eb5822189f65af31c
commit + cb1199eea5bd22d213bfc340556dda1e17f519d5
blob - 5e361ba7f6fa77f9358deaad245b6589b7c35e15
blob + 6652a0e142d22804174660f5bfac8d20073bdec6
--- cvg/cvg.1
+++ cvg/cvg.1
@@ -135,6 +135,7 @@ working directory.
.Cm clone
.Op Fl almqv
.Op Fl b Ar branch
+.Op Fl i Ar identity-file
.Op Fl J Ar jumphost
.Op Fl R Ar reference
.Ar repository-URL
@@ -241,6 +242,12 @@ repository's HEAD reference will be fetched.
Cannot be used together with the
.Fl a
option.
+.It Fl i Ar identity-file
+Specify an
+.Ar identity-file ,
+containing a private SSH key, to use with SSH connections.
+The same option will be passed to
+.Xr ssh 1 .
.It Fl J Ar jumphost
Specify a
.Ar jumphost
@@ -408,6 +415,7 @@ Silence progress output.
.Op Fl q
.Op Fl b Ar branch
.Op Fl c Ar commit
+.Op Fl i Ar identity-file
.Op Fl J Ar jumphost
.Op Ar path ...
.Xc
@@ -505,6 +513,12 @@ An abbreviated hash argument will be expanded to a com
automatically, provided the abbreviation is unique.
If this option is not specified, the most recent commit on the work tree's
branch will be used.
+.It Fl i Ar identity-file
+Specify an
+.Ar identity-file ,
+containing a private SSH key, to use with SSH connections.
+The same option will be passed to
+.Xr ssh 1 .
.It Fl J Ar jumphost
Specify a
.Ar jumphost
@@ -1301,6 +1315,7 @@ is a directory.
.Op Fl CNnS
.Op Fl A Ar author
.Op Fl F Ar path
+.Op Fl i Ar identity-file
.Op Fl J Ar jumphost
.Op Fl m Ar message
.Op Ar path ...
@@ -1411,6 +1426,12 @@ Use the specified log message when creating the new co
Cannot be used together with the
.Fl F
option.
+.It Fl i Ar identity-file
+Specify an
+.Ar identity-file ,
+containing a private SSH key, to use with SSH connections.
+The same option will be passed to
+.Xr ssh 1 .
.It Fl J Ar jumphost
Specify a
.Ar jumphost
blob - d4361e609c7f9aea986ebd997d7faf4d2bd438e8
blob + cb29dc8010fb2c9eeeadb8cadc8b840cf16279b7
--- cvg/cvg.c
+++ cvg/cvg.c
@@ -1541,6 +1541,7 @@ cmd_clone(int argc, char *argv[])
int verbosity = 0, fetch_all_branches = 0, mirror_references = 0;
int bflag = 0, list_refs_only = 0;
int *pack_fds = NULL;
+ const char *identity_file = NULL;
const char *jumphost = NULL;
RB_INIT(&refs);
@@ -1548,7 +1549,7 @@ cmd_clone(int argc, char *argv[])
RB_INIT(&wanted_branches);
RB_INIT(&wanted_refs);
- while ((ch = getopt(argc, argv, "ab:J:lmqR:v")) != -1) {
+ while ((ch = getopt(argc, argv, "ab:i:J:lmqR:v")) != -1) {
switch (ch) {
case 'a':
fetch_all_branches = 1;
@@ -1560,6 +1561,9 @@ cmd_clone(int argc, char *argv[])
return error;
bflag = 1;
break;
+ case 'i':
+ identity_file = optarg;
+ break;
case 'J':
jumphost = optarg;
break;
@@ -1681,7 +1685,7 @@ cmd_clone(int argc, char *argv[])
printf("Connecting to %s\n", git_url);
error = got_fetch_connect(&fetchpid, &fetchfd, proto, host, port,
- server_path, jumphost, verbosity);
+ server_path, jumphost, identity_file, verbosity);
if (error)
goto done;
@@ -2673,6 +2677,7 @@ cmd_update(int argc, char *argv[])
char *commit_id_str = NULL;
const char *refname;
struct got_reference *head_ref = NULL;
+ const char *identity_file = NULL;
const char *jumphost = NULL;
RB_INIT(&paths);
@@ -2682,13 +2687,16 @@ cmd_update(int argc, char *argv[])
RB_INIT(&wanted_branches);
RB_INIT(&wanted_refs);
- while ((ch = getopt(argc, argv, "c:J:qr:vX")) != -1) {
+ while ((ch = getopt(argc, argv, "c:i:J:qr:vX")) != -1) {
switch (ch) {
case 'c':
