Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Issue when parsing known_hosts file with comments using libgit2 #474

Closed
remisauvat opened this issue Oct 28, 2021 · 2 comments · Fixed by #475
Closed

Issue when parsing known_hosts file with comments using libgit2 #474

remisauvat opened this issue Oct 28, 2021 · 2 comments · Fixed by #475
Labels
area/git Git related issues and pull requests bug Something isn't working

Comments

@remisauvat
Copy link

Hi,

I found an issue when the secret for a GitRepository contains a known_hosts file with comments. When using the libgit2 implementation I get the following error:

{"level":"error","ts":"2021-10-28T08:44:51.251Z","logger":"controller.gitrepository","msg":"Reconciler error","reconciler group":"source.toolkit.fluxcd.io","reconciler kind":"GitRepository","name":"gitops","namespace":"flux-system","error":"auth error: EOF"}

I had the same errors with image-automation-controller which uses the same code.

I was able to track down the issue to

source-controller/pkg/git/libgit2/transport.go

Lines 169 to 172 in 5ccb914

_, hosts, pubKey, _, _, err := ssh.ParseKnownHosts(scanner.Bytes())
if err != nil {
return []knownKey{}, err
}

Which tries for each line in the known_hosts file to parse the entry. But according to the official documentation, the function ParseKnownHosts can return io.EOF

If no entries were found in the input then err will be io.EOF

So I think those errors should be ignored or maybe lines should be scanned for # in them.

Here is an example secret that fails.

---
apiVersion: v1
kind: Secret
metadata:
  name: gitops
  namespace: flux-system
stringData:
  identity: |
    -----BEGIN OPENSSH PRIVATE KEY-----
    ....
    -----END OPENSSH PRIVATE KEY-----
  identity.pub: |
    ssh-rsa ...
  known_hosts: |
    # github
    192.30.253.112 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
@darkowlzz darkowlzz added the bug Something isn't working label Oct 28, 2021
@ppodevlabs
Copy link

This is happening to the image automation controller too. Just confirmed.

{"level":"error","ts":"2021-10-28T11:28:51.725Z","logger":"controller-runtime.manager.controller.imageupdateautomation","msg":"Reconciler error","reconciler group":"image.toolkit.fluxcd.io","reconciler kind":"ImageUpdateAutomation","name":"acceptance-ipa","namespace":"operator-cp-kang-qa","error":"auth error: EOF"}

Removing the # lines fixed the issue.

@hiddeco
Copy link
Member

hiddeco commented Oct 28, 2021

@darkowlzz is working on a fix, this will be included in the next release.

@hiddeco hiddeco added the area/git Git related issues and pull requests label Oct 28, 2021
@darkowlzz darkowlzz mentioned this issue Oct 28, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/git Git related issues and pull requests bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

libgit2: handle EOF in parseKnownHosts() darkowlzz/source-controller
4 participants
@darkowlzz @remisauvat @ppodevlabs @hiddeco