From cea9bc8ccfd3c65268dde4b23ccc2dac8f58f8b8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20A=CC=81lvaro?= Date: Fri, 26 Aug 2022 09:12:59 +0200 Subject: [PATCH 1/4] feat(labels): Standardize labels --- Dockerfile | 27 +++++++++++++-------------- 1 file changed, 13 insertions(+), 14 deletions(-) diff --git a/Dockerfile b/Dockerfile index 3751f19..928b43f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -61,20 +61,19 @@ EXPOSE 4505 4506 8000 RUN mkdir -p "${SALT_BASE_DIR}" "${SALT_FORMULAS_DIR}" "${SALT_KEYS_DIR}" "${SALT_CONFS_DIR}" "${SALT_LOGS_DIR}" VOLUME [ "${SALT_BASE_DIR}", "${SALT_FORMULAS_DIR}", "${SALT_KEYS_DIR}", "${SALT_CONFS_DIR}", "${SALT_LOGS_DIR}" ] -LABEL \ - org.opencontainers.image.title="Dockerized Salt Master" \ - org.opencontainers.image.description="salt-master ${SALT_VERSION} containerized" \ - org.opencontainers.image.documentation="https://github.com/cdalvaro/docker-salt-master/blob/${IMAGE_VERSION}/README.md" \ - org.opencontainers.image.url="https://github.com/cdalvaro/docker-salt-master" \ - org.opencontainers.image.source="https://github.com/cdalvaro/docker-salt-master.git" \ - org.opencontainers.image.authors="Carlos Álvaro " \ - org.opencontainers.image.vendor=cdalvaro \ - org.opencontainers.image.created=${BUILD_DATE} \ - org.opencontainers.image.version="${IMAGE_VERSION}" \ - org.opencontainers.image.revision=${VCS_REF} \ - org.opencontainers.image.base.digest="sha256:42ba2dfce475de1113d55602d40af18415897167d47c2045ec7b6d9746ff148f" \ - org.opencontainers.image.base.name="ubuntu:jammy-20220801" \ - org.opencontainers.image.licenses=MIT +LABEL org.opencontainers.image.title="Dockerized Salt Master" +LABEL org.opencontainers.image.description="salt-master ${SALT_VERSION} containerized" +LABEL org.opencontainers.image.documentation="https://github.com/cdalvaro/docker-salt-master/blob/${IMAGE_VERSION}/README.md" +LABEL org.opencontainers.image.url="https://github.com/cdalvaro/docker-salt-master" +LABEL org.opencontainers.image.source="https://github.com/cdalvaro/docker-salt-master.git" +LABEL org.opencontainers.image.authors="Carlos Álvaro " +LABEL org.opencontainers.image.vendor="cdalvaro" +LABEL org.opencontainers.image.created="${BUILD_DATE}" +LABEL org.opencontainers.image.version="${IMAGE_VERSION}" +LABEL org.opencontainers.image.revision="${VCS_REF}" +LABEL org.opencontainers.image.base.digest="sha256:42ba2dfce475de1113d55602d40af18415897167d47c2045ec7b6d9746ff148f" +LABEL org.opencontainers.image.base.name="ubuntu:jammy-20220801" +LABEL org.opencontainers.image.licenses="MIT" WORKDIR ${SALT_HOME} ENTRYPOINT [ "/sbin/entrypoint.sh" ] From 24e0ed4d180fb5481e885dbb9e85f3169b2d164d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20A=CC=81lvaro?= Date: Fri, 26 Aug 2022 09:13:24 +0200 Subject: [PATCH 2/4] feat(make): Standardize creation date --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 1a742fb..49c59fb 100644 --- a/Makefile +++ b/Makefile @@ -13,7 +13,7 @@ help: build: @docker build --tag=cdalvaro/docker-salt-master:latest . \ - --build-arg=BUILD_DATE="$(shell date +"%Y-%m-%d %H:%M:%S%:z")" \ + --build-arg=BUILD_DATE="$(shell date -u +"%Y-%m-%dT%H:%M:%SZ")" \ --build-arg=VCS_REF="$(shell git rev-parse --short HEAD)" release: build From 48d4be8d9f3428d85886ce613c7072c4b1cc5a35 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20A=CC=81lvaro?= Date: Fri, 26 Aug 2022 09:17:01 +0200 Subject: [PATCH 3/4] feat(tests): Decode base64 ssh keys --- .github/workflows/build-and-test.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml index b6b5932..1fda81c 100644 --- a/.github/workflows/build-and-test.yml +++ b/.github/workflows/build-and-test.yml @@ -122,11 +122,13 @@ jobs: - name: Execute gitfs tests env: GITFS_KEYS_DIR: tests/gitfs/data/keys/gitfs + SSH_PRIVATE_KEY: ${{ secrets.TESTS_REPO_PRIVATE_KEY }} + SSH_PUBLIC_KEY: ${{ secrets.TESTS_REPO_PUBLIC_KEY }} run: | mkdir -p "${GITFS_KEYS_DIR}" - echo "${{ secrets.TESTS_REPO_PRIVATE_KEY }}" > "${GITFS_KEYS_DIR}"/gitfs_ssh + echo "${SSH_PRIVATE_KEY}" | base64 -d > "${GITFS_KEYS_DIR}"/gitfs_ssh chmod 600 "${GITFS_KEYS_DIR}"/gitfs_ssh - echo "${{ secrets.TESTS_REPO_PUBLIC_KEY }}" > "${GITFS_KEYS_DIR}"/gitfs_ssh.pub + echo "${SSH_PUBLIC_KEY}" | base64 -d > "${GITFS_KEYS_DIR}"/gitfs_ssh.pub chmod 644 "${GITFS_KEYS_DIR}"/gitfs_ssh.pub tests/gitfs/test.sh From 9ff238a2ea60f6bd2c0796b85e02e8d4202fa365 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20A=CC=81lvaro?= Date: Fri, 26 Aug 2022 10:50:22 +0200 Subject: [PATCH 4/4] doc: Update README.md --- README.md | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index 1562162..2eeca17 100644 --- a/README.md +++ b/README.md @@ -336,7 +336,7 @@ This keys must be placed inside `/home/salt/data/keys` directory. You can create an ssh key for pygit2 with the following command: ```sh -ssh-keygen -f gitfs_ssh -C 'gitfs@example.com' +ssh-keygen -t ed25519 -C -f gitfs_ssh -C 'gitfs_ed25519@example.com' ``` Place it wherever you want inside the container and specify its path with the configuration parameters: `gitfs_pubkey` @@ -352,18 +352,12 @@ gitfs_pubkey: /home/salt/data/keys/gitfs/gitfs_ssh.pub **Important Note** -By default, this image has been tested with RSA 4096 ssh keys generated with `ssh-keygen`. +This image has been tested with a _ed25519_ ssh key. -If you get the following error while using `gitfs` with `pygit2` - -```plain -_pygit2.GitError: Failed to authenticate SSH session: Unable to send userauth-publickey request -``` - -you may have to recreate your ssh key adding the parameter: `-m PEM`: +Alternately, you may create a new RSA key with SHA2 hashing like so: ```sh -ssh-keygen -m PEM -f gitfs_ssh -C 'gitfs@example.com' +ssh-keygen -t rsa-sha2-512 -b 4096 -f gitfs_ssh -C 'gitfs_rsa4096@example.com' ``` ### 3rd Party Formulas