commit 2d8a83550d222755fdffb779fb68aafc265ff86c
author Manish V Badarkhe <Manish.Badarkhe@arm.com> Tue Jun 20 10:38:28 2023 +0100
committer Manish V Badarkhe <Manish.Badarkhe@arm.com> Tue Jun 20 10:58:17 2023 +0100
tree fbde95b439d7c6f018c9f1b53d581ca207c4ede1
parent b0ef2fc59c62a2da56c06bc87e14ff95ea56dc12

fix: client/server authentication failure on cloning repos

If 'Allow-CI+1' is triggered on a topic that contains changes
from different repos, for example from TF-A and CI repo, the
cloning script will correctly pick up the TF-A changes but
fail to pick the CI changes and throw the following error message:

 ++ /srv/shared/tf-a-gerrit-tforg-l1/3754/tf-a-job-configs/scripts/parse_refspec.py
 Warning: Permanently added '[review.trustedfirmware.org]:29418' (ED25519) to the list of known hosts.
 sign_and_send_pubkey: no mutual signature supported

The issue occurs because the SSH client refuses to use older ssh-rsa
keys after upgrading to Jammy. This error has been fixed by updating
SSH_PARAMS.

Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Id52532fc27e72bb68653fcb13213878ead715d41

scripts/clone.sh

diff --git a/scripts/clone.sh b/scripts/clone.sh
index bdd942d..7885c32 100755
--- a/scripts/clone.sh
+++ b/scripts/clone.sh
@@ -32,7 +32,7 @@
 GIT_REPO="https://git.trustedfirmware.org"
 GERRIT_HOST="https://review.trustedfirmware.org"
 GIT_CLONE_PARAMS=""
-SSH_PARAMS="-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -p 29418 -i ${CI_BOT_KEY}"
+SSH_PARAMS="-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -p 29418 -o 'PubkeyAcceptedKeyTypes +ssh-rsa' -i ${CI_BOT_KEY}"
 GERRIT_QUERY_PARAMS="--format=JSON --patch-sets --current-patch-set status:open"
 
 # Defaults Projects