commit_id_str = strdup(optarg);
if (commit_id_str == NULL)
return got_error_from_errno("strdup");
break;
+ case 'i':
+ identity_file = optarg;
+ break;
case 'J':
jumphost = optarg;
break;
@@ -2843,7 +2851,7 @@ cmd_update(int argc, char *argv[])
}
error = got_fetch_connect(&fetchpid, &fetchfd, proto, host, port,
- server_path, jumphost, verbosity);
+ server_path, jumphost, identity_file, verbosity);
if (error)
goto done;
@@ -7813,7 +7821,7 @@ cmd_commit(int argc, char *argv[])
int nremotes;
char *proto = NULL, *host = NULL, *port = NULL;
char *repo_name = NULL, *server_path = NULL;
- const char *remote_name, *jumphost = NULL;
+ const char *remote_name, *jumphost = NULL, *identity_file = NULL;
int verbosity = 0;
int i;
@@ -7827,7 +7835,7 @@ cmd_commit(int argc, char *argv[])
err(1, "pledge");
#endif
- while ((ch = getopt(argc, argv, "A:CF:J:m:NnS")) != -1) {
+ while ((ch = getopt(argc, argv, "A:CF:i:J:m:NnS")) != -1) {
switch (ch) {
case 'A':
author = optarg;
@@ -7846,6 +7854,9 @@ cmd_commit(int argc, char *argv[])
return got_error_from_errno2("realpath",
optarg);
break;
+ case 'i':
+ identity_file = optarg;
+ break;
case 'J':
jumphost = optarg;
break;
@@ -8038,7 +8049,7 @@ cmd_commit(int argc, char *argv[])
error = got_worktree_cvg_commit(&id, worktree, &paths, author,
committer, allow_bad_symlinks, show_diff, commit_conflicts,
collect_commit_logmsg, &cl_arg, print_status, NULL, proto, host,
- port, server_path, jumphost, verbosity, remote,
+ port, server_path, jumphost, identity_file, verbosity, remote,
check_cancelled, repo);
if (error) {
if (error->code != GOT_ERR_COMMIT_MSG_EMPTY &&
blob - 96794d6aa787f704f409ac79ea9ef7d1ef02caee
blob + dbd5096b6fb2eb9f6253e0d0673a2a9e0d7aff47
--- got/got.1
+++ got/got.1
@@ -204,6 +204,7 @@ working directory.
.Cm clone
.Op Fl almqv
.Op Fl b Ar branch
+.Op Fl i Ar identity-file
.Op Fl J Ar jumphost
.Op Fl R Ar reference
.Ar repository-URL
@@ -339,6 +340,12 @@ repository's HEAD reference will be fetched.
Cannot be used together with the
.Fl a
option.
+.It Fl i Ar identity-file
+Specify an
+.Ar identity-file ,
+containing a private SSH key, to use with SSH connections.
+The same option will be passed to
+.Xr ssh 1 .
.It Fl J Ar jumphost
Specify a
.Ar jumphost
@@ -432,6 +439,7 @@ The maximum is 3.
.Cm fetch
.Op Fl adlqtvX
.Op Fl b Ar branch
+.Op Fl i Ar identity-file
.Op Fl J Ar jumphost
.Op Fl R Ar reference
.Op Fl r Ar repository-path
@@ -539,6 +547,12 @@ Any commit, tree, tag, and blob objects belonging to d
tags remain in the repository and may be removed separately with
Git's garbage collector or
.Cm gotadmin cleanup .
+.It Fl i Ar identity-file
+Specify an
+.Ar identity-file ,
+containing a private SSH key, to use with SSH connections.
+The same option will be passed to
+.Xr ssh 1 .
.It Fl J Ar jumphost
Specify a
.Ar jumphost
@@ -2351,6 +2365,7 @@ in the repository.
.Op Fl afqTv
.Op Fl b Ar branch
.Op Fl d Ar branch
+.Op Fl i Ar identity-file
.Op Fl J Ar jumphost
.Op Fl r Ar repository-path
.Op Fl t Ar tag
@@ -2486,6 +2501,12 @@ copy of a branch or tag is known to be out-of-date and
disposable.
The risks of creating inconsistencies between different repositories
should also be taken into account.
+.It Fl i Ar identity-file
+Specify an
+.Ar identity-file ,
+containing a private SSH key, to use with SSH connections.
+The same option will be passed to
+.Xr ssh 1 .
