crates.io releases? #1092
Comments
|
Support for SSH access using local keys will likely be removed soon. Currently SSH fetch is supported with SSH agent forwarding in the latest docker image, but not push yet. |
|
About the initial question: We currently don't release to crates.io anymore and I don't think it really makes sense for the proxy. |
Oh, that would be a bummer. :/ |
|
The main reason for that is that it’s insecure, and that SSH agent forwarding fully covers all potential use cases. You can even try it with the latest container by overriding GIT_SSH_COMMAND to enable ssh ForwardAgent option |
|
I don't see how it is insecure for josh to just run as my user ID and do a |
|
It’s insecure because when deployed, it lets users to essentially bypass authentication by using the key on the server. as for docker requirement, unfortunately it is there to stay. We can’t even guarantee josh will always be fully functional when run as a single process - simply because it needs additional services to work, hence the multi-service container. Docker is a more or less industry standard, so I can’t really see how it makes things complicated. one thing you could try is just build a container from a given commit sha locally and then run it |
|
Ah sure, on a server it shouldn't use the local keys. In the docker container there won't be any local keys anyway. When running it locally however, it using my keys seems fine? Though maybe I should use josh-filter instead -- we went for the proxy as that's what the documentation mostly talks about. Does josh-filter have support for caching?
🤷 I still find docker pretty complicated and struggle each time I have to use it (which is rare). It's whole set of custom terminology, tons of implicit global state, and fairly poor UI don't help. I totally believe that if you use it all the time, it all makes sense and you know how to circumnavigate its rough edges, but for occasional use I find it fairly annoying. |
Yeah locally using locally available keys makes more sense. And you’re right that this might not be the best use of a proxy. I don’t think josh-filter has cache but maybe @christian-schilling can correct me |
|
Would it help if there was a script or something in the repo for building and running release containers? Currently we have one for test containers but not for release |
|
I mean, the one-liner is not so bad: The problem is all the "things around" the container, which will be hard to put into a script -- things like #1089. (It took me quite a while to figure out that adding And then there is the authentication problem, as we discussed in #1089. Though for a docker container I run locally I'd be fine giving it access to my ssh-agent (however that would work). |
|
It looks to me that the whole "service in a container" thing is really not that ideal for your use case. It's not really what the proxy is intended to be used for. Having a CLI that just does the filtering without the whole container/network/auth stuff would be much easier to handle. |
|
I don't see a way to set the cache to be used by josh-filter though? Even for the "fetch" side, I assume we'd have to arrange a bunch of things ourselves, like getting the upstream rustc commits into a local repo, and then getting the transformed commits into the Miri repo... the proxy interface is taking care of these things quite nicely. |
Looks like the latest josh release is not yet at https://crates.io/crates/josh. Are new releases usually put there?
When using josh as a docker image it cannot access my SSH keys for pushing, so I plan to change our instructions to install josh via
cargo installinstead, but currently we have to do that from the git repo since the crates.io version is outdated. Hence the question.The text was updated successfully, but these errors were encountered: