Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error cloning with private SSH key #5264

Closed
austenadler opened this issue Apr 20, 2020 · 6 comments
Closed

Error cloning with private SSH key #5264

austenadler opened this issue Apr 20, 2020 · 6 comments

Comments

@austenadler
Copy link

I am always getting the error:

Load key "/home/.../ssh-key": invalid format

When using keys generated on linux with ssh-keygen. I believe it is due to the newline being trimmed when the key is sent to the worker.

Steps taken:

I added:

import subprocess
print(subprocess.run(["cp", keyPath, "/tmp/copied"])

After this line: https://github.com/buildbot/buildbot/blob/master/master/buildbot/util/git.py#L33. The copied file has no trailing newline. I tried a git clone with this keyfile and it failed. If I manually added a newline to /tmp/copied, clone worked.

I added a second trailing newline to the keyfile but it still copied with no newlines. Finally, I added a space to the end of the file and it copied with the space and the clone worked after restarting the master.

Possible fix:
Figure out why this key doesn't have a trailing newline.

Version:

Buildbot version: 2.7.0
Twisted version: 20.3.0
@tardyp
Copy link
Member

tardyp commented Apr 20, 2020

Hello,
The code for downloading the key is here:
https://github.com/buildbot/buildbot/blob/master/master/buildbot/util/git.py#L264

There might be some kind of strip() hidden somewhere.

You could print(repr(self.sshPrivateKey[-3:])) to figure out where it is. actual print will be stored in the twisted.log file

Pierre

@austenadler
Copy link
Author

austenadler commented Apr 21, 2020
edited

Okay I added it:

print("XXXDEBUG: ", [ord(i) for i in private_key[-3:]])
# XXXDEBUG:  [45, 45, 45]
# The dash character from ---OPENSSL PRIVATE KEY---

So p.render(self.sshPrivateKey) is stripping the newline. I'm having trouble tracking all the renderers in secret. I can look a little but I do not know where the keyfile is converted into a string.

Edit: I see now buildbot/steps/download_secret_to_worker.py. Will add a comment if I find anything

@austenadler
Copy link
Author

austenadler commented Apr 21, 2020
edited

I see. I had configured strip=True in my build master. I did not realize this would trim newlines from private keys. This is not an issue.

Edit: I got this configuration option from this issue: #4681. It was never resolved, but I assumed the only issue there was hostkey format

@tardyp
Copy link
Member

tardyp commented Apr 21, 2020

Hey,

For the record, where exactly did you have the strip=True?

@austenadler
Copy link
Author

austenadler commented Apr 21, 2020 via email

@razrdog0
Copy link
Contributor

razrdog0 commented Jan 9, 2023

I've come across this same issue trying to pass ssh keys in git steps while using the SecretInAFile provider. setting strip=False fixes the ssh key but striping newlines from secrets is preferred in my case.

I've created a helper function and test case for downloading ssh keys which ensures there is a newline before sending ssh keys without affecting other secrets. I'll be creating a merge request in a moment referencing this issue with the fix.

@razrdog0 razrdog0 mentioned this issue Jan 9, 2023
Merged
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@tardyp @austenadler @razrdog0