23 Jan 2019 |
Coffee | Then the question becomes, how to securely deploy to it from gitlab without leaking ssh keys or passwords. | 22:12:32 |
Bubu | Gitkab should be quite good with this? They have their whole continuous deploy workflow. | 22:14:16 |
Bubu | You are still trusting them with the keys of course. | 22:14:33 |
Coffee | Guess I have some digging/reading to do. | 22:27:40 |
_hc | About the deploy process, a locked down account on _matrix.f-droid.org_ that can only receive rsyncs, then an SSH key stored in the "private variables" | 22:27:41 |
_hc | gitlab "private variables" | 22:27:48 |
_hc | then someone gets that key only gets rsync access | 22:27:58 |
_hc | its a pretty common setup | 22:28:09 |
_hc | used on mirror.f-droid.org, for example | 22:28:15 |
Bubu | _hc: can you enable your markdown mode again ? ;-) | 22:28:29 |
Bubu | Download image.png | 22:28:39 |
Bubu | the small m button | 22:28:45 |
_hc | oh, weird, didn't no it was a per person settings | 22:28:57 |
_hc | know | 22:29:01 |
Nico Alt | _hc: Do you have a link to more information on that locked down, rsync only account? I found something called “jailed ssh”, working with chroots, but I don't know if that's the right thing. | 22:42:35 |
_hc | jailling the account is good | 22:47:27 |
_hc | but there is more | 22:47:29 |
_hc | using rssh as the user's shell | 22:47:50 |
Bubu | _hc: what's repository-10.xml? I was only aware of repository2-1.xml | 22:48:01 |
Bubu | that's waht android studio has configured as update site | 22:48:18 |
_hc | and setting these ssh options for the user: no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding | 22:48:53 |
_hc | you can lock it down even more by doing command="" and specifying the exact rsync command to receive the standard sync | 22:50:10 |
_hc | then that'll be the only rsync command that can be run | 22:50:19 |
_hc | but that's a bit painful to setup | 22:50:27 |
_hc | Bubu: its a versioned file, I think there is -10 -11 and -12 | 23:02:25 |
TheAssassin | so, newpipe's build failed again | 23:02:38 |
TheAssassin | the 1-2 days mentioned here https://mastodon.technology/@fdroidorg/101442332125629313 are over | 23:02:47 |
TheAssassin | can you please check why it failed (seems f-droid induced) and fix the issue? | 23:02:58 |
TheAssassin | users are getting impatient -.- | 23:03:03 |
Bubu | In reply to @eighthave:matrix.org Bubu: its a versioned file, I think there is -10 -11 and -12 so 2-1 should be newer than any of them right? (what a weird system...) | 23:04:36 |