brysonsteck/refractr
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages 1 Wiki Activity Actions

show hash of untrusted hosts

Browse source
This commit is contained in:
Bryson Steck 2025-03-06 20:35:40 -07:00
parent 1f2d2edbd9
commit 23561ad34a
Signed by: brysonsteck
SSH key fingerprint: SHA256:XpKABw/nP4z8UVaH+weLaBnEOD86+cVwif+QjuYLGT4
2 changed files with 10 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
package.Dockerfile
View file

@ -10,7 +10,7 @@ RUN cargo build --release
RUN cargo install --locked --path .
RUN groupadd -g $GID refractr
RUN useradd -u $UID -g $GID -MN refractr
RUN useradd -u $UID -g $GID -mN refractr
RUN mkdir /etc/refractr && chown refractr:refractr /etc/refractr
USER refractr

10
src/refractr.rs
View file

@ -1,5 +1,5 @@
use git2::build::CheckoutBuilder;
use git2::{Cred, PushOptions, RemoteCallbacks, Repository};
use git2::{CertificateCheckStatus, Cred, PushOptions, RemoteCallbacks, Repository};
use sha2::{Sha256, Digest};
use crate::common;
@ -124,6 +124,14 @@ impl Refractr {
common::verbose(self.verbose, 1, format!("Pushing to remote: {}", remote.url().unwrap()));
let mut callbacks = RemoteCallbacks::new();
callbacks.credentials(|_,_,_| Cred::ssh_key("git", None, &Path::new(&cfg.git.ssh_identity_file), None));
callbacks.certificate_check(|cert, url| {
let mut sha256 = String::new();
for i in cert.as_hostkey().unwrap().hash_sha256().unwrap().to_vec() {
sha256.push_str(&hex::encode(i.to_string()));
}
eprintln!("warning: trusting unknown host {} with sha256 host key {}", url, hex::encode(cert.as_hostkey().unwrap().hash_sha256().unwrap().to_vec()));
Ok(CertificateCheckStatus::CertificateOk)
});
let mut push_options = PushOptions::new();
push_options.remote_callbacks(callbacks);