Closed joseph-wakeling-frequenz closed 3 years ago
This is an ugly hack for all but short periods of time. The common robust solution is to have a private release repo, e.g. devpi or Artifactory, and "normal" dependencies. Or you somehow vendor this into your main package.
Or you use a read-only deploy key.
Out of scope to handle this in dh-venv for sure.
Yeah, I think there are multiple ways to solve this. You could mount a directory containing the key inside the build chroot when building it, use a tool to distribute a secret during a build time or as @jher said publish the package in some local package index etc.
Unfortunately I don’t have an answer to give here to this specific problem.
However I also think the solution is out of scope for dh-virtualenv
First up, thanks folks for a very useful tool!
I have a project where one of its dependencies is another private git repo of our organization. In other words the
install_requires
entry reads:However, this causes problems when
dh_virtualenv
gets running, because it runs as root inside the virtualenv, and is therefore unable to see the ssh keys of the user running thedebuild
command. So we get an error:Is there a recommended way to make sure that ssh keys are available to the virtualenv used to build the package (without leaving them in the package itself)? Brute-forcing by adding keys to
/root/.ssh
does not work and feels icky in any case.