From 953358a485b07dc155ecd4f325ae41032a44f64a Mon Sep 17 00:00:00 2001
From: Tristan Cacqueray <tdecacqu@redhat.com>
Date: Sun, 1 Aug 2021 21:41:06 +0000
Subject: [PATCH] Update the gerritbot-matrix image to fix the ssh signature
 failure

This change enables a new runtime which does not use the faulty
openssh crypto policy.

Change-Id: Iedf8e2668a2f9e1770ca1782b3e61983382e5df5
---
 playbooks/roles/matrix-gerritbot/defaults/main.yaml       | 3 ++-
 playbooks/roles/matrix-gerritbot/tasks/main.yaml          | 5 +++++
 .../matrix-gerritbot/templates/docker-compose.yaml.j2     | 8 ++++----
 zuul.d/system-config-run.yaml                             | 2 +-
 4 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/playbooks/roles/matrix-gerritbot/defaults/main.yaml b/playbooks/roles/matrix-gerritbot/defaults/main.yaml
index 1375812a16..0c44f85ba1 100644
--- a/playbooks/roles/matrix-gerritbot/defaults/main.yaml
+++ b/playbooks/roles/matrix-gerritbot/defaults/main.yaml
@@ -1,8 +1,9 @@
-gerritbot_matrix_version: 0.1.0.0
+gerritbot_matrix_version: bd43946
 gerritbot_matrix_image: quay.io/software-factory/gerritbot-matrix:{{ gerritbot_matrix_version }}
 
 # gerrit ssh configuration
 gerritbot_ssh_key: ""
+gerritbot_ssh_pubkey: ""
 gerritbot_ssh_key_format: "rsa"
 gerritbot_known_hosts: |
   [review.opendev.org]:29418 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCfsIj/jqpI+2CFdjCL6kOiqdORWvxQ2sQbCzSzzmLXic8yVhCCbwarkvEpfUOHG4eyB0vqVZfMffxf0Yy3qjURrsroBCiuJ8GdiAcGdfYwHNfBI0cR6kydBZL537YDasIk0Z3ILzhwf7474LmkVzS7V2tMTb4ZiBS/jUeiHsVp88FZhIBkyhlb/awAGcUxT5U4QBXCAmerYXeB47FPuz9JFOVyF08LzH9JRe9tfXtqaCNhlSdRe/2pPRvn2EIhn5uHWwATACG9MBdrK8xv8LqPOik2w1JkgLWyBj11vDd5I3IjrmREGw8dqImqp0r6MD8rxqADlc1elfDIXYsy+TVH
diff --git a/playbooks/roles/matrix-gerritbot/tasks/main.yaml b/playbooks/roles/matrix-gerritbot/tasks/main.yaml
index 19fcbeb219..f89ca95d9e 100644
--- a/playbooks/roles/matrix-gerritbot/tasks/main.yaml
+++ b/playbooks/roles/matrix-gerritbot/tasks/main.yaml
@@ -36,6 +36,11 @@
     mode: 0400
   no_log: true
 
+- name: Install gerritbot ssh key
+  copy:
+    content: "{{ gerritbot_ssh_pubkey }}"
+    dest: "/var/lib/matrix-gerritbot/ssh/id_{{ gerritbot_ssh_key_format }}.pub"
+
 - name: Install gerritbot known host
   copy:
     content: "{{ gerritbot_known_hosts }}"
diff --git a/playbooks/roles/matrix-gerritbot/templates/docker-compose.yaml.j2 b/playbooks/roles/matrix-gerritbot/templates/docker-compose.yaml.j2
index d396c0f6c5..9e6723d3de 100644
--- a/playbooks/roles/matrix-gerritbot/templates/docker-compose.yaml.j2
+++ b/playbooks/roles/matrix-gerritbot/templates/docker-compose.yaml.j2
@@ -17,7 +17,7 @@ services:
       - /var/lib/matrix-gerritbot/config:/config
       - /var/lib/matrix-gerritbot/ssh:/root/.ssh
     command: >-
-      --gerrit-host    {{ gerritbot_gerrit_host }}
-      --gerrit-user    {{ gerritbot_gerrit_user }}
-      --homeserver-url {{ gerritbot_matrix_homeserver }}
-      --config-file    /config/gerritbot.dhall
+      --gerrit-host     {{ gerritbot_gerrit_host }}
+      --gerrit-user     {{ gerritbot_gerrit_user }}
+      --homeserver-url  {{ gerritbot_matrix_homeserver }}
+      --config-file     /config/gerritbot.dhall
diff --git a/zuul.d/system-config-run.yaml b/zuul.d/system-config-run.yaml
index 169795bf79..4e8cae9495 100644
--- a/zuul.d/system-config-run.yaml
+++ b/zuul.d/system-config-run.yaml
@@ -160,12 +160,12 @@
       - playbooks/roles/limnoria
       - playbooks/roles/logrotate
       - playbooks/roles/matrix-eavesdrop
+      - playbooks/roles/matrix-gerritbot
       - playbooks/roles/statusbot
       - playbooks/zuul/templates/group_vars/eavesdrop.yaml.j2
       - docker/accessbot/
       - docker/ircbot
       - docker/matrix-eavesdrop
-      - docker/matrix-gerritbot
       - testinfra/test_eavesdrop.py
 
 - job: