New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
use temporary file instead of hardcoded git-ssh.sh #1206
Comments
It can be specified with the tmp_path variable. Sent from my Nexus 5.
|
The problem is that a handful of operations need the git wrapper to be in place. Whilst we can make the git wrapper remove itself after each run, that would then mean that every new task that needs to do something with the Git repo would have to call |
Yes, I am aware of ability to change temp dir and usualy set it to /home/:deploy_user/tmp but smart default would be soo much better. Also I agree that removing and re-creating git-wrapper for each task would be sub-optimal. |
Creating file in a /tmp directory with predictable name could also lead to security issues. Especially in shared hosting environment. |
WIth the newest release of Git we can drop the wrapper script all together. The naming is such because the Git does not honor it's |
@leehambley will it be a better solution to create wrapper file during |
Sure, and all the plugins that enhance the Git workflow can create their own wrappers, and users who want to do something about a change log can write a task to create their own wrappers, etc. It's far from trivial, and we tried all the options. As ever we have to shoot for the common case, those who are security conscious can easily fix things for themselves by overwriting, or appending to the task definitions. The problems are also not easily solved, for example, take:
An alternative we even considered was to use the SSHKit command map, and to do something (hideous) like:
This introduces the problem that we need long script, the logs look like hell, there's still no guarantee that People often complain about the out-of-the-box defaults, but we the choice of Rake as the underlying mechanism wasn't a mistake, it is easily patched at runtime, or startup time, the code is easy to read, the flow of tasks, and their dependencies is self documenting, and I reiterate that the intention is that those who have specific requirements can work around them. Let's not forget, out of the box we're skipping strict host key checking for the git host, which is also not clever, if Github would be the one true solution, we would pre-cache that, infact there are so many variables in play (of course Git supports 3 protocols, See also "The credential subsystem is now friendlier to scripting" which was what I was referring to in my earlier comment: https://github.com/blog/1957-git-2-3-has-been-released |
In a perfect world:
The second less preferable option is to have more manual steps, there's always been a fine line between where provisioning ends, and deployment begins. Personally, we have a
|
@leehambley Would you mind going into a bit more detail about how to define your own Git options for the wrapper? I’m really confused why in the world the Are you saying above that you install your own wrapper script using Puppet at I don’t understand what you mean, though, when you go on to say you modify the tasks that rely on In any event, thanks so much for all your hard work on Capistrano! |
Because people don't know how to use SSH host keys properly, and without this, there's an extra step anyway, to go by hand onto each server and confirm the "Y" prompt, not to mention Git is badly behaved here too, so it prompts even if stdin isn't a tty, where the user is then presneted (through capistrano) something that looks like a Anyway, who would really know how to properly verify an SSH host key? Most people accept the first key they see from a server, and if it fails they follow the "delete the host key from the known hosts file" instructions given.
My system globally exports
I'm glad it provides value for you, even if we have some weird corner cases. |
Awesome, thanks so much for the quick reply! |
How about adding the user as part of the path? |
Any news regarding this issue ? |
No (sent from my phone, please excuse typos)
|
I believe this was addressed via #1517. |
If two different unix users deploy application with same name then first one creates
/tmp/hello_world/git-ssh.sh
and second dies with permission error.maybe we could ask OS to generate unique file name for us without dealing with conflicts on our own
tempfile --directory /tmp --suffix -git-ssh.sh
PS I have seen #744 and #736
The text was updated successfully, but these errors were encountered: