Use per-user SSH configuration in analyzer images
What does this MR do?
Fix an issue where installing OpenSSH would require user interaction when a systemwide SSH configuration file existed. This caused the dependency scanning job to fail when a TTY was not available.
Alpine
/ # apk --no-cache add openssh
fetch https://dl-cdn.alpinelinux.org/alpine/v3.19/main/aarch64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.19/community/aarch64/APKINDEX.tar.gz
(1/7) Installing openssh-keygen (9.6_p1-r0)
(2/7) Installing openssh-client-common (9.6_p1-r0)
(3/7) Installing openssh-client-default (9.6_p1-r0)
(4/7) Installing openssh-sftp-server (9.6_p1-r0)
(5/7) Installing openssh-server-common (9.6_p1-r0)
(6/7) Installing openssh-server (9.6_p1-r0)
(7/7) Installing openssh (9.6_p1-r0)
Executing busybox-1.36.1-r15.trigger
OK: 246 MiB in 69 packages
/ # ssh -Tv git@gitlab.com
OpenSSH_9.6p1, OpenSSL 3.1.4 24 Oct 2023
debug1: Reading configuration data /root/.ssh/config
# ...Debian
root@f7fc3e1b48cb:/# apt update && apt install --reinstall -y openssh-client
Get:1 http://deb.debian.org/debian bookworm InRelease [151 kB]
Get:2 https://deb.debian.org/debian unstable InRelease [198 kB]
Get:3 http://deb.debian.org/debian bookworm-updates InRelease [55.4 kB]
Get:4 http://deb.debian.org/debian-security bookworm-security InRelease [48.0 kB]
Get:5 http://deb.debian.org/debian bookworm/main arm64 Packages [8685 kB]
Get:6 https://deb.debian.org/debian unstable/main arm64 Packages [9842 kB]
Get:7 http://deb.debian.org/debian bookworm-updates/main arm64 Packages [12.5 kB]
Get:8 http://deb.debian.org/debian-security bookworm-security/main arm64 Packages [145 kB]
Fetched 19.1 MB in 3s (7486 kB/s)
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
223 packages can be upgraded. Run 'apt list --upgradable' to see them.
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
libssl-dev libssl3t64 openssl
Suggested packages:
libssl-doc keychain libpam-ssh monkeysphere ssh-askpass
The following packages will be REMOVED:
libssl3
The following NEW packages will be installed:
libssl3t64
The following packages will be upgraded:
libssl-dev openssh-client openssl
3 upgraded, 1 newly installed, 1 to remove and 219 not upgraded.
Need to get 6289 kB of archives.
After this operation, 635 kB disk space will be freed.
Get:1 https://deb.debian.org/debian unstable/main arm64 openssh-client arm64 1:9.7p1-2 [901 kB]
Get:2 https://deb.debian.org/debian unstable/main arm64 libssl-dev arm64 3.1.5-1.1 [2342 kB]
Get:3 https://deb.debian.org/debian unstable/main arm64 openssl arm64 3.1.5-1.1 [1208 kB]
Get:4 https://deb.debian.org/debian unstable/main arm64 libssl3t64 arm64 3.1.5-1.1 [1839 kB]
Fetched 6289 kB in 0s (19.5 MB/s)
debconf: delaying package configuration, since apt-utils is not installed
(Reading database ... 19504 files and directories currently installed.)
Preparing to unpack .../openssh-client_1%3a9.7p1-2_arm64.deb ...
Unpacking openssh-client (1:9.7p1-2) over (1:9.2p1-2+deb12u2) ...
Preparing to unpack .../libssl-dev_3.1.5-1.1_arm64.deb ...
Unpacking libssl-dev:arm64 (3.1.5-1.1) over (3.0.11-1~deb12u2) ...
Preparing to unpack .../openssl_3.1.5-1.1_arm64.deb ...
Unpacking openssl (3.1.5-1.1) over (3.0.11-1~deb12u2) ...
dpkg: libssl3:arm64: dependency problems, but removing anyway as you requested:
libssh2-1:arm64 depends on libssl3 (>= 3.0.0).
libsasl2-modules:arm64 depends on libssl3 (>= 3.0.0).
libpython3.11-minimal:arm64 depends on libssl3 (>= 3.0.0).
libkrb5-3:arm64 depends on libssl3 (>= 3.0.0).
libfido2-1:arm64 depends on libssl3 (>= 3.0.0).
(Reading database ... 19503 files and directories currently installed.)
Removing libssl3:arm64 (3.0.11-1~deb12u2) ...
Selecting previously unselected package libssl3t64:arm64.
(Reading database ... 19491 files and directories currently installed.)
Preparing to unpack .../libssl3t64_3.1.5-1.1_arm64.deb ...
Unpacking libssl3t64:arm64 (3.1.5-1.1) ...
Setting up libssl3t64:arm64 (3.1.5-1.1) ...
Setting up openssh-client (1:9.7p1-2) ...
Installing new version of config file /etc/ssh/ssh_config ...
Setting up libssl-dev:arm64 (3.1.5-1.1) ...
Setting up openssl (3.1.5-1.1) ...
Installing new version of config file /etc/ssl/openssl.cnf ...
Processing triggers for libc-bin (2.36-9+deb12u4) ...
root@f7fc3e1b48cb:/# ssh -Tv git@gitlab.com
OpenSSH_9.7p1 Debian-2, OpenSSL 3.1.5 30 Jan 2024
debug1: Reading configuration data /root/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_configRedHat
bash-4.4# microdnf reinstall openssh-clients
(microdnf:190): librhsm-WARNING **: 01:33:30.728: Found 0 entitlement certificates
(microdnf:190): librhsm-WARNING **: 01:33:30.751: Found 0 entitlement certificates
Package Repository Size
Reinstalling:
openssh-clients-8.0p1-19.el8_9.2.x86_64 ubi-8-baseos-rpms 660.0 kB
replacing openssh-clients-8.0p1-19.el8_9.2.x86_64
Transaction Summary:
Installing: 0 packages
Reinstalling: 1 packages
Upgrading: 0 packages
Obsoleting: 0 packages
Removing: 0 packages
Downgrading: 0 packages
Downloading packages...
Running transaction test...
Reinstalling: openssh-clients;8.0p1-19.el8_9.2;x86_64;ubi-8-baseos-rpms
Complete.
bash-4.4# ssh -Tv git@gitlab.com
OpenSSH_8.0p1, OpenSSL 1.1.1k FIPS 25 Mar 2021
debug1: Reading configuration data /root/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_configWhat are the relevant issue numbers?
Fixes gitlab-org/gitlab#451310 (closed)
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE, if necessary -
Documentation created/updated for this project, if necessary -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Job definition updated, if necessary -
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer
Edited by Oscar Tovar