From 5af3fe8e2cd633ea9519a5c0dc2e75ea65b3915b Mon Sep 17 00:00:00 2001
From: Cédric Ollivier <cedric.ollivier@orange.com>
Date: Fri, 16 Dec 2022 15:07:09 +0100
Subject: Harden Jenkins jobs
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

It allows any ssh connection from Ubuntu 22.04 and
precises the ssh user.

Change-Id: I660b88d5b1640f8057d4081226517abad94889db
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
---
 jjb/global/releng-macros.yaml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'jjb/global')

diff --git a/jjb/global/releng-macros.yaml b/jjb/global/releng-macros.yaml
index 031e24070..ddf2a730e 100644
--- a/jjb/global/releng-macros.yaml
+++ b/jjb/global/releng-macros.yaml
@@ -358,7 +358,8 @@
               echo
               cat gerrit_comment.txt
               echo
-              ssh -p 29418 gerrit.opnfv.org \
+              ssh -o 'PubkeyAcceptedKeyTypes +ssh-rsa' \
+                  -p 29418 jenkins-ci@gerrit.opnfv.org \
                   "gerrit review -p $GERRIT_PROJECT \
                    -m '$(cat gerrit_comment.txt)' \
                    $GERRIT_PATCHSET_REVISION \
@@ -419,7 +420,7 @@
               msg="Found syntax error and/or coding style violation(s) in the files modified by your patchset."
               sed -i -e "1s#^#${msg}\n\n#" violation.log
               cmd="gerrit review -p $GERRIT_PROJECT -m \"$(cat violation.log)\" $GERRIT_PATCHSET_REVISION --notify NONE"
-              ssh -p 29418 gerrit.opnfv.org "$cmd"
+              ssh -o 'PubkeyAcceptedKeyTypes +ssh-rsa' -p 29418 jenkins-ci@gerrit.opnfv.org "$cmd"
 
               # Make sure the caller job failed
               exit 1
-- 
cgit 1.2.3-korg