How to fetch closed-source ports?

[asomers]

I use Poudriere to build both open-source and closed-source ports from a unified fork of the freebsd-ports repo. The closed-source ports are all stored in private Github repos and their distfiles are distributed as tags. But Poudriere builds run as user nobody, and that user doesn't have an SSH key that Github will allow.
My hacky workaround is a shell script that cd's to each private port's directory and does make fetch for each, running as an allowed user, before invoking poudriere bulk. This works, but it's hacky and kind of slow. Is there a better way to supply Poudriere with the SSH key it needs to fetch from private GH repos?

[patmaddox]

I came up with an approach. Here's an example Makefile.

It took a while to get working. Unfortunately I haven't found a way to pass the authorization token string as an arg, do-fetch.sh is causing some weird escaping to happen.

So, the technique here is to read the auth token as a var, write it to a temp file, and then have curl read it in.

[asomers]

And how do you supply the patmaddox_org_GH_TOKEN variable to Poudriere?

[patmaddox]

See the "Create optional make.conf" section in poudriere(8)

e.g.

# /usr/local/etc/poudriere.d/make.conf
VALID_CATEGORIES+= patmaddox
patmaddox_org_GH_TOKEN= github_SOME_LONG_TOKEN

[patmaddox]

It's been suggested to define do-fetch instead of trying to use the existing fetch framework. Here's an example:

do-fetch:
	@if [ ! -f ${DISTDIR}/${DISTFILES} ]; then /usr/local/bin/curl -o ${DISTDIR}/${DISTFILES} -s -f -H "Authorization: token ${GH_TOKEN}" https://codeload.github.com/${GH_ACCOUNT}/${GH_PROJECT}/tar.gz/${GH_TAGNAME} ; fi