diff options
author | Sam Thursfield <sam.thursfield@codethink.co.uk> | 2015-04-30 11:51:34 +0300 |
---|---|---|
committer | Baserock Gerrit <gerrit@baserock.org> | 2015-05-01 13:15:38 +0000 |
commit | 55496bf01f072f9b45e9ec7733c4bf02080bb3a0 (patch) | |
tree | 0ba0b0de02f3bcff57b9620fa5430cdb355f026e /openstack/manifest | |
parent | 05a6672c81c56d4c73a77582bc30d104ccece8aa (diff) | |
download | definitions-55496bf01f072f9b45e9ec7733c4bf02080bb3a0.tar.gz |
distbuild: Disable strict SSH host key checking
Although we scan the keys of the Trove, we can only do this for the exact
hostname specified in TROVE_HOST. If the definitions being built point
to repos in the Trove using an SSH URL but with a different hostname
(e.g. as an IP address, or a differently qualified hostname) then the
distbuild will fail with a fairly opaque error:
ERROR: Build of xx failed: ERROR: Failed to update cached version of
repo ssh://git@.../xxx
Currently we expect distbuild to be deployed on a trusted private
network, so this change doesn't make it less secure. However, it would
be a problem in future if we want distbuild networks connecting to their
Trove across a public, untrusted network.
Change-Id: I6cf8b318cab8985e811b5ee5ac29df225b62270d
Diffstat (limited to 'openstack/manifest')
0 files changed, 0 insertions, 0 deletions