F-Droid Devs

111 Members
#fdroid-dev F-Droid development discussion only | Use #fdroid:f-droid.org for general, app- and repo-related matters | Meeting every Thursday at 11:30 UTC | This channel is publicly logged at https://matrix.f-droid.org/alias/%23fdroid-dev:f-droid.org16 Servers

Load older messages

23 Jan 2019
@Coffee:matrix.orgCoffeeThen the question becomes, how to securely deploy to it from gitlab without leaking ssh keys or passwords.22:12:32
@bubu:bubu1.euBubuGitkab should be quite good with this? They have their whole continuous deploy workflow.22:14:16
@bubu:bubu1.euBubuYou are still trusting them with the keys of course.22:14:33
@Coffee:matrix.orgCoffeeGuess I have some digging/reading to do.22:27:40
@eighthave:matrix.org_hcAbout the deploy process, a locked down account on _matrix.f-droid.org_ that can only receive rsyncs, then an SSH key stored in the "private variables"22:27:41
@eighthave:matrix.org_hcgitlab "private variables"22:27:48
@eighthave:matrix.org_hcthen someone gets that key only gets rsync access22:27:58
@eighthave:matrix.org_hcits a pretty common setup22:28:09
@eighthave:matrix.org_hcused on mirror.f-droid.org, for example22:28:15
@bubu:bubu1.euBubu _hc: can you enable your markdown mode again ? ;-) 22:28:29
Download image.png
@bubu:bubu1.euBubuthe small m button22:28:45
@eighthave:matrix.org_hcoh, weird, didn't no it was a per person settings22:28:57
@nico:f-droid.orgNico Alt _hc: Do you have a link to more information on that locked down, rsync only account? I found something called “jailed ssh”, working with chroots, but I don't know if that's the right thing. 22:42:35
@eighthave:matrix.org_hcjailling the account is good22:47:27
@eighthave:matrix.org_hcbut there is more22:47:29
@eighthave:matrix.org_hc using rssh as the user's shell 22:47:50
@bubu:bubu1.euBubu _hc: what's repository-10.xml? I was only aware of repository2-1.xml 22:48:01
@bubu:bubu1.euBubuthat's waht android studio has configured as update site22:48:18
@eighthave:matrix.org_hc and setting these ssh options for the user: no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding 22:48:53
@eighthave:matrix.org_hc you can lock it down even more by doing command="" and specifying the exact rsync command to receive the standard sync 22:50:10
@eighthave:matrix.org_hcthen that'll be the only rsync command that can be run22:50:19
@eighthave:matrix.org_hcbut that's a bit painful to setup22:50:27
@eighthave:matrix.org_hc Bubu: its a versioned file, I think there is -10 -11 and -12 23:02:25
@freenode_TheAssassin:matrix.orgTheAssassin so, newpipe's build failed again 23:02:38
@freenode_TheAssassin:matrix.orgTheAssassinthe 1-2 days mentioned here https://mastodon.technology/@fdroidorg/101442332125629313 are over23:02:47
@freenode_TheAssassin:matrix.orgTheAssassincan you please check why it failed (seems f-droid induced) and fix the issue?23:02:58
@freenode_TheAssassin:matrix.orgTheAssassinusers are getting impatient -.-23:03:03
In reply to @eighthave:matrix.org
Bubu: its a versioned file, I think there is -10 -11 and -12
so 2-1 should be newer than any of them right? (what a weird system...)

Show newer messages

Back to Room ListRoom Version: 1