buildserver: move trusty/paramiko hack to its own shell script

This is part of the effort to remove moving parts from the whole build server setup. Why wrap shell scripts in ruby and chef if we can just directly run a shell script?
2024-07-07 09:50:07 +02:00 · 2016-07-04 13:23:25 +02:00 · 2016-07-04 13:23:25 +02:00 · 2374b12a77
commit 2374b12a77
parent 1b8dec32ae
3 changed files with 23 additions and 12 deletions
--- a/buildserver/cookbooks/fdroidbuild-general/recipes/default.rb
+++ b/buildserver/cookbooks/fdroidbuild-general/recipes/default.rb
@ -118,12 +118,3 @@ else
    command "update-java-alternatives --set java-1.8.0-openjdk-i386"
  end
 end
-
-# Ubuntu trusty 14.04's paramiko does not work with jessie's openssh's default settings
-# https://stackoverflow.com/questions/7286929/paramiko-incompatible-ssh-peer-no-acceptable-kex-algorithm/32691055#32691055
-execute "support-ubuntu-trusty-paramiko" do
-  only_if { node[:settings][:ubuntu_trusty] == 'true' }
-  command "echo Ciphers aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes128-ctr >> /etc/ssh/sshd_config"
-  command "echo MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,hmac-sha1 >> /etc/ssh/sshd_config"
-  command "echo KexAlgorithms diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1 >> /etc/ssh/sshd_config"
-end
--- a/buildserver/provision-ubuntu-trusty-paramiko
+++ b/buildserver/provision-ubuntu-trusty-paramiko
@ -0,0 +1,16 @@
+#!/bin/bash
+
+# Ubuntu trusty 14.04's paramiko does not work with jessie's openssh's default settings
+# https://stackoverflow.com/questions/7286929/paramiko-incompatible-ssh-peer-no-acceptable-kex-algorithm/32691055#32691055
+
+if ! grep --quiet ^Ciphers /etc/ssh/sshd_config; then
+    echo Ciphers aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes128-ctr >> /etc/ssh/sshd_config
+fi
+
+if ! grep --quiet ^MACs /etc/ssh/sshd_config; then
+    echo MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,hmac-sha1 >> /etc/ssh/sshd_config
+fi
+
+if ! grep --quiet ^KexAlgorithms /etc/ssh/sshd_config; then
+    echo KexAlgorithms diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1 >> /etc/ssh/sshd_config
+fi
--- a/10
+++ b/10
@ -384,7 +384,6 @@ vagrantfile += """
    chef.json = {
      :settings => {
        :debian_mirror => "%s",
-        :ubuntu_trusty => "%s",
        :user => "vagrant"
      }
    }
@ -399,9 +398,14 @@ vagrantfile += """
  config.vm.provision "file", source: "gradle",
    destination: "/opt/gradle/bin/gradle"

+  # let Ubuntu/trusty's paramiko work with the VM instance
+  if `uname -v`.include? "14.04"
+    config.vm.provision "shell", path: "provision-ubuntu-trusty-paramiko"
+  end
+
 end
-""" % (config['debian_mirror'],
-       str('14.04' in os.uname()[3]).lower())
+""" % config['debian_mirror']
+

 # Check against the existing Vagrantfile, and if they differ, we need to
 # create a new box: