From 38de96ebe0494055b231891258913ad29558aba2 Mon Sep 17 00:00:00 2001 From: Frank Ittermann Date: Fri, 8 May 2020 19:55:04 +0200 Subject: [PATCH] Major improvements * update to the latest alpine version * support independant git account name from git-server repository location * update documentation --- .gitignore | 5 - .travis.yml | 15 ++ Dockerfile | 25 ++-- Makefile | 17 +++ README.md | 189 ++++++++++++++++++------ docker-compose.yml | 15 -- git-server-docker.jpg | Bin 16368 -> 0 bytes git-shell-commands/no-interactive-login | 2 +- motd | 6 + sshd_config | 9 +- start.sh | 36 +++-- 11 files changed, 220 insertions(+), 99 deletions(-) delete mode 100644 .gitignore create mode 100644 .travis.yml create mode 100644 Makefile delete mode 100644 docker-compose.yml delete mode 100644 git-server-docker.jpg create mode 100644 motd mode change 100644 => 100755 start.sh diff --git a/.gitignore b/.gitignore deleted file mode 100644 index b38118a..0000000 --- a/.gitignore +++ /dev/null @@ -1,5 +0,0 @@ -# IntelliJ project files -.idea -*.iml -out -gen diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 0000000..f47fdea --- /dev/null +++ b/.travis.yml @@ -0,0 +1,15 @@ +sudo: required +env: + global: + secure: UI+fPqbGYOhFBnhwOlAfc3qX5SL9/ve5f+FzyxfV3TA3e0lfzn8mNYBxYH8WEyjnzbX2fjC1S1dYz4iiaUxPqqfkfqH3PdVoh0CDklG8GINFY35gIGZdqkpW+NZ3SXD20EdndxeVbDgeZP+QOyn4QZES4zAouO4QsX3qJ7Y86ZnRXBsqG7+sP9b7ocM1IGRxivJNnQcQbKQ5a6jQhHj9EHJkQp5KRh1DVMUsrFQBJSIzLWIG5ZiHSBpjvxzg/u08CVu/+DH8u4BfNtiaABguZ/5UeGiQJhJVR2TzqNfnihoCVuMZXI4818e/W8pDOrJD0kCTpizMvxeo52XAZeGAr+XsfP0ZmIVjHYgnrPQA15YRbxyR88Lz91f6V3UzRKkcXYlNVqd765uoZyamxNnnb/zGKFtZl/UXVtpfg72QLVM8VecdGtPWEADH7TkFqMU3xrr7hGJog4ZGh1n1S+YMpGgbXpyqDWsN4T8as/cTjQ1pNgIibu2++n12SrUV/eT5Ehhdhl3/fdgqmgLaygA4bhxZzHEii6ZFvAA/Eg6ACqs3F0tNbhtpPd0MPdXyvt3V5VQHV3XLSZLmobFUQnw3RqPzbX0UtmPwfQf21ViBPpymfXkwl6y5M3vs7mUHVCh28XHeQ9D0lygHOm02TO8ZnAzGH+b+5L/eBL55D2UWFF4= +services: +- docker +addons: + apt: + update: true +script: +- make build +after_success: +- echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin +- if [ "$TRAVIS_PULL_REQUEST" = "false" -a "$TRAVIS_BRANCH" = "master" ]; then make + release; fi diff --git a/Dockerfile b/Dockerfile index b1c9d0a..1f8a5a5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,22 +1,16 @@ -FROM alpine:3.4 +FROM alpine:latest -MAINTAINER Carlos Bernárdez "carlos@z4studios.com" +LABEL Maintainer="Frank Ittermann frank.ittermann@yahoo.de" -# "--no-cache" is new in Alpine 3.3 and it avoid using -# "--update + rm -rf /var/cache/apk/*" (to remove cache) -RUN apk add --no-cache \ -# openssh=7.2_p2-r1 \ +RUN apk update && \ + apk add --no-cache \ openssh \ -# git=2.8.3-r0 git -# Key generation on the server +# generate host keys RUN ssh-keygen -A -# SSH autorun -# RUN rc-update add sshd - -WORKDIR /git-server/ +WORKDIR /git-server # -D flag avoids password generation # -s flag changes user's shell @@ -34,8 +28,11 @@ COPY git-shell-commands /home/git/git-shell-commands # sshd_config file is edited for enable access key and disable access password COPY sshd_config /etc/ssh/sshd_config -COPY start.sh start.sh +COPY start.sh /start.sh +COPY motd /etc + +ENV ACCOUNT helmet EXPOSE 22 -CMD ["sh", "start.sh"] +CMD ["sh", "/start.sh"] diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..8a3420f --- /dev/null +++ b/Makefile @@ -0,0 +1,17 @@ + +VERSION=1.0.0 +ACCOUNT?