search

yoctoproject / vscode-bitbake

Bitbake language support for Visual Studio Code
https://marketplace.visualstudio.com/items?itemName=yocto-project.yocto-bitbake
Other
45 stars 10 forks source link

Trouble authenticating with SSH #350

Closed pedro-a-costa-alb closed 6 days ago

pedro-a-costa-alb commented 2 weeks ago

Hi!

I’m working on a project with some recipes that fetch code from in private GitHub repos. I am using kas and have an ssh-agent running. Running kas shell config.yml -c "bash" in any terminal (including the VSCode one) shows that SSH_AUTH_SOCK is set, and I can successfully authenticate to GitHub using ssh -T git@github.com. All BitBake commands work fine and I can fetch everything.

However, when I use "BitBake: Open interactive terminal" through the extension, SSH_AUTH_SOCK isn’t defined, so ssh -T git@github.com prompts for my SSH key password. Other extension commands, like "BitBake Scan project," fail with "Permission denied (publickey)", which makes sense because without SSH_AUTH_SOCK the SSH key remains locked.

Strangely, I think it sometimes works fine, but I don't understand what makes it stop working. Any idea why this happens?

deribaucourt commented 1 week ago

Hello!

I'm testing kas-container which seems to fully strip down the environment that is present in the shell it was called by. In my case, running kas shell config.yml -c "bash" in a regular terminal also removed SSH_AUTH_SOCK. Maybe it was still there in your case because you use regular kas, without the container aspect?

In any case, I found that kas provides an option --ssh-agent to do exactly what we want, forward SSH_AUTH_SOCK. I suggest to add this option in your bitbake.commandWrapper setting: kas-container --ssh-agent shell -c. I will update the example configurations in our documentation as well.

Let me know if that worked for you?

pedro-a-costa-alb commented 1 week ago

I was using the standard kas (not the containerized version), which does strip down the environment but keeps the SSH_AUTH_SOCK. I tried switching to kas-container, but it didn't work as well with the extension.

So, I set bitbake.commandWrapper to kas-container --ssh-agent shell config.yml -c and returned the following error:

kas-container: Error: no SSH agent running
 *  Executing script: kas-container --ssh-agent shell config.yml -c 'which devtool bitbake || true'
 *  Bitbake process failed with code 1
 *  Terminal will be reused by BitBake, press any key to close it.

Searching for that error in the kas repository and seems to suggest that it happens when SSH_AUTH_SOCK is not set. https://github.com/siemens/kas/blob/f4ceea72d0a9d571e0a8ae2879ae0616758161df/kas-container#L249 But I do have a ssh-agent running and SSH_AUTH_SOCK

I also tried to opening a terminal using Bitbake: Open interactive terminal to see what the environment variables where, but it failed to launch (exit with code 1):

The terminal process "/usr/bin/zsh '-c', 'kas-container --ssh-agent shell config.yml -c 'bash''" failed to launch (exit code: 1).

Interestingly, when I run kas-container --ssh-agent shell config.yml -c "bash" in a regular terminal, it works, but the container does not have the SSH fingerprinting keys from the host and fails with Host key verification failed. I noticed an option in the docs, --ssh-dir $HOME/.ssh, which I tried and it worked. However, since they discouraged it, I created a new directory, $HOME/kas-ssh, with a known_hosts file containing only GitHub’s SSH fingerprints, and this setup worked as well. However, I still haven’t been able to get the extension to work with this setup.

pedro-a-costa-alb commented 1 week ago

After some digging, I have found that the problem was with my setup. I found that when I started VSCode from a terminal, the SSH_AUTH_SOCK variable was defined correctly. However, the way I was starting the ssh agent was preventing VSCode from inheriting the environment variables properly. The kas-container stuff I mentioned still happens, though. But I can use the standard kas just fine. Thank you for your help!