I'd like to create a cronjob to automatically run a git-pull every minute. The problem is that my repo is private, I had to create keys on my system (Ubuntu Server 12.04). I installed keychain and ssh-agent now prevents the system from asking me the passphrase everytime. The problem is that it doesn't work from crontab! Why from shell it works and from crontab I get asked the passphrase?
Asked
Active
Viewed 2,723 times
0
-
Also, just to be clear, git pull doesn't require a passphrase when running under your standard environment, correct? – jedwards Apr 05 '13 at 22:54
-
Ok, update. I closed the connection, reconnected and now in "standard environment" keychain works and I don't have to insert the passphrase until `ssh-agent` is "alive". Problem is with crontab. I added a: `*/1 * * * * root cd /PATH_TO_REPO && git pull >> ~/git.log` but I get a `"Host key verification failed. fatal: The remote end hung up unexpectedly."` The same command (`git pull`) from "standard environment" works fine now though... – MultiformeIngegno Apr 06 '13 at 00:54
2 Answers
2
In your script, are you doing an $(eval ssh-agent), and then an ssh-add <private_key>?
To verify, do an ssh-add -l before doing the git pull to make sure your keys are where they should be.
[edit] Try making a script like this:
#!/bin/bash
set -e
cd /var/www/GITREPO
eval $(ssh-agent)
ssh-add /home/multiformeingegno/.ssh/id_rsa
ssh-add -l
git pull
rongenre
- 131
- 5
-
-
Yeah try it all in a script: #!/bin/bash set -e cd /PATH_TO_REPO eval $(ssh-agent) ssh-add
ssh-add -l ## to check git pull – Apr 06 '13 at 00:59 -
I tried running `#!/bin/bash set -e cd /var/www/GITREPO eval $(ssh-agent) ssh-add /home/multiformeingegno/.ssh/id_rsa ssh-add -l` in shell but I receive no feedback – MultiformeIngegno Apr 06 '13 at 01:05
-
`ssh-add -l` gives me the fingerprint and location of the keys, so they're correct. – MultiformeIngegno Apr 06 '13 at 01:08
-
I tried the script but I receive a: `fatal: Not a git repository (or any of the parent directories): .git.` of course I set the REPO path for `cd`. – MultiformeIngegno Apr 06 '13 at 01:11
-
-
It works!! The only problem is the damned passphrase. The script still asks it, dunno why! :( With a simple "git pull" from the git repo dir I'm not asked for it.. weird. – MultiformeIngegno Apr 06 '13 at 01:16
-
The weird thing is that the same command from shell doesn't ask me the passphrase, called from a .sh file it does! – MultiformeIngegno Apr 06 '13 at 01:25
-
Anyway keychain should allow me to avoud adding the key everytime – MultiformeIngegno Apr 06 '13 at 01:27
-
Here is a usefull doc I found: Don't forget that you can also get your cron jobs and scripts to "hook in" to the running ssh-agent process. To use ssh or scp commands from your shell scripts and cron jobs, just make sure that they source your ~/.ssh-agent file first: source ~/.ssh-agent Then, any following ssh or scp commands will be able to find the currently-running ssh-agent and establish secure passwordless connections just like you can from the shell. – MultiformeIngegno Apr 06 '13 at 01:30
-
DONE! With this it doesn't ask me the passphrase, because keychain is called: `source ~/.keychain/$HOSTNAME-sh cd PATH_TO_REPO git pull` – MultiformeIngegno Apr 06 '13 at 01:33
0
better then a cronjob, I propose the hooks/post-receive script :
First, in my .bashrc :
[ -x /usr/bin/keychain ] && /usr/bin/keychain ~/.ssh/id_rsa || echo "Missing keychain pkg..."
[ -f ~/.keychain/$(hostname)-sh ] && source ~/.keychain/$(hostname)-sh
Which asks for passphrase at first login (necessary) for the keychain ss-agent to register as you know.
Then, in the bare repository : /path/to/bare/repo.git/hooks/post-receive :
#!/bin/bash
ssh <host> sh << EOF #I launch sh here for less verbosity on terminal login
. ~/.keychain/\$(hostname)-sh
cd /path/to/cloned/repo.git
unset GIT_DIR
git pull
EOF
don't forget to :
chmod +x /path/to/bare/repo.git/hooks/post-receive
this way, from my dev clone of the bare repository, the production one is automatically updated.
s4mdf0o1
- 101
- 4