github-starred/gitea
2
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2026-03-12 02:24:21 -05:00
Code Issues 2.6k Packages Projects Releases 100 Wiki Activity

Please add openssh-keygen to Dockerfile-rootless #14214

New Issue
Closed
opened 2025-11-02 11:06:39 -06:00 by GiteaMirror · 2 comments
GiteaMirror commented 2025-11-02 11:06:39 -06:00
Owner
Copy Link

Originally created by @p7kdev on GitHub (Mar 4, 2025).

Feature Description

Hi,

I prefer the rootless container variant and use the built-in SSH server. This works perfectly so far. I only have the problem of the initial installation and the generation of the SSH host keys, because there is no tool in the rootless image to generate the keys. I am aware that an RSA key is created automatically. But the others (ecdsa, ed25519) are not.

I run this in K8s. At the moment I'm helping myself by having an initContainer (the rootfull variant), which then generates the keys with openssh-keygen. But that feels like overkill to define an extra image just for that instead of using the same rootless image. It would be much more convenient if the openssh-keygen tool was also available in the rootless container. It only adds a few KB, but really makes your life easier.

af2800d5c2df:/var/lib/gitea# apk add openssh-keygen -i
The following NEW packages will be installed:
  openssh-keygen
Need to download 202 KiB of packages.
After this operation, 470 KiB of additional disk space will be used.

The official helm chart uses the rootfull variant by default. There is also a flag to use the rootless variant. In this case, however, only the RSA key seems to be created and used. That feels incomplete.

Thanks already!

Best regards,
Paul

Screenshots

No response

Originally created by @p7kdev on GitHub (Mar 4, 2025). ### Feature Description Hi, I prefer the rootless container variant and use the built-in SSH server. This works perfectly so far. I only have the problem of the initial installation and the generation of the SSH host keys, because there is no tool in the rootless image to generate the keys. I am aware that an RSA key is created automatically. But the others (ecdsa, ed25519) are not. I run this in K8s. At the moment I'm helping myself by having an initContainer (the rootfull variant), which then generates the keys with openssh-keygen. But that feels like overkill to define an extra image just for that instead of using the same rootless image. It would be much more convenient if the `openssh-keygen` tool was also available in the rootless container. It only adds a few KB, but really makes your life easier. ```plain af2800d5c2df:/var/lib/gitea# apk add openssh-keygen -i The following NEW packages will be installed: openssh-keygen Need to download 202 KiB of packages. After this operation, 470 KiB of additional disk space will be used. ``` The official helm chart uses the rootfull variant by default. There is also a flag to use the rootless variant. In this case, however, only the RSA key seems to be created and used. That feels incomplete. Thanks already! Best regards, Paul ### Screenshots _No response_
GiteaMirror added the type/proposaltopic/build labels 2025-11-02 11:06:39 -06:00
GiteaMirror commented 2025-11-02 11:06:40 -06:00
Author
Owner
Copy Link

@TheFox0x7 commented on GitHub (Mar 22, 2025):

Would parity of generating rsa, ecdsa and ed25519 keys be enough, or do you want openssh-keygen to be included as well?

@TheFox0x7 commented on GitHub (Mar 22, 2025): Would parity of generating rsa, ecdsa and ed25519 keys be enough, or do you want openssh-keygen to be included as well?
GiteaMirror commented 2025-11-02 11:06:40 -06:00
Author
Owner
Copy Link

@p7kdev commented on GitHub (Mar 23, 2025):

Thank you very much!

If all keys could be created automatically, this would certainly be welcome and would provide a better out of the box experience for all (rootless) users. It would also reflect the same behavior that the rootfull container has (openssh also generates all keys automatically, if not already present)!

However, it would be useful to have the option of creating keys yourself. Simply to generate new keys or to define the properties of the keys (e.g. the keysize of the RSA key). openssh-keygen was just the most obvious solution. But if gitea itself has the ability to create keys, we could also extend the CLI so that we can do that with it. There is already a generate command that can create secrets. It would be logical to use it to create SSH keys as well. Or alternatively a gitea genkey command. That would of course be much better than being dependent on openssh-keygen.

gitea generate --help
NAME:
   gitea generate - Generate Gitea's secrets/keys/tokens

USAGE:
   gitea generate command [command options]

COMMANDS:
   secret   Generate a secret token
   help, h  Shows a list of commands or help for one command
@p7kdev commented on GitHub (Mar 23, 2025): Thank you very much! If all keys could be created automatically, this would certainly be welcome and would provide a better out of the box experience for all (rootless) users. It would also reflect the same behavior that the rootfull container has (openssh also generates all keys automatically, if not already present)! However, it would be useful to have the option of creating keys yourself. Simply to generate new keys or to define the properties of the keys (e.g. the keysize of the RSA key). openssh-keygen was just the most obvious solution. But if gitea itself has the ability to create keys, we could also extend the CLI so that we can do that with it. There is already a generate command that can create secrets. It would be logical to use it to create SSH keys as well. Or alternatively a `gitea genkey` command. That would of course be much better than being dependent on openssh-keygen. ``` gitea generate --help NAME: gitea generate - Generate Gitea's secrets/keys/tokens USAGE: gitea generate command [command options] COMMANDS: secret Generate a secret token help, h Shows a list of commands or help for one command ```
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
$20
$250
$50
$500
backport/done
💎 Bounty
docs-update-needed
good first issue
hacktoberfest
issue/bounty
issue/confirmed
issue/critical
issue/duplicate
issue/needs-feedback
issue/not-a-bug
issue/regression
issue/stale
issue/workaround
lgtm/need 2
modifies/api
modifies/translation
outdated/backport/v1.18
outdated/theme/markdown
outdated/theme/timetracker
performance/bigrepo
performance/cpu
performance/memory
performance/speed
pr/breaking
proposal/accepted
proposal/rejected
pr/wip
pull-request
Mirrored from GitHub Pull Request
 reviewed/wontfix
💰 Rewarded
skip-changelog
status/blocked
topic/accessibility
topic/api
topic/authentication
topic/build
topic/code-linting
topic/commit-signing
topic/content-rendering
topic/deployment
topic/distribution
topic/federation
topic/gitea-actions
topic/issues
topic/lfs
topic/mobile
topic/moderation
topic/packages
topic/pr
topic/projects
topic/repo
topic/repo-migration
topic/security
topic/theme
topic/ui
topic/ui-interaction
topic/ux
topic/webhooks
topic/wiki
type/bug
type/deprecation
type/docs
type/enhancement
type/feature
type/miscellaneous
type/proposal
type/question
type/refactoring
type/summary
type/testing
type/upstream
No Label topic/build type/proposal
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/gitea#14214
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?