show hash of untrusted hosts

package.Dockerfile

@@ -10,7 +10,7 @@ RUN cargo build --release
 RUN cargo install --locked --path .
 
 RUN groupadd -g $GID refractr
-RUN useradd -u $UID -g $GID -MN refractr
+RUN useradd -u $UID -g $GID -mN refractr
 RUN mkdir /etc/refractr && chown refractr:refractr /etc/refractr
 USER refractr
 

src/refractr.rs

@@ -1,5 +1,5 @@
 use git2::build::CheckoutBuilder;
-use git2::{Cred, PushOptions, RemoteCallbacks, Repository};
+use git2::{CertificateCheckStatus, Cred, PushOptions, RemoteCallbacks, Repository};
 use sha2::{Sha256, Digest};
 
 use crate::common;
@@ -124,6 +124,14 @@ impl Refractr {
       common::verbose(self.verbose, 1, format!("Pushing to remote: {}", remote.url().unwrap()));
       let mut callbacks = RemoteCallbacks::new();
       callbacks.credentials(|_,_,_| Cred::ssh_key("git", None, &Path::new(&cfg.git.ssh_identity_file), None));
+      callbacks.certificate_check(|cert, url| {
+        let mut sha256 = String::new();
+        for i in cert.as_hostkey().unwrap().hash_sha256().unwrap().to_vec() {
+          sha256.push_str(&hex::encode(i.to_string()));
+        }
+        eprintln!("warning: trusting unknown host {} with sha256 host key {}", url, hex::encode(cert.as_hostkey().unwrap().hash_sha256().unwrap().to_vec()));
+        Ok(CertificateCheckStatus::CertificateOk)
+      });
       let mut push_options = PushOptions::new();
       push_options.remote_callbacks(callbacks);