From ff5ef6c7583f88d8f7bb6062605455c0f3ecdf53 Mon Sep 17 00:00:00 2001
From: Lars Wirzenius <lars.wirzenius@codethink.co.uk>
Date: Mon, 14 Apr 2014 15:44:12 +0000
Subject: Set GIT_SSL_NO_VERIFY=true when running git

---
 lorry | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/lorry b/lorry
index 2339c9f..d16abfc 100755
--- a/lorry
+++ b/lorry
@@ -1,5 +1,5 @@
 #!/usr/bin/python
-# Copyright (C) 2013  Codethink Limited
+# Copyright (C) 2013-2014  Codethink Limited
 # 
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -299,6 +299,10 @@ class Lorry(cliapp.Application):
         return dest
 
     def mirror_git(self, project_name, dirname, gitdir, spec):
+        # Turn off git's SSL/TLS certificate verification, until Baserock
+        # has an CA management infrastructure.
+        os.environ['GIT_SSL_NO_VERIFY'] = 'true'
+
         if not os.path.exists(gitdir):
             self.progress('.. initialising git dir')
             self.run_program(['git', 'init', '--bare', gitdir])
-- 
cgit v1.2.1


From b9075de5c675a29b3d2447c2b9a38bcca2a86882 Mon Sep 17 00:00:00 2001
From: Lars Wirzenius <lars.wirzenius@codethink.co.uk>
Date: Mon, 14 Apr 2014 16:51:25 +0000
Subject: Disable bzr certificate checking

---
 lorry | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/lorry b/lorry
index d16abfc..b3e954c 100755
--- a/lorry
+++ b/lorry
@@ -354,12 +354,15 @@ class Lorry(cliapp.Application):
             branchdir = os.path.join(bzrdir, branch)
             if not os.path.exists(branchdir):
                 self.progress('.. doing initial bzr branch')
-                self.run_program(['bzr', 'branch', '--quiet', address,
-                                  branchdir])
+                self.run_program(
+                    ['bzr', 'branch', '--quiet', '-Ossl.cert_reqs=none', 
+                     address, branchdir])
             else:
                 self.progress('.. updating bzr branch')
-                self.run_program(['bzr', 'pull', '--quiet', address],
-                                 cwd=branchdir)
+                self.run_program(
+                    ['bzr', 'pull', '--quiet', '-Ossl.cert_reqs=none', 
+                     address],
+                    cwd=branchdir)
 
         exports = {}
         bzrmarks = os.path.join(gitdir, 'marks.bzr')
-- 
cgit v1.2.1


From 1c60a968ff0c678a6e286db95870947b01af0b7b Mon Sep 17 00:00:00 2001
From: Lars Wirzenius <lars.wirzenius@codethink.co.uk>
Date: Wed, 16 Apr 2014 10:03:46 +0000
Subject: Run ssh via a wrapper that disables host key checking, for CVS

---
 lorry             | 8 ++++++--
 lorry-ssh-wrapper | 5 +++++
 setup.py          | 2 +-
 3 files changed, 12 insertions(+), 3 deletions(-)
 create mode 100755 lorry-ssh-wrapper

diff --git a/lorry b/lorry
index b3e954c..509f0fb 100755
--- a/lorry
+++ b/lorry
@@ -431,8 +431,12 @@ class Lorry(cliapp.Application):
 
     def gitify_cvs(self, project_name, dirname, gitdir, spec):
         self.needs_aggressive = True
-        self.run_program(['git', 'cvsimport', '-a', '-d', spec['url'],
-                          '-C', gitdir, spec['module']])
+        env = dict(os.environ)
+        env['CVS_RSH'] = 'lorry-ssh-wrapper'
+        self.run_program(
+            ['git', 'cvsimport', '-a', '-d', spec['url'], 
+             '-C', gitdir, spec['module']],
+            env=env)
 
     def gitify_hg(self, project_name, dirname, gitdir, spec):
         hgdir = os.path.join(dirname, 'hg')
diff --git a/lorry-ssh-wrapper b/lorry-ssh-wrapper
new file mode 100755
index 0000000..c4e2c1d
--- /dev/null
+++ b/lorry-ssh-wrapper
@@ -0,0 +1,5 @@
+#!/bin/sh
+# Run ssh without strict host key checking.
+
+set -eu
+exec ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null "$@"
diff --git a/setup.py b/setup.py
index 811c727..cf172ea 100644
--- a/setup.py
+++ b/setup.py
@@ -85,7 +85,7 @@ FIXME
       author='Baserock',
       author_email='baserock-dev@baserock.org',
       url='http://wiki.baserock.org/',
-      scripts=['lorry', 'lorry.tar-importer'],
+      scripts=['lorry', 'lorry.tar-importer', 'lorry-ssh-wrapper'],
       data_files=[('share/man/man1', glob.glob('*.[1-8]'))],
       cmdclass={
           'build': GenerateManpage,
-- 
cgit v1.2.1


From 89974c3363a3f8467e471aa0bf78ea65e6e03929 Mon Sep 17 00:00:00 2001
From: Lars Wirzenius <lars.wirzenius@codethink.co.uk>
Date: Tue, 22 Apr 2014 12:57:25 +0000
Subject: Only set GIT_SSL_NO_VERIFY on specific git invocations

---
 lorry | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/lorry b/lorry
index 509f0fb..853c65d 100755
--- a/lorry
+++ b/lorry
@@ -301,7 +301,8 @@ class Lorry(cliapp.Application):
     def mirror_git(self, project_name, dirname, gitdir, spec):
         # Turn off git's SSL/TLS certificate verification, until Baserock
         # has an CA management infrastructure.
-        os.environ['GIT_SSL_NO_VERIFY'] = 'true'
+        env = dict(os.environ)
+        env['GIT_SSL_NO_VERIFY'] = 'true'
 
         if not os.path.exists(gitdir):
             self.progress('.. initialising git dir')
@@ -321,12 +322,12 @@ class Lorry(cliapp.Application):
                           '+refs/tags/*:refs/tags/*'], cwd=gitdir)
         try:
             self.run_program(['git', 'remote', 'update', 'origin', '--prune'],
-                             cwd=gitdir)
+                             cwd=gitdir, env=env)
         except:
             self.run_program(['git', 'remote', 'prune', 'origin'],
-                             cwd=gitdir)
+                             cwd=gitdir, env=env)
             self.run_program(['git', 'remote', 'update', 'origin', '--prune'],
-                             cwd=gitdir)
+                             cwd=gitdir, env=env)
 
     def gitify_bzr(self, project_name, dirname, gitdir, spec):
         bzrdir = os.path.join(dirname, 'bzr')
-- 
cgit v1.2.1