summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNicolás Reynolds <fauno@endefensadelsl.org>2013-12-27 20:09:16 -0300
committerNicolás Reynolds <fauno@endefensadelsl.org>2013-12-27 20:09:16 -0300
commit36537a04baaa5c6d7e4d6acc6924231d55a95b01 (patch)
treecd4402474d8f536192bc49eec6bebc0e7f5d77fe
parentff8ae8ceba55a43cfb5f763f75d9679c31c38a63 (diff)
parent76571cb2dc2644e9eb23758cd8da6d281d573994 (diff)
Merge git://repo.hackcoop.com.ar/hacking
Conflicts: authorized_keys parabola-keyring/Makefile parabola-keyring/packager-keyids parabola-keyring/packager/aurelien.asc parabola-keyring/packager/brendan.asc parabola-keyring/packager/coadde.asc parabola-keyring/packager/emulatorman.asc parabola-keyring/packager/encyclomundi.asc parabola-keyring/packager/fauno.asc parabola-keyring/packager/jorginho.asc parabola-keyring/packager/lukeshu.asc parabola-keyring/packager/mtjm.asc parabola-keyring/packager/ovruni.asc parabola-keyring/packager/shackra.asc parabola-keyring/packager/smv.asc parabola-keyring/packager/xihh.asc parabola-keyring/parabola-trusted parabola-keyring/parabola.gpg parabola-keyring/update-keys
-rw-r--r--Makefile49
-rw-r--r--README.markdown58
-rwxr-xr-xgit-hooks/auto-deploy16
-rwxr-xr-xgit-hooks/generic12
-rwxr-xr-xgit-hooks/hackers-update (renamed from git-hooks/post-receive)6
-rwxr-xr-xgit-shell-commands/change-description10
-rwxr-xr-xgit-shell-commands/change-owner13
-rwxr-xr-xgit-shell-commands/create-bare-repo21
-rwxr-xr-xgit-shell-commands/delete-repo16
-rwxr-xr-xgit-shell-commands/fetch-mirrors20
-rwxr-xr-xgit-shell-commands/help12
-rwxr-xr-xgit-shell-commands/hook-install23
-rwxr-xr-xgit-shell-commands/mirror12
-rwxr-xr-xgit-shell-commands/mirrors11
-rw-r--r--parabola-keyring/.directory3
-rw-r--r--parabola-keyring/parabola-revoked0
-rw-r--r--ssh_config6
17 files changed, 257 insertions, 31 deletions
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..62690e3
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,49 @@
+SHELL=/bin/bash
+# The git user home, from where repos are served
+PREFIX=/srv/git
+# The git user
+USER=git
+# The git-shell path
+GIT_SHELL=/usr/bin/git-shell
+# The hacking.git clone
+HACKERS=$(shell pwd)
+
+# Add all of your pubkeys
+# TODO this can fail if you don't have any keys (why don't you)
+bootstrap:
+ cat $(HOME)/.ssh/id_{rsa,ecdsa,dsa}.pub >>authorized_keys 2>/dev/null || true
+ git commit authorized_keys -m "Bootstraping hacking.git" ; \
+
+# Create the user
+user:
+ useradd --home $(PREFIX) \
+ --shell $(GIT_SHELL) \
+ --create-home \
+ --system \
+ --user-group \
+ $(USER)
+
+# Check if we have at least a key
+check:
+ if [ $(shell wc -l authorized_keys | cut -d' ' -f1) -eq 0 ]; then \
+ echo 'Add at least your key to authorized_keys!'; \
+ exit 1 ;\
+ fi
+
+# Add the hackers repo to the local clone
+install-local:
+ git remote add git git:hackers.git
+ cat ssh_config >>$(HOME)/.ssh/config
+
+# Create the hackers.git bare repo and clone as .ssh
+# Then create needed symlinks and add hooks to hackers.git
+install: check
+ cd $(PREFIX); \
+ git clone --bare $(HACKERS) hackers.git && \
+ git clone hackers.git .ssh && \
+ chmod 700 $(PREFIX) && \
+ chmod 700 .ssh && \
+ chmod 600 .ssh/authorized_keys && \
+ ln -s $(PREFIX)/.ssh/git-hooks/hackers-update hackers.git/hooks/post-receive && \
+ ln -s $(PREFIX)/.ssh/git-shell-commands && \
+ chown -R $(USER):$(USER) $(PREFIX)
diff --git a/README.markdown b/README.markdown
index de5eee6..949f2d7 100644
--- a/README.markdown
+++ b/README.markdown
@@ -1,14 +1,57 @@
-Parabola Hackers
-================
+Hackers
+=======
+
+## What's this? Why?
