Cool people don’t use Git with passwords, they use it with a SSH key pair instead. For those people, it should be possible to use Git commands that require a SSH key from within the container.
Assuming most people using a SSH key pair are also using a SSH agent, all we would have to do is to forward the agent’s socket into the container:
$ docker run -v $SSH_AUTH_SOCK:/ssh-auth.sock -e SSH_AUTH_SOCK=/ssh-auth.sock [other docker run options and arguments…]
This works fine at least on GNU/Linux. Unfortunately it doesn’t work on macOS, where a special workaround exists instead:
$ docker run -v /run/host-services/ssh-auth.sock:/run/host-services/ssh-auth.sock -e SSH_AUTH_SOCK=/run/host-services/ssh-auth.sock [other docker run options and arguments…]
A simpler option is to just bind the user’s ~/.ssh directory, but this will only work for simple setups where an agent is not necessary – and many users may not like the idea of exposing their SSH private key to the ODK container, not matter how much they trust the ODK…
Cool people don’t use Git with passwords, they use it with a SSH key pair instead. For those people, it should be possible to use Git commands that require a SSH key from within the container.
Assuming most people using a SSH key pair are also using a SSH agent, all we would have to do is to forward the agent’s socket into the container:
This works fine at least on GNU/Linux. Unfortunately it doesn’t work on macOS, where a special workaround exists instead:
A simpler option is to just bind the user’s
~/.sshdirectory, but this will only work for simple setups where an agent is not necessary – and many users may not like the idea of exposing their SSH private key to the ODK container, not matter how much they trust the ODK…