From a2e2eed8f3d9b7b8a2b4149cba69063e6e8ab132 Mon Sep 17 00:00:00 2001 From: Erich Eckner Date: Sun, 29 May 2022 11:22:20 +0200 Subject: avoid password-authentication for ssh --- bin/build-packages | 14 +++++++------- bin/harvest-commit-times | 8 ++++---- bin/local-build-package | 2 +- bin/nit-picker | 2 +- bin/ping-to-master | 2 +- 5 files changed, 14 insertions(+), 14 deletions(-) diff --git a/bin/build-packages b/bin/build-packages index 16c9008..de01478 100755 --- a/bin/build-packages +++ b/bin/build-packages @@ -251,7 +251,7 @@ while [ "${count}" -ne 0 ] && \ if [ -z "${forced_package}" ]; then package=$( # shellcheck disable=SC2029 - ssh \ + ssh -o PasswordAuthentication=No \ -i "${master_build_server_identity}" \ -p "${master_build_server_port}" \ "${master_build_server_user}@${master_build_server}" \ @@ -303,7 +303,7 @@ while [ "${count}" -ne 0 ] && \ >&2 echo 'The prefered package was not handed out.' >&2 echo 'Because -d was given, I will abort.' # shellcheck disable=SC2029 - ssh \ + ssh -o PasswordAuthentication=No \ -i "${master_build_server_identity}" \ -p "${master_build_server_port}" \ "${master_build_server_user}@${master_build_server}" \ @@ -388,7 +388,7 @@ while [ "${count}" -ne 0 ] && \ ! apply_trunk_patch "${tmp_dir}" "${diff_source_dir}"; then # report local failure (probably a missing commit) to build-master # shellcheck disable=SC2029 - ssh \ + ssh -o PasswordAuthentication=No \ -i "${master_build_server_identity}" \ -p "${master_build_server_port}" \ "${master_build_server_user}@${master_build_server}" \ @@ -464,7 +464,7 @@ while [ "${count}" -ne 0 ] && \ >&2 echo 'The prefered package was not handed out.' >&2 echo 'Because straw :without_systemd_nspawn: is active, I will abort.' # shellcheck disable=SC2029 - ssh \ + ssh -o PasswordAuthentication=No \ -i "${master_build_server_identity}" \ -p "${master_build_server_port}" \ "${master_build_server_user}@${master_build_server}" \ @@ -500,7 +500,7 @@ while [ "${count}" -ne 0 ] && \ >&2 echo 'The prefered package was not handed out.' >&2 echo 'Because straw :on_x86_64: is active, I will abort.' # shellcheck disable=SC2029 - ssh \ + ssh -o PasswordAuthentication=No \ -i "${master_build_server_identity}" \ -p "${master_build_server_port}" \ "${master_build_server_user}@${master_build_server}" \ @@ -1050,7 +1050,7 @@ while [ "${count}" -ne 0 ] && \ while ${upload_to_build_master}; do err=0 # shellcheck disable=SC2029 - ssh \ + ssh -o PasswordAuthentication=No \ -i "${master_build_server_identity}" \ -p "${master_build_server_port}" \ "${master_build_server_user}@${master_build_server}" \ @@ -1113,7 +1113,7 @@ while [ "${count}" -ne 0 ] && \ while true; do err=0 # shellcheck disable=SC2029 - ssh \ + ssh -o PasswordAuthentication=No \ -i "${master_build_server_identity}" \ -p "${master_build_server_port}" \ "${master_build_server_user}@${master_build_server}" \ diff --git a/bin/harvest-commit-times b/bin/harvest-commit-times index a978b41..7546aa4 100755 --- a/bin/harvest-commit-times +++ b/bin/harvest-commit-times @@ -76,9 +76,9 @@ trap 'rm "${tmp_file}"' EXIT if ! ${i_am_the_master}; then tmp_remote_file=$( - ssh buildmaster "mktemp 'tmp.harvest-commit-times.remotely.XXXXXXXXXX' --tmpdir" + ssh -o PasswordAuthentication=No buildmaster "mktemp 'tmp.harvest-commit-times.remotely.XXXXXXXXXX' --tmpdir" ) - trap 'rm "${tmp_file}"; ssh buildmaster rm "${tmp_remote_file}"' EXIT + trap 'rm "${tmp_file}"; ssh -o PasswordAuthentication=No buildmaster rm "${tmp_remote_file}"' EXIT fi while true; do @@ -127,7 +127,7 @@ while true; do if [ -s "${tmp_file}" ]; then if ! ${i_am_the_master}; then - ssh buildmaster 'cat > "'"${tmp_remote_file}"'"' < \ + ssh -o PasswordAuthentication=No buildmaster 'cat > "'"${tmp_remote_file}"'"' < \ "${tmp_file}" fi # shellcheck disable=SC2016 @@ -149,7 +149,7 @@ while true; do if ${i_am_the_master}; then mysql_run_query 'unimportant' else - ssh buildmaster 'mysql buildmaster -N --raw --batch' + ssh -o PasswordAuthentication=No buildmaster 'mysql buildmaster -N --raw --batch' fi else >&2 printf '\n' diff --git a/bin/local-build-package b/bin/local-build-package index 97cc998..e0b02dc 100755 --- a/bin/local-build-package +++ b/bin/local-build-package @@ -231,7 +231,7 @@ if ${bootstrap}; then esac scp -P "${bootstrap_port}" -rC "${tmp_dir}/"*"-${arch}.pkg.tar.zst" "${tmp_dir}/"*"-${arch}.pkg.tar.zst.sig" "${bootstrap_host}:${bootstrap_dir}/${staging_repo}/." - ssh -p "${bootstrap_port}" "${bootstrap_host}" bash -l -c "'cd ${bootstrap_dir}/${staging_repo} && repo-add -n bootstrap-${staging_repo}.db.tar.gz *-${arch}.pkg.tar.zst'" + ssh -o PasswordAuthentication=No -p "${bootstrap_port}" "${bootstrap_host}" bash -l -c "'cd ${bootstrap_dir}/${staging_repo} && repo-add -n bootstrap-${staging_repo}.db.tar.gz *-${arch}.pkg.tar.zst'" fi # do not delete build reports, why might actually to want to have a look for things diff --git a/bin/nit-picker b/bin/nit-picker index 56321b9..ed5b7da 100755 --- a/bin/nit-picker +++ b/bin/nit-picker @@ -881,6 +881,6 @@ done printf ';\n' fi } \ -| ifne ssh buildmaster 'mysql buildmaster +| ifne ssh -o PasswordAuthentication=No buildmaster 'mysql buildmaster rm -f "/tmp/add-those-dependencies" ' diff --git a/bin/ping-to-master b/bin/ping-to-master index b1539cc..0b72935 100755 --- a/bin/ping-to-master +++ b/bin/ping-to-master @@ -27,7 +27,7 @@ while kill -0 "${parent_pid}" && \ -name '*.build-log' \ -exec wc -l {} \; | \ sed 's, .*/, ,' | \ - ssh \ + ssh -o PasswordAuthentication=No \ -i "${master_build_server_identity}" \ -p "${master_build_server_port}" \ "${master_build_server_user}@${master_build_server}" \ -- cgit v1.2.3