From a2cd37ebd6b4df56d297880b2d64a7ee249c914d Mon Sep 17 00:00:00 2001 From: ivinokur Date: Tue, 30 Jul 2024 11:22:08 +0300 Subject: [PATCH] Override the default ssh askpass flow on project clone step Signed-off-by: ivinokur --- docs/additional-configuration.adoc | 4 +++- project-clone/Dockerfile | 6 +++++- project-clone/ssh-askpass.sh | 7 +++++++ 3 files changed, 15 insertions(+), 2 deletions(-) create mode 100755 project-clone/ssh-askpass.sh diff --git a/docs/additional-configuration.adoc b/docs/additional-configuration.adoc index 1968df6ff..c8b7f3c1f 100644 --- a/docs/additional-configuration.adoc +++ b/docs/additional-configuration.adoc @@ -189,6 +189,7 @@ Prerequisites: ** The steps below assume the following environment variables are set: *** `$SSH_KEY`: path on disk to private key for SSH keypair (e.g. `~/.ssh/id_ed25519`) *** `$SSH_PUB_KEY`: path on disk to public key for SSH keypair (e.g. `~/.ssh/id_ed25519.pub`) +*** `$PASSPHRASE`: ssh keypair passphrase (optional) *** `$NAMESPACE`: namespace where workspaces using the SSH keypair will be started. Process: @@ -211,7 +212,8 @@ EOF kubectl create secret -n "$NAMESPACE" generic git-ssh-key \ --from-file=dwo_ssh_key="$SSH_KEY" \ --from-file=dwo_ssh_key.pub="$SSH_PUB_KEY" \ - --from-file=ssh_config=/tmp/ssh_config + --from-file=ssh_config=/tmp/ssh_config \ + --from-literal=passphrase="$PASSPHRASE" ---- 3. Annotate the secret to configure automatic mounting to DevWorkspaces diff --git a/project-clone/Dockerfile b/project-clone/Dockerfile index b5a5b28de..ae6af7d63 100644 --- a/project-clone/Dockerfile +++ b/project-clone/Dockerfile @@ -44,10 +44,14 @@ COPY --from=builder /project-clone/_output/bin/project-clone /usr/local/bin/proj ENV USER_UID=1001 \ USER_NAME=project-clone \ - HOME=/home/user + HOME=/home/user \ + DISPLAY=":0" \ + SSH_ASKPASS=/usr/local/bin/ssh-askpass.sh COPY build/bin /usr/local/bin +COPY project-clone/ssh-askpass.sh /usr/local/bin RUN /usr/local/bin/user_setup +RUN chmod +x /usr/local/bin/ssh-askpass.sh USER ${USER_UID} diff --git a/project-clone/ssh-askpass.sh b/project-clone/ssh-askpass.sh new file mode 100755 index 000000000..9459092ae --- /dev/null +++ b/project-clone/ssh-askpass.sh @@ -0,0 +1,7 @@ +#!/bin/sh +PASSPHRASE_FILE_PATH="/etc/ssh/passphrase" +if [ ! -f $PASSPHRASE_FILE_PATH ]; then + echo "Error: passphrase file is missing in the '/etc/ssh/' directory" 1>&2 + exit 1 +fi +cat $PASSPHRASE_FILE_PATH