Re: building packages with git+ssh

[Ludovic Courtès]

Hello,

Sorry for the late reply.

Chaitan Rogers <address@hidden> skribis:

> We are trying to build code that is stored in a internal repository that is 
> only accessible via git+ssh. This failed because openssh isn't included in the
> set of inputs that are available to the cloning process. After speaking to 
> "rekado" and others on IRC, I forked git-download.scm and modified it to
> include ssh. This meant that git was able to invoke ssh successfully but the 
> process subsequently failed due to failed host key verification. Perhaps
> with some hacking we may be able to convince ssh to ignore the host key but 
> we'll probably have more problems with keys / secrets etc that aren't
> in the jail.

I think you could arrange to set ‘HOME’ in git-download.scm (in the #~
expression that’s in there), and then populate ~/.ssh/known_hosts with
the relevant OpenSSH host public key (see ‘local-file’ for how to intern
a file into the store.)

If that sounds obscure to you, we can discuss the details here starting
from the patch you have.

> I also tried to get the package source into the jail by building with 
> --with-source. This almost worked but I noticed that the flag seems to apply 
> to the
> package being built but not any of its dependencies - i.e providing it 
> multiple times for dependent packages had no effect. 

Right, currently --with-source only applies to the “tip” (unlike
--with-input, which rewrites the dependency graph recursively).

We could change that or add a different option to do what you want.
Either way it’s mainly a matter of using ‘package-input-rewriting’ and
shouldn’t be hard.

Thoughts?

Thanks,
Ludo’.