diff --git a/ci-tools/update-nixpkgs b/ci-tools/update-nixpkgs index baac52846cc300c9dc85f27134d35e44693a5d67..6b4438ac259671ba0278d4e4f9c5cb129e8d6306 100755 --- a/ci-tools/update-nixpkgs +++ b/ci-tools/update-nixpkgs @@ -12,12 +12,21 @@ set -eux -o pipefail HOST="whetstone.private.storage" -setup_ssh() { - export HOME="${PWD}" +__cleanup_ssh () { + ssh-agent -k +} +setup_ssh() { # -s makes the output sh compatible, in case it can't detect this for # itself. - eval $(ssh-agent -s) + # + # -t sets a limit on how long the key will be kept in memory. we try to + # kill the agent when we're done but we can't be sure we'll always + # succeed. The value is a number of seconds. + eval $(ssh-agent -s -t 300) + + # On shell exit, run a function to kill the agent. + trap __cleanup_ssh EXIT # A GitLab CI/CD variable set for us to use. echo "${UPDATE_NIXPKGS_PRIVATE_SSHKEY_BASE64}" | base64 -d | ssh-add -