stale/gomodproxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add support for ssh passphrases.

Browse Source
This commit is contained in:
Marcin Bilski 2022-01-14 12:35:20 +01:00
parent 6768e02d91
commit c327898faa
4 changed files with 13 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
cmd/gomodproxy/main.go
View File

@ -137,7 +137,8 @@ func main() {
if len(kv) != 2 { if len(kv) != 2 {
log.Fatal("bad git path:", path) log.Fatal("bad git path:", path)
} }
options = append(options, api.GitWithEphemeralTags(kv[0], kv[1])) password := os.Getenv("SSH_PASSPHRASE")
options = append(options, api.GitWithEphemeralTags(kv[0], kv[1], password))
} }
for _, path := range vcsPaths { for _, path := range vcsPaths {

17
pkg/api/api.go
View File

@ -74,9 +74,9 @@ func GitDir(dir string) Option { return func(api *api) { api.gitdir = dir } }
// Git configures API to use a specific git client when trying to download a // Git configures API to use a specific git client when trying to download a
// repository with the given prefix. Auth string can be a path to the SSK key, // repository with the given prefix. Auth string can be a path to the SSK key,
// or a colon-separated username:password string. // or a colon-separated username:password string.
func Git(prefix string, auth string) Option { func Git(prefix, key, password string) Option {
a := vcs.Key(auth) a := vcs.Key(key, password)
if creds := strings.SplitN(auth, ":", 2); len(creds) == 2 { if creds := strings.SplitN(key, ":", 2); len(creds) == 2 {
a = vcs.Password(creds[0], creds[1]) a = vcs.Password(creds[0], creds[1])
} }
return func(api *api) { return func(api *api) {
@ -92,12 +92,13 @@ func Git(prefix string, auth string) Option {
// GitWithEphemeralTags configures API to use a specific git client when trying // GitWithEphemeralTags configures API to use a specific git client when trying
// to download a repository with the given prefix. Auth string can be a path to // to download a repository with the given prefix. Auth string can be a path to
// the SSK key, or a colon-separated username:password string. // the SSK key, or a colon-separated username:password string.
func GitWithEphemeralTags(prefix string, auth string) Option { func GitWithEphemeralTags(prefix, key, password string) Option {
// TODO(bilus): Ugly but we don't want to mess with the : encoding so
// we'll work around the issue of having to pass a passphrase
// to decrypt a key.
storage := vcs.NewEphemeralTagStorage() storage := vcs.NewEphemeralTagStorage()
a := vcs.Key(key, password)
a := vcs.Key(auth) if creds := strings.SplitN(key, ":", 2); len(creds) == 2 {
if creds := strings.SplitN(auth, ":", 2); len(creds) == 2 {
a = vcs.Password(creds[0], creds[1]) a = vcs.Password(creds[0], creds[1])
} }
return func(api *api) { return func(api *api) {

2
pkg/vcs/git.go
View File

@ -324,7 +324,7 @@ func (g *gitVCS) commit(ctx context.Context, version Version) (*object.Commit, e
func (g *gitVCS) authMethod() (transport.AuthMethod, error) { func (g *gitVCS) authMethod() (transport.AuthMethod, error) {
if g.auth.Key != "" { if g.auth.Key != "" {
return ssh.NewPublicKeysFromFile("git", g.auth.Key, "") return ssh.NewPublicKeysFromFile("git", g.auth.Key, g.auth.Password)
} else if g.auth.Username != "" { } else if g.auth.Username != "" {
return &http.BasicAuth{Username: g.auth.Username, Password: g.auth.Password}, nil return &http.BasicAuth{Username: g.auth.Username, Password: g.auth.Password}, nil
} }

2
pkg/vcs/vcs.go
View File

@ -61,4 +61,4 @@ func NoAuth() Auth { return Auth{} }
func Password(username, password string) Auth { return Auth{Username: username, Password: password} } func Password(username, password string) Auth { return Auth{Username: username, Password: password} }
// Key returns an Auth implementation that uses key file authentication mechanism. // Key returns an Auth implementation that uses key file authentication mechanism.
func Key(key string) Auth { return Auth{Key: key} } func Key(key, password string) Auth { return Auth{Key: key, Password: password} }