From 99465c7b8ba4d6e91f98a3ba346f7659786a080d Mon Sep 17 00:00:00 2001 From: https://www.google.com/accounts/o8/id?id=AItOawmtnXa0F3OsNh8H7yf5EEbtuufPZG-3StI Date: Fri, 29 Aug 2014 21:13:19 +0000 Subject: Added a comment: Is it ok to publish to a public repository? --- .../comment_1_6b4d8f45fc60f12b2b8c41046390cf43._comment | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 doc/security/comment_1_6b4d8f45fc60f12b2b8c41046390cf43._comment (limited to 'doc/security') diff --git a/doc/security/comment_1_6b4d8f45fc60f12b2b8c41046390cf43._comment b/doc/security/comment_1_6b4d8f45fc60f12b2b8c41046390cf43._comment new file mode 100644 index 00000000..4ed9ecdb --- /dev/null +++ b/doc/security/comment_1_6b4d8f45fc60f12b2b8c41046390cf43._comment @@ -0,0 +1,10 @@ +[[!comment format=mdwn + username="https://www.google.com/accounts/o8/id?id=AItOawmtnXa0F3OsNh8H7yf5EEbtuufPZG-3StI" + nickname="Arnaud" + subject="Is it ok to publish to a public repository?" + date="2014-08-29T21:13:19Z" + content=""" +It is not clear to me whether or not it is safe to publish my own propellor repository to a publicly hosted service. It seems to me that when I do ./propellor --add-key MYKEYID, the private key data is stored in the repository as a commit, so pushing it exposes this data to the public. Am I wrong? + +Thanks +"""]] -- cgit v1.2.3 From 8a4f2aa0f50c87583fc31b56ec79f29189d096f7 Mon Sep 17 00:00:00 2001 From: http://joeyh.name/ Date: Fri, 29 Aug 2014 21:52:02 +0000 Subject: Added a comment --- doc/security/comment_2_7cd009d097b01bb3197210b5ea77c7d5._comment | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 doc/security/comment_2_7cd009d097b01bb3197210b5ea77c7d5._comment (limited to 'doc/security') diff --git a/doc/security/comment_2_7cd009d097b01bb3197210b5ea77c7d5._comment b/doc/security/comment_2_7cd009d097b01bb3197210b5ea77c7d5._comment new file mode 100644 index 00000000..4d209b03 --- /dev/null +++ b/doc/security/comment_2_7cd009d097b01bb3197210b5ea77c7d5._comment @@ -0,0 +1,8 @@ +[[!comment format=mdwn + username="http://joeyh.name/" + ip="131.252.200.111" + subject="comment 2" + date="2014-08-29T21:52:02Z" + content=""" +--add-key puts your **public** key in the repository, not the private key. +"""]] -- cgit v1.2.3 From 240cbe4c61c5831d473ac8c0355fc21d9b7ff647 Mon Sep 17 00:00:00 2001 From: https://www.google.com/accounts/o8/id?id=AItOawmtnXa0F3OsNh8H7yf5EEbtuufPZG-3StI Date: Sat, 30 Aug 2014 06:40:33 +0000 Subject: Added a comment: Remote host fails to connect --- .../comment_3_91876d995c40a24858bce61a749a3c16._comment | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 doc/security/comment_3_91876d995c40a24858bce61a749a3c16._comment (limited to 'doc/security') diff --git a/doc/security/comment_3_91876d995c40a24858bce61a749a3c16._comment b/doc/security/comment_3_91876d995c40a24858bce61a749a3c16._comment new file mode 100644 index 00000000..4d75842d --- /dev/null +++ b/doc/security/comment_3_91876d995c40a24858bce61a749a3c16._comment @@ -0,0 +1,17 @@ +[[!comment format=mdwn + username="https://www.google.com/accounts/o8/id?id=AItOawmtnXa0F3OsNh8H7yf5EEbtuufPZG-3StI" + nickname="Arnaud" + subject="Remote host fails to connect" + date="2014-08-30T06:40:33Z" + content=""" +Makes sense of course, but the message one gets when doing that is a bit misleading. + +I ran into another issue: propellor deploys itself to remote host, but then the propellor instance run on remote