=fr123k +REPOSITORIES?=$(PWD)/../ +export NAME=fr123k/git-server-docker +export IMAGE="${NAME}:${VERSION}" +export LATEST="${NAME}:latest" + +build: ## Build the jenkins in docker image. + docker build -t $(IMAGE) -f Dockerfile . + +release: build ## Push docker image to docker hub + docker tag ${IMAGE} ${LATEST} + docker push ${NAME} + +git-server: + docker run -p 22:22 -it -v $(REPOSITORIES):/git-server -e ACCOUNT=$(ACCOUNT) --name github --rm ${IMAGE} diff --git a/README.md b/README.md index 168a01f..d0244a4 100644 --- a/README.md +++ b/README.md @@ -1,76 +1,177 @@ # git-server-docker -A lightweight Git Server Docker image built with Alpine Linux. Available on [GitHub](https://github.com/jkarlosb/git-server-docker) and [Docker Hub](https://hub.docker.com/r/jkarlos/git-server-docker/) +A lightweight Git Server Docker image built with Alpine Linux. Available on [GitHub](https://github.com/fr123k/git-server-docker) and [Docker Hub](https://hub.docker.com/r/fr123k/git-server-docker/) -!["image git server docker" "git server docker"](https://raw.githubusercontent.com/jkarlosb/git-server-docker/master/git-server-docker.jpg) +## Use Case -### Basic Usage +### Local Jenkins use Local Git Repository -How to run the container in port 2222 with two volumes: keys volume for public keys and repos volume for git repositories: +The major motivation for the local git server docker container is to provide a way for a local jenkins running in docker to use local git repositories instead of github for example. - $ docker run -d -p 2222:22 -v ~/git-server/keys:/git-server/keys -v ~/git-server/repos:/git-server/repos jkarlos/git-server-docker +The following steps describe a way to use the local git server in jenkins without changing the github url of the jobs in jenkins. They can still point to the original github respositories. -How to use a public key: +#### Local DNS - Copy them to keys folder: - - From host: $ cp ~/.ssh/id_rsa.pub ~/git-server/keys - - From remote: $ scp ~/.ssh/id_rsa.pub user@host:~/git-server/keys - You need restart the container when keys are updated: - $ docker restart - -How to check that container works (you must to have a key): +Setup a domain like `local.github.com` that is then used by jenkins. - $ ssh git@ -p 2222 - ... - Welcome to git-server-docker! - You've successfully authenticated, but I do not - provide interactive shell access. - ... +```bash +echo "192.168.65.2 local.github.com" >> /etc/hosts +``` -How to create a new repo: +The ip address `192.168.65.2` is specific to your operating system and only works from within a docker container. +**This ip address work on MacOS.