add known_hosts udc to write common public keys (e.g. github) to know…

…n_hosts (#15) * add known_hosts udc to write common public keys (e.g. github) to known_hosts
earthly · Oct 3, 2023 · 74e7595 · 74e7595
1 parent 6fba749
commit 74e7595
Show file tree

Hide file tree

Showing 3 changed files with 65 additions and 0 deletions.
diff --git a/Earthfile b/Earthfile
@@ -12,6 +12,7 @@ install-dind-script:
 
 test:
     BUILD +test-install-dind-amd64
+    BUILD ./ssh+test-add-known-hosts
 
 test-install-dind-amd64:
     BUILD --platform=linux/amd64 +test-install-dind-for-image \

diff --git a/ssh/Earthfile b/ssh/Earthfile
@@ -0,0 +1,57 @@
+VERSION --pass-args --arg-scope-and-set 0.7
+
+# ADD_KNOWN_HOSTS will append some known public keys into the $target_file
+ADD_KNOWN_HOSTS:
+    COMMAND
+    ARG target_file=~/.ssh/known_hosts
+    LET expanded_target_file="$(eval echo $target_file)"
+    COPY +known-hosts/known_hosts /tmp/.
+    RUN mkdir -p $(dirname $expanded_target_file) && cat /tmp/known_hosts >> $expanded_target_file
+    RUN rm /tmp/known_hosts
+
+# known-hosts is used to copy the known_hosts file into the build context (internal use)
+known-hosts:
+    FROM alpine
+    COPY known_hosts .
+    SAVE ARTIFACT known_hosts
+
+#######################
+# Tests:
+#######################
+
+test-add-known-hosts:
+    BUILD --platform=linux/amd64 +test-add-known-hosts-image \
+        --base_image=alpine:latest \
+        --base_image=debian:stable \
+        --base_image=debian:stable-slim \
+        --base_image=ubuntu:latest \
+        --base_image=amazonlinux:1 \
+        --base_image=amazonlinux:2 \
+        --target_file=~/to_interpolate/known_hosts \
+        --target_file=no_dir_new_known_hosts \
+        --target_file=/some/dir/to/file/new_known_hosts \
+        --target_file=existing_known_hosts # this will be handled in the test target
+
+test-add-known-hosts-image:
+    ARG --required base_image
+    ARG TARGETPLATFORM
+    FROM alpine
+    IF [ "$base_image" = "amazonlinux:1" ] && [ "$TARGETPLATFORM" = "linux/arm64" ] # no amazonlinux:1 for arm64, skipping
+        RUN echo skipping $base_image with platform $TARGETPLATFORM
+    ELSE
+        FROM "$base_image"
+        IF [ "$base_image" = "amazonlinux:1" ]
+            RUN yum -y install diffutils.x86_64
+        END
+        COPY ./known_hosts /tmp/expected-temp
+        RUN test -s /tmp/expected-temp
+        ARG target_file
+        IF [ "$target_file" = "existing_known_hosts" ]
+            RUN echo some-key >> /tmp/expected
+            RUN echo some-key >> $target_file
+        END
+        RUN cat /tmp/expected-temp >> /tmp/expected
+        DO --pass-args +ADD_KNOWN_HOSTS
+        LET expanded_target_file="$(eval echo $target_file)"
+        RUN diff /tmp/expected $(eval echo $expanded_target_file)
+    END
diff --git a/ssh/known_hosts b/ssh/known_hosts
@@ -0,0 +1,7 @@
+github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=
+github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=
+github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl
+gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9
+gitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY=
+gitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf
+bitbucket.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw==