From 90858ead45f6702bdde31671246ad9c56fc7803e Mon Sep 17 00:00:00 2001 From: Malfurious <m@lfurio.us> Date: Fri, 15 Sep 2023 06:02:18 -0400 Subject: gitolite: Refactor Dockerfile for debian base Building from debian:latest will make for a smaller image, a faster build, and will make the image more accessible to a wider variety of platforms. The effort started by 19e7dc8932c is expanded upon such that the image cleanly bakes in all static config files into the image - ie. the entire hosting user's home directory, except for the repositories directory. This removal of config management from the gitolite-admin repo is part of the reason why it is being decoupled from this repo. The gitolite image will now never utilize a user pubkey during build. Instead, it can be invoked with an alternative entrypoint to interactively configure a new install. Signed-off-by: Malfurious <m@lfurio.us> --- gitolite/Dockerfile | 51 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) create mode 100644 gitolite/Dockerfile (limited to 'gitolite/Dockerfile') diff --git a/gitolite/Dockerfile b/gitolite/Dockerfile new file mode 100644 index 0000000..e3ff032 --- /dev/null +++ b/gitolite/Dockerfile @@ -0,0 +1,51 @@ +# https://gitolite.com/gitolite/index.html +# https://github.com/sitaramc/gitolite + +FROM debian + +ENV DEBIAN_FRONTEND=noninteractive + +# Install SSH and gitolite packages +RUN apt update \ + && apt full-upgrade --yes \ + && apt install --yes openssh-server gitolite3 \ + && apt clean + +# Create git user +RUN useradd \ + --uid 2000 \ + --home-dir /git \ + --skel /dev/null \ + --create-home \ + git + +# Install files +COPY --chown=git:git dotfiles /git/ +COPY sshd_config /etc/ssh/ +COPY gitolite.conf entrypoint.sh /app/ + +# Setup SSH keys +# We manually generate and store host keys in a separate volume, so that +# rebuilding the image doesn't break user trust. A key pair is generated for +# the root user for gitolite file initialization, so we don't need a file +# supplied by the user every time they update the image. +RUN mkdir -p /hostkeys/etc/ssh /run/sshd \ + && ssh-keygen -A -f /hostkeys \ + && ssh-keygen -f /root/.ssh/id_rsa -N "" \ + && cp /root/.ssh/id_rsa* /app + +# Patch `gitolite setup` script +# The acting gitolite.conf file is managed by the gitolite-admin repository. In +# order to install our default version of the file, we need to patch its contents +# into the Setup.pm file in the gitolite installation. This helps maintain +# separation of normalmode and gitolite-admin version control. +RUN grep -B1000000 __DATA__ /usr/share/gitolite3/lib/Gitolite/Setup.pm >/app/Setup.pm \ + && cat /app/gitolite.conf >>/app/Setup.pm \ + && cp /app/Setup.pm /usr/share/gitolite3/lib/Gitolite/Setup.pm + +# Initialize gitolite files +RUN su git -c "gitolite setup -pk /app/id_rsa.pub" \ + && chmod -R 755 /git/repositories + +EXPOSE 22 +CMD ["/app/entrypoint.sh"] -- cgit v1.2.3 From c1db5d6e6557ac5f3b9d408eb2de888bf096a370 Mon Sep 17 00:00:00 2001 From: Malfurious <m@lfurio.us> Date: Fri, 15 Sep 2023 08:49:25 -0400 Subject: gitolite: Add admin initialization script Per docker image changes, this serves as an alternative entrypoint for performing initial pubkey configuration. Signed-off-by: Malfurious <m@lfurio.us> --- gitolite/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'gitolite/Dockerfile') diff --git a/gitolite/Dockerfile b/gitolite/Dockerfile index e3ff032..5d34312 100644 --- a/gitolite/Dockerfile +++ b/gitolite/Dockerfile @@ -22,7 +22,7 @@ RUN useradd \ # Install files COPY --chown=git:git dotfiles /git/ COPY sshd_config /etc/ssh/ -COPY gitolite.conf entrypoint.sh /app/ +COPY gitolite.conf entrypoint.sh initialize.sh /app/ # Setup SSH keys # We manually generate and store host keys in a separate volume, so that -- cgit v1.2.3