On Fri, Jan 28, 2022 at 11:50 AM Nicolas Jeker <n.je...@delisys.ch> wrote: > > On Fri, 2022-01-28 at 10:27 +0000, VIVAVIS AG wrote: > > Hi, > > > > > Von: yocto@lists.yoctoproject.org <yocto@lists.yoctoproject.org> Im > > > Auftrag von Sourabh Hegde > > > Gesendet: Freitag, 28. Januar 2022 10:47 > > > > > > Can you please let me know how to "forward SSH_AGENT into it to be > > > able > > > to fetch from internal projects without the need to mount the key > > > into the container."? I never did that before. > > > > I use the following options within the Docker run command: > > -v $SSH_AUTH_SOCK:/ssh.socket \ > > -e SSH_AUTH_SOCK=/ssh.socket \ > > > > That's pretty much what I use. > > > Furthermore, I had to mount the .ssh folder into the container to > > make it working (be aware of security risk). > > Additionally, you should check that uid, gid of the user in the > > container is the same on the host. > > I do something similar, my "problem" was that ssh needs the > .ssh/known_hosts file with a matching entry in addition to your > key/agent, but mounting the .ssh folder was not possible for me because > of permissions. Currently, I just created a little script that wraps > "oe-init-build-env" and populates the known_hosts file accordingly. > > mkdir -p ~/.ssh > > cat <<EOF >> ~/.ssh/known_hosts > git.example.com ssh-ed25519 <base64key> > EOF >
I use my own Dockerfile based on crops/poky where I do the following, which might be helpful if you also use this. It sets up the config changes in /etc/skel/ since it creates users "on the fly" with matching uid. # Remove strict host key checking for ssh # This is needed since the build will pull source over git-ssh RUN mkdir -p /etc/skel/.ssh/ COPY ci-scripts/docker-stuff/config /etc/skel/.ssh/ RUN echo 'export GIT_SSH_COMMAND="ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no"' >> /etc/skel/.bashrc The ci-scripts/docker-stuff/config file contains: Host * StrictHostKeyChecking no UserKnownHostsFile=/dev/null Now it was ages ago I set this up, and right now I can't really understand why I basically do the same thing twice. So you'd have to check which of the two things that actually solves the issue :-) Cheers, Erik > > Regards, > > > > Carsten > > > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#56010): https://lists.yoctoproject.org/g/yocto/message/56010 Mute This Topic: https://lists.yoctoproject.org/mt/88691891/21656 Mute #bitbake:https://lists.yoctoproject.org/g/yocto/mutehashtag/bitbake Group Owner: yocto+ow...@lists.yoctoproject.org Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-