mirror of
https://gitlab.com/fdroid/fdroidserver.git
synced 2024-10-05 18:50:09 +02:00
buildserver: move trusty/paramiko hack to its own shell script
This is part of the effort to remove moving parts from the whole build server setup. Why wrap shell scripts in ruby and chef if we can just directly run a shell script?
This commit is contained in:
parent
1b8dec32ae
commit
2374b12a77
@ -118,12 +118,3 @@ else
|
|||||||
command "update-java-alternatives --set java-1.8.0-openjdk-i386"
|
command "update-java-alternatives --set java-1.8.0-openjdk-i386"
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
# Ubuntu trusty 14.04's paramiko does not work with jessie's openssh's default settings
|
|
||||||
# https://stackoverflow.com/questions/7286929/paramiko-incompatible-ssh-peer-no-acceptable-kex-algorithm/32691055#32691055
|
|
||||||
execute "support-ubuntu-trusty-paramiko" do
|
|
||||||
only_if { node[:settings][:ubuntu_trusty] == 'true' }
|
|
||||||
command "echo Ciphers aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes128-ctr >> /etc/ssh/sshd_config"
|
|
||||||
command "echo MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,hmac-sha1 >> /etc/ssh/sshd_config"
|
|
||||||
command "echo KexAlgorithms diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1 >> /etc/ssh/sshd_config"
|
|
||||||
end
|
|
||||||
|
16
buildserver/provision-ubuntu-trusty-paramiko
Normal file
16
buildserver/provision-ubuntu-trusty-paramiko
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# Ubuntu trusty 14.04's paramiko does not work with jessie's openssh's default settings
|
||||||
|
# https://stackoverflow.com/questions/7286929/paramiko-incompatible-ssh-peer-no-acceptable-kex-algorithm/32691055#32691055
|
||||||
|
|
||||||
|
if ! grep --quiet ^Ciphers /etc/ssh/sshd_config; then
|
||||||
|
echo Ciphers aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes128-ctr >> /etc/ssh/sshd_config
|
||||||
|
fi
|
||||||
|
|
||||||
|
if ! grep --quiet ^MACs /etc/ssh/sshd_config; then
|
||||||
|
echo MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,hmac-sha1 >> /etc/ssh/sshd_config
|
||||||
|
fi
|
||||||
|
|
||||||
|
if ! grep --quiet ^KexAlgorithms /etc/ssh/sshd_config; then
|
||||||
|
echo KexAlgorithms diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1 >> /etc/ssh/sshd_config
|
||||||
|
fi
|
@ -384,7 +384,6 @@ vagrantfile += """
|
|||||||
chef.json = {
|
chef.json = {
|
||||||
:settings => {
|
:settings => {
|
||||||
:debian_mirror => "%s",
|
:debian_mirror => "%s",
|
||||||
:ubuntu_trusty => "%s",
|
|
||||||
:user => "vagrant"
|
:user => "vagrant"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -399,9 +398,14 @@ vagrantfile += """
|
|||||||
config.vm.provision "file", source: "gradle",
|
config.vm.provision "file", source: "gradle",
|
||||||
destination: "/opt/gradle/bin/gradle"
|
destination: "/opt/gradle/bin/gradle"
|
||||||
|
|
||||||
|
# let Ubuntu/trusty's paramiko work with the VM instance
|
||||||
|
if `uname -v`.include? "14.04"
|
||||||
|
config.vm.provision "shell", path: "provision-ubuntu-trusty-paramiko"
|
||||||
|
end
|
||||||
|
|
||||||
end
|
end
|
||||||
""" % (config['debian_mirror'],
|
""" % config['debian_mirror']
|
||||||
str('14.04' in os.uname()[3]).lower())
|
|
||||||
|
|
||||||
# Check against the existing Vagrantfile, and if they differ, we need to
|
# Check against the existing Vagrantfile, and if they differ, we need to
|
||||||
# create a new box:
|
# create a new box:
|
||||||
|
Loading…
Reference in New Issue
Block a user