Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1307)

Issue 3277006: scripts: bind ~/.ssh over the chroot's ~/.ssh. (Closed)

Created:
10 years, 3 months ago by Elly Fong-Jones
Modified:
9 years, 4 months ago
CC:
chromium-os-reviews_chromium.org, Mandeep Singh Baines, anush, sosa
Visibility:
Public.

Description

scripts: bind ~/.ssh over the chroot's ~/.ssh. This also mounts the path to our ssh-agent socket (usually in /tmp) inside the chroot so we can use our external agent. TEST=None BUG=None Change-Id: I543e8b2527be9958c1158234f39ecc34fc9dd0df Signed-Off-By: Elly Jones <ellyjones@chromium.org>; Signed-Off-By: sosa <sosa@chromium.org>;

Patch Set 1 #

Total comments: 6

Patch Set 2 : Fixes per sosa. #

Patch Set 3 : Reuse MOUNTED_PATH. #

Patch Set 4 : Don't copy private keys in. #

Total comments: 2

Patch Set 5 : Add '--[no]ssh_agent' flag. #

Patch Set 6 : Rename MOUNTED_PATH; don't test for mount of plain directory. #

Unified diffs Side-by-side diffs Delta from patch set Stats (+17 lines, -1 line) Patch
M enter_chroot.sh View 1 2 3 4 5 3 chunks +17 lines, -1 line 0 comments Download

Messages

Total messages: 17 (0 generated)
Elly Fong-Jones
10 years, 3 months ago (2010-08-30 21:24:01 UTC) #1
Olof Johansson
Please close this bug then: http://code.google.com/p/chromium-os/issues/detail?id=6242
10 years, 3 months ago (2010-08-30 21:37:30 UTC) #2
Elly Fong-Jones
On 2010/08/30 21:37:30, Olof Johansson wrote: > Please close this bug then: > http://code.google.com/p/chromium-os/issues/detail?id=6242 LGTY?
10 years, 3 months ago (2010-08-30 21:51:08 UTC) #3
Olof Johansson
I'd prefer if someone from the build team looked LGTM'ed it.
10 years, 3 months ago (2010-08-31 01:04:29 UTC) #4
sosa
nits http://codereview.chromium.org/3277006/diff/1/2 File enter_chroot.sh (right): http://codereview.chromium.org/3277006/diff/1/2#newcode108 enter_chroot.sh:108: if [ -z "$(mount | grep -F "on ...
10 years, 3 months ago (2010-08-31 01:28:38 UTC) #5
Elly Fong-Jones
On 2010/08/31 01:28:38, sosa wrote: > nits > > http://codereview.chromium.org/3277006/diff/1/2 > File enter_chroot.sh (right): > ...
10 years, 3 months ago (2010-08-31 12:52:56 UTC) #6
seano
Please please do not bind mount everyone's private ~/.ssh dirs* into a build chroot where ...
10 years, 3 months ago (2010-08-31 14:17:24 UTC) #7
seano
My other concern is that this breaks the ssh agent that gets started anywhere that ...
10 years, 3 months ago (2010-08-31 14:20:00 UTC) #8
sosa
LGTM. You might want to consider hiding this behind a flag ... i.e. --bindssh
10 years, 3 months ago (2010-08-31 18:45:02 UTC) #9
Elly Fong-Jones
On 2010/08/31 18:45:02, sosa wrote: > LGTM. You might want to consider hiding this behind ...
10 years, 3 months ago (2010-08-31 18:52:47 UTC) #10
sosa
http://codereview.chromium.org/3277006/diff/2002/15001 File enter_chroot.sh (right): http://codereview.chromium.org/3277006/diff/2002/15001#newcode113 enter_chroot.sh:113: cp -r "${HOME}/.ssh/known_hosts" "${MOUNTED_PATH}" You can mount a file ...
10 years, 3 months ago (2010-08-31 18:57:34 UTC) #11
Elly Fong-Jones
On 2010/08/31 18:57:34, sosa wrote: > http://codereview.chromium.org/3277006/diff/2002/15001 > File enter_chroot.sh (right): > > http://codereview.chromium.org/3277006/diff/2002/15001#newcode113 > ...
10 years, 3 months ago (2010-08-31 18:59:20 UTC) #12
kliegs1
On 2010/08/31 18:59:20, Elly Jones wrote: > On 2010/08/31 18:57:34, sosa wrote: > > http://codereview.chromium.org/3277006/diff/2002/15001 ...
10 years, 3 months ago (2010-08-31 19:12:09 UTC) #13
sosa
http://codereview.chromium.org/3277006/diff/2002/15001 File enter_chroot.sh (right): http://codereview.chromium.org/3277006/diff/2002/15001#newcode107 enter_chroot.sh:107: MOUNTED_PATH="$(readlink -f "${FLAGS_chroot}/home/${USER}/.ssh")" If you don't mount then this ...
10 years, 3 months ago (2010-08-31 20:06:01 UTC) #14
rochberg
On 2010/08/30 21:24:01, Elly Jones wrote: > This is nice, but it doesn't yet get ...
10 years, 3 months ago (2010-09-02 02:07:37 UTC) #15
Elly Fong-Jones
On 2010/08/31 20:06:01, sosa wrote: > http://codereview.chromium.org/3277006/diff/2002/15001 > File enter_chroot.sh (right): > > http://codereview.chromium.org/3277006/diff/2002/15001#newcode107 > ...
10 years, 3 months ago (2010-09-02 13:21:36 UTC) #16
Elly Fong-Jones
10 years, 3 months ago (2010-09-02 13:21:55 UTC) #17
On 2010/08/31 19:12:09, kliegs1 wrote:
> On 2010/08/31 18:59:20, Elly Jones wrote:
> > On 2010/08/31 18:57:34, sosa wrote:
> > > http://codereview.chromium.org/3277006/diff/2002/15001
> > > File enter_chroot.sh (right):
> > > 
> > > http://codereview.chromium.org/3277006/diff/2002/15001#newcode113
> > > enter_chroot.sh:113: cp -r "${HOME}/.ssh/known_hosts" "${MOUNTED_PATH}"
> > > You can mount a file (just have to touch it first).  You may want to do
that
> > to
> > > keep them in sync.
> > 
> > I don't think keeping them in sync is a win, unless we're gaining new known
> > hosts from the outside system (?). We don't want the dev environment writing
> > entries into the host's known_hosts.
> 
> Keeping them split also ensures you don't accidentally clobber a file.  
> 
> I also agree with sosa about adding a flag to protect it. Although defaulting
> the flag to on makes sense.

Flag added and defaulted to on.

Powered by Google App Engine
This is Rietveld 408576698