travis 出现错误的幻数错误

tag-icon tag-icon ssh encryption github
travis 出现错误的幻数错误

在 travis-ci.org 上提交代码后,我的 github 项目出现以下错误:

Deploying application

on master ✓
domain: <mydomain> ✓
site path: /srv/http/webapps/Main ✓
zipping _site to site.zip...
decrypting ssh key...
bad magic number

Script failed with status 1
failed to deploy

我分叉了一个项目,我试图接管并维护该项目,因为该项目已被其作者终止,我认为这是一种耻辱。该项目使用 travis 来更新其站点。我对 travis 完全不熟悉,从来没有绕过加密,事实上以前从未建立过网站,所以我对我在做什么完全一无所知。

我使用三台计算机来实现此目的。我自己的,一台开发计算机和托管一台的站点。

我认为相关的文件是.travis.yml.deploy/deploy.sh.deploy/deploy_key.enc

我所做的如下:

sudo ssh root@UBS-main
cd /srv/http/webapps/Main
nano .travis.yml (removing env.global.secure line)
ssh-keygen -t rsa -b 4096 -C '[email protected]' -f ./deploy_key
travis encrypt-file deploy_key --add
travis encrypt MY_SECRET_ENV=<pass> --add env.global
rm deploy_key
scp /srv/http/webapps/Main/deploy_key.enc folatt@UBS-Dev:~/workspace/UBS/UBS-site/deploy/deploy_key.enc
scp /srv/http/webapps/Main/.travis.yml folatt@UBS-Dev:~/workspace/UBS/UBS-site/.travis.yml

这是假设我

  1. 需要创建一个ssh密钥
  2. 使用 travis 加密该密钥。
  3. 需要某种秘密密码吗?再次使用特拉维斯。
  4. 删除未加密的密钥。
  5. 将密钥和 travis 文件移至开发计算机存储库。
  6. 然后将更改提交到github。

.travis.yml

language: ruby
sudo: false
rvm:
- 2.2
env:
  global:
  - domain: <mydomain> (changed)
  - site_path: /srv/http/webapps/Main (changed)
  - secure: <bunch of encrypted code> (changed)
before_script:
  - npm install -g bower
  - bower install
script: bundle exec jekyll build
deploy:
  provider: script
  skip_cleanup: true
  script: "./deploy/deploy.sh"
  on:
    branch: master

./deplay/deploy.sh

#!/usr/bin/env bash
set -e

if [ ! "env:$TRAVIS_BRANCH" == "env:master" ]; then
    echo not on master, not deploying
    exit 0
fi

echo "on master ✓"

if [ -z "$domain" ]; then
    echo "domain" variable not set
    exit 1
fi
echo "domain: $domain ✓"

if [ -z "$site_path" ]; then
    echo "site_path" variable not set
    exit 1
fi
echo "site path: $site_path ✓"

echo "zipping _site to site.zip..."
(cd _site/ && zip -r - .) > site.zip 2>/dev/null

echo "decrypting ssh key..."
openssl aes-256-cbc -k "$deploy_key_pass" -in deploy/deploy_key.enc -out deploy/deploy_key -d
chmod 400 deploy/deploy_key

echo "setting StrictHostKeyChecking for all domains..."
printf "Host *\n    StrictHostKeyChecking no\n" > ~/.ssh/config
chmod 400 ~/.ssh/config

echo "copying site to $domain..."
scp -i deploy/deploy_key site.zip deploy@$domain:~/site.zip
ssh -i deploy/deploy_key deploy@$domain 'rm -rf "'$site_path'"/* && unzip ~/site.zip -d "'$site_path'" && rm ~/site.zip'

答案1

解决了密钥必须以不同的方式解密并且坏的幻数消失的问题。

openssl aes-256-cbc -K $encrypted_<...>_key -iv $encrypted_<...>_iv -in deploy_rsa.enc -out /tmp/deploy_rsa -d

其中$encrypted_<...>_key$encrypted_<...>_iv是由 生成的 travis encrypt-file deploy_rsa --add

https://oncletom.io/2016/travis-ssh-deploy/

相关内容