bufferUnderrun opened 2 years ago
|
|||||
Try this:
|
|||||
not working honestly i don't know what i'm doing wrong : the secret is always replaced by MASK "*****" the secret:idsec the secret:idpub The command The report log why the idsec is correctly echoed but not the idpub ? |
|||||
It only masks the secret occurrences in log, and will not affect actual behavior. Why you are echoing the secret to console? The secret content should be written to file |
|||||
The exact command i passed before opening the issue was :
Because it was not working, i try to cat the result files to see if it was correctly filled. To my surprise, the id_rsa.pub was filled with "*****" wheras the id_rsa was filled with the correct private Key. Like i said in the previous post, only the secret:idsec is correctly handle by onedev and not secret:idpub which is not consistent. Whether the both failed or whether they succeed. So there is something wrong |
|||||
I guess one secret is of multiple lines, while another is single line. OneDev only masks secrets in log line by line. Echo multiple lines into a file might be problematic. The correct way is to use
|
|||||
The command Not working, if i cat the file it is filled with "*****" |
|||||
You can not examine content of the file by catting to console, it will again be masked. in console. You may copy the file out and examine the content, or publish the file via publish artifacts step, and check its content. Also I guess the comma character around the @secret:idpub@ should be removed. Remember that all @...@ will be replaced literally by OneDev before passing to shell for execution. |
|||||
You are absolutely right. When publishing theses files as artifacts, they are correct. But i still get ssh connection error like if have i have wrong keys. I still investigate... |
|||||
I'd suggest to run the container from terminal directly, played with ssh keys, to make sure that it works. Then make the script into OneDev build spec. Also I can use the commands suggested previously to login to remote server. |
|||||
Another thing important: make sure to change file mode of |
|||||
when i test
and then inside, execthe same command
everything works but not with onedev, very frustrating. Moreover, i think there will be TTY problem running ssh command inside docker and onedev. So, do you have a way to connect to server, copy file and run some commands ? |
|||||
update when running verbose it seems my key is invalid. from stackoverflow some other have the same issue rapporting endofline format. So let's try something : adding a extra empty line in the job secret After saving, i show the job at new, the extra line has disappear Do you rewrite the job secret value with trim() or not handle append new line ? |
|||||
Yes, input will be trimmed for normalization purpose. It is surprising me the EOL is required for your server. I tested with Ubuntu server and the EOL does not matter. |
|||||
? and what about the line return when pasting in the textarea ? my client pc in on windows. i try to force \n and then pasting but do not work either |
|||||
All white spaces including line ending will be deleted |
|||||
Will turn this off in next patch release. For now, you may manually append a line ending to your private key file |
|||||
what it works :
what it does not work :
you said you test it, but in the same conditions ? onedev is running on container and job run alpine image. i'm pasting the job secret from firefox on windows. |
|||||
and what about having custom file inject inside the running job container ? we have artifact which are the result file of build why no having the opposite, file insert in the build without being in the repo ? |
|||||
Why cat or echo directly does not work: As I mentioned earlier, @...@ will be replaced literally, so if you write
It will be seen by shell as below after @secrets:id_sec@ being replaced:
This is the reason I am using below to write multiline string to a file in the first place:
|
|||||
What image are you using for the job (alpine does not have ssh client available)? And what OS of your server you are trying ssh into? |
|||||
i'm using alpine and connect to debian 11. this job command works as the id_rsa come from file in the git repo and not working when using the job secret with the cat EOT... |
|||||
Turns out that multi-line input in a text area will be saved using "\r\n" as line ending (this is html standard). And Debian is strict on line ending while Ubuntu not. The workaround is install dos2unix to your container, and then call below statement to convert "\r\n" to "\n"
|
|||||
😬 rohhhhhh
such a journey, but this workaround is perfect ! thanks you Robin for all the help 👍 you can close the thread |
|||||
Robin Shen changed state to 'Closed' 2 years ago
|
Type |
Question
|
Priority |
Normal
|
Assignee |
Hi,
i have to connect to one of my server over ssh inside a job with docker executor.
I don't want my secret/public keys in the git repo. I don't want do make a custom image with my secret/public keys inside.
So, i just use tools from onedev like the job secret :
That's not working. The issue came from the secret:idpub were the value is replace by "*****". From the manual : "value less than 5 characters will not be masked in build".
Questions :
Thanks for your help !!