From 75095445bffaf4ef88b150efdb4e5cb7cc90bbe6 Mon Sep 17 00:00:00 2001 From: Olivier Halligon Date: Wed, 13 Oct 2021 21:25:59 +0200 Subject: [PATCH 1/4] Add a new `add_host_to_ssh_known_hosts` command --- bin/add_host_to_ssh_known_hosts | 10 ++++++++++ bin/publish_private_pod | 5 ++++- 2 files changed, 14 insertions(+), 1 deletion(-) create mode 100755 bin/add_host_to_ssh_known_hosts diff --git a/bin/add_host_to_ssh_known_hosts b/bin/add_host_to_ssh_known_hosts new file mode 100755 index 00000000..b5f1fd3f --- /dev/null +++ b/bin/add_host_to_ssh_known_hosts @@ -0,0 +1,10 @@ +#!/bin/bash -eu + +# Parameter can be just a host name, or a full http, https or git URL. Defaults to `github.com`. +URL=${1:-github.com} + +# Use a RegEx to extract the $HOST. Match the optional `http://`, `https://` or `git@` at the start, then capture everything after that up to the next `/` or `:`. +[[ $URL =~ ^(https?://|git@)?([^/:]+) ]] && HOST=${BASH_REMATCH[2]} + +echo "Adding ${HOST} to '~/.ssh/known_hosts'..." +for ip in $(dig @8.8.8.8 ${HOST} +short); do ssh-keyscan github.com,$ip; ssh-keyscan $ip; done 2>/dev/null >> ~/.ssh/known_hosts || true diff --git a/bin/publish_private_pod b/bin/publish_private_pod index 9d5a7910..ce25d9e6 100755 --- a/bin/publish_private_pod +++ b/bin/publish_private_pod @@ -12,8 +12,11 @@ ssh-add -D ssh-add ~/.ssh/pod_repo_push_deploy_key ssh-add -l +# Add the host of the spec repo (typically github.com) to the known_hosts to be sure we can clone it via ssh +add_host_to_ssh_known_hosts "$PRIVATE_SPECS_REPO" + # For some reason this fixes a failure in `lib lint` # https://github.com/Automattic/buildkite-ci/issues/7 xcrun simctl list >> /dev/null -bundle exec pod repo push $PRIVATE_SPECS_REPO $PODSPEC_PATH +bundle exec pod repo push "$PRIVATE_SPECS_REPO" "$PODSPEC_PATH" From a335e2531b7d020fa4e4bd79cfc52d3ea1d7b318 Mon Sep 17 00:00:00 2001 From: Olivier Halligon Date: Tue, 19 Oct 2021 16:41:07 +0200 Subject: [PATCH 2/4] Fix typo messing up with genericity of script on $HOST Co-authored-by: Gio Lodi --- bin/add_host_to_ssh_known_hosts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/add_host_to_ssh_known_hosts b/bin/add_host_to_ssh_known_hosts index b5f1fd3f..ecf0bdcc 100755 --- a/bin/add_host_to_ssh_known_hosts +++ b/bin/add_host_to_ssh_known_hosts @@ -7,4 +7,4 @@ URL=${1:-github.com} [[ $URL =~ ^(https?://|git@)?([^/:]+) ]] && HOST=${BASH_REMATCH[2]} echo "Adding ${HOST} to '~/.ssh/known_hosts'..." -for ip in $(dig @8.8.8.8 ${HOST} +short); do ssh-keyscan github.com,$ip; ssh-keyscan $ip; done 2>/dev/null >> ~/.ssh/known_hosts || true +for ip in $(dig @8.8.8.8 "${HOST}" +short); do ssh-keyscan "${HOST}",$ip; ssh-keyscan $ip; done 2>/dev/null >> ~/.ssh/known_hosts || true From 51c9c8f9bb455fc7e4229284871f0d5495c31257 Mon Sep 17 00:00:00 2001 From: Olivier Halligon Date: Fri, 5 Nov 2021 17:28:58 +0100 Subject: [PATCH 3/4] Remove github.com as a default for add_host_to_ssh_known_hosts --- bin/add_host_to_ssh_known_hosts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bin/add_host_to_ssh_known_hosts b/bin/add_host_to_ssh_known_hosts index ecf0bdcc..1d1b27c0 100755 --- a/bin/add_host_to_ssh_known_hosts +++ b/bin/add_host_to_ssh_known_hosts @@ -1,7 +1,7 @@ #!/bin/bash -eu -# Parameter can be just a host name, or a full http, https or git URL. Defaults to `github.com`. -URL=${1:-github.com} +# Parameter can be just a host name, or a full http, https or git URL. +URL="${1:?You need to provide an URL as first parameter}" # Use a RegEx to extract the $HOST. Match the optional `http://`, `https://` or `git@` at the start, then capture everything after that up to the next `/` or `:`. [[ $URL =~ ^(https?://|git@)?([^/:]+) ]] && HOST=${BASH_REMATCH[2]} From 38ff9e559801f39b2162fa8effcdd82eb5d2ec2b Mon Sep 17 00:00:00 2001 From: Olivier Halligon Date: Fri, 5 Nov 2021 17:33:22 +0100 Subject: [PATCH 4/4] Make install_swiftpm_dependencies call add_host_to_ssh_known_hosts instead of duplicating code --- bin/install_swiftpm_dependencies | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/bin/install_swiftpm_dependencies b/bin/install_swiftpm_dependencies index 9f6eb5db..9b2226c7 100755 --- a/bin/install_swiftpm_dependencies +++ b/bin/install_swiftpm_dependencies @@ -3,10 +3,7 @@ sudo defaults write com.apple.dt.Xcode IDEPackageSupportUseBuiltinSCM YES # Trust all GitHub.com and BitBucket.org keys – this allows checking out dependencies via SSH -for ip in $(dig @8.8.8.8 bitbucket.org +short); do ssh-keyscan bitbucket.org,$ip; ssh-keyscan $ip; done 2>/dev/null >> ~/.ssh/known_hosts || true -echo ":bitbucket: Added BitBucket IP Addresses to known_hosts" - -for ip in $(dig @8.8.8.8 github.com +short); do ssh-keyscan github.com,$ip; ssh-keyscan $ip; done 2>/dev/null >> ~/.ssh/known_hosts || true -echo ":github: Added GitHub IP Addresses to known_hosts" +add_host_to_ssh_known_hosts bitbucket.org +add_host_to_ssh_known_hosts github.com xcodebuild -resolvePackageDependencies