1. Messages
  2. Fetch private gitlab repo using ssh with Yocto recipe

Re: Fetch private gitlab repo using ssh with Yocto recipe #bitbake

Erik Boto
 

On Fri, Jan 28, 2022 at 11:50 AM Nicolas Jeker <n.jeker@...> wrote:

On Fri, 2022-01-28 at 10:27 +0000, VIVAVIS AG wrote:
Hi,

Von: yocto@... <yocto@...> Im
Auftrag von Sourabh Hegde
Gesendet: Freitag, 28. Januar 2022 10:47

Can you please let me know how to "forward SSH_AGENT into it to be
able
to fetch from internal projects without the need to mount the key
into the container."? I never did that before.
I use the following options within the Docker run command:
-v $SSH_AUTH_SOCK:/ssh.socket \
-e SSH_AUTH_SOCK=/ssh.socket \
That's pretty much what I use.

Furthermore, I had to mount the .ssh folder into the container to
make it working (be aware of security risk).
Additionally, you should check that uid, gid of the user in the
container is the same on the host.
I do something similar, my "problem" was that ssh needs the
.ssh/known_hosts file with a matching entry in addition to your
key/agent, but mounting the .ssh folder was not possible for me because
of permissions. Currently, I just created a little script that wraps
"oe-init-build-env" and populates the known_hosts file accordingly.

mkdir -p ~/.ssh

cat <<EOF >> ~/.ssh/known_hosts
git.example.com ssh-ed25519 <base64key>
EOF
I use my own Dockerfile based on crops/poky where I do the following,
which might be helpful if you also use this. It sets up the config
changes in /etc/skel/ since it creates users "on the fly" with
matching uid.

# Remove strict host key checking for ssh
# This is needed since the build will pull source over git-ssh
RUN mkdir -p /etc/skel/.ssh/
COPY ci-scripts/docker-stuff/config /etc/skel/.ssh/
RUN echo 'export GIT_SSH_COMMAND="ssh -o UserKnownHostsFile=/dev/null
-o StrictHostKeyChecking=no"' >> /etc/skel/.bashrc


The ci-scripts/docker-stuff/config file contains:
Host *
StrictHostKeyChecking no
UserKnownHostsFile=/dev/null

Now it was ages ago I set this up, and right now I can't really
understand why I basically do the same thing twice. So you'd have to
check which of the two things that actually solves the issue :-)

Cheers,
Erik


Regards,

Carsten
Join {yocto@lists.yoctoproject.org to automatically receive all group messages.