Unable to use ssh access to GitHub repo

[hferentschik]

I am trying to use ssh git URL to specify the location of my sources. When doing so, I'll get the following in the build log:

E1109 15:17:12.917632       1 git.go:102] Clone failed: Host key verification failed.
fatal: Could not read from remote repository.

Please make sure you have the correct access rights and the repository exists.

F1109 15:17:12.922253       1 builder.go:59] Build error: exit status 128

I did the following to create the OpenShift secret:

oc secrets new github-secret ssh-privatekey=~/.ssh/oo_id_rsa
oc secrets add serviceaccount/builder secrets/github-secret

I then added the following to the build config:

"sourceSecret": {
  "name": "github-secret"
},

When debugging the the failing pod, I can see that the secret is available under /tmp/tmpsecret332138224/ssh-privatekey, however, there seems to be an encoding error with the key. new lines appear literally as \n:

-----BEGIN RSA PRIVATE KEY-----\nMIIJKAIBAAKCAgEAxaESNV3HGJ8RiPUTg2d02lmociNM55g5wJyTdInTG6OMZkjx\n1LSAvO8M8sVo8exMp90q+r/NwYquCHjIR5G9/lEm7gRFpovkQdckwX90h93fKfEY\nlhw9Y/jXJFKzJ+MGaKa26niHxEX1U4HY8P4WbLLhd0ekOjp+x02sH65s4cycnONy\nwlopwJxLrZpu7oRcGzy3P6yGDWyqoYVnSJgGlcgJ7pfbKjpnyyApwcBmlvywizk4\n1VJJ11blXxLtKv5Y4PRrM7J8r/7Nlng96cWpbTkRo3wLyPsZV1EIkWjZ6/vBYM27\neopaPq+IqQJr4t3GV51F5du7frCfhd1ts+1Yy5H58eEwr/9boiy7qTDbfcZofzld\n/TEtDlk/zwf+yM5D2E2IC/jbWA1J0YWbSFRWF+nEJ8Xi7NBEtPfJ3hljvYNcrS42\nmfqabhjUGZwhBPxG1QFD96f/In9AR3JWhCEHEtK7SZjr/pd07TOluBLN9zAY8ehB\n2oKm6KI4fgJWnyezgZmvuir4JhcvhFqMwNRrdMP7jC7yH+/lCdKT8LYcy9oZs5o6\n...

Instead of:

-----BEGIN RSA PRIVATE KEY-----
MIIJKAIBAAKCAgEAxaESNV3HGJ8RiPUTg2d02lmociNM55g5wJyTdInTG6OMZkjx
1LSAvO8M8sVo8exMp90q+r/NwYquCHjIR5G9/lEm7gRFpovkQdckwX90h93fKfEY
lhw9Y/jXJFKzJ+MGaKa26niHxEX1U4HY8P4WbLLhd0ekOjp+x02sH65s4cycnONy
wlopwJxLrZpu7oRcGzy3P6yGDWyqoYVnSJgGlcgJ7pfbKjpnyyApwcBmlvywizk4
...

Hence, if I for example run:

ssh  -i /tmp/tmpsecret332138224/ssh-privatekey -T [email protected]

I'll get:

Enter passphrase for key '/tmp/tmpsecret332138224/ssh-privatekey': 

This is the reason why the builder pod cannot clone the specified repository. If I update the private key with its proper content and re-run the above command I get the expected:

Hi hferentschik! You've successfully authenticated, but GitHub does not provide shell access.

Bottom line, the private key specified via oc secrets new seems to get scrambled somewhere along the line.

[mfojtik]

@jhadvig @csrwng FYI

[mfojtik]

@pmorie PTAL as well... this might be related to how secrets are delivered to pods, I'm sure we had some QE for private keys and they worked :-)

[hferentschik]

FYI, I am running on OS X and using Openshift in a all-in-one setup running in a VirtualBox vm.

[hferentschik]

When running:

oc get secrets/github-secret -o json

and decoding base64 string, the resulting key seems to be correct. So the problem seems to occur when the key is placed onto the builder pod.

[mfojtik]

@hardys @smarterclayton this should fix this right? #5778

@sdodson I think we need this into rcm ose image :-)

[sdodson]

@mfojtik should be in the latest as of yesterday evening

[hferentschik]

I'll give it a go

[hferentschik]

@sdodson, @mfojtik works with the latest image. Thanks.