[10:54] <mark06> how can I mirror bzr commits to a git repository automatically?
[10:55] <mark06> actually, I have a server with git repos that are mirrors of bzr branches
[10:56] <mark06> I want a cron or similar that will automatically pull from bzr then push to github
[10:56] <mark06> is there any existing solution for this, or do I need to write my own thing?
[10:56] <mark06> main problem for me is ssh key password, I want the process to be automated
[10:56] <mgrandi> i have a bzr plugin that just does a dumb commit to git on the post_commit hook
[10:57] <mark06> how exactly "to git"
[10:57] <mgrandi> currently bzr-git needs to be fixed to be used with bzr-1.6 to use the bzr dpush thing
[10:57] <mark06> my git mirrors of bzr branches use git-bzr-ng already  https://github.com/termie/git-bzr-ng
[10:57] <fullermd> I go the other way for stuff, and use git-bzr-ng (I think?) to mirror.
[10:58] <mark06> indeed I use it, but as I said I want to automate the mirroring
[10:58] <mgrandi> thats probably better then what im doing
[10:59] <fullermd> Well, you just cron it...   what more do you need?
[10:59] <mgrandi> all i'm doing is exporting to a folder then calling 'git commit -m '<>'
[10:59] <mark06> fullermd: a working solution
[10:59] <fullermd> Oh, well, I'd never thought of THAT   :p
[10:59] <mgrandi> post commit hooks aren't terribly hard to write
[10:59] <fullermd> What fails in it?
[10:59] <mark06> fullermd: it's not that simple, I'll show you the script I'm writing in case I don't find an existing solution
[11:00] <mark06> fullermd: http://vpaste.net/sMHhm
[11:00] <mark06> I could put this in cron, but as I said above, I can't
[11:00] <mark06> crond will get stuck reading ssh key password
[11:01] <mgrandi> seems like you just need to fix that
[11:01] <fullermd> Eh.  If an automated process needs access to a key, don't passphrase the key.
[11:01] <mgrandi> and will have the same problem with bzr
[11:01] <mgrandi> can you not have the agent remember the password? its different on every operating system...
[11:02] <mark06> so I need to create a separate ssh key just for this cron job, then add to both launchpad and github, right?
[11:02] <mgrandi> putty on windows asks for password at startup and then you don't need to remember it
[11:02] <mgrandi> err type it
[11:02] <mark06> the server is ubuntu
[11:03] <mark06> yes I use putty on windows for both git and bzr
[11:03] <mark06> if server reboots suddenly then mirror will stop working until I run ssh-agent again, if I would keep it running with cached key
[11:04] <mark06> so in sum, the separate ssh key is the way to go here?
[11:05] <fullermd> I'd say.  's just like passphrased SSL cert/keys; unless you want to manually intervene in any [re]start of the server, you just don't do it.
[11:06] <mgrandi> or have ssh agent load the password from a file, if it can do that
[11:06] <mark06> 's?
[11:07] <fullermd> That would be pointless; if the passphrase is sitting around in the clear, it's no different than an unphrased key from a security perspective, so it just adds fragility and possible dangerous-illusion.
[11:07] <fullermd> "It's" is way too long to type, so I contractify the contraction   :p
[11:07] <mark06> yeah I'm worried about unprotected key, specially because it will give access to all my launchpad and github repos.... I wanted it to have access only to the repos I'm mirroring
[11:08] <mark06> ah wait, not for launchpad
[11:08] <mark06> I just pull from launchpad
[11:08] <mgrandi> i dont think even github allows 'restricted' access for a ssh key
[11:10] <mark06> yeah this is why I'm worried
[11:10] <mgrandi> if it makes you feel any better this is just a problem with ssh, not necessarily any VCS =P
[11:10] <mark06> it's so easy for them to implement
[11:11] <fullermd> You could always just use rsh instead; then you don't have to worry about passphrasing keys.
[11:11] <mark06> I don't care where the problem is
[11:11]  * mark06 looks up rsh
[11:11] <fullermd> ... well, that takes all the fun out of saying it...
[11:12] <mark06> grr tldr http://en.wikipedia.org/wiki/Restricted_shell
[11:12] <fullermd> Nah, http://en.wikipedia.org/wiki/Remote_Shell
[11:14] <mgrandi> well if you have a passphrased key, then its still protected by your local login password
[11:14] <mgrandi> if you set the permissions to be not world readable
[11:14] <mgrandi> although that works for pass-less keys too
[11:15] <fullermd> Vulnerable to root, or a root crack.  Also backups provide an attack vector.
[11:16] <fullermd> Fortunately, that one can be closed by the simple expedient of not doing backups   :)
[11:16] <fullermd> Widely adopted security mechanism, that.
[11:18] <mgrandi> yeah, either way if they have local access you are screwed either way
[11:19] <mgrandi> and its 4 am, why am i even up
[11:20] <fullermd> Why wouldn't you be?  Heck, the sun isn't even up yet.
[11:21] <mgrandi> well the sun is stupid
[11:21] <mgrandi> stupid sun
[11:21] <mgrandi> what have you ever done for me
[11:23] <fullermd> Hey, it's done PLENTY for me!  I've had some nasty sunburns over the years...
[11:24] <fullermd> Wait, maybe that's more "to" than "for".
[11:24] <mgrandi> i live in a place where its sunny like 300+ days of the year
[11:24] <mgrandi> IM OVER THE SUN
[11:25] <mgrandi> but i need to get to bed, best of luck mark06
[11:25] <mgrandi> peace