Ask Your Question
0

build farm - accessing private repository using git over ssh

asked 2019-01-16 05:46:45 -0600

klausd gravatar image

I'm currently in the process of setting up an add-on fork of the build farm. The intention is to build a couple of private packages to support development and integration of them. The farm should build for melodic.

After several weeks of the build farm is up and running - in general. I'm using an additional distributions-yaml file. So the private packages will have a tag and the farm builds only packages with this tag.

I'm stuck at the task how to add a private (release) package to the build farm.

Currently melodic_rosdistro-cache fails:

23:41:06 melodic: missing package.xml file for package "example"
23:41:06 Build step 'Execute shell' marked build as failure
23:41:06 SSH: Current build result is [FAILURE], not going to run.

No wonder since I don't know how to configure the build farm to access private repositories.

We normally use git over ssh. Thus we access the repository via e.g. "ssh://git@111.111.111.111:1888/example.git" using a ssh-rsa key.

I suppose I have to add the host key to common.yaml

ssh_host_keys:
    111.111.111.111: |1|BmGVZbXUErOjDe66B3CWNu2q8CI=|Xb3F2AVGZahgjclWEG3u7UuMIsM= ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICGrJe1TApLZFjsCUEhiOGOpJ350NNZFFrHsEOyobs1k

My questions are:

  1. Can I use git over ssh to pull this package?
  2. Is this a way which is promising, or is using github (with private repositories) the way to go?

  3. Where do I put the private ssh key to authenticate against the git server? What is the exact format for it?

  4. Where do I specify to use this key for this server? What is the exact format?
  5. Can I use an private key which is password protected or does it need to be without password? (If password protection is possible, where do I provide the password?)

Thank you in advance!

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
1

answered 2019-03-01 09:11:18 -0600

nuclearsandwich gravatar image

Repositories that require authentication/authorization have inconsistent support with the ROS tooling. I know bloom can use your environment's ssh credentials to fetch private repositories via HTTPS or SSH. Some work was done in https://github.com/ros-infrastructure... to look at using environment variables for HTTPS authentication but I don't believe that covers your case.

Adding additional host keys to the deployment configuration won't be a complete solution since some jobs, like the rosdistro_cache jobs, perform git / vcs operations within a container which won't have access to the hosts ssh configuration or agent keychain. I don't even think that adding the credential directly to Jenkins will be sufficient to pass it through to the rosdistro cache job.

I'm not sure if the operators of private buildfarms have a solution for this or if they make their repositories accessible without authentication via an intranet.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

2 followers

Stats

Asked: 2019-01-16 05:46:45 -0600

Seen: 49 times

Last updated: Mar 01