Validate SSH keys during project setup validation

[czechboy0]

Currently we only validate the GitHub token, we also need to make sure the SSH keys are ok. Discussion began in #27.

[czechboy0]

@accatyyc Actually, this is the right answer for validating SSH keys (I tried it, will implement soon). It really forces the specified keys to be tried instead of falling back to user's local keys, which might be correct (but the selected keys might not, thus failing to correctly evaluate the validity of the keys).

Thanks for pointing me in the right direction!

[czechboy0]

Work started.

[joelekstrom]

Oh, nice :) Very few upvotes on that answer so I think I ignored it. Make sure to be clear about the Git version dependency!

[czechboy0]

Yeah good point, this feature seems to be in git 2.3+, but I hope that's a reasonable requirement (I'll add it to the docs).

[joelekstrom]

Yeah. You could also add a warning in the UI if running git --version returns something less than 2.3.

[mikewoodworth]

I'm seeing a problem where keys vaildate (According to UI) but the resulting bot fails with:

Bot Issue: error. Build Service Error.
Issue: Failed to authenticate SSH session: Invalid public key, too short (-1).
Integration Number: 1.
Integration URL: https://DMTestBot.local/xcode/bots/B2E8D9D/integrations
Description: Failed to authenticate SSH session: Invalid public key, too short (-1).

[czechboy0]

Yeah that's possible, at the moment we only validate the GitHub token's rights, but not the SSH keys (yet, working on it right now). I don't think it has to do anything with using workspace/project, because I use workspaces as well. Hopefully I should have the validation done today or tomorrow. In the meantime, please try to make sure your SSH keys are really valid for the tested repository.

[mikewoodworth]

Ok, here's a bit more info. The server has its own ssh keys and github user. I've checked out the repo locally (using ssh) and had no problems. In buildasaur UI I choose ~/.ssh/id_rsa.pub and id_rsa

I make a new pull req and trigger buildasaur with the lttm comment. The bot will fail almost instantly with the error above. If I edit that bot in xcode IDE on my local, I can manually enter the same ssh keys (with the user and passphrase) and manually trigger the bot which will then successfully checkout the source and run.

[czechboy0]

Can you please try to delete the Bot (from Xcode) and try running Buildasaur again? It's very strange that it's being very specific about the problem with the key, that it's "too short". Also, where are you copying this error from? An email you get from Xcode Server or somewhere in the UI?

[mikewoodworth]

I've tried with multiple pull reqs (and tried deleting bot from Xcode). The error shows up on the main page of the integration in the Xcode UI (build service error). The integration has no logs in the logs tab, and clicking Download all Logs... results in an error. On recent integrations I'm getting a different error:

Bot Issue: error. Build Service Error.
Issue: Failed to authenticate SSH session: Callback returned error (-1).
Integration Number: 1.
Integration URL: https://DMTestBot.local/xcode/bots/F4FC902/integrations
Description: Failed to authenticate SSH session: Callback returned error (-1).

Worth mentioning the error in pr comments is:
Result of integration 1
? build errors: checkout-error

[czechboy0]

Interesting, when you try to create a bot from Xcode directly (not through Buildasaur), does that work fine? Also, do you have a passphrase for your SSH keys (#27)?

[mikewoodworth]

Ah, thats totally it (passphrase)

[czechboy0]

Sorry about that, I'm working on these two issues (SSH key validation and passphrase support) as my top priority.

[mikewoodworth]

no problem. I'm just setting up stuff now, so it's not too painful to regen keys without passphrase. I'll let you know if that doesn't work for some reason

[czechboy0]

Yeah do that!

[czechboy0]

SSH key validation merged, thanks @accatyyc and @mikewoodworth for your help!

[joelekstrom]

👍