+
+Hackers is a simple git repository management tool. I started this for Parabola
+GNU/Linux-libre when our gitosis broke and was never fixed. We didn't need
+gitosis' granular permissions anyway.
+
+Hackers.git allows for decentralized management, since any hacker added can add
+new keys, own and others'.
+
+It uses the git-shell to allow users to do git repository tasks (create a repo,
+mirror one, etc.) using ssh to connect to the repository server.
+
+## Install
+
+Clone hackers.git somewhere and add yours and other people's SSH pubkeys (at
+least yours) to the authorized\_keys file, then commit.
+
+This step can be done in a single step with `make bootstrap` (or let the next
+step do it). If you don't you won't be able to login later!
+
+Run `make PREFIX=/srv/git` as root, where *PREFIX* is the git root. Check the
+Makefile itself to see other options.
+
+Now you can use `ssh git@host command arguments`, run the *help* command to
+list commands and arguments available.
+
+## Host requirements
+
+You'll need `git-shell`, on Parabola it's on the *git* package. Also a working
+ssh daemon with "AuthorizedKeysFile .ssh/authorized_keys" (default in most
+installations).
+
+## Local configuration
+
+On your hacking user, you can add this to your *~/.ssh/config*
+
+ Host git
+ HostName git_hostname_can_be_localhost
+ User git
+
+The repo URL will be *git:repo.git* or *ssh://gitPREFIX/repo.git*.
## How to add new keys
-* Add your key to the authorized\_keys file.
+* Add your key to the authorized\_keys file on your local clone
* Change the key comment to the "Name <name@email.nu>" format (just for keeping
it tidy)
* Commit
* Push if you have push privileges and you're adding a new hacker, or
-* Run `git format-patch HEAD-1` and send the generated patches to Parabola
+* Run `git format-patch HEAD-1` and send the generated patches to one of the
+ other hackers listed.
## How does this work?
@@ -18,10 +61,5 @@ privileges for the git user.
## Is this insecure?
-'git' is an unprivileged user. If you know how to skip this and gain access to
+*git* is an unprivileged user. If you know how to skip this and gain access to
our servers be kind and let us now ;)
-
-## Why?
-
-Gitosis broke once and was never fixed. We didn't need gitosis' granular
-permissions anyway. Now Parabola hackers can add new hackers!
diff --git a/git-hooks/auto-deploy b/git-hooks/auto-deploy
new file mode 100755
index 0000000..02a22e7
--- /dev/null
+++ b/git-hooks/auto-deploy
@@ -0,0 +1,16 @@
+#!/bin/bash
+# auto-deploy
+# Usage: auto-deploy /srv/http/repo
+
+# fail on any error
+set -e
+
+# Can we write on the clone?
+test -w "${1}/.git/HEAD"
+
+alias git="git --git-dir '${1}/.git' --work-tree '${1}'"
+
+# pull this repo on the current branch
+git pull origin $(git rev-parse --abbrev-ref HEAD)
+
+exit $?
diff --git a/git-hooks/generic b/git-hooks/generic
new file mode 100755
index 0000000..ebf56f4
--- /dev/null
+++ b/git-hooks/generic
@@ -0,0 +1,12 @@
+#!/bin/sh
+# Generic hook, installs itself as a valid githook(5) and runs whatever it
+# finds on hacking.hook.$self
+# Format:
+# hacking.hooks.post-receive.auto-deploy /srv/http/markpower.hackcoop.com.ar
+
+git config -f config --get-regexp "hacking.hooks.$(basename ${0}).*" | \
+while read hook repo; do
+ hook="`echo "${hook}" | cut -d'.' -f4`"
+
+ ${HOME}/.ssh/git-hooks/${hook} ${repo} ${@} </dev/stdin
+done
diff --git a/git-hooks/post-receive b/git-hooks/hackers-update
index 671dd4e..b78c54d 100755
--- a/git-hooks/post-receive
+++ b/git-hooks/hackers-update
@@ -5,17 +5,17 @@
# cp .ssh/git-hooks/post-receive hackers.git/hooks/
# fail on any error
-set -E
+set -e
# the ssh dir
-ssh_dir=/srv/git/.ssh
+ssh_dir=${HOME}/.ssh
# pull this repo
git --git-dir ${ssh_dir}/.git \
--work-tree ${ssh_dir} \
pull origin master
-# secure the files
+# secure the files (sshd will refuse connections otherwise)
chmod 600 ${ssh_dir}/authorized_keys
chmod 700 ${ssh_dir}
diff --git a/git-shell-commands/change-description b/git-shell-commands/change-description
index 437833c..730777c 100755
--- a/git-shell-commands/change-description
+++ b/git-shell-commands/change-description
@@ -1,12 +1,12 @@
#!/bin/sh
-# Allows users to change project description
-# $ ssh git@host change-description repo "description"
+# * change-description
+# Cambia la descripcion del projecto, necesita archivo description en el proyecto
+# ssh git@host change-description repo "description"
-set -E
+set -e
repo=$1; shift
-description="$@"
-echo "${repo}.git/${description}" > description
+test -d ${repo}.git && echo "${@}" > ${repo}.git/description
exit $?
diff --git a/git-shell-commands/change-owner b/git-shell-commands/change-owner
new file mode 100755
index 0000000..4cf90c7
--- /dev/null
+++ b/git-shell-commands/change-owner
@@ -0,0 +1,13 @@
+#!/bin/sh
+# * change-owner
+# Define quién manda
+# ssh git@host change-owner repo "Hacklab"
+
+set -e
+
+repo=$1; shift
+
+test -d "${repo}".git && \
+git config -f "${repo}.git/config" "gitweb.owner" "${@}"
+
+exit $?
diff --git a/git-shell-commands/create-bare-repo b/git-shell-commands/create-bare-repo
index 14a640b..3051c9d 100755
--- a/git-shell-commands/create-bare-repo
+++ b/git-shell-commands/create-bare-repo
@@ -1,16 +1,17 @@
#!/bin/sh
-# Allows users to create repo.git
-# $ ssh git@host create-bare-repo repo1 repo2 ...
+# * create-bare-repo
+# Allows users to create repo.git
+# ssh git@host create-bare-repo repo1 repo2 ...
-set -E
+set -e
-for i in $@; do
-# Cleanup names
- i="`echo "$i" | sed "s/[^a-z0-9\.\-\_]//gi"`"
+for repo in $@; do
+# Cleanup names, allow hidden repos
+ repo="`echo "$repo" | sed -e "s/\.\.//g" -e "s,^/\+,,g" -e "s,[^a-z0-9\./_-],,gi"`"
+ test -d "$repo".git && continue
- if [ -z "$i" ]; then continue; fi
-
- mkdir "$i".git
- pushd "$i".git
+ mkdir -p "$repo".git
+ pushd "$repo".git
git init --bare
+ popd
done
diff --git a/git-shell-commands/delete-repo b/git-shell-commands/delete-repo
new file mode 100755
index 0000000..4ca644e
--- /dev/null
+++ b/git-shell-commands/delete-repo
@@ -0,0 +1,16 @@
+#!/bin/sh
+# * delete-repo
+# Allows users to delete repositories permanently
+# ssh git@host delete-repo repo1 repo2 ...
