Skip to content

Commit

Permalink
[Chore] Check git host certificate explicitly
Browse files Browse the repository at this point in the history 
Problem: 'libgit2' now performs host certificate checking prior to
connection to a git host through ssh. However, it only uses
'~/.ssh/known_hosts' to get  the list of known hosts, while in NixOS and
home-manager known host files are defined in 'GlobalKnownHostsFile' and
'UserKnownHostsFile' attributes of the ssh config file.

As a result, in some cases 'update-daemon' fails to check 'github.com' and
'gitlab.com' host certificates and throws an error.

Solution: Explicitly check git host certificate against the list of
known hosts from 'GlobalKnownHostsFile' and 'UserKnownHostsFile' taken
from '/etc/ssh/ssh_config' and '~/.ssh/config' respectively using
'ssh2-rs'.
  • Loading branch information
@rvem
rvem committed Mar 19, 2024
1 parent 41ae852 commit 27afd0e
Show file tree
Hide file tree
Showing 5 changed files with 262 additions and 39 deletions.
129 changes: 126 additions & 3 deletions Cargo.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

6 changes: 6 additions & 0 deletions Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,3 +27,9 @@ chrono = "0.4"
indexmap = { version = "1.9", features = [ "serde", "serde-1" ] }
merge = "0.1"
gpgme = "0.10.0"
ssh2 = "0.9"
ssh2-config = "0.2"

# Remove once changes are appear in upstream and the new crate version is released
[patch.crates-io]
ssh2-config = { git = "https://github.com/serokell/ssh2-config.git", branch = "rvem/populate-ignored-fields-with-ignored-instead-of-unparsed" }
Loading

0 comments on commit 27afd0e

Please sign in to comment.