diff options
| -rw-r--r-- | docker/Dockerfile.gitolite | 25 | ||||
| -rwxr-xr-x | docker/gitolite_init.sh | 6 | ||||
| -rw-r--r-- | gitolite/Dockerfile | 51 | ||||
| -rw-r--r-- | gitolite/dotfiles/.gitconfig (renamed from conf/.gitconfig) | 2 | ||||
| -rw-r--r-- | gitolite/dotfiles/.gitolite.rc (renamed from conf/.gitolite.rc) | 4 | ||||
| -rwxr-xr-x | gitolite/dotfiles/local/triggers/push (renamed from local/triggers/push) | 0 | ||||
| -rwxr-xr-x | gitolite/entrypoint.sh | 15 | ||||
| -rw-r--r-- | gitolite/gitolite.conf (renamed from conf/gitolite.conf) | 2 | ||||
| -rwxr-xr-x | gitolite/initialize.sh | 16 | ||||
| -rw-r--r-- | gitolite/sshd_config (renamed from docker/sshd_config) | 0 |
10 files changed, 87 insertions, 34 deletions
diff --git a/docker/Dockerfile.gitolite b/docker/Dockerfile.gitolite deleted file mode 100644 index d2ca1ae..0000000 --- a/docker/Dockerfile.gitolite +++ /dev/null @@ -1,25 +0,0 @@ -# https://gitolite.com/gitolite/index.html -# https://github.com/sitaramc/gitolite -# https://wiki.archlinux.org/title/Gitolite - -FROM archlinux - -# The gitolite package implies git, openssh, and creates the host user -RUN pacman-key --init -RUN pacman -Syu --needed --noconfirm gitolite - -# Initialize the gitolite datastore -COPY . /app -RUN if [ -f "/app/admin.pub" ]; \ - then runuser -u gitolite -- /app/gitolite_init.sh "/app/admin.pub"; fi -VOLUME /var/lib/gitolite - -# sshd host keys are stored in a volume so that rebuilding/updating the -# image doesn't break user trust -COPY sshd_config /etc/ssh/ -RUN mkdir -p /hostkeys/etc/ssh/ -RUN ssh-keygen -A -f /hostkeys -VOLUME /hostkeys - -EXPOSE 22 -CMD ["/usr/bin/sshd", "-D"] diff --git a/docker/gitolite_init.sh b/docker/gitolite_init.sh deleted file mode 100755 index bd70222..0000000 --- a/docker/gitolite_init.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/sh -gitolite setup -pk "$1" -chmod 755 /var/lib/gitolite -chmod -R 755 /var/lib/gitolite/repositories -ln -sf .gitolite/conf/.gitolite.rc /var/lib/gitolite -ln -sf .gitolite/conf/.gitconfig /var/lib/gitolite diff --git a/gitolite/Dockerfile b/gitolite/Dockerfile new file mode 100644 index 0000000..5d34312 --- /dev/null +++ b/gitolite/Dockerfile @@ -0,0 +1,51 @@ +# https://gitolite.com/gitolite/index.html +# https://github.com/sitaramc/gitolite + +FROM debian + +ENV DEBIAN_FRONTEND=noninteractive + +# Install SSH and gitolite packages +RUN apt update \ + && apt full-upgrade --yes \ + && apt install --yes openssh-server gitolite3 \ + && apt clean + +# Create git user +RUN useradd \ + --uid 2000 \ + --home-dir /git \ + --skel /dev/null \ + --create-home \ + git + +# Install files +COPY --chown=git:git dotfiles /git/ +COPY sshd_config /etc/ssh/ +COPY gitolite.conf entrypoint.sh initialize.sh /app/ + +# Setup SSH keys +# We manually generate and store host keys in a separate volume, so that +# rebuilding the image doesn't break user trust. A key pair is generated for +# the root user for gitolite file initialization, so we don't need a file +# supplied by the user every time they update the image. +RUN mkdir -p /hostkeys/etc/ssh /run/sshd \ + && ssh-keygen -A -f /hostkeys \ + && ssh-keygen -f /root/.ssh/id_rsa -N "" \ + && cp /root/.ssh/id_rsa* /app + +# Patch `gitolite setup` script +# The acting gitolite.conf file is managed by the gitolite-admin repository. In +# order to install our default version of the file, we need to patch its contents +# into the Setup.pm file