host cannot read the remote git repo, because: + +1. the host key is not initially present in root's known_hosts, then +2. the user's (root) public key is unknown to the remote git repo, in my case bitbucket.org, and the URL used is git@bitbucket.org:abailly/capital-match-infra.git which implies connection goes through SSH + +I am puzzled: Does this mean I should add some for use by the remote host deployed to? This does not make sense so there should be another way... If I change the origin url to use https, then I cannot push locally anymore. + +Thanks for your help +"""]] -- cgit v1.2.3 From 1709f7e9c3954a36bbb84ccddbba03c0683c47fe Mon Sep 17 00:00:00 2001 From: https://www.google.com/accounts/o8/id?id=AItOawmtnXa0F3OsNh8H7yf5EEbtuufPZG-3StI Date: Sat, 30 Aug 2014 07:17:53 +0000 Subject: Added a comment: Output from propellor --spin $host --- ...ent_4_347ce6a229a2347c5fd945eef72fd7f7._comment | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 doc/security/comment_4_347ce6a229a2347c5fd945eef72fd7f7._comment (limited to 'doc/security') diff --git a/doc/security/comment_4_347ce6a229a2347c5fd945eef72fd7f7._comment b/doc/security/comment_4_347ce6a229a2347c5fd945eef72fd7f7._comment new file mode 100644 index 00000000..b2ac4d57 --- /dev/null +++ b/doc/security/comment_4_347ce6a229a2347c5fd945eef72fd7f7._comment @@ -0,0 +1,22 @@ +[[!comment format=mdwn + username="https://www.google.com/accounts/o8/id?id=AItOawmtnXa0F3OsNh8H7yf5EEbtuufPZG-3StI" + nickname="Arnaud" + subject="Output from propellor --spin $host" + date="2014-08-30T07:17:52Z" + content=""" +Here is the output (truncated): + + + Permission denied (publickey). + fatal: Could not read from remote repository. + + Please make sure you have the correct access rights + and the repository exists. + Git fetch ... failed + fatal: ambiguous argument 'origin/master': unknown revision or path not in the working tree. + Use '--' to separate paths from revisions, like this: + 'git [...] -- [...]' + propellor: user error (git [\"log\",\"-n\",\"1\",\"--format=%G?\",\"origin/master\"] exited 128) + + +"""]] -- cgit v1.2.3 From f0c3e065a62e074115d5e01bef1b589ea665cf9a Mon Sep 17 00:00:00 2001 From: https://www.google.com/accounts/o8/id?id=AItOawmtnXa0F3OsNh8H7yf5EEbtuufPZG-3StI Date: Sun, 31 Aug 2014 12:50:17 +0000 Subject: Added a comment: Got it working... --- .../comment_5_0c682e12a21d1477628ff0b80e6505d4._comment | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 doc/security/comment_5_0c682e12a21d1477628ff0b80e6505d4._comment (limited to 'doc/security') diff --git a/doc/security/comment_5_0c682e12a21d1477628ff0b80e6505d4._comment b/doc/security/comment_5_0c682e12a21d1477628ff0b80e6505d4._comment new file mode 100644 index 00000000..cc26f42d --- /dev/null +++ b/doc/security/comment_5_0c682e12a21d1477628ff0b80e6505d4._comment @@ -0,0 +1,13 @@ +[[!comment format=mdwn + username="https://www.google.com/accounts/o8/id?id=AItOawmtnXa0F3OsNh8H7yf5EEbtuufPZG-3StI" + nickname="Arnaud" + subject="Got it working..." + date="2014-08-31T12:50:17Z" + content=""" +OK, I manage to get my first propellor config run fine by setting different branch.master.url and branch.master.pushUrl configurations: + +* Use a https:// based url for the first +* Use a git:// based url for the second + +I had to nuke the remote /usr/local/propellor directory because it still had wrong configuration with a single remote url. +"""]] -- cgit v1.2.3