The CI step indicated in the readme doesn't work

[Eijebong]

Cargo doesn't allow passwords in custom registry URLs (https://github.com/rust-lang/cargo/pull/6242). Even though ssh doesn't allow passwords in its URIs, cargo still sees it as one (it's been the case since at least 1.40 which is the oldest version I tested).

[w4]

Thanks for the report, an easy workaround could be using CARGO_NET_GIT_FETCH_WITH_CLI with git in the path pointing to a wrapper script calling sshpass

[w4]

After a bit of experimentation, it looks like Cargo happily passes through GIT_SSH_COMMAND to the spawned command so that can be used instead of the wrapper script:

CARGO_NET_GIT_FETCH_WITH_CLI=true GIT_SSH_COMMAND="sshpass -p testpw -- ssh" cargo check

[w4]

Actually, scratch all of that. We expect the password to be in the username so modifications would be needed for the above. Maybe .ssh/config setting the Username to gitlab-ci-token:$GITLAB-CI-TOKEN for Host *.

[Eijebong]

Got it to work with that:

- echo -e "Host \"gitlab.host\" exec \"test %p = 2222\"\n    User gitlab-ci-token:$CI_JOB_TOKEN\n    StrictHostKeyChecking no" > ~/.ssh/config
- ssh-keygen -t ed25519 -q -f "~/.ssh/id_ed25519" -N ""
- sed -i "s/[email protected]/gitlab.host/" .cargo/config

It's a bit annoying because it requires a key that would be valid as authentication method but it works.

[Eijebong]

Note that this is not actually a solution if you need to publish a package depending on another package in a custom registry.

The changed URL will be saved by cargo into the package metadata and it'll completely break down the line as you'll have packages coming from [email protected] and gitlab.host.

[Eijebong]

Second note, you don't need to do the sed dance if you don't precise git@ in the registry URL. Since gitlab-cargo-shim doesn't look at the username unless it's for CI, this should solve that last issue.