.It Fl J Ar jumphost
Specify a
.Ar jumphost
blob - db6129ef317c31225f7da933b72b257309f299aa
blob + 39d2f05e4c21dddfbcbc9ecd14d5fc22695178e5
--- got/got.c
+++ got/got.c
@@ -1634,7 +1634,7 @@ cmd_clone(int argc, char *argv[])
pid_t fetchpid = -1;
struct got_fetch_progress_arg fpa;
char *git_url = NULL;
- const char *jumphost = NULL;
+ const char *jumphost = NULL, *identity_file = NULL;
int verbosity = 0, fetch_all_branches = 0, mirror_references = 0;
int bflag = 0, list_refs_only = 0;
int *pack_fds = NULL;
@@ -1644,7 +1644,7 @@ cmd_clone(int argc, char *argv[])
RB_INIT(&wanted_branches);
RB_INIT(&wanted_refs);
- while ((ch = getopt(argc, argv, "ab:J:lmqR:v")) != -1) {
+ while ((ch = getopt(argc, argv, "ab:i:J:lmqR:v")) != -1) {
switch (ch) {
case 'a':
fetch_all_branches = 1;
@@ -1656,6 +1656,9 @@ cmd_clone(int argc, char *argv[])
return error;
bflag = 1;
break;
+ case 'i':
+ identity_file = optarg;
+ break;
case 'J':
jumphost = optarg;
break;
@@ -1777,7 +1780,7 @@ cmd_clone(int argc, char *argv[])
printf("Connecting to %s\n", git_url);
error = got_fetch_connect(&fetchpid, &fetchfd, proto, host, port,
- server_path, jumphost, verbosity);
+ server_path, jumphost, identity_file, verbosity);
if (error)
goto done;
@@ -2395,7 +2398,7 @@ cmd_fetch(int argc, char *argv[])
int delete_refs = 0, replace_tags = 0, delete_remote = 0;
int *pack_fds = NULL, have_bflag = 0;
const char *remote_head = NULL, *worktree_branch = NULL;
- const char *jumphost = NULL;
+ const char *jumphost = NULL, *identity_file = NULL;
RB_INIT(&refs);
RB_INIT(&symrefs);
@@ -2403,7 +2406,7 @@ cmd_fetch(int argc, char *argv[])
RB_INIT(&wanted_branches);
RB_INIT(&wanted_refs);
- while ((ch = getopt(argc, argv, "ab:dJ:lqR:r:tvX")) != -1) {
+ while ((ch = getopt(argc, argv, "ab:di:J:lqR:r:tvX")) != -1) {
switch (ch) {
case 'a':
fetch_all_branches = 1;
@@ -2418,6 +2421,9 @@ cmd_fetch(int argc, char *argv[])
case 'd':
delete_refs = 1;
break;
+ case 'i':
+ identity_file = optarg;
+ break;
case 'J':
jumphost = optarg;
break;
@@ -2658,7 +2664,7 @@ cmd_fetch(int argc, char *argv[])
}
error = got_fetch_connect(&fetchpid, &fetchfd, proto, host, port,
- server_path, jumphost, verbosity);
+ server_path, jumphost, identity_file, verbosity);
if (error)
goto done;
#ifndef PROFILE
@@ -10025,7 +10031,7 @@ cmd_send(int argc, char *argv[])
int send_all_branches = 0, send_all_tags = 0;
struct got_reference *ref = NULL;
int *pack_fds = NULL;
- const char *jumphost = NULL;
+ const char *jumphost = NULL, *identity_file = NULL;
RB_INIT(&branches);
RB_INIT(&tags);
@@ -10053,6 +10059,9 @@ cmd_send(int argc, char *argv[])
case 'f':
overwrite_refs = 1;
break;
+ case 'i':
+ identity_file = optarg;
+ break;
case 'J':
jumphost = optarg;
break;
@@ -10323,7 +10332,7 @@ cmd_send(int argc, char *argv[])
}
error = got_send_connect(&sendpid, &sendfd, proto, host, port,
- server_path, jumphost, verbosity);
+ server_path, jumphost, identity_file, verbosity);
if (error)
goto done;
blob - abf138991ddab8ea1eae485f37d910d443f8fe76
blob + 4e7f538f523c582bd0b2b8be1e97182731a9ec7e
--- include/got_fetch.h
+++ include/got_fetch.h
@@ -20,6 +20,7 @@
* Attempt to open a connection to a server using the provided protocol
* scheme, hostname port number (as a string) and server-side path.
* A jumphost can be specified which will be passed to ssh(1) via -J.
+ * An identity file can be specified which will be passed to ssh(1) via -i.
* A verbosity level can be specified; it currently controls the amount
* of -v options passed to ssh(1). If the level is -1 ssh(1) will be run
* with the -q option.
