From fbe7050cb8192264da5d7b6a702497cfb37947ca Mon Sep 17 00:00:00 2001 From: Hidde Beydals Date: Mon, 10 May 2021 15:20:01 +0200 Subject: [PATCH] Switch to `crypto/ssh` for parsing of private keys MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This changes the logic for the parsing of private keys, as already done for the source-controller, so that it is able to recognize and work with a wider range of key formats instead of returning a vague error: ```console $ flux bootstrap git [..] ✗ ssh: this private key is passphrase protected ``` A patch for this was already submitted and merged in `go-git/go-git`, but is not made available in a release yet: https://github.com/go-git/go-git/pull/298 Signed-off-by: Hidde Beydals --- cmd/flux/bootstrap_git.go | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/cmd/flux/bootstrap_git.go b/cmd/flux/bootstrap_git.go index 243a8e3a..9efd43e6 100644 --- a/cmd/flux/bootstrap_git.go +++ b/cmd/flux/bootstrap_git.go @@ -30,6 +30,7 @@ import ( "github.com/go-git/go-git/v5/plumbing/transport/ssh" "github.com/manifoldco/promptui" "github.com/spf13/cobra" + cryptossh "golang.org/x/crypto/ssh" corev1 "k8s.io/api/core/v1" "github.com/fluxcd/flux2/internal/bootstrap" @@ -232,7 +233,20 @@ func transportForURL(u *url.URL) (transport.AuthMethod, error) { }, nil case "ssh": if bootstrapArgs.privateKeyFile != "" { - return ssh.NewPublicKeysFromFile(u.User.Username(), bootstrapArgs.privateKeyFile, gitArgs.password) + // TODO(hidde): replace custom logic with https://github.com/go-git/go-git/pull/298 + // once made available in go-git release. + bytes, err := ioutil.ReadFile(bootstrapArgs.privateKeyFile) + if err != nil { + return nil, err + } + signer, err := cryptossh.ParsePrivateKey(bytes) + if _, ok := err.(*cryptossh.PassphraseMissingError); ok { + signer, err = cryptossh.ParsePrivateKeyWithPassphrase(bytes, []byte(gitArgs.password)) + } + if err != nil { + return nil, err + } + return &ssh.PublicKeys{Signer: signer, User: u.User.Username()}, nil } return nil, nil default: