| === r0bby_ is now known as robbyoconnor | ||
| mark06 | how can I mirror bzr commits to a git repository automatically? | 10:54 |
|---|---|---|
| mark06 | actually, I have a server with git repos that are mirrors of bzr branches | 10:55 |
| mark06 | I want a cron or similar that will automatically pull from bzr then push to github | 10:56 |
| mark06 | is there any existing solution for this, or do I need to write my own thing? | 10:56 |
| mark06 | main problem for me is ssh key password, I want the process to be automated | 10:56 |
| mgrandi | i have a bzr plugin that just does a dumb commit to git on the post_commit hook | 10:56 |
| mark06 | how exactly "to git" | 10:57 |
| mgrandi | currently bzr-git needs to be fixed to be used with bzr-1.6 to use the bzr dpush thing | 10:57 |
| mark06 | my git mirrors of bzr branches use git-bzr-ng already https://github.com/termie/git-bzr-ng | 10:57 |
| fullermd | I go the other way for stuff, and use git-bzr-ng (I think?) to mirror. | 10:57 |
| mark06 | indeed I use it, but as I said I want to automate the mirroring | 10:58 |
| mgrandi | thats probably better then what im doing | 10:58 |
| fullermd | Well, you just cron it... what more do you need? | 10:59 |
| mgrandi | all i'm doing is exporting to a folder then calling 'git commit -m '<>' | 10:59 |
| mark06 | fullermd: a working solution | 10:59 |
| fullermd | Oh, well, I'd never thought of THAT :p | 10:59 |
| mgrandi | post commit hooks aren't terribly hard to write | 10:59 |
| fullermd | What fails in it? | 10:59 |
| mark06 | fullermd: it's not that simple, I'll show you the script I'm writing in case I don't find an existing solution | 10:59 |
| mark06 | fullermd: http://vpaste.net/sMHhm | 11:00 |
| mark06 | I could put this in cron, but as I said above, I can't | 11:00 |
| mark06 | crond will get stuck reading ssh key password | 11:00 |
| mgrandi | seems like you just need to fix that | 11:01 |
| fullermd | Eh. If an automated process needs access to a key, don't passphrase the key. | 11:01 |
| mgrandi | and will have the same problem with bzr | 11:01 |
| mgrandi | can you not have the agent remember the password? its different on every operating system... | 11:01 |
| mark06 | so I need to create a separate ssh key just for this cron job, then add to both launchpad and github, right? | 11:02 |
| mgrandi | putty on windows asks for password at startup and then you don't need to remember it | 11:02 |
| mgrandi | err type it | 11:02 |
| mark06 | the server is ubuntu | 11:02 |
| mark06 | yes I use putty on windows for both git and bzr | 11:03 |
| mark06 | if server reboots suddenly then mirror will stop working until I run ssh-agent again, if I would keep it running with cached key | 11:03 |
| mark06 | so in sum, the separate ssh key is the way to go here? | 11:04 |
| fullermd | I'd say. 's just like passphrased SSL cert/keys; unless you want to manually intervene in any [re]start of the server, you just don't do it. | 11:05 |
| mgrandi | or have ssh agent load the password from a file, if it can do that | 11:06 |
| mark06 | 's? | 11:06 |
| fullermd | That would be pointless; if the passphrase is sitting around in the clear, it's no different than an unphrased key from a security perspective, so it just adds fragility and possible dangerous-illusion. | 11:07 |
| fullermd | "It's" is way too long to type, so I contractify the contraction :p | 11:07 |
| mark06 | yeah I'm worried about unprotected key, specially because it will give access to all my launchpad and github repos.... I wanted it to have access only to the repos I'm mirroring | 11:07 |
| mark06 | ah wait, not for launchpad | 11:08 |
| mark06 | I just pull from launchpad | 11:08 |
| mgrandi | i dont think even github allows 'restricted' access for a ssh key | 11:08 |
| mark06 | yeah this is why I'm worried | 11:10 |
| mgrandi | if it makes you feel any better this is just a problem with ssh, not necessarily any VCS =P | 11:10 |
| mark06 | it's so easy for them to implement | 11:10 |
| fullermd | You could always just use rsh instead; then you don't have to worry about passphrasing keys. | 11:11 |
| mark06 | I don't care where the problem is | 11:11 |
| * mark06 looks up rsh | 11:11 | |
| fullermd | ... well, that takes all the fun out of saying it... | 11:11 |
| mark06 | grr tldr http://en.wikipedia.org/wiki/Restricted_shell | 11:12 |
| fullermd | Nah, http://en.wikipedia.org/wiki/Remote_Shell | 11:12 |
| mgrandi | well if you have a passphrased key, then its still protected by your local login password | 11:14 |
| mgrandi | if you set the permissions to be not world readable | 11:14 |
| mgrandi | although that works for pass-less keys too | 11:14 |
| fullermd | Vulnerable to root, or a root crack. Also backups provide an attack vector. | 11:15 |
| fullermd | Fortunately, that one can be closed by the simple expedient of not doing backups :) | 11:16 |
| fullermd | Widely adopted security mechanism, that. | 11:16 |
| mgrandi | yeah, either way if they have local access you are screwed either way | 11:18 |
| mgrandi | and its 4 am, why am i even up | 11:19 |
| fullermd | Why wouldn't you be? Heck, the sun isn't even up yet. | 11:20 |
| mgrandi | well the sun is stupid | 11:21 |
| mgrandi | stupid sun | 11:21 |
| mgrandi | what have you ever done for me | 11:21 |
| fullermd | Hey, it's done PLENTY for me! I've had some nasty sunburns over the years... | 11:23 |
| fullermd | Wait, maybe that's more "to" than "for". | 11:24 |
| mgrandi | i live in a place where its sunny like 300+ days of the year | 11:24 |
| mgrandi | IM OVER THE SUN | 11:24 |
| mgrandi | but i need to get to bed, best of luck mark06 | 11:25 |
| mgrandi | peace | 11:25 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!