[Libreoffice-commits] core.git: logerrit

Guilhem Moulin (via logerrit) logerrit at kemper.freedesktop.org
Wed Jan 15 23:01:35 UTC 2020 

 logerrit |   61 +++++++++++++++++++++++++++++++++----------------------------
 1 file changed, 33 insertions(+), 28 deletions(-)

New commits:
commit 1e6428deed42a1ede1d5adbef5676438e6e9e898
Author:     Guilhem Moulin <guilhem at libreoffice.org>
AuthorDate: Wed Jan 15 06:00:36 2020 +0100
Commit:     Guilhem Moulin <guilhem at libreoffice.org>
CommitDate: Thu Jan 16 00:01:03 2020 +0100

    logerrit setup: refactor key-based SSH handling
    
     * Don't select existing ~/.ssh/id_dsa.pub.  Since 7.0 (released
       2015-08-11) OpenSSH servers won't accept DSA user keys anyway, so
       users have likely rotated their legacy key material by now.
    
     * The pubkey to copy into gerrit is derived from the first existing file
       among ~/.ssh/id_ecdsa, ~/.ssh/id_ed25519, and ~/.ssh/id_rsa.  These
       algorithms are ordered as found in PubkeyAcceptedKeyTypes' default
       value as of OpenSSH 8.1.  (EC keys are only supported since Gerrit
       1.14.)  Generate an RSA key when ~/.ssh doesn't exist, as before,
       since it's still the default in ssh-keygen(1) from OpenSSH 8.1.
    
     * In the ssh_config(5) stanza, only include the IdentityFile when a
       the private key file exists.  The private key material might reside
       somewhere else, for instance in a smartcard or in an external agent's
       key store; in both cases the ssh client can authenticate the user
       without direct access to the key material.  While it's possible to
       set IdentityFile to a pubkey (with IdentitiesOnly={yes,no}) it's not
       documented and thus shouldn't be used.
    
    Change-Id: Id73a2798747ce5c394b0cf2d0dc40107a1f2c599
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/86858
    Reviewed-by: Guilhem Moulin <guilhem at libreoffice.org>
    Tested-by: Guilhem Moulin <guilhem at libreoffice.org>

diff --git a/logerrit b/logerrit
index 04ce54414904..618686e012bd 100755
--- a/logerrit
+++ b/logerrit
@@ -27,7 +27,9 @@ submit() {
 
 logerrit() {
         echo "Host logerrit gerrit.libreoffice.org"
-        echo "    IdentityFile ~/.ssh/id_rsa"
+        if test -n "${2-}" && test -f "$HOME/.ssh/id_$2"; then
+            echo "    IdentityFile ~/.ssh/id_$2"
+        fi
         echo "    User $1"
         echo "    Port 29418"
         echo "    HostName gerrit.libreoffice.org"
@@ -82,25 +84,28 @@ case "$1" in
 	    echo "Hit enter to generate an ssh key - you will need to enter a pass-phrase"
 	    echo
 	    read
-	    ssh-keygen -t rsa -f "$ssh_home/id_rsa"
-	fi
-	if test -d $ssh_home; then
-	    if test -f "$ssh_home/id_rsa.pub"; then
-		ssh_key=$(cat $ssh_home/id_rsa.pub);
-	    elif test -f "$ssh_home/id_dsa.pub"; then
-		ssh_key=$(cat $ssh_home/id_dsa.pub);
-	    fi
+	    ssh-keygen -t rsa -f "$ssh_home/id_rsa" # default type as of OpenSSH 8.1
 	fi
-        echo "Please go to https://gerrit.libreoffice.org/ and:"
-        echo "- press the 'register' button in the top right corner"
-        echo "- after login set yourself a username (it is recommended to use your IRC-nick)"
-	if test "z$ssh_key" = "z"; then
-            echo "- add your public ssh-key into the ssh keys settings."
-	else
-	    echo "- paste the key below into the 'Add SSH Public Key' box."
-	    echo
-	    echo "$ssh_key"
-	    echo
+    if test -d "$ssh_home"; then
+        # order algos based on the PubkeyAcceptedKeyTypes option from OpenSSH 8.1
+        for ssh_key_type in ecdsa ed25519 rsa; do
+            pk="$ssh_home/id_${ssh_key_type}.pub"
+            ssh_key=""
+            if test -f "$pk" && ssh_key="$(< "$pk")" && test -n "$ssh_key"; then
+                break
+            fi
+        done
+    fi
+    echo "Please go to https://gerrit.libreoffice.org/ and:"
+    echo " - press the 'register' button in the top right corner"
+    echo " - after login set yourself a username (it is recommended to use your IRC-nick)"
+	if test -z "$ssh_key"; then
+        echo " - add your public ssh-key into the ssh keys settings."
+    else
+	    echo " - paste the key below into the 'Add SSH Public Key' box."
+        echo
+        printf '%s\n' "$ssh_key"
+        echo
 	fi
         echo
         echo "Note that you need to register additional email addresses, if you want to"
@@ -108,15 +113,15 @@ case "$1" in
         echo "invitation mail it sends you."
         echo
         read -p 'Which user name did you choose? ' GERRITUSER
-	if test "z$created_ssh" = "z"; then
-            echo
-            echo "Please now add the following to your ~/.ssh/config, creating the file if needed:"
-            echo
-	    logerrit $GERRITUSER
-            echo
-        else
-	    echo "Automatically creating your ssh config"
-	    (logerrit $GERRITUSER) > "$ssh_home/config"
+	if test -z "$created_ssh"; then
+        echo
+        echo "Please now add the following to your ~/.ssh/config, creating the file if needed:"
+        echo
+        logerrit "$GERRITUSER" ${ssh_key:+"$ssh_key_type"}
+        echo
+    else
+        echo "Automatically creating your ssh config"
+        logerrit "$GERRITUSER" ${ssh_key:+"$ssh_key_type"} >"$ssh_home/config"
 	fi
 	# setup the remote properly ...
 	git config remote.origin.pushurl ssh://logerrit/core

More information about the Libreoffice-commits mailing list