armbian-next: docker: passthrough of the SSH agent, via Docker magic on Darwin; enable for docker-shell and kernel-patches-to-git

- don't check/verify/update SSH-related hostkey etc for git tree push
2025-09-24 19:47:06 +07:00 · 2023-01-26 00:27:46 +01:00
parent 89d6c686c6
commit 6e267f5cd1
3 changed files with 25 additions and 2 deletions
--- a/lib/functions/cli/cli-docker.sh
+++ b/lib/functions/cli/cli-docker.sh
@@ -11,6 +11,12 @@ function cli_docker_pre_run() {
 }

 function cli_docker_run() {
+	case "${DOCKER_SUBCMD}" in
+		shell)
+			declare -g DOCKER_PASS_SSH_AGENT="yes" # Pass SSH agent to docker
+			;;
+	esac
+
 	LOG_SECTION="docker_cli_prepare" do_with_logging docker_cli_prepare

 	if [[ "${DOCKERFILE_GENERATE_ONLY}" == "yes" ]]; then
--- a/lib/functions/cli/cli-patch.sh
+++ b/lib/functions/cli/cli-patch.sh
@@ -1,5 +1,6 @@
 function cli_patch_kernel_pre_run() {
 	declare -g ARMBIAN_COMMAND_REQUIRE_BASIC_DEPS="yes" # Require prepare_host_basic to run before the command.
+	declare -g DOCKER_PASS_SSH_AGENT="yes"              # Pass SSH agent to docker

 	# "gimme root on a Linux machine"
 	cli_standard_relaunch_docker_or_sudo
@@ -34,7 +35,7 @@ function cli_patch_kernel_run() {
 		"kernel-${LINUXFAMILY}-${KERNEL_MAJOR_MINOR}:${target_branch}")

 	# Prepare the host and build kernel; without using standard build
-	prepare_host # This handles its own logging sections, and is possibly interactive.
+	prepare_host   # This handles its own logging sections, and is possibly interactive.
 	compile_kernel # This handles its own logging sections.

 	display_alert "Done patching kernel" "${BRANCH} - ${LINUXFAMILY} - ${KERNEL_MAJOR_MINOR}" "cachehit"
@@ -54,7 +55,9 @@ function cli_patch_kernel_run() {
 	display_alert "Git push command: " "${push_command[*]}" "info"
 	if [[ "${do_push}" == "yes" ]]; then
 		display_alert "Pushing to ${target_branch}" "${target_repo_url}" "info"
-		"${push_command[@]}"
+		git_ensure_safe_directory "${SRC}/cache/git-bare/kernel"
+		# @TODO: do NOT allow shallow trees here, we need the full history to be able to push
+		GIT_SSH_COMMAND="ssh -o GlobalKnownHostsFile=/dev/null -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no" "${push_command[@]}"
 		display_alert "Done pushing to ${target_branch}" "${summary_url}" "info"
 	fi

--- a/lib/functions/host/docker.sh
+++ b/lib/functions/host/docker.sh
@@ -371,6 +371,20 @@ function docker_cli_prepare_launch() {
 		"--env" "GITHUB_WORKSPACE=${GITHUB_WORKSPACE}"
 	)

+	if [[ "${DOCKER_PASS_SSH_AGENT}" == "yes" ]]; then
+		declare ssh_socket_path="${SSH_AUTH_SOCK}"
+		if [[ "${OSTYPE}" == "darwin"* ]]; then                     # but probably only Docker Inc, not Rancher...
+			declare ssh_socket_path="/run/host-services/ssh-auth.sock" # this doesn't exist on-disk, it's "magic" from Docker Desktop
+		fi
+		if [[ "${ssh_socket_path}" != "" ]]; then
+			display_alert "Socket ${ssh_socket_path}" "SSH agent forwarding into Docker" "info"
+			DOCKER_ARGS+=("--env" "SSH_AUTH_SOCK=${ssh_socket_path}")
+			DOCKER_ARGS+=("--volume" "${ssh_socket_path}:${ssh_socket_path}")
+		else
+			display_alert "SSH agent forwarding" "not possible, SSH_AUTH_SOCK is not set" "wrn"
+		fi
+	fi
+
 	# If running on GitHub Actions, mount & forward some paths, so they're accessible inside Docker.
 	if [[ "${CI}" == "true" ]] && [[ "${GITHUB_ACTIONS}" == "true" ]]; then
 		display_alert "Passing down to Docker" "GITHUB_OUTPUT: '${GITHUB_OUTPUT}'" "info"