search

home-assistant / addons

:heavy_plus_sign: Docker add-ons for Home Assistant
https://home-assistant.io/hassio/
Apache License 2.0
1.58k stars 1.52k forks source link

git pull add-on : malformed deployment_key throwing libcrypto error. #3700

Closed baudneo closed 1 month ago

baudneo commented 4 months ago

Describe the issue you are experiencing

When using an SSH key with the git pull add-on, the add-on will format the key in YAML as:

deployment_key:
  - >-
    -----BEGIN OPENSSH PRIVATE KEY-----
    b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
    QyNTUxOQAAACAjwLVL5pTg4dDLVKFLdg937uVedACrI66pEelMAeifkgAAAJhX6wwjV+sM
    IwAAAAtzc2gtZWQyNTUxOQAAACAjwLVL5pTg4dDLVKFLdg937uVedACrI66pEelMAeifkg
    <REDACTED>
    <REDACTED> ----END OPENSSH
    PRIVATE KEY-----

Using the - >- YAML formatting which does not supply a \n (newline) at the end. This results in a libcrypto error when ssh tries to load the private key and fails the git command. When I try and manually add a newline using the >- nomenclature, the text is reformatted when clicking the save button which removes the newline.

I solved this issue by reformatting the key by editing the config in YAML mode:

deployment_key:
  - "-----BEGIN OPENSSH PRIVATE KEY-----"
  - b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
  - QyNTUxOQAAACAjwLVL5pTg4dDLVKFLdg937uVedACrI66pEelMAeifkgAAAJhX6wwjV+sM
  - IwAAAAtzc2gtZWQyNTUxOQAAACAjwLVL5pTg4dDLVKFLdg937uVedACrI66pEelMAeifkg
  - <REDACTED>
  - <REDACTED>
  - "-----END OPENSSH PRIVATE KEY-----"

What type of installation are you running?

Home Assistant OS

Which operating system are you running on?

Home Assistant Operating System

Which add-on are you reporting an issue with?

Git pull

What is the version of the add-on?

7.14.1

Steps to reproduce the issue

  1. Add your SSH private key in the GUI config
  2. Click save and restart the add-on
  3. View the log to see the error

System Health information

System Information

version core-2024.7.3
installation_type Home Assistant OS
dev false
hassio true
docker true
user root
virtualenv false
python_version 3.12.4
os_name Linux
os_version 6.6.33-haos
arch x86_64
timezone America/Edmonton
config_dir /config
Home Assistant Community Store GitHub API | ok -- | -- GitHub Content | ok GitHub Web | ok GitHub API Calls Remaining | 5000 Installed Version | 1.34.0 Stage | running Available Repositories | 1389 Downloaded Repositories | 34
Home Assistant Cloud logged_in | false -- | -- can_reach_cert_server | ok can_reach_cloud_auth | ok can_reach_cloud | ok
Home Assistant Supervisor host_os | Home Assistant OS 12.4 -- | -- update_channel | stable supervisor_version | supervisor-2024.06.2 agent_version | 1.6.0 docker_version | 26.1.4 disk_total | 62.3 GB disk_used | 29.6 GB healthy | true supported | true host_connectivity | true supervisor_connectivity | true ntp_synchronized | true virtualization | kvm board | ova supervisor_api | ok version_api | ok installed_addons | Git pull (7.14.1), Advanced SSH & Web Terminal (18.0.0), Custom deps deployment Visolo (1.3.6), Studio Code Server (5.15.0), Mosquitto broker (6.4.1), MQTT Explorer (browser-1.0.1), rtlamr2mqtt (2.3.4), ESPHome (2024.7.2), Asterisk (4.4.0), EMQX (0.6.1), Home Assistant Google Drive Backup (0.112.1), Z-Wave JS (0.6.2), Z-Wave JS UI (3.9.2), Zigbee2MQTT (1.39.0-1)
Dashboards dashboards | 5 -- | -- resources | 18 views | 17 mode | storage
Recorder oldest_recorder_run | July 21, 2024 at 2:02 AM -- | -- current_recorder_run | July 27, 2024 at 9:47 PM estimated_db_size | 1051.65 MiB database_engine | sqlite database_version | 3.45.3
Spotify api_endpoint_reachable | ok -- | --

Anything in the Supervisor logs that might be useful for us?

No response

Anything in the add-on logs that might be useful for us?

[Warn] No valid SSH connection for git@github.com
[Info] Start adding SSH key
[Info] Setup deployment_key on id_ed25519
[Info] setting up credential.helper for user: str
[Info] Saving git credentials to /tmp/git-credentials
fatal: refusing to work with credential missing host field  <-- red herring
[Info] Local git repository exists
[Info] Git origin is correctly set to git@github.com:baudneo/<REDACTED>.git
[Info] Start git fetch...
Load key "/root/.ssh/id_ed25519": error in libcrypto <----- ERROR
git@github.com: Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
[Error] Git fetch failed

Additional information

When using the - >- format, the private key needs a newline terminator at the end or you can switch the formatting.

github-actions[bot] commented 3 months ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

baudneo commented 3 months ago

I don't think this is stale

radeksalomon commented 2 months ago

I confirm, the solution from @baudneo is the functional workaround. I was experiencing the same issue and the new line dashes and double quotes fixed my headache.

github-actions[bot] commented 1 month ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

baudneo commented 1 month ago

Going to close this, hopefully others find it in Google search.