** - $ cd myrepo - $ git init --shared=true - $ git add . - $ git commit -m "my first commit" - $ cd .. - $ git clone --bare myrepo myrepo.git +#### Git Config -How to upload a repo: +Add or change the `%{JENKINS_HOME}/.gitconfig` with the following setting. +``` +[url "ssh://git@local.github.com"] + insteadOf = https://github.com/ - From host: - $ mv myrepo.git ~/git-server/repos - From remote: - $ scp -r myrepo.git user@host:~/git-server/repos +[url "ssh://git@local.github.com/"] + insteadOf = git@github.com: +``` -How clone a repository: +#### Local Github Server + +Run the docker git server container on the port 22 (sshd) and specify the github account like `fr123k`. + +`docker run -p 22:22 -it -v $(PWD)/../:/git-server `**`-e ACCOUNT=fr123k`**` --name github --rm fr123k/git-server-docker` - $ git clone ssh://git@:2222/git-server/repos/myrepo.git +If something is not as expected check the [Troubleshooting](#Troubleshooting) section. + +## Basic Usage ### Arguments * **Expose ports**: 22 * **Volumes**: - * */git-server/keys*: Volume to store the users public keys - * */git-server/repos*: Volume to store the repositories + * **/git-server/**: Volume to store the repositories +* **Environment Variables**: + * **ACCOUNT**: Name of the git account + * **DEBUG**: If exits enable debug logging of the sshd to the file `/var/log/auth.log`. Useful for troubleshooting + +### Git Repository Volume + +The volume has to be mounted to /git-server mount point. +It has to contain the `.keys` folder with all the public keys +for the ssh authentication. + +* -v (local_git_repository):/git-server/ + +Example mount directory that is above the current one as a git repository. + +`docker run -p 2222:22 -it `**`-v $(PWD)/../:/git-server`**` --name github --rm fr123k/git-server-docker` + +### Git Account Name + +The name of the git repository. +* -e ACCOUNT=(name of the git account) default: helmet + +For example +`docker run -p 2222:22 -it -v $(PWD)/../:/git-server `**`-e ACCOUNT=fr123k`**` --name github --rm fr123k/git-server-docker` + +### Git Account Name + +The name of the git repository. +* -e DEBUG=true + +For example +`docker run -p 2222:22 -it -v $(PWD)/../:/git-server `**`-e DEBUG=true`**` --name github --rm fr123k/git-server-docker` + +### Local SSH Git Server + +How to run the container in port 22 (sshd). + +`docker run -d -p `**`22:22`**` -v ~/git-server/repos:/git-server/ fr123k/git-server-docker/` + +### Local Git Repositories + +**After adding git repository described below the docker container has to be always restarted.