Commit 06619904a2ae2ffd5d8e34ab11d5eb484e9d5762

Patrick Steinhardt 2017-04-26T13:04:23

travis: cibuild: set up our own sshd server Some tests of ours require to be running against an SSH server. Currently, we simply run against the SSH server provided and started by Travis itself. As our Linux tests run in a sudo-less environment, we have no control over its configuration and startup/shutdown procedure. While this has been no problem until now, it will become a problem as soon as we migrate over to newer Precise images, as the SSH server does not have any host keys set up. Luckily, we can simply set up our own unpriviledged SSH server. This has the benefit of us being able to modify its configuration even in a sudo-less environment. This commit sets up the unpriviledged SSH server on port 2222.

diff --git a/script/cibuild.sh b/script/cibuild.sh
index 403df22..9239136 100755
--- a/script/cibuild.sh
+++ b/script/cibuild.sh
@@ -43,23 +43,39 @@ ctest -V -R libgit2_clar || exit $?
 
 killall git-daemon
 
-if [ "$TRAVIS_OS_NAME" = "osx" ]; then
-    echo 'PasswordAuthentication yes' | sudo tee -a /etc/sshd_config
-fi
-
+# Set up sshd
+mkdir ~/sshd/
+cat >~/sshd/sshd_config<<-EOF
+	Port 2222
+	ListenAddress 0.0.0.0
+	Protocol 2
+	HostKey ${HOME}/sshd/id_rsa
+	RSAAuthentication yes
+	PasswordAuthentication yes
+	PubkeyAuthentication yes
+	ChallengeResponseAuthentication no
+	# Required here as sshd will simply close connection otherwise
+	UsePAM no
+EOF
+ssh-keygen -t rsa -f ~/sshd/id_rsa -N "" -q
+/usr/sbin/sshd -f ~/sshd/sshd_config
+
+# Set up keys
 ssh-keygen -t rsa -f ~/.ssh/id_rsa -N "" -q
 cat ~/.ssh/id_rsa.pub >>~/.ssh/authorized_keys
-ssh-keyscan -t rsa localhost >>~/.ssh/known_hosts
+while read algorithm key comment; do
+    echo "[localhost]:2222 $algorithm $key" >>~/.ssh/known_hosts
+done <~/sshd/id_rsa.pub
 
 # Get the fingerprint for localhost and remove the colons so we can parse it as
 # a hex number. The Mac version is newer so it has a different output format.
 if [ "$TRAVIS_OS_NAME" = "osx" ]; then
-    export GITTEST_REMOTE_SSH_FINGERPRINT=$(ssh-keygen -E md5 -F localhost -l | tail -n 1 | cut -d ' ' -f 3 | cut -d : -f2- | tr -d :)
+    export GITTEST_REMOTE_SSH_FINGERPRINT=$(ssh-keygen -E md5 -F '[localhost]:2222' -l | tail -n 1 | cut -d ' ' -f 3 | cut -d : -f2- | tr -d :)
 else
-    export GITTEST_REMOTE_SSH_FINGERPRINT=$(ssh-keygen -F localhost -l | tail -n 1 | cut -d ' ' -f 2 | tr -d ':')
+    export GITTEST_REMOTE_SSH_FINGERPRINT=$(ssh-keygen -F '[localhost]:2222' -l | tail -n 1 | cut -d ' ' -f 2 | tr -d ':')
 fi
 
-export GITTEST_REMOTE_URL="ssh://localhost/$HOME/_temp/test.git"
+export GITTEST_REMOTE_URL="ssh://localhost:2222/$HOME/_temp/test.git"
 export GITTEST_REMOTE_USER=$USER
 export GITTEST_REMOTE_SSH_KEY="$HOME/.ssh/id_rsa"
 export GITTEST_REMOTE_SSH_PUBKEY="$HOME/.ssh/id_rsa.pub"
@@ -83,6 +99,8 @@ if [ -e ./libgit2_clar ]; then
 
 fi
 
+killall sshd
+
 export GITTEST_REMOTE_URL="https://github.com/libgit2/non-existent"
 export GITTEST_REMOTE_USER="libgit2test"
 ctest -V -R libgit2_clar-cred_callback