在 travis-ci.org 上提交代码后,我的 github 项目出现以下错误:
Deploying application
on master ✓
domain: <mydomain> ✓
site path: /srv/http/webapps/Main ✓
zipping _site to site.zip...
decrypting ssh key...
bad magic number
Script failed with status 1
failed to deploy
我分叉了一个项目,我试图接管并维护该项目,因为该项目已被其作者终止,我认为这是一种耻辱。该项目使用 travis 来更新其站点。我对 travis 完全不熟悉,从来没有绕过加密,事实上以前从未建立过网站,所以我对我在做什么完全一无所知。
我使用三台计算机来实现此目的。我自己的,一台开发计算机和托管一台的站点。
我认为相关的文件是.travis.yml
和.deploy/deploy.sh
.deploy/deploy_key.enc
我所做的如下:
sudo ssh root@UBS-main
cd /srv/http/webapps/Main
nano .travis.yml (removing env.global.secure line)
ssh-keygen -t rsa -b 4096 -C '[email protected]' -f ./deploy_key
travis encrypt-file deploy_key --add
travis encrypt MY_SECRET_ENV=<pass> --add env.global
rm deploy_key
scp /srv/http/webapps/Main/deploy_key.enc folatt@UBS-Dev:~/workspace/UBS/UBS-site/deploy/deploy_key.enc
scp /srv/http/webapps/Main/.travis.yml folatt@UBS-Dev:~/workspace/UBS/UBS-site/.travis.yml
这是假设我
- 需要创建一个ssh密钥
- 使用 travis 加密该密钥。
- 需要某种秘密密码吗?再次使用特拉维斯。
- 删除未加密的密钥。
- 将密钥和 travis 文件移至开发计算机存储库。
- 然后将更改提交到github。
.travis.yml
language: ruby
sudo: false
rvm:
- 2.2
env:
global:
- domain: <mydomain> (changed)
- site_path: /srv/http/webapps/Main (changed)
- secure: <bunch of encrypted code> (changed)
before_script:
- npm install -g bower
- bower install
script: bundle exec jekyll build
deploy:
provider: script
skip_cleanup: true
script: "./deploy/deploy.sh"
on:
branch: master
./deplay/deploy.sh
#!/usr/bin/env bash
set -e
if [ ! "env:$TRAVIS_BRANCH" == "env:master" ]; then
echo not on master, not deploying
exit 0
fi
echo "on master ✓"
if [ -z "$domain" ]; then
echo "domain" variable not set
exit 1
fi
echo "domain: $domain ✓"
if [ -z "$site_path" ]; then
echo "site_path" variable not set
exit 1
fi
echo "site path: $site_path ✓"
echo "zipping _site to site.zip..."
(cd _site/ && zip -r - .) > site.zip 2>/dev/null
echo "decrypting ssh key..."
openssl aes-256-cbc -k "$deploy_key_pass" -in deploy/deploy_key.enc -out deploy/deploy_key -d
chmod 400 deploy/deploy_key
echo "setting StrictHostKeyChecking for all domains..."
printf "Host *\n StrictHostKeyChecking no\n" > ~/.ssh/config
chmod 400 ~/.ssh/config
echo "copying site to $domain..."
scp -i deploy/deploy_key site.zip deploy@$domain:~/site.zip
ssh -i deploy/deploy_key deploy@$domain 'rm -rf "'$site_path'"/* && unzip ~/site.zip -d "'$site_path'" && rm ~/site.zip'
答案1
解决了密钥必须以不同的方式解密并且坏的幻数消失的问题。
openssl aes-256-cbc -K $encrypted_<...>_key -iv $encrypted_<...>_iv -in deploy_rsa.enc -out /tmp/deploy_rsa -d
其中$encrypted_<...>_key
和$encrypted_<...>_iv
是由 生成的
travis encrypt-file deploy_rsa --add
。