[PATCH] kas-container: add '--ssh-agent' option
208 views
Skip to first unread message
Anders Montonen
Mar 21, 2022, 5:23:17 PM3/21/22
to kas-...@googlegroups.com, Anders Montonen
The option mounts the SSH_AUTH_SOCK ssh agent socket, and sets the
environment variable in the container.
Signed-off-by: Anders Montonen <Anders....@iki.fi>
---
kas-container | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/kas-container b/kas-container
index d9af5f6..611e5a9 100755
--- a/kas-container
+++ b/kas-container
@@ -61,6 +61,9 @@ usage()
printf "%b" "--ssh-dir\t\tDirectory containing SSH configurations.\n"
printf "%b" "\t\t\tAvoid \$HOME/.ssh unless you fully trust the " \
"container.\n"
+ printf "%b" "--ssh-agent\t\tForward the ssh-agent socket and environment " \
+ "variable\n"
+ printf "%b" "\t\t\tto the container.\n"
printf "%b" "--aws-dir\t\tDirectory containing AWScli configuration.\n"
printf "%b" "--git-credential-store\tFile path to the git credential " \
"store\n"
@@ -210,6 +213,10 @@ while [ $# -gt 0 ]; do
KAS_SSH_DIR="$2"
shift 2
;;
+ --ssh-agent)
+ KAS_SSH_AUTH_SOCK=$SSH_AUTH_SOCK
+ shift 1
+ ;;
--aws-dir)
[ $# -gt 2 ] || usage
KAS_AWS_DIR="$2"
@@ -384,6 +391,15 @@ if [ -n "${KAS_SSH_DIR}" ] ; then
set -- "$@" -v "$(readlink -f "${KAS_SSH_DIR}")":/etc/skel/.ssh:ro
fi
+if [ -n "${KAS_SSH_AUTH_SOCK}" ]; then
+ if [ ! -S "${KAS_SSH_AUTH_SOCK}" ]; then
+ echo "Passed SSH_AUTH_SOCK '${KAS_SSH_AUTH_SOCK}' is not a socket"
+ exit 1
+ fi
+ set -- "$@" -v "${KAS_SSH_AUTH_SOCK}":"${KAS_SSH_AUTH_SOCK}" \
+ -e SSH_AUTH_SOCK="${KAS_SSH_AUTH_SOCK}"
+fi
+
if [ -n "${KAS_AWS_DIR}" ] ; then
if [ ! -d "${KAS_AWS_DIR}" ]; then
echo "Passed KAS_AWS_DIR '${KAS_AWS_DIR}' is not a directory"
--
2.32.0
environment variable in the container.
Signed-off-by: Anders Montonen <Anders....@iki.fi>
---
kas-container | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/kas-container b/kas-container
index d9af5f6..611e5a9 100755
--- a/kas-container
+++ b/kas-container
@@ -61,6 +61,9 @@ usage()
printf "%b" "--ssh-dir\t\tDirectory containing SSH configurations.\n"
printf "%b" "\t\t\tAvoid \$HOME/.ssh unless you fully trust the " \
"container.\n"
+ printf "%b" "--ssh-agent\t\tForward the ssh-agent socket and environment " \
+ "variable\n"
+ printf "%b" "\t\t\tto the container.\n"
printf "%b" "--aws-dir\t\tDirectory containing AWScli configuration.\n"
printf "%b" "--git-credential-store\tFile path to the git credential " \
"store\n"
@@ -210,6 +213,10 @@ while [ $# -gt 0 ]; do
KAS_SSH_DIR="$2"
shift 2
;;
+ --ssh-agent)
+ KAS_SSH_AUTH_SOCK=$SSH_AUTH_SOCK
+ shift 1
+ ;;
--aws-dir)
[ $# -gt 2 ] || usage
KAS_AWS_DIR="$2"
@@ -384,6 +391,15 @@ if [ -n "${KAS_SSH_DIR}" ] ; then
set -- "$@" -v "$(readlink -f "${KAS_SSH_DIR}")":/etc/skel/.ssh:ro
fi
+if [ -n "${KAS_SSH_AUTH_SOCK}" ]; then
+ if [ ! -S "${KAS_SSH_AUTH_SOCK}" ]; then
+ echo "Passed SSH_AUTH_SOCK '${KAS_SSH_AUTH_SOCK}' is not a socket"
+ exit 1
+ fi
+ set -- "$@" -v "${KAS_SSH_AUTH_SOCK}":"${KAS_SSH_AUTH_SOCK}" \
+ -e SSH_AUTH_SOCK="${KAS_SSH_AUTH_SOCK}"
+fi
+
if [ -n "${KAS_AWS_DIR}" ] ; then
if [ ! -d "${KAS_AWS_DIR}" ]; then
echo "Passed KAS_AWS_DIR '${KAS_AWS_DIR}' is not a directory"
--
2.32.0
Jan Kiszka
Mar 22, 2022, 4:03:19 AM3/22/22
to Anders Montonen, kas-...@googlegroups.com
Just to avoid collisions.
> +fi
> +
> if [ -n "${KAS_AWS_DIR}" ] ; then
> if [ ! -d "${KAS_AWS_DIR}" ]; then
> echo "Passed KAS_AWS_DIR '${KAS_AWS_DIR}' is not a directory"
--
Siemens AG, Technology
Competence Center Embedded Linux
Anders Montonen
Mar 25, 2022, 5:40:27 AM3/25/22
to kas-...@googlegroups.com, Anders Montonen
The option mounts the SSH_AUTH_SOCK ssh agent socket, and sets the
environment variable in the container.
Signed-off-by: Anders Montonen <Anders....@iki.fi>
---
v2:
environment variable in the container.
Signed-off-by: Anders Montonen <Anders....@iki.fi>
---
- Canonicalize socket path
- Use fixed socket path inside container
kas-container | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/kas-container b/kas-container
index d9af5f6..32ff12e 100755
--- a/kas-container
+++ b/kas-container
@@ -61,6 +61,7 @@ usage()
printf "%b" "--ssh-dir\t\tDirectory containing SSH configurations.\n"
printf "%b" "\t\t\tAvoid \$HOME/.ssh unless you fully trust the " \
"container.\n"
+ printf "%b" "--ssh-agent\t\tForward ssh-agent socket to the container.\n"
printf "%b" "\t\t\tAvoid \$HOME/.ssh unless you fully trust the " \
"container.\n"
printf "%b" "--aws-dir\t\tDirectory containing AWScli configuration.\n"
printf "%b" "--git-credential-store\tFile path to the git credential " \
"store\n"
@@ -210,6 +211,10 @@ while [ $# -gt 0 ]; do
printf "%b" "--git-credential-store\tFile path to the git credential " \
"store\n"
KAS_SSH_DIR="$2"
shift 2
;;
+ --ssh-agent)
+ KAS_SSH_AUTH_SOCK=$(readlink -f "$SSH_AUTH_SOCK")
shift 2
;;
+ --ssh-agent)
+ shift 1
+ ;;
--aws-dir)
[ $# -gt 2 ] || usage
KAS_AWS_DIR="$2"
@@ -384,6 +389,15 @@ if [ -n "${KAS_SSH_DIR}" ] ; then
+ ;;
--aws-dir)
[ $# -gt 2 ] || usage
KAS_AWS_DIR="$2"
set -- "$@" -v "$(readlink -f "${KAS_SSH_DIR}")":/etc/skel/.ssh:ro
fi
+if [ -n "${KAS_SSH_AUTH_SOCK}" ]; then
+ if [ ! -S "${KAS_SSH_AUTH_SOCK}" ]; then
+ echo "Passed SSH_AUTH_SOCK '${KAS_SSH_AUTH_SOCK}' is not a socket"
+ exit 1
+ fi
+ set -- "$@" -v "${KAS_SSH_AUTH_SOCK}":/ssh-agent/ssh-auth-sock \
fi
+if [ -n "${KAS_SSH_AUTH_SOCK}" ]; then
+ if [ ! -S "${KAS_SSH_AUTH_SOCK}" ]; then
+ echo "Passed SSH_AUTH_SOCK '${KAS_SSH_AUTH_SOCK}' is not a socket"
+ exit 1
+ fi
+ -e SSH_AUTH_SOCK=/ssh-agent/ssh-auth-sock
+fi
+
if [ -n "${KAS_AWS_DIR}" ] ; then
if [ ! -d "${KAS_AWS_DIR}" ]; then
echo "Passed KAS_AWS_DIR '${KAS_AWS_DIR}' is not a directory"
--
+
if [ -n "${KAS_AWS_DIR}" ] ; then
if [ ! -d "${KAS_AWS_DIR}" ]; then
echo "Passed KAS_AWS_DIR '${KAS_AWS_DIR}' is not a directory"
2.32.0
Jan Kiszka
Mar 29, 2022, 3:27:11 AM3/29/22
to Anders Montonen, kas-...@googlegroups.com
Reply all
Reply to author
Forward
0 new messages