** +How to create a new repo: + +```bash +mkdir local-git-repo +cd local-git-repo/ +git init --shared=true +git add . +git commit -m "my first commit" +``` + +How to upload a repo: + +From host: +```bash +mv local-git-repo ~/git-server/ +``` +From remote: +```bash +scp -r local-git-repo user@host:~/git-server/ +``` + +How clone a repository: + +```bash +git clone ssh://git@127.0.0.1:22/helmet/local-git-repo.git +``` + +## Troubleshooting + +### Validate Local SSH Git Server + +How to check that container and the authentication keys works. +`ssh git@127.0.0.1 -p 2222` +The expected output looks like this. +``` +Welcome to git-server-docker! + +Provided to you from + +https://hub.docker.com/r/fr123k/git-server-docker/ +https://github.com/fr123k/git-server-docker + +You've successfully authenticated, but I do not +provide interactive shell access. +Connection to 127.0.0.1 closed. +``` ### SSH Keys How generate a pair keys in client machine: - $ ssh-keygen -t rsa +```bash +ssh-keygen -t rsa +``` How upload quickly a public key to host volume: - $ scp ~/.ssh/id_rsa.pub user@host:~/git-server/keys +```bash +scp ~/.ssh/id_rsa.pub user@host:~/git-server/.keys +``` + +## Docker Image + +All `make` commands can only be from the folder where the Makefile is located. + +### Build -### Build Image +How to build the docker image: -How to make the image: +```bash +make build +``` +or +```bash +docker build -t git-server-docker . +``` - $ docker build -t git-server-docker . - -### Docker-Compose +### Run -You can edit docker-compose.yml and run this container with docker-compose: +How to run the image: - $ docker-compose up -d +```bash +make REPOSITORIES=$(PWD)/../ ACCOUNT=fr123k git-server +``` +or +```bash +docker run -p 22:22 -it -v $(PWD)/../ :/git-server -e ACCOUNT=fr123k --name github --rm "fr123k/git-server-docker" +``` diff --git a/docker-compose.yml b/docker-compose.yml deleted file mode 100644 index cded791..0000000 --- a/docker-compose.yml +++ /dev/null @@ -1,15 +0,0 @@ -version: '2' - -services: - - git-server: - image: jkarlos/git-server-docker - #build: . - restart: always - container_name: git-server - ports: - - "2222:22" - volumes: - - ~/git-server/keys:/git-server/keys - - ~/git-server/repos:/git-server/repos - diff --git a/git-server-docker.jpg b/git-server-docker.jpg deleted file mode 100644 index bfcee382270c1d543de333ff4cf30d7ae16c8f94..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 16368 zcmaL82UJtf);An_liqvpgqqNc1StWL8jz}V0*2lZ>7ewEh8jAdD7~w65a~^N2SGrZ zprG=F|GoFQ&%3^Ny_2<0=FFMBXV2{U?U~s#bNl6X1Hhmj0Cxlcpim(IA>hB^_7Fh% zz}L<-5P${1#U!%<0Jj@BkcznF$qy|F@T~2Coe9+@$bNeDb35?QQq)@#=pzLyeV=0 zyHfuC{-XX;qV8T!ViIz4a$@3=Vv>?TOb(!Tpqr0P0MN~w`#&5WIC$H6!99H7?rt1+ z9BpjfeSMU;Fp~bO3J4Ef-Tz_ye{C%U;;vr*QWH#|Iq$#8Vom4d$_&421r#^PFe$`p{gM#A)ziUry&86l~Mz# zNyw;+Ydnzr4=vQq+sDSu&f%`SJ6iaEX{G+3wDM|R4mLjSUdHb3&;Fx%eP?$ccW-BR z4-Pf8J59@Q21@Dyeuev^P@Phj}*lT#XBRKwPU3vKbMGCN^xUHNFSOO?1 zE@=-0Nr4=Ja*{IAKyiBqkc^a^lmyt(f$QJ&_W!HZ{?$7%DVUmg{6`>pM@Ml7M=4tg z3?m5{poD~s4N%t3-VSJkd6kp}%Q)D|$#RKdL=?O0F#oFq{U-_2EAOKJ0|(5@{{YIt z4TB;t3|wxH0c8Jx0AT+S152#iB|sE_f`o+R9tp+0dldBKq~!F>G!zsx% z2@~kq*tmK5dAZrd#H6Ie#P0u}0gIBHoRXT7mWqm&h7$8*qM@UsVd7(AVqs$96X#~b z1a5I*QGR}YQDHDxTpSF(e_!Q)v$*{Tpd`d1#wNkR;sRh(V&PC?-Sz=m003+pEG(@5 zS``2mHVz&xJ^?1}|Nj9O51#^ng@cWYjfYP}NI-~N8_i!-fQsPhoQ~+Oe zq2T?QUsE&!C?g0q2SuVP^nM%-&P*bd6OW*x)G&&p(6~&%dz8mMBC3M&0biJwE+KBz zL|8bDpkS(g(cP<73X%fwu~MLHDoWq^UtgiJo`zbRVG-02DjvQl?1xXIIC!Fv0fL+~ zRMZeGP7nvzM!&iqm?lG%~YiPi{=q zvnq)vLyT=NG{~r$?d4%2^>4kZy02CxK!Mfx4$oTnL5B0+j22HBrpqqWp*-?Xm8d%2 zqTHfAwu!o9bZ3gL%5uI@sjSA2Bl_#*%4c^?pLwJT?Z;o=^)J5V<$Y2PHu~F<^HZfF zjUsx&BO;te2u`Vg*Gwt@G!qjiA<--`P?07B0HFw@h)N;qjf=~JB+3b5Lwp4H1@+a5 z%?-*+g>cKwEA|PwB5`q3P)4J)`U1MNFq9TbJ}QyStO5o2YD%}&HrUcGJ%(; z&iH1vJ|kjv_4Ch%{ZIrtn`g%5ov%ig9iyeTHaac19`e_r<)-nye)6tGXot>@3#vti zC+^dh;o{cV_Pf7HtXdAEqZU7EM{@(0vtHDa0F8dF!p@3|%iV7Qm4S`70Q(PWMsCYR z%Zj>`?JC5XGpe=dvjeL}68e?zn__H$51FDcaaC0m4+m3H#-uS|x*KXzMhb~=2Jzf|xsPisP|4#t z3`mKiRiFJB-Z-YV;ywU#@)D2FU7-Rs*zSBwZE_Ly&ez%eNngD*;;(To!28*=FLyC0 zh=!{zO^{?*jO=@4Km1+2b1zcu_4iAZWzdm-*0N{R=0Vl>t-c@aR^ug45|>36TQltE z^jwqio85mKBt=j9J3p0QNYK0px~2z1&T1_(+hlbO-k#&^cLZPF#A_dwqa}YEEni7g z)wt!k9k9(j`Yw~LWsKsKgJ>K0IOohER$GKk?P{qzA>h*>VcgmL-3QF4k#l=ijC{TS{uvwSN8rzmD{-kKNb*7WKW;hkTWF z)=KcufkM)--~!WANUB2fAcGRVD6A45C>k#NG$NvMH}0Y&nky`d6Aw!QsdZnM2uB|o zMhKz6rij8NL_t#f1O#aqaJMN-m*aX@Ki7U}j*(+!NX_6a311xx_mr0D&=uo7f|rr~ zvXA*)8=c;MFqH_8@sTm1%j8#*&xDu0XC^no(1JQrt#*XPDU(0zB7KH{(e>V7O;>#$vp>99jXqwpbTv>-3vujh0pCE zo1Tm;%vz7US9_53>j?;b3|t-TQyhmYjkIHv~72c{fC3JxG-mlYD-*rI$Xs%C3@I z{N;D2is87M@VI4p{&&Hp<6FQf{VkyL@ATYM@6|I(-gUkbxx#$M+I}}6B9Oji)n@ta zjl%}J7ao;>aT*uO*$yHACDg@_9uM{#QE+;6YW{TK_Z~~caO0|IVQ?rVZm;K3lDX|f z;0t#R8$(lWy7XJX;HwgmF;6cGNek<1X0)y%jVdkyC}K*8u#X}jO8Cu0-JNoXF`A*l zfPscBB~Je-l7^VFQeB%61tlu9y;CBg@$!G|T0f-uat*tdIP7GIICi`p3YYeHmipZO6PpumJTyyVK`-br-h)y_SWg zqP-3k#lIx`c!;jvqcxMw-ZdwcPiUweqc)Xcd`WS-{PAM+7wwgy${v@rhs&;SL~MHL z6iq2#D-nyv(97r)!&xdaJ0jN;M@O{S9@55twawU|n{hx3J2DgyD4EobNqEP^r|B?( zOQ#*Dg^rgNRzX|LH%%K873Rz-e0&r_ICYBe%)a#<9}TSRYY3%wmu`k6mtIkSSXjy% zM7tXETy}{OpB4%uYOQc8JQJ>RMoNTI>Z5ju1iL4T(LZwhYd+0>`4)BlgtqUCD{}WA z{6JhqS9d1l-wXub+2kC{d5~OLjcf${{{gEmwdrHOY=LhIhG%-A1by(v6N5WgJ&p>m z&?PM7Bvic*p;CqL=$DkKLn5f}Lnuo0F{4dkH_A}o5WZfh?+l^Pr-&x9r+o0sQivPw zi6f6?Ov6{S(QkhXkTMI67W;ZV5wcUyeOU5`-Mrjn?Q`Ob)$c=}T9W_NWSd^bZN%QZ z{mEX#m3h2_H+$68Yrd;VSo}jj_gggWv(^U3UF_wX+Gj+4{dUC0W?z5L{Nb04z_G}e$Ine!+1Q6w~nutF`yU4WmB zw7#yGRcg4qS{)nRSt+>wl>gQ&)evw1VA^>e^Q8wgtMC;3Z9V@DO!hO!`zdz-V|<$ z1Ul`#&D@3ucU;b|J$%uSwRm>pxQ~~RO_o{f@#bTTt|V@*>s+JCo9Yie=@%g`m&dB= zd{=K)8@x=J4G;#wiBTeh*MQ z_h*%d8Z8!ajp?PFl>x)K!Mc6TEo6(wq#7OyF|rdr3bEQ>9$WP4Fp@5brxAo(M=r8? zG_$rn2G=}KAL!YQh1Y0R)T(k^wBVm4!IpcO?~uVd z1Xh}TZ=a=VgL^KARuLT6v@=C#@SlvWP$x#semWPzIU0(R8lrDRt}Gdb5NGQsPGfz- z3VkC3j{&qgZj_Lyn+1-uM9P)LX{On70@oh@gG7;qwxDgqQhdfv+ATmDZ*=4-0$-Bt z+Y8AC%YT`I&lz%K-toCETW=sIH~G7!rKVA)St|5>H|%;BHzB3%qQMR4PJMk;v z>GSbg^X85YpgO;=_cZC_X$re7r1*|r}BS}A4y+0vI?qunm&tt6JZkC9(4{|XF1j$bUU zJZRdMiG-Vr!jDQ~8-pMI>WwwuXj@!s&MhT_HOc4CCL0}o*A{Q_&o|S6_Rsst8dqAl zdwgY8OK|F3OZcx9Df+h+If!b&SdsbvS`o?BjsLMC>Ho1JUGJCL62BfJ&owt&+1b~w zL&m0d*uiaq{2wAWp=HsS=?WP`ZDdSTN~R{L373W^&AbO(SU6)T;F1_ZL=VHmBHG{A z$j{)3qiKwS6A~6OF;z}@sT1(vpoM5yWGf0$4w_)yt=PKd7e{}id0}fO>3=a1a{l#) zrjnYPtrS8GFdpC`zIUNaMO@U=R;@HW%aOV2pGUTxgt6Pdn zEEC=!ZgSF>uktSYV`|dPHRGwKOO)uPTLATs9m~3cv%%WEA2hJ_gR>VGRvKVrQCVrU za+c39s2C%=9@T5|bZSdk557vR&0j~ob=W&K4EGw}O^=}j*)47X%zt&LRon^wOoy6) zft{XzhN^9|veGQmzWBuFM5sS`gYa-?PG{UW_fQjcstOLw`p+v26xYHgatkog?-3gR z8d~M$61}zT1$eTc)#EK2{k+M|LOa1 zwwj~Wd#$qnDQbmIrM0mrCmpV=+b6nuwd9xR{Bu9-mw}6%&s+V~trssZ#Du+nOI#a- z4wKBZw5}B?k?2^%gOzzjOHjl%@mE|>%;=&juTjp*;VDZl|D`A9(IsiukJ76l*4TpL z8(!ZZwz6!|qaDWNl7FEP+y)b zp~o9_$mPg=h~bXs&LDA3#tHEKOFcIm(do)jaH%enOB-X0xs-HvzMBd~(Kp^P`DB`k zKp+d(in;EogsBt5enKwHH3kp=(?nc=E-Q?kX}7H@X|`;ah?QhfBZbT~yrPf-`P-1nmC|-k6rdY6nYGGU) zZv}5P2Z}b+1DX%mE$o>1+_KuCu)bWUPj8mwNeMmU~T2C%tlU4N}t6I0l*> zv%~fedLcQ(^7Cx>)*;Zh4A&F?ESxy_36=&gVoO~^icM_my>@u8h37F{!o9l zE-1eR=&rGcpTBRp1soi8s{CT)=3Qz|yZ0KYZ`0E`PcdxaE)&UD9RG-nl_b6?*CvQ6 zJ5wlV`iF=PdPiawtrPR-dK48`iRC8; zXQ>~UN=owDWV>Rr)@Q#A=v;{~eq8Hcp7{QZLl#FnpQ|%t1<|QgTH94+DWJ+v5nx}F z%<$&I;;R*m^l9*rD}2?n@Vs(g{;yOhLd$?wP%Hzp%ru>4TqDAJD@FvN_Z3t7=4X+buG@`w6Q-e}gj z6$Ck@Um8DYaU%zcwc3ctzxM22zNvb@x=WIE5WU#;ZvFB{lX-bLT|@elGkf21dR_7O zCychiSHDVk6csP9{Q$|wRZ9OOs0GGl&Ho!T1n?vfQBAv+{4a2 zUtYl;#U)G19KNMcVKs+VyG7Fb9D65Vi^H3tk53$?LRZWQji!=*h4Psm^J^Q@+yWw` z{^SJ6%HNQ+1f~7v7;^RY`V~ZQMAc}_n60v>QvF49 z^F)IIoY)bi^53{6R|mY~AROumY_vkFo2P5X6NxXBCqn*2EDTG|{SLX|cl!8`fr5sD+n%OoZ4Qm2}xL4P>9zE8od ztvFe0-`YQLVXg%s;+Iesi)M;pDEM+Tk^`le2;~#l9*JC|n zuC+aA>xJRK!&t$vj11fDGxZHOqqHb*$98(;qSEHFXbWMD8%SQxWwEJUM+-MH*6<>Z z6AXr}>n=&Q03}P!YjJeTnFLUlr6h)0Oi>3>`n4v@9fbDwA)@fWi?9YaX^Wh40?Q|i zf-86#&IisQ^C4IUO~c@#wN%FQM(aMC0>2Ljp=xIps|b3!OUc%i_m8)*2B=6$$)R$< z9Y*eFb?^E8?cwmB>a?t{4JM69cV=%gVZP8~&FuKaC)8T4-WJ;UNi;n#rA4#pKU->! z;a+Q-w7=QB|C^oqCHLp&-%4X*a%VIsGmPLL=!V+7w)uJKvSbZ~`48pBRxG#wuz#va zVy=kh?g-Wt8O+TLqRp%j$yBNyy`ncShX3qW31{`c1q8jdU`mzQy9G3B8r?U7G-tkl zGMsUs=2>*FFET-U3FhRWfnhP!(CRuW6KRJ1B~a-Tik*LPo#moT-aAY>6YbK5nar zfK6OK+{^}jndQ3Qw_UiG9`;diB75}r8|#u)7xo?%6#e@fF<1W!bL`!as%^hYJ~4k8 z;{rJ=0sW)?J=4vFfR)_mwZc6TPjFJ_5Ux6Te58Fy(YyvkTN~TlLIM-n>jK?Jps~zt z)IG6fH}y`(l!hje$ZQqEiv&AvJG%t99l+IG7EsCTnSst0+RBm1TuP1R`6lOKS@q}5 zz@R5rtY`Z5hfMDew$EdYv)uxBchmR1zW9S_i<=0L?u(yi7pjrglp306w}3wyW~?fi z{;FgfgrqXICP`G9Mt`2VwCk6eM+_S+_SHVJb}WcfBMVV@V45hYt__1)jzuSeiO}6B zBQ!A;1mn3eMv@Z2X#eqMqMm{Y_2DQZRkgI^X_&)HzXoqjw$!Osx~Z*>##u94*6QWS z!4jXh3Y~}FESj_AJ_)S4>1*?9@jSeC==GLOgSd_;M@@xqYB6l&Xk?Q; z5Ud{BPUCk;n8^Lb)@0N9I*ynug}%yl23Q5RG@PYvGi+kNf2x6OtAq zF(oSzQBp(rlu|m8mcR4Z)q1`ub02or?f93l_upnjc^E_{OY-3}A{~4pca7bYy4KDeM8C9uv92;9&xd| zVZOh}L8wtTEMFn3|D!4c1q>l_6%xRxea>(uu%f6!!1nkgC%AdFF~sr<^rH2bh7bd# z!AseQ=JFVYmsa$#tCa)b7t0 zDql&R;&&l+IPiB{6ZFdB{li5JV3}3TwBuCN?OHue}GD&{F9%M{5RX* z9=v|Za?sEN^j`wJ*^-;Y#A<1u=gsw6zkol$wSj?T_MhkO`=x*`MB^8ZOOsZzr<#L* z_Kx;$O_w5vMB=Is(P~G)PTmW&na)Nj=4I#v&@&&KdX;sxq zdx|SnnUcYL6A5)N8m?$Xim({Li8DjAP*_r0DLM>BtFB+tN%x*sD!ZjM+C-=P3pcLi%}1peSFI`rUF+X(e)_#DDtQa_8uXtP zWjpO9;dIQ})C*jmeZ?7UkYGp4faXn8Hrd|u^2*)b5tMHph)O9bC2ZB7N5;KD(ZDKs zoS}pQpxn8((qybr56)592(qUr!h7F$j&hFI%5DMX16S#8^>uXbhv{QCUFR1?Yx6+g zsYip*)#O3zNDcF0W|qr$owAM8kORZUgU8lUL0&FGt@f>XN?pSpb%wdfK{=b$_=crk z-?pWtu@z6PO}52U>tVU*gIhqh^plPkIk$jSYyXuS*Mk0|wGBl{Ny{s`6u^{*LonES zm8iQ-T^UjF!QV@J(;&z4L({2XV|`;?!XTXCRV~<;h$lY{_Cvb@{S_)gN5G6|Z!x*7 zo8^94Boxh~9|7(3G(b~DYF*^79F!ba8vC z7goE%{1)x>4Wy#1sTC}w3il)G{K@?bjDV4kWZRcFZUI~T6Q=4Nt?={{C*E%iZK?rp zC;I1(;Z%^ja%#`vL| zWxO4s#)WU18#Z!QTZJeyTjlxS=^F50`7e9UzBz@3#S$^(<8=Q*>yI|`^0KwO`F*p{ z`uzcAb-l`8A13XeCGin%IomO(TZ9qKs@GQR>sl60Wa>vmLSQUYGpo)5>OIjyWt&q{ zgAwN1X^;wZ5IM+s|Gp4Pi5m$@awgFyB{kMZlc1yV6=GAhD+EBP#wlbKn9e{<88FZ} zg?`g#U=rr5UCD)pq8?seC$*mVQ;zBbclnU;DKD!gvzxL*5s=0J5nsS8#Cfho2q`N3 zr!;0|K~D9>k(|`jQI}qO6z%H@%Q8yuN0kAy_WnHsJpvMM1I|sw6cFE8Vod4}q+c%I z7jsZW1We3TO@K}|=`Nkz^h>L`Sp-`*-`9TgZvUYj(B{r-3==ARCqU2FvRzy zfiXp@%O|;rqDDa2Xw2qZY6*%<-4y)i{8^;X8s(WuB7PWFUnZjDup_*oz6LkN+#A=C z#wF2bp5{@uuJOk@XcDR%1ZSBn5#&f;9A+-lh;2y^;~r}*TWDSgZJ!7gp9my1HOgK0 zHoy#2o_e4+g2VQUC$cJ7i688|MM7}MXE`OBtXuGpCBrWY{$3wf?qpMTm3Kq`QIpNhP7$uO&w@U80E=l2)ir-~=YsMCKW@2)K?yIgLhzN-@ogA9wd8 zfJwI(sTem~lCb+YVflN}1-!}cCmEMoh2~zid~}{!7p^!3S;Q2kT4wupylXQhFn9DC zn?dPnXNsVOvVM4XR zBVV34!8HLcDYmHVd zO`F=QX_oDXE7zAp)FIxoxdkV*uw{)#c+uGBwC*y*EUkXh7_yYjiBOQI*;rf0>zQHhaaENCGwt6-MY|`U#7eMf_}9^Z%BESG?amR= zT9m(|Y2%rvax5^h{q#zrZ5*I1$+Rg6rZpm&%qeBEe>5Fe>%6@d`ZD&)X{w{S;Lr0A zw~JcRbLN+!ej&mgaFuQDZ4&egTCGr@P8G=1--@4k73jVXD^Iu+OlpA%{v{0b`AMq& z2ro;hGrOE9Pac_{Lzl4Daze>wUD--BYjbhsUjl@oY@Cp2?PgQ5WlYKX0NHt5f9s0q zuB=Lr6TTF=aD$*iT}(jNkj8Rp7D-@-CK)06Jm}bBX_n*n@zj3HiW@hF_H#$ix54W| z@vVuTk9b$I>&g%?T3A2GTZ1QIw)_)0S2?WRx1UkpSKX9!cYBB^iGy9>JN1ftb@lw3 zRp*veteOX#L&ohz71z}EzG)rXy##bQ!*|vq$ho%8wT5}Eav_RuA zgJS1Q{bFMnlty&IptuxDT#`CDm7h8aN+Im}I00#1p_#1=Qt&lVhU`(VIDzzcH>L55@OnQj&KUu6X^E21pxc$ zZ6Lxjs;;fhpriqYnSpL1!{ub!~_DEtT)F9Pt3aVK|w#e`gXaP^FU&z8A>JNu17a)}a_ z&rR3whie_|)%7h5@Aq`Hk=vE;=5#NFEq$tWvFeXTJv{8tQ-nvk1Hzq1WJOWcbOJZK zkU{N^T8v>v=jaDYlo0B1c-g%E1!e{bQ-vI$RBJ2Bd4(#tBGvC^{m$BzFfHmqT3WCf z4G04HXVSqK+}|yVXwb6<{F2ujCRRX1^0H0J&U~7ZX32ZRkMcf#aPw?1mF5gs0eD6U zZo`+(S0AUXJAJb}4&Y zZLlZGk+$lj#vjH~PXq)(DkJ;UMP>42>N< z-9#&T7Hc1R|K#~&x!|J^{?pWL&*LlNLVWTp54^pWQO~^4#^m+v^>Z?-rTL`?vT*-W z8^$IV9Y6M0jYYYeSHH=ENmSq|2R#fo7hA(9L|siHs;*I@m}8lqZ3fVQ>$oTXKKe^j z18!mdf~}Kh3ttPdhNiI3r-{?yo=Qy?Pnie0_uM&3jnR!oHSkx~_|_*c-isB62qTe-n)Q#J*quS>ovhYEsAh=C{;EOb)I`V_cg<75l2UKK4pZZ{OhgY-aY zWRrBLeGtV@$|RuQmPn7M&)Z@1OQpi3bw~F5nq)E8^R%V8*?Qv-pI&Y&hkq_zIM|Mx zx%wNi>~k*j;7Oyrs>0&39kA*bwnA0&-}R-Xv}q`t&%3kT7kJP0)k$zY6M<}oftdxJ z>oz!|lNZ9EqeYk2za_9on;*9unq(y5wXc`rR|YG5G8e?)Rel7;5inJ?Hl9=%L?aG! zq%0Das)kuc6DOsF#nHH+R9-$!QHv@~n!KotP^5*TUcFZyo@X}{_EKIrQc5Zw9YLm*wocSlvn+3%!dwtb4@|s>O8w)-kC6t|ii47M7Hw{%pD;@#qPL}1 zbXPBWm%JTV)N=F`oSU1xn-bEe<-ccvq;kcehIQrl$o1<(w*C^UtR~M2*Y;d1d{NXO z6@^b-viKmy6ug!9d_d!yN{L|7iTiIAvA-UR4wkB$`O=XxEHqzd1~>=I?6?Q`CTm~z z2aIEfo)r8s4a(Xb^$i70Ngj=RGkt2YfG5K9uzMTw-^ezJ1{skKbba>a<(UVDN=ac( zJ}fMUaDFAe1^DkIDGW9plb$k`Hi2*>%|&bWo*@H6&Dk7ao?