~sircmpwn/sr.ht-discuss

3 3

Rsync issues with builds.sr.ht

Details
Message ID
<cps2nmfqys54za2244glop3sgcotavpvpl74gd2lpr5kxzv2jv@w6kzswmu7dv6>
DKIM signature
missing
Download raw message
Hey hi,

I'm finally trying out builds.sr.ht, and I'm getting my LaTeX pdf to
compile, but rsync is just not working for me.

latest failed:
+ rsync -uvzP  cv/cv.pdf deploy@server:path/to/cv.pdf
Host key verification failed.

Here's my basic manifest.

image: archlinux
secrets:
  - secret-uuid-for-ssh
packages:
  - rsync
  - make
  - texlive-latexrecommended
  - texlive-fontsextra
  - texlive-latexextra
sources:
  - https://git.sr.ht/~acsqdotme/cv
tasks: 
  - setup: |
      echo "setting up"
  - build: |
      cd ~/cv
      make
  - deploy: |
      rsync -uvzP ~/cv/cv.pdf deploy@server_id:path/to/cv.pdf


I added my id_rsa private key in the secrets manager and everything.
I ssh'd into the VM, copy-pasted, and it ran the command perfectly
besides me having to type 'yes' to add my domain to the known hosts. Is
that where I'm messing up?

(I went through the trouble and also ran the -e "ssh -i .ssh/id_rsa";
same result.)

some extra questions:

- with env vars, I just have an extra file at ~/.buildenv in my git repo
  to set stuff like export RSH="ssh -i ~/.ssh/id_rsa"? do I need a
  #!/env/bash at the top or need to make it executable? how could I
  integrate this with the secret file feature instead?

- for anyone doing CI with latex, is there a less painful way to install
  all required packages? I'm thinking about moving to docker
  specifically for this cause the download is so rough.

thanks for any future help!
ángel
Details
Message ID
<a1feb86c-9ac9-a8f4-5077-c09b4da53fb0@laxalde.org>
In-Reply-To
<cps2nmfqys54za2244glop3sgcotavpvpl74gd2lpr5kxzv2jv@w6kzswmu7dv6> (view parent)
DKIM signature
missing
Download raw message
Ángel Castañeda a écrit :
> I'm finally trying out builds.sr.ht, and I'm getting my LaTeX pdf to
> compile, but rsync is just not working for me.
> 
> latest failed:
> + rsync -uvzP  cv/cv.pdf deploy@server:path/to/cv.pdf
> Host key verification failed.

Try to add this before invoking rsync:

   echo "StrictHostKeyChecking=no" >> ~/.ssh/config
   rsync ...
Details
Message ID
<CVRT3WJDJ4AM.RGJT6B11IPF7@machine>
In-Reply-To
<a1feb86c-9ac9-a8f4-5077-c09b4da53fb0@laxalde.org> (view parent)
DKIM signature
missing
Download raw message
On Mon Sep 25, 2023 at 1:21 AM CDT, Denis Laxalde wrote:
>    echo "StrictHostKeyChecking=no" >> ~/.ssh/config

worked perfectly.
Details
Message ID
<l2yi7kmn7mhsgnpdubfubunnwcl3vrfnptngammkqkiqvutflp@uxprupc7vgxm>
In-Reply-To
<a1feb86c-9ac9-a8f4-5077-c09b4da53fb0@laxalde.org> (view parent)
DKIM signature
missing
Download raw message
On 23-09-25 08:21:10, Denis Laxalde wrote:
> Try to add this before invoking rsync:
> 
>   echo "StrictHostKeyChecking=no" >> ~/.ssh/config
>   rsync ...

Your suggestion works for a small example where only one host is being
used to ssh to. It can still be simplified by passing the option to the
ssh command directly:

    rsync -e 'ssh -o StrictHostKeyChecking=no' ....

This way if you try to connect to multiple ssh servers in the same CI
job you won't invalidate host key checking for all of them.

However I think the canonical way to fix this particular problem is to
add the remote hosts's key to the known hosts list before accessing it:

    ssh-keyscan -H server >> ~/.ssh/known_hosts

Cheers,
/Marius
Reply to thread Export thread (mbox)