summaryrefslogtreecommitdiffstats
path: root/gitolite/Dockerfile
blob: db6de03ab8f803d5c9e97d5e86863d30da1c0be9 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
# https://gitolite.com/gitolite/index.html
# https://github.com/sitaramc/gitolite

FROM debian

ENV DEBIAN_FRONTEND=noninteractive

# Install SSH and gitolite packages
RUN apt update \
 && apt full-upgrade --yes \
 && apt install --yes openssh-server gitolite3 \
 && apt clean

# Create git user
RUN useradd \
    --uid 2000 \
    --home-dir /git \
    --skel /dev/null \
    --create-home \
    git

# Install files
COPY --chown=git:git dotfiles /git/
COPY sshd_config /etc/ssh/
COPY gitolite.conf entrypoint.sh initialize.sh /app/

# Setup SSH keys
# We manually generate and store host keys in a separate volume, so that
# rebuilding the image doesn't break user trust.  A key pair is generated for
# the root user for gitolite file initialization, so we don't need a file
# supplied by the user every time they update the image.
RUN mkdir -p /hostkeys/etc/ssh /run/sshd \
 && ssh-keygen -A -f /hostkeys \
 && ssh-keygen -f /root/.ssh/id_rsa -N "" \
 && cp /root/.ssh/id_rsa* /app

# Patch `gitolite setup` script
# The acting gitolite.conf file is managed by the gitolite-admin repository.  In
# order to install our default version of the file, we need to patch its contents
# into the Setup.pm file in the gitolite installation.  This helps maintain
# separation of srcnode and gitolite-admin version control.
RUN grep -B1000000 __DATA__ /usr/share/gitolite3/lib/Gitolite/Setup.pm >/app/Setup.pm \
 && cat /app/gitolite.conf >>/app/Setup.pm \
 && cp /app/Setup.pm /usr/share/gitolite3/lib/Gitolite/Setup.pm

# Initialize gitolite files
RUN su git -c "gitolite setup -pk /app/id_rsa.pub" \
 && chmod -R 755 /git/repositories

EXPOSE 22
CMD ["/app/entrypoint.sh"]