带有git子模块的多个ssh密钥 [英] Multiple ssh keys with git submodules

问题描述

我正在使用GITHUB的企业版.我正在创建用于构建项目的自动构建服务器.这些项目具有子模块.

I am using an enterprise version of GITHUB. I am creating an automatic build server for to build our projects. These projects have submodules.

由于此构建服务器不是我"(它不能拥有我的用户凭据)，因此它需要能够通过github的部署密钥"功能从GIT下载项目.(每个项目的只读ssh键)

As this build server is not "me" (it cannot possess my user credentials) , it needs to be able to download the projects from GIT via the github "deploy keys" feature. (per-project read only ssh-keys)

限制是:1. github希望我以ssh://git@mygithubserver.com登录2. github强制执行一项政策，即任何两个项目都不能共享部署密钥(与为整个github服务器注册的常规用户密钥不同).[旁边的问题，这背后的原因是什么?！]3.我的公司IT不允许共享任意帐户:用户始终与一个人关联，不能属于服务器.

The limitations are: 1. github expects me to log on as ssh://git@mygithubserver.com 2. github enforces a policy where no two projects can share a deploy key (unlike regular user keys which are registered for the entire github server). [side question, what is the reasoning behind this?!] 3. My corporate IT does not allow shared arbitrary accounts: A user is always associated with a person, it cannot belong to a server.

这样，我认为我唯一的选择是对不同的项目使用部署密钥功能和不同的密钥.(部署密钥基本上是在这种情况下开发的……)

As such, I think my only option is to use the deploy keys feature with different keys for different projects. (deploy keys were basically developed with this scenario in mind... )

我发现可以设置多个键的唯一方法是: https://gist.github.com/jexchan/2351996

The only way I found which I can setup multiple keys is: https://gist.github.com/jexchan/2351996

现在有关子模块:该技巧仅适用于顶级项目，因为这是我可以指定自定义主机名的唯一位置，例如:"git clone git @ custom-git-host-name"命令.

Now regarding submodules: This trick can only work for top-level projects, because that's the only place I can specify a custom hostname, as in: "git clone git@custom-git-host-name" command.

在初始化并更新子模块时，它将使用父存储库中的任何主机名(原始mygithubserver.com).当我们的开发人员使用其个人密钥时，这将完美无缺.但是，对于需要针对不同项目使用不同部署密钥的构建服务器，此操作将失败.

When it goes to init and update the submodules, it uses whatever hostname is in the parent repo (which is the original mygithubserver.com ) . When our devs use their personal keys, this works flawlessly. However, for the build-server which needs different deploy keys for different projects, this fails.

有没有办法解决这个问题，让git在同一服务器上为不同项目使用不同的ssh密钥?

Is there a way to get around this, and have git use different ssh keys for different projects on the same server?

是否有一些愚蠢的方法可以让2个项目共享部署密钥?(我不允许修改github源代码，因为这是一个非常庞大的IT托管企业githib服务器)

Is there some silly way to have 2 projects share deploy keys? (I am not allowed to modify github source code, as this is a really huge IT managed enterprise githib server)

推荐答案

我通过在父项目中创建一个包含以下内容的小脚本文件解决了该问题:

I solved it by creating a small script file in the parent project containing the following:

git submodule init
ssh-agent sh -c "ssh-add -D; ssh-add some_private_key.pem; git submodule update some_dubmodule"
ssh-agent sh -c "ssh-add -D; ssh-add another_private_key.pem; git submodule update another_submodule"

这篇关于带有git子模块的多个ssh密钥的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！