Hi Pierre,
it is understandable that people should use SSH keys, but if third party
exposes non-SSH access then this becomes a problem.
Obfuscation of command (e.g. password) is nice, but if for whatever
reason this command fails and writes sensitive information into
stderr/stdout it will still be visible. Of course if worker is on Linux
that can be piped and replaced (or through code itself).
Since I'm provisioning my workers with SSH keys anyway I have sensitive
information in gitconfig, but I just wanted to point out that use cases
can happen in situations when someone doesn't have another choice.
PS Pierre: ups, wrong reply button
On 03/06/2017 08:32 PM, Chris Spencer wrote:
Is there any way to suppress the output of the Git step
(http://docs.buildbot.net/latest/manual/cfg-buildsteps.html#step-Git),
so my password isn't visible in the logs? It doesn't appear to accept
any type of "gitbin" option.
On Thu, Mar 2, 2017 at 6:42 PM, Will Rosecrans <[email protected]
<mailto:[email protected]>> wrote:
As far as I know, the GitPoller doesn't directly support that. I
have mostly used salt to set up the buildslave machine, and
included ssh and git config as part of the buildslave's system
config rather than the buildbot config. If you are using GitHub,
it's also easy to set up token passwords on an account and use
that for service work. It uses a password rather than an actual
key, but the password is a long string of gibberish, and you can
use the token as a sub account, with different permissions for the
tokens and the ability tp revoke them individually.
You can also set the GitPoller's gitbin to point to a script that
runs git with whatever key setup you like, and have buildbot just
invoke that script.
On Wed, Mar 1, 2017 at 5:18 PM, Chris Spencer <[email protected]
<mailto:[email protected]>> wrote:
How do you specify the ssh key to use with the Gitpoller and
Git step classes?
I'm currently hard-coding my username/password in the repourl,
and I'd like to move away from that for security reasons.
However, even after reading the docs and looking at the
source, I can see no obvious way to specify the pem key file
to checkout and fetch via ssh.
_______________________________________________
users mailing list
[email protected] <mailto:[email protected]>
https://lists.buildbot.net/mailman/listinfo/users
<https://lists.buildbot.net/mailman/listinfo/users>
_______________________________________________
users mailing list
[email protected]
https://lists.buildbot.net/mailman/listinfo/users
_______________________________________________
users mailing list
[email protected]
https://lists.buildbot.net/mailman/listinfo/users