+
+set -e
+
+for repo in $@; do
+# Remove leading slashes and dots and perform cleanup
+ repo="`echo "$repo" | sed -e "s/\.\.//g" -e "s,^/\+,,g" -e "s,[^a-z0-9\./_-],,gi"`"
+ test ! -d "$repo".git && continue
+
+ echo "Removing ${repo}.git"
+ # lo and behold absolute horror
+ rm -rf "$repo".git
+done
diff --git a/git-shell-commands/fetch-mirrors b/git-shell-commands/fetch-mirrors
new file mode 100755
index 0000000..a9442ba
--- /dev/null
+++ b/git-shell-commands/fetch-mirrors
@@ -0,0 +1,20 @@
+#!/bin/sh
+# * fetch-mirrors
+# Actualiza el `mirrors` (espejos) creados con `mirror`
+# ssh git@host fetch-mirrors
+
+set -e
+
+# Find all mirrors
+~/git-shell-commands/mirrors | \
+ while read _mirror; do
+
+ pushd "$_mirror" >/dev/null
+
+ git remote update
+
+ popd >/dev/null
+
+done
+
+exit $?
diff --git a/git-shell-commands/help b/git-shell-commands/help
new file mode 100755
index 0000000..e707df8
--- /dev/null
+++ b/git-shell-commands/help
@@ -0,0 +1,12 @@
+#!/bin/sh
+# * help
+# Obtiene los comando habilitados
+# ssh git@host help
+
+set -e
+
+# Gets three lines from every git-shell-command
+for c in `dirname $0`/*; do
+ head -q -n4 $c | tail -n3 | sed "s/^..//"
+ echo
+done
diff --git a/git-shell-commands/hook-install b/git-shell-commands/hook-install
new file mode 100755
index 0000000..08a0340
--- /dev/null
+++ b/git-shell-commands/hook-install
@@ -0,0 +1,23 @@
+#!/bin/sh
+# * hook-install
+# Instala un hook en un repo
+# ssh git@host hook-install hook script repo [alt-dir]
+
+set -e
+
+hook="${1}"
+script="${HOME}/.ssh/git-hooks/${2}"
+repo="${HOME}/${3}"
+clone="${4:-${repo}}"
+
+# Tests
+test -f "${repo}/HEAD"
+test -f "${clone}/.git/HEAD"
+
+# Installs the generic hook that runs scripts
+test -f "${repo}/hooks/${hook}" || ln -s "${HOME}/.ssh/git-hooks/generic" "${repo}/hooks/${hook}"
+
+# Install the hook on the repo
+git config -f "${repo}/config" --add "hacking.hooks.${hook}.${2}" "${clone}"
+
+exit $?
diff --git a/git-shell-commands/mirror b/git-shell-commands/mirror
new file mode 100755
index 0000000..212687e
--- /dev/null
+++ b/git-shell-commands/mirror
@@ -0,0 +1,12 @@
+#!/bin/sh
+# * mirror
+# Espeja un repositorio
+# ssh git@host mirror git://url/repo.git
+
+set -E
+
+for _m in $@; do
+ git clone --mirror $_m
+done
+
+exit $?
diff --git a/git-shell-commands/mirrors b/git-shell-commands/mirrors
new file mode 100755
index 0000000..d1301a8
--- /dev/null
+++ b/git-shell-commands/mirrors
@@ -0,0 +1,11 @@
+#!/bin/sh
+# * mirrors
+# Muestra todos los repositorios espejos (mirror)
+# ssh git@host mirrors
+
+set -e
+
+# Find all mirrors
+find *.git -maxdepth 1 -iname config -print0 | \
+ xargs -0 grep -l 'mirror = true' | \
+ sed 's,/config$,,'
diff --git a/parabola-keyring/.directory b/parabola-keyring/.directory
deleted file mode 100644
index d8a1780..0000000
--- a/parabola-keyring/.directory
+++ /dev/null
@@ -1,3 +0,0 @@
-[Dolphin]
-Timestamp=2012,8,16,17,56,23
-Version=3
diff --git a/parabola-keyring/parabola-revoked b/parabola-keyring/parabola-revoked
deleted file mode 100644
index e69de29..0000000
--- a/parabola-keyring/parabola-revoked
+++ /dev/null
diff --git a/ssh_config b/ssh_config
new file mode 100644
index 0000000..2a57c97
--- /dev/null
+++ b/ssh_config
@@ -0,0 +1,6 @@
+
+# ssh shortcut for git@localhost
+Host git
+ HostName localhost
+ User git
+# Port 22 # change to your ssh port