Hello, I sent this message to Tal Peer <[EMAIL PROTECTED]> (the current maintainer of cvs.eclass), but I thought others might be interested, so I am posting it here as well. Message follows:
I needed SSH password authentication for app-editors/emacs-cvs, so I modified cvs.eclass to support it. See URL: http://dev.gentoo.org/~jbms/cvs.eclass As you will notice, the changes involve a rather complex hack; unfortunately, I do not believe that there is any better way to do it unless the interface to ssh changes. Additionally, dealing with the SSH known hosts file is somewhat of a problem. If no additional options are passed to SSH, in many cases it is expected that the user would not have added the keys for the relevant host to /root/.ssh/known_hosts before running the ebuild command; thus, the client would not allow the connection. In order to avoid this problem, I have added the option ECVS_SSH_NO_STRICT_HOST_CHECKING, which, if set to "1", allows the host key checking to be ignored. But, if -oStrictHostKeyChecking=no is simply appended to the SSH command-line, however, the result is that root's SSH known_hosts file is modified, which is not desirable. As a workaround, the eclass copies "${HOME}/.ssh/known_hosts" to a temporary location and specifies to SSH to use the temporary file. The result is that host key checking is disabled if the host is not already present in "${HOME}/.ssh/known_hosts" or the global known_hosts file, but non-temporary files are not modified. There still remains one minor issue, which is that if the host is present in a non-default known_hosts file which the user has specified in an ssh_config file, host checking would ideally be enabled, but because there appears to be no way to learn of a non-default known_hosts file location short of parsing the ssh_config files, the eclass in that case disables host checking. I do not believe this is a very serious problem, however. Anyway, I did not modify the comments at the top, so before committing these modifications, the comments should probably be updated. What are you thoughts? -- Jeremy Maitin-Shepard
pgp00000.pgp
Description: PGP signature
