From 00804542f3669bb7b60437f1d810ac8357a01278 Mon Sep 17 00:00:00 2001
From: Pierre-Yves Chibon <pingou@pingoured.fr>
Date: Sat, 3 Apr 2021 19:10:43 +0200
Subject: [PATCH] Revert "basessh/distgit: adjust the way ssh is configured for
 distgit"

This is still being reviewed and wasn't meant to be pushed out yet

This reverts commit 67844b4504cd061b9cd353021b056cb656b4b4b6.
---
 roles/basessh/templates/sshd_config |  5 -----
 roles/distgit/files/ssh_wrapper     |  7 -------
 roles/distgit/tasks/main.yml        | 12 ------------
 3 files changed, 24 deletions(-)
 delete mode 100644 roles/distgit/files/ssh_wrapper

diff --git a/roles/basessh/templates/sshd_config b/roles/basessh/templates/sshd_config
index b54428d3ea..09802c76d8 100644
--- a/roles/basessh/templates/sshd_config
+++ b/roles/basessh/templates/sshd_config
@@ -51,13 +51,8 @@ AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
 AcceptEnv XMODIFIERS
 
 {% if sshd_keyhelper %}
-{% if inventory_hostname.startswith('pkgs') %}
-AuthorizedKeysCommandUser nobody
-AuthorizedKeysCommand /usr/local/bin/ssh_wrapper "%u"
-{% else %}
 AuthorizedKeysCommandUser git
 AuthorizedKeysCommand /usr/libexec/pagure/keyhelper.py "%u" "%h" "%t" "%f"
-{% endif %}
 {% else %}
 AuthorizedKeysCommandUser nobody
 AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys
diff --git a/roles/distgit/files/ssh_wrapper b/roles/distgit/files/ssh_wrapper
deleted file mode 100644
index dd9f3631a8..0000000000
--- a/roles/distgit/files/ssh_wrapper
+++ /dev/null
@@ -1,7 +0,0 @@
-#!/bin/sh
-
-/usr/bin/sss_ssh_authorizedkeys $1 | while read -r key
-do
-  echo "command=\"PAGURE_CONFIG=/etc/pagure/pagure_hook.cfg HOME=/srv/git/ /usr/libexec/pagure/aclchecker.py $1\", $key"
-done
-
diff --git a/roles/distgit/tasks/main.yml b/roles/distgit/tasks/main.yml
index e848b05337..79889e375c 100644
--- a/roles/distgit/tasks/main.yml
+++ b/roles/distgit/tasks/main.yml
@@ -106,18 +106,6 @@
   tags:
   - distgit
 
-# -- SSH
-# We use a wrapper to let packager ssh in while restricting the command they can
-# do, this installs that wrapper (which is otherwise configured in sshd_config)
-
-- name: install the ssh_wrapper wrapper script
-  copy: src=ssh_wrapper dest=/usr/local/bin/ssh_wrapper mode=0755
-  tags:
-    - config
-    - distgit
-    - ssh
-    - basessh
-
 # -- Dist Git --------------------------------------------
 # This is the Git setup itself: group, root directory, scripts,...
 - name: install dist-git