From 5e29b71b7e77f7a02b54245816b5d077f00d7fb5 Mon Sep 17 00:00:00 2001
From: Update Bot <update-bot@private.storage>
Date: Thu, 14 Jul 2022 19:36:57 -0400
Subject: [PATCH] Clean up those leaking ssh agents :/

---
 ci-tools/update-nixpkgs | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/ci-tools/update-nixpkgs b/ci-tools/update-nixpkgs
index baac5284..6b4438ac 100755
--- a/ci-tools/update-nixpkgs
+++ b/ci-tools/update-nixpkgs
@@ -12,12 +12,21 @@ set -eux -o pipefail
 
 HOST="whetstone.private.storage"
 
-setup_ssh() {
-    export HOME="${PWD}"
+__cleanup_ssh () {
+    ssh-agent -k
+}
 
+setup_ssh() {
     # -s makes the output sh compatible, in case it can't detect this for
     # itself.
-    eval $(ssh-agent -s)
+    #
+    # -t sets a limit on how long the key will be kept in memory.  we try to
+    # kill the agent when we're done but we can't be sure we'll always
+    # succeed.  The value is a number of seconds.
+    eval $(ssh-agent -s -t 300)
+
+    # On shell exit, run a function to kill the agent.
+    trap __cleanup_ssh EXIT
 
     # A GitLab CI/CD variable set for us to use.
     echo "${UPDATE_NIXPKGS_PRIVATE_SSHKEY_BASE64}" | base64 -d | ssh-add -
-- 
GitLab