diff options
| -rw-r--r-- | Dockerfile | 18 | ||||
| -rwxr-xr-x | src/init (renamed from init) | 10 | ||||
| -rwxr-xr-x | src/run (renamed from run) | 12 | ||||
| -rw-r--r-- | src/ssh.conf (renamed from ssh.conf) | 0 | ||||
| -rw-r--r-- | src/sudo-git (renamed from sudo-git) | 0 |
5 files changed, 21 insertions, 19 deletions
@@ -1,17 +1,17 @@ -FROM alpine +FROM alpine:latest RUN apk add --no-cache openssh-server fish git sudo +# default uid for git user who has access to all repos ENV GIT_UID=1000 # Modified ssh conf with disabled root login and no password authentication -COPY ssh.conf /etc/ssh/sshd_config.d/ -COPY sudo-git /etc/sudoers.d/ +COPY src/ssh.conf /etc/ssh/sshd_config.d/ +COPY src/sudo-git /etc/sudoers.d/ -# required for permission check -COPY run /usr/local/bin/ -RUN chmod +x /usr/local/bin/run +# copy scrips +COPY src/run /usr/local/bin/ +COPY src/init /usr/local/bin/ +RUN chmod 755 /usr/local/bin/run +RUN chmod 755 /usr/local/bin/init -# required for starting -COPY init /usr/local/bin/ -RUN chmod +x /usr/local/bin/init ENTRYPOINT ["/usr/local/bin/init"] @@ -6,8 +6,8 @@ # # -set _REPO_PERMISSIONS /etc/repo-permissions -set _REPO_REGEX "^((?:\/[a-zA-Z-]+)+.git)\$" +set REPO_PERMISSIONS_FILE /etc/repo-permissions +set REPO_VALIDATION_REGEX "^((?:\/[a-zA-Z-]+)+.git)\$" function createUser set -l userConfig (string split ':' $argv[1]) @@ -37,7 +37,7 @@ function setupRepo set -l repo $parsedConfig[1] # check repo name - set -l matcher (string match -r -g $_REPO_REGEX $repo) + set -l matcher (string match -r -g $REPO_VALIDATION_REGEX $repo) if test -z $matcher[1] echo "Invalid repo name $repo" return 1 @@ -50,7 +50,7 @@ function setupRepo # write user as allowed into permission file for user in $parsedConfig[2..] - echo "$repoDir:$user" >> $_REPO_PERMISSIONS + echo "$repoDir:$user" >> $REPO_PERMISSIONS_FILE end # setup repo dir @@ -107,7 +107,7 @@ for userConfig in $users end # Setup repos -echo > $_REPO_PERMISSIONS +echo > $REPO_PERMISSIONS_FILE for repoConfig in $repos setupRepo "$repoConfig" end @@ -1,10 +1,11 @@ #!/usr/bin/env fish -set REPO_PERMISSIONS /etc/repo-permissions -set GIT_COMMAND_REGEX "^(git-(?:upload-pack|receive-pack|upload-archive)) '((?:\/[a-zA-Z-]+)+.git)'\$" +set REPO_PERMISSIONS_FILE /etc/repo-permissions +# unify repo regex somehow +set GIT_VALIDATION_REGEX "^(git-(?:upload-pack|receive-pack|upload-archive)) '((?:\/[a-zA-Z-]+)+.git)'\$" # check given git command -set -l matcher (string match -r -g $GIT_COMMAND_REGEX "$argv") +set -l matcher (string match -r -g $GIT_VALIDATION_REGEX "$argv") if test (count $matcher) -ne 2 # there should be two groups otherwise something is wrong exit 1 @@ -14,10 +15,11 @@ end set -l checkUser (whoami) set -l gitCommand $matcher[1] set -l repo $matcher[2] +# adjust repo path to /srv/repos set -l repoDir srv repos set -l repoDir /(string join -n '/' $repoDir (string split '/' $repo)) -cat $REPO_PERMISSIONS | grep -q -E "^$repoDir:$checkUser\$" +cat $REPO_PERMISSIONS_FILE | grep -q -E "^$repoDir:$checkUser\$" or exit 1; -# run command +# execute parsed git command /usr/bin/sudo -u git /usr/bin/git-shell -c "$gitCommand '$repoDir'" |
