search

r-darwish / topgrade

Upgrade everything
GNU General Public License v3.0
3.36k stars 161 forks source link

should the remote_topgrades default ssh arguments contain -A? #886

Open Walther opened 2 years ago

Walther commented 2 years ago

Currently, if you have a configuration with (for example)

remote_topgrades = [
    # hostnames here
]

[git]
repos = [
    "~/git/*/",
]

and you have private git repositories cloned on the remote machines, the following things will happen:

  1. There may be prompts like Enter passphrase for key '/home/walther/.ssh/id_ed25519': in the topgrade output
  2. These prompts may or may not disappear into the concurrent output of other repos getting pulled simultaneously, e.g. the printed git log output from public repositories that do not require authentication - it is easy to miss these prompts
  3. These prompts will require input in order to continue - either the password and enter (successfully or not), or ctrl-c to stop the git step
  4. There may actually be multiple prompts if you have multiple such repositories, but some of them may be hidden: even if you provide the password to one of them, the output may still be paused until you press enter (and get a failed to pull repo error), provide a password again sight unseen to a non-visible prompt, or press ctrl-c to stop the git step
  5. You might get frustrated at topgrade requiring so much manual attention when using it for remotes that have private git repositories

To be fair, some of these issues happen even locally, if you have private repositories and have not run ssh-add to have your ssh key in the ssh-agent. These git-repository related issues could perhaps be improved upon even for local use. If you want, I can file a separate issue for those.

For the remote part, an easy fix is to enable ssh agent forwarding, by adding this to the configuration:

ssh_arguments = "-A"

Should this option be enabled by default in topgrade for the remote connections?

If not, should it be documented as a helpful tip for other users who might run into the issue of remote topgrade git repository updates failing? If not, at least filing this issue for people to find just in case, and you can just close this.

Thanks!