in the gitolite installation. This helps maintain +# separation of normalmode and gitolite-admin version control. +RUN grep -B1000000 __DATA__ /usr/share/gitolite3/lib/Gitolite/Setup.pm >/app/Setup.pm \ + && cat /app/gitolite.conf >>/app/Setup.pm \ + && cp /app/Setup.pm /usr/share/gitolite3/lib/Gitolite/Setup.pm + +# Initialize gitolite files +RUN su git -c "gitolite setup -pk /app/id_rsa.pub" \ + && chmod -R 755 /git/repositories + +EXPOSE 22 +CMD ["/app/entrypoint.sh"] diff --git a/conf/.gitconfig b/gitolite/dotfiles/.gitconfig index a998fec..6e33a9e 100644 --- a/conf/.gitconfig +++ b/gitolite/dotfiles/.gitconfig @@ -4,3 +4,5 @@ useConfigOnly = true name = gitolite email = gitolite +[receive] + denyDeleteCurrent = warn diff --git a/conf/.gitolite.rc b/gitolite/dotfiles/.gitolite.rc index 25a5231..eefc022 100644 --- a/conf/.gitolite.rc +++ b/gitolite/dotfiles/.gitolite.rc @@ -74,12 +74,12 @@ # suggested locations for site-local gitolite code (see cust.html) # this one is managed directly on the server - # LOCAL_CODE => "$ENV{HOME}/local", + LOCAL_CODE => "$ENV{HOME}/local", # or you can use this, which lets you put everything in a subdirectory # called "local" in your gitolite-admin repo. For a SECURITY WARNING # on this, see http://gitolite.com/gitolite/non-core.html#pushcode - LOCAL_CODE => "$rc{GL_ADMIN_BASE}/local", + # LOCAL_CODE => "$rc{GL_ADMIN_BASE}/local", # ------------------------------------------------------------------ diff --git a/local/triggers/push b/gitolite/dotfiles/local/triggers/push index 7a3cb56..7a3cb56 100755 --- a/local/triggers/push +++ b/gitolite/dotfiles/local/triggers/push diff --git a/gitolite/entrypoint.sh b/gitolite/entrypoint.sh new file mode 100755 index 0000000..613a968 --- /dev/null +++ b/gitolite/entrypoint.sh @@ -0,0 +1,15 @@ +#!/bin/sh + +# On startup of the gitolite container, force a receive of the gitolite-admin +# files from the persistent volume, to cause the user's real pubkeys and config +# files to take effect. +main() { + sleep 5 + ssh -o StrictHostKeyChecking=accept-new git@localhost info # cache hostkey + git clone --bare git@localhost:gitolite-admin.git /tmp/gladmin.git + git --git-dir=/tmp/gladmin.git push origin :master # remove rmt master + git --git-dir=/tmp/gladmin.git push origin master # replace rmt master +} + +main & +/usr/sbin/sshd -D diff --git a/conf/gitolite.conf b/gitolite/gitolite.conf index a1602d0..89eb558 100644 --- a/conf/gitolite.conf +++ b/gitolite/gitolite.conf @@ -1,4 +1,4 @@ -@administrators = admin +@administrators = %ADMIN repo gitolite-admin RW+ = @administrators diff --git a/gitolite/initialize.sh b/gitolite/initialize.sh new file mode 100755 index 0000000..6806acd --- /dev/null +++ b/gitolite/initialize.sh @@ -0,0 +1,16 @@ +#!/bin/bash -e + +# This script is manually invoked when first setting up a site to initialize the +# gitolite repositories database and set up a user-supplied pubkey for initial +# administrator access. + +echo -e "This will erase data in the gitolite repository volume!" +echo -e "One SSH pubkey will be used as the initial administrator of the new install." +echo -e "\nKey selected: $1" +cat "/tmp/$1" +echo -e "\nPress Enter/Return to continue..." + +read -r confirm + +rm -rf /git/.gitolite /git/repositories/* +su git -c "gitolite setup -pk /tmp/$1" diff --git a/docker/sshd_config b/gitolite/sshd_config index efc0c52..efc0c52 100644 --- a/docker/sshd_config +++ b/gitolite/sshd_config |