Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add gems to suport ed25519 keys in capistrano #1578

Merged
merged 2 commits into from Jun 1, 2018
Merged

Add gems to suport ed25519 keys in capistrano #1578

merged 2 commits into from Jun 1, 2018

Conversation

vandrijevik
Copy link
Contributor

Release Notes

TECH TASK: Allow using ed25519 keys to deploy via capistrano

Additional Context

Without these gems, capistrano fails with the following message:

$ bundle exec cap staging deploy
(Backtrace restricted to imported tasks)
cap aborted!
NotImplementedError: unsupported key type `ssh-ed25519'
net-ssh requires the following gems for ed25519 support:
 * rbnacl (>= 3.2, < 5.0)
 * rbnacl-libsodium, if your system doesn't have libsodium installed.
 * bcrypt_pbkdf (>= 1.0, < 2.0)
See https://github.com/net-ssh/net-ssh/issues/478 for more information
Gem::LoadError : "rbnacl is not part of the bundle. Add it to your Gemfile."

Tasks: TOP => rvm:hook
(See full trace by running task with --trace)

https://blog.g3rt.nl/upgrade-your-ssh-keys.html is a good overview of Ed25519 SSH keys, and why it’s a good idea to migrate towards using them.

@vandrijevik vandrijevik requested a review from jhanggi May 31, 2018 17:13
jhanggi
jhanggi reviewed May 31, 2018
View reviewed changes
Gemfile Outdated
# net-ssh requires the gems below to support ed25519 keys
# for deploying via capistrano
# more info at https://github.com/net-ssh/net-ssh/issues/478
gem "bcrypt_pbkdf", ">= 1.0", "< 2.0"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we get away with require: false in these? And it's still not possible to remove the upper constraint? Looks like that issue was over a year ago.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I’ll try specifying require: false here to see if net-ssh will pick them up correctly. As for the upper version constraint, we can’t get rid of it because even net-ssh 5 (and our bundle is still at 4.2) specifies the same < 2.0 limit: net-ssh/net-ssh#565

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jhanggi require: false worked, so I added it in 4e71fa5 (along with mentioning that the note is for 4.2 of net-ssh)

@vandrijevik vandrijevik merged commit b2db870 into master Jun 1, 2018
@vandrijevik vandrijevik deleted the va-support-ed25519-keys-in-capistrano branch June 1, 2018 09:48
ColinMcNeil pushed a commit to SquaredLabs/nucore-uconn that referenced this pull request Jun 21, 2018
@vandrijevik @ColinMcNeil
Add gems to suport ed25519 keys in capistrano (tablexi#1578)
5d2841f 
TECH TASK: Allow using ed25519 keys to deploy via capistrano
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jhanggi jhanggi jhanggi approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@vandrijevik @jhanggi