@@ -32,7 +33,7 @@
* the process to exit with waitpid(2). Otherwise, return PID -1.
*/
const struct got_error *got_fetch_connect(pid_t *, int *, const char *,
- const char *, const char *, const char *, const char *, int);
+ const char *, const char *, const char *, const char *, const char *, int);
/* A callback function which gets invoked with progress information to print. */
typedef const struct got_error *(*got_fetch_progress_cb)(void *,
blob - 9f8c6498d5a65aa365c53f33830bcb336c8c2ee3
blob + f80d4a9a8b4bfaf749a1088b2095b9c830444385
--- include/got_send.h
+++ include/got_send.h
@@ -27,13 +27,14 @@
* If successful return an open file descriptor for the connection which can
* be passed to other functions below, and must be disposed of with close(2).
* A jumphost can be specified which will be passed to ssh(1) via -J.
+ * An identity file can be specified which will be passed to ssh(1) via -i.
*
* If an ssh(1) process was started return its PID as well, in which case
* the caller should eventually send SIGTERM to the procress and wait for
* the process to exit with waitpid(2). Otherwise, return PID -1.
*/
const struct got_error *got_send_connect(pid_t *, int *, const char *,
- const char *, const char *, const char *, const char *, int);
+ const char *, const char *, const char *, const char *, const char *, int);
/* A callback function which gets invoked with progress information to print. */
typedef const struct got_error *(*got_send_progress_cb)(void *,
blob - 72cd9b87962075687ca6d1b929f6f55cb33236ef
blob + 057137a8ccbd155e4eebbe781aa2acbab0177706
--- include/got_worktree_cvg.h
+++ include/got_worktree_cvg.h
@@ -31,8 +31,8 @@ const struct got_error *got_worktree_cvg_commit(struct
struct got_worktree *, struct got_pathlist_head *, const char *,
const char *, int, int, int, got_worktree_commit_msg_cb, void *,
got_worktree_status_cb, void *, const char *, const char *, const char *,
- const char *, const char *, int, const struct got_remote_repo *,
- got_cancel_cb, struct got_repository *);
+ const char *, const char *, const char *, int,
+ const struct got_remote_repo *, got_cancel_cb, struct got_repository *);
/*
* Get the reference name for a temporary commit to be trivially rebased
blob - ca330996f861e3db0b6d6182071f7f81bb4b4144
blob + ea890900b6bc6242e49b59d03cac8cef99cad633
--- lib/dial.c
+++ lib/dial.c
@@ -263,13 +263,13 @@ escape_path(char *buf, size_t bufsize, const char *pat
const struct got_error *
got_dial_ssh(pid_t *newpid, int *newfd, const char *host,
const char *port, const char *path, const char *jumphost,
- const char *command, int verbosity)
+ const char *identity_file, const char *command, int verbosity)
{
const struct got_error *error = NULL;
int pid, pfd[2];
char cmd[64];
char escaped_path[PATH_MAX];
- const char *argv[13];
+ const char *argv[15];
int i = 0, j;
*newpid = -1;
@@ -291,6 +291,10 @@ got_dial_ssh(pid_t *newpid, int *newfd, const char *ho
for (j = 0; j < MIN(3, verbosity); j++)
argv[i++] = "-v";
}
+ if (identity_file) {
+ argv[i++] = "-i";
+ argv[i++] = identity_file;
+ }
if (jumphost) {
argv[i++] = "-J";
argv[i++] = jumphost;
blob - 59805003b987f3c15b36a7b1612cf1bfc9128fb0
blob + f271143b425954027040e9e3e0ad142fb6c4d327
--- lib/fetch.c
+++ lib/fetch.c
@@ -80,7 +80,7 @@
const struct got_error *
got_fetch_connect(pid_t *fetchpid, int *fetchfd, const char *proto,
const char *host, const char *port, const char *server_path,
- const char *jumphost, int verbosity)
+ const char *jumphost, const char *identity_file, int verbosity)
{
const struct got_error *err = NULL;
@@ -89,7 +89,8 @@ got_fetch_connect(pid_t *fetchpid, int *fetchfd, const
if (strcmp(proto, "ssh") == 0 || strcmp(proto, "git+ssh") == 0)
err = got_dial_ssh(fetchpid, fetchfd, host, port,
- server_path, jumphost, GOT_DIAL_CMD_FETCH, verbosity);
+ server_path, jumphost, identity_file, GOT_DIAL_CMD_FETCH,
+ verbosity);
else if (strcmp(proto, "git") == 0)
err = got_dial_git(fetchfd, host, port, server_path,
GOT_DIAL_CMD_FETCH);
blob - 2e53b80d6121b5d2e79d4ffedc74c0fb6529a6de
blob + 744dd8b9e085007b57922969f9e2db67f86e8bf6
--- lib/got_lib_dial.h
+++ lib/got_lib_dial.h
@@ -23,7 +23,8 @@ const struct got_error *got_dial_git(int *newfd, const
const struct got_error *got_dial_ssh(pid_t *newpid, int *newfd,
const char *host, const char *port, const char *path,
- const char *jumphost, const char *command, int verbosity);
+ const char *jumphost, const char *identity_file,
+ const char *command, int verbosity);
const struct got_error *got_dial_http(pid_t *newpid, int *newfd,
const char *host, const char *port, const char *path, int, int);
blob - 87e3a2db6550d35ff268f3ad2af0d88e2f27904a
blob + ed9e497c5a0fdf9632b1c65ac9a22bdfa1d64a61
--- lib/send.c
+++ lib/send.c
@@ -87,7 +87,7 @@
const struct got_error *
got_send_connect(pid_t *sendpid, int *sendfd, const char *proto,
const char *host, const char *port, const char *server_path,
- const char *jumphost, int verbosity)
+ const char *jumphost, const char *identity_file, int verbosity)
{
const struct got_error *err = NULL;
@@ -96,7 +96,7 @@ got_send_connect(pid_t *sendpid, int *sendfd, const ch
if (strcmp(proto, "ssh") == 0 || strcmp(proto, "git+ssh") == 0)
err = got_dial_ssh(sendpid, sendfd, host, port, server_path,
- jumphost, GOT_DIAL_CMD_SEND, verbosity);
+ jumphost, identity_file, GOT_DIAL_CMD_SEND, verbosity);
else if (strcmp(proto, "git") == 0)
err = got_dial_git(sendfd, host, port, server_path,
GOT_DIAL_CMD_SEND);
blob - 4518253bb1454bef6d43a7a09d1bdc0b73168086
blob + 2aa66b6119819465449e3153ff18ad42e03458d3
--- lib/worktree_cvg.c
+++ lib/worktree_cvg.c
@@ -2764,9 +2764,10 @@ done:
static const struct got_error *
fetch_updated_remote(const char *proto, const char *host, const char *port,
- const char *server_path, const char *jumphost, int verbosity,
- const struct got_remote_repo *remote, struct got_repository *repo,
- struct got_reference *head_ref, const char *head_refname)
+ const char *server_path, const char *jumphost, const char *identity_file,
+ int verbosity, const struct got_remote_repo *remote,
+ struct got_repository *repo, struct got_reference *head_ref,
+ const char *head_refname)
{
const struct got_error *err = NULL, *unlock_err = NULL;
struct got_pathlist_entry *pe;
@@ -2790,7 +2791,7 @@ fetch_updated_remote(const char *proto, const char *ho
goto done;
err = got_fetch_connect(&fetchpid, &fetchfd, proto, host,
- port, server_path, jumphost, verbosity);
+ port, server_path, jumphost, identity_file, verbosity);
if (err)
goto done;
@@ -2909,8 +2910,8 @@ got_worktree_cvg_commit(struct got_object_id **new_com
got_worktree_commit_msg_cb commit_msg_cb, void *commit_arg,
got_worktree_status_cb status_cb, void *status_arg,
const char *proto, const char *host, const char *port,
- const char *server_path, const char *jumphost, int verbosity,
- const struct got_remote_repo *remote,
+ const char *server_path, const char *jumphost, const char *identity_file,
+ int verbosity, const struct got_remote_repo *remote,
got_cancel_cb check_cancelled,
struct got_repository *repo)
{
@@ -3089,7 +3090,7 @@ got_worktree_cvg_commit(struct got_object_id **new_com
/* Attempt send to remote branch. */
err = got_send_connect(&sendpid, &sendfd, proto, host, port,
- server_path, jumphost, verbosity);
+ server_path, jumphost, identity_file, verbosity);
if (err)
goto done;
@@ -3110,7 +3111,8 @@ got_worktree_cvg_commit(struct got_object_id **new_com
* No trivial-rebase yet; require update to be run manually.
*/
err = fetch_updated_remote(proto, host, port, server_path,
- jumphost, verbosity, remote, repo, head_ref, head_refname);
+ jumphost, identity_file, verbosity, remote, repo,
+ head_ref, head_refname);
if (err == NULL)
goto done;
err = got_error(GOT_ERR_COMMIT_OUT_OF_DATE);
add ssh -i support