ant-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Steve Loughran <ste...@apache.org>
Subject Re: ant and sudo
Date Wed, 12 Nov 2008 13:57:35 GMT
Hendrik Maryns wrote:
> Steve Loughran schreef:
>> The way we do root level access is to ssh in to localhost and run stuff
>> as root there. you can either set up the <ssh> command with the relevant
>> (property driven) password, 
> 
> How would I do that?  I need something similar for <signjar>.  Right now
> I use a plain password in the task, but that is just a temporary
> solution, of course.
> 

1. you have a property file in a subdirectory that only you can read; it 
is not under SCM. If you have an OS that can encrypt bits of the 
filesystem, encrypt that file.

Call it something like servers/ with the name of a specific server 
underneath, ideally the hostname: here is chamonix.properties

#property settings to upload to chamonix steve's desktop
ssh.enabled=true
ssh.server=chamonix
ssh.user=stevel
ssh.dir=public_html
ssh.keyfile=${user.home}/.ssh/chamonix.private
ssh.passphrase=
ssh.verbose=true
ssh.trust=true

2. You have a target that takes the server name as a property, and loads 
the given file

  <target name="load-server-settings" depends="init">
     <fail unless="server">
       Failed.
       Set the "server" property to the name of a server
       whose connection settings are in a property file under
       ${server.dir}.
     </fail>
     <property name="ssh.propfile"
         location="${server.dir}/${server}.properties"/>
     <loadproperties srcfile="${ssh.propfile}"/>
     <echo>
       SCP target is ${ssh.server}
       User is ${ssh.user}
       trust=${ssh.trust}
       keyfile=${ssh.keyfile}
     </echo>
     <presetdef name="ssh-remote">
       <sshexec host="${ssh.server}"
           username="${ssh.user}"
           passphrase="${ssh.passphrase}"
           trust="${ssh.trust}"
           timeout="6000000"
           keyfile="${ssh.keyfile}"
           />
     </presetdef>
   </target>

You can then use the scp command to upload files



     <scp remoteToDir="${ssh.path}"
         passphrase="${ssh.passphrase}"
         keyfile="${ssh.keyfile}"
         trust="${ssh.trust}"
         verbose="${ssh.verbose}">
       <fileset refid="upload.fileset"/>
     </scp>

or the <ssh-remote> presetdef to issue remote commands

   <target name="ssh-ls" depends="load-server-settings">
     <ssh-remote command="ls"/>
   </target>

To run against a server,

ant ssh-ls -Dserver=chamonix

What you must not do is stick passwords on the command line, as anyone 
else on a unix system can see those arguments via the ps command.

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@ant.apache.org
For additional commands, e-mail: user-help@ant.apache.org


Mime
View raw message