mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-23 15:22:41 +01:00
c70f4815a9
Summary: Ref T4292. When you run `git fetch` and connect to, say, `repo001.west.company.com`, we'll look at the current version of the repository in other nodes in the cluster. If `repo002.east.company.com` has a newer version of the repository, we'll fetch that version first, then respond to your request. To do this, we need to run `git fetch repo002.east.company.com ...` and have that connect to the other host and be able to fetch data. This change allows us to run `PHABRICATOR_AS_DEVICE=1 git fetch ...` to use device credentials to do this fetch. (Device credentials are already supported and used, they just always connect as a user right now, but these fetches should be doable without having a user. We will have a valid user when you run `git fetch` yourself, but we won't have one if the daemons notice that a repository is out of date and want to update it, so the update code should not depend on having a user.) Test Plan: ``` $ PHABRICATOR_AS_DEVICE=1 ./bin/ssh-connect local.phacility.com Warning: Permanently added 'local.phacility.com' (RSA) to the list of known hosts. PTY allocation request failed on channel 0 phabricator-ssh-exec: Welcome to Phabricator. You are logged in as device/daemon.phacility.net. You haven't specified a command to run. This means you're requesting an interactive shell, but Phabricator does not provide an interactive shell over SSH. Usually, you should run a command like `git clone` or `hg push` rather than connecting directly with SSH. Supported commands are: conduit, git-lfs-authenticate, git-receive-pack, git-upload-pack, hg, svnserve. Connection to local.phacility.com closed. ``` Reviewers: chad Reviewed By: chad Maniphest Tasks: T4292 Differential Revision: https://secure.phabricator.com/D15755
96 lines
2.4 KiB
PHP
Executable file
96 lines
2.4 KiB
PHP
Executable file
#!/usr/bin/env php
|
|
<?php
|
|
|
|
// This is a wrapper script for Git, Mercurial, and Subversion. It primarily
|
|
// serves to inject "-o StrictHostKeyChecking=no" into the SSH arguments.
|
|
|
|
$root = dirname(dirname(dirname(__FILE__)));
|
|
require_once $root.'/scripts/__init_script__.php';
|
|
|
|
// Contrary to the documentation, Git may pass a "-p" flag. If it does, respect
|
|
// it and move it before the "--" argument.
|
|
$args = new PhutilArgumentParser($argv);
|
|
$args->parsePartial(
|
|
array(
|
|
array(
|
|
'name' => 'port',
|
|
'short' => 'p',
|
|
'param' => pht('port'),
|
|
'help' => pht('Port number to connect to.'),
|
|
),
|
|
));
|
|
$unconsumed_argv = $args->getUnconsumedArgumentVector();
|
|
|
|
$pattern = array();
|
|
$arguments = array();
|
|
|
|
$pattern[] = 'ssh';
|
|
|
|
$pattern[] = '-o';
|
|
$pattern[] = 'StrictHostKeyChecking=no';
|
|
|
|
// This prevents "known host" failures, and covers for issues where HOME is set
|
|
// to something unusual.
|
|
$pattern[] = '-o';
|
|
$pattern[] = 'UserKnownHostsFile=/dev/null';
|
|
|
|
$as_device = getenv('PHABRICATOR_AS_DEVICE');
|
|
$credential_phid = getenv('PHABRICATOR_CREDENTIAL');
|
|
|
|
if ($as_device) {
|
|
$device = AlmanacKeys::getLiveDevice();
|
|
if (!$device) {
|
|
throw new Exception(
|
|
pht(
|
|
'Attempting to create an SSH connection that authenticates with '.
|
|
'the current device, but this host is not configured as a cluster '.
|
|
'device.'));
|
|
}
|
|
|
|
if ($credential_phid) {
|
|
throw new Exception(
|
|
pht(
|
|
'Attempting to proxy an SSH connection that authenticates with '.
|
|
'both the current device and a specific credential. These options '.
|
|
'are mutually exclusive.'));
|
|
}
|
|
}
|
|
|
|
if ($credential_phid) {
|
|
$viewer = PhabricatorUser::getOmnipotentUser();
|
|
$key = PassphraseSSHKey::loadFromPHID($credential_phid, $viewer);
|
|
|
|
$pattern[] = '-l %P';
|
|
$arguments[] = $key->getUsernameEnvelope();
|
|
$pattern[] = '-i %P';
|
|
$arguments[] = $key->getKeyfileEnvelope();
|
|
}
|
|
|
|
if ($as_device) {
|
|
$pattern[] = '-l %R';
|
|
$arguments[] = AlmanacKeys::getClusterSSHUser();
|
|
$pattern[] = '-i %R';
|
|
$arguments[] = AlmanacKeys::getKeyPath('device.key');
|
|
}
|
|
|
|
$port = $args->getArg('port');
|
|
if ($port) {
|
|
$pattern[] = '-p %d';
|
|
$arguments[] = $port;
|
|
}
|
|
|
|
$pattern[] = '--';
|
|
|
|
$passthru_args = $unconsumed_argv;
|
|
foreach ($passthru_args as $passthru_arg) {
|
|
$pattern[] = '%s';
|
|
$arguments[] = $passthru_arg;
|
|
}
|
|
|
|
$pattern = implode(' ', $pattern);
|
|
array_unshift($arguments, $pattern);
|
|
|
|
$err = newv('PhutilExecPassthru', $arguments)
|
|
->execute();
|
|
|
|
exit($err);
|