{c`7l6^3bstGYxm5^qiv4<}DJ3Y`ao8QQf5Qp8b1 zVA?1=B2G>H-K^$wRfvlyEh{I`MvQ`^Fzq4W;N+{G)_ps-NxEgC7Y~asa>A{G5z`J) zkgXqeaaiX$AERfL8cit~3d~tl85>VHZ7ePHTy6o?xPV|P8SW`^ym6tW93(8E0c@P% z(>eLUI6e$-j00o~9l}c(ojNT-BL8NCsCQtx{+`|%Lx0pFnFNGqXbU`d>4 zdml-?A@D5Lk&k7MerCP|e~0Ke5rfZ8ShrS74-yd7std+*$<60<={(qrGmoswZAi&^ ztf6p^&^~Qy<1Kd!b;a)aI^;rPoTi#eizXAe0==zPeG_v~lZ40^bRf*ew>J&G{t#7#6q5?o+K$8OemdG}^$GM| z7bq7)3N~jpO+Gx9oN4ShXmZlFE5Iuet<=%h>#MG5L@$hX{^@*j|Jszu^$Q~}iCUdq ztm=9Yz2EueX$a1~6`lT|^77CQEnJlQHTbiL1F64b^RAW7L#}>@=lpCeuOF&B^kx;V z{HRo#H2g90q*^Bjj&LCL?3LYSFezY~sc-c;aSb@aDapsrHEFJuUgqCbccR@*diaTr zx8~!oQw33g_%XKw>O5WTfnCsI*aBT-Q9Lz z1>d-{5x8%eaj?O(lkNUKPv$d4xsEE7D;SkX>O3{K4j2-NY+Xs!z3&qf&Fo}3;xS)0 z=1I`FsVg{uzC4D23=9#wLmBp`2qESgU&!ax;E5j!Q}h8KC6dU1?`kvOU%`W~*BVw0 z7x&a}^iD#jy$&rcOiv0h|LCRu?O2qLakqB3wBU*0)dzK~^?5;6f1Bk1i9`#1bB@Yc~ zyjmdBr~T>I{mqAPm}S+go#I=7gip6(>^EygC~Ll4=KG@@ca;^&nLUx5#H?#7AE`kn z0x5Z)CPU`d{snA5tdB0%zAe);wF};e-N^;s+9Z0=w5>F2-Q(2Qm#cYZfspPu2}w=^ zg8>PyFJ1q7u)z9r5?0a{O5WmBL{GZcTYu7w!@aj@75^STnx5VyZZ?~ZOEJ^C&8U3k zNcVK@ESP(vuV&P3_c=N~H~@iqCLSlz`N%$Z*f3zT~5 zm1ZpB{g(z!c^q~-k1EiK!tz|6tJ-Mt-8=&r5ACe_VUjA8iG5C}!~+B+61vp6@51Sn zY7TIongDEz6T!H)p(1J4SoOZzXr{E8lDIrlU(HhE8&^~0dphc|j0=I-iOO&KQ-SDI zb9+9EB@LIM*VAM9O$eCzWTiILzCuV_Ycm5&80TXjwor)x=Jo|X;9kUALohEMRBJ$c zl-$|d8>R1T$HerJX)=Y8zeas*pi;MF-bScoeK1Z5)tgGIKa;2>q`83bKC##~i37o% z0bUGvq*^m5o_Z*$dZyYNnwm*rwT}bQrj=M1U~S@T5IB+aDXH_&y$D~}H;qyraVs3)5ApL+B?&osdB5W*~m zu!PVBaN#AD~J{=wa7su#=szw+Yn79dj-?8Co2?xS@R@ZIUc3_;^RnO5D+ zFTd)w<$q1TJY5~9{3-qI%IQ}ZoHfUnEC2I9lu>t-noEPhiel?IEh|>LKZ;LumyYk` zYlnnk6mxZg7!2;CD&!t z9ZTg^g@uh!{FT24-vuy|Ahzy`{a=!>RmjF+kmburTU7Z0nfM<)p@d4p>XOz=VY;xe z8JJe#q%k@Uh0$!9P?#?)my`ybUPrqfm3rro4D*G+)b+_KG3VAa1W1J9Dh^n@bspcx z04=6&7#Kn*a2IPB20Gy39};WLJaRF1=fQP}t9**YCLBz|bQoOc9pHT@q)>Vts}{~< zjrY;Sm|Za)GmZLUV{}ARQzq5HUYbzR_B|WqGQ+avCX@W9t7enY#-_NHHjN4LC)6jI z8_)9bmhl#d81!JK6WKCezpECld(NepLst2lTN@Xf|FFMY%O+go;7ye%stu0xRATc@ z#7n*fOswaQ124#*l6immyF`|%52}~W4I(~VD{O7Nis=nb08eU?9Iejhk&1$WjtvVo zFN#Y#h{K3z&6(FaDWBcw$Ot|SPAILh=V(TKhkKB7_IV6sS`O?i(S4`;(X1Xy?L$9X zKj1mZ?cp7wO?}f1zt`|iU2$@8#!`NI4%Tqk+l*Dg}xbF)-{7xk=1xt73cBP2QnT_v>H_2V) zcW*XZd4fofRIqQ2g95j32}g8P{o@w*9;Pi^#pm2qRX8@M@u_no2kF8Xn3%t$94K`L zh$7m@c8x-h`Dm~?jra!5)3^pFsK`K6Y>&&C}mFi_sL$JZ!i)zQyd<;E8gP{93L z_9%C}Hux8~hKH>kEkoLjZzjFC+PkK+xlG+mkA~8oO0?5RgIoIJCFN~q%n5_w z1(*GoDIZTuG@KAZm*>MeUR6b3OjbHXCA>1_>Z+hk4a6HqzjgHnYw$`(N4BzL%%%rh zg4G<{YL974$?xfpUeE5*6Ye}Sr6vg|^9I!&d;5ZW4Juvh@f<%mXWl&8VC@QTYHf36 zno|yCJi|v`#^;(Zdi1-vHB(s~J!*-f>$ffo0dUoO{<)(uRs2DY|c?lO~^x%e31h7?TmnP zkFw6b*|#S>AW*pY?k@C7^_B63C3;8gopUMgBO;d zH9sP9JbjN+#yFY7c)})|cBBb$|C!$${i(rZ#1ppayvjjowoHL;g50}I! zlbS`Rba)xEy7nZdGP96BLoTquBJKS|&v;cuiy&}(#|L`YcWoqk*_bY}Z5PB=wht9vFvqdj>Gwv}XE>|t@ zxRV#(xu;Q6yzi1zTMVt#iG8KY@S*q2Injlm39_u{ThhPU?Q_UIcN2Swn%9Cl|+boO1CxjCI zGn7+fY~e*nypCoR=0CMhl^W zXcQS~q3%U%fk~DRvp28%lli~dG4ZmvNU9K@^do|+e!F)3nO->#)wNrOPgUi4@Xh+# zWKGXQS-b|m?l?ck99?0-at;4XVN6<6nIxMaBGF@RW8*y4GpVu9A|P2*2lZkFG?adk zezWIuwiMfSJa=OGhs<9_vkH0!q!9=T^;Ig%x^4;q`j*KHXTQ4-5D>@VKvI-^zPs+p YNr;QQyB&EK!y<(I>#8J&%I(7c2ZQ;X2LJ#7 diff --git a/git-shell-commands/no-interactive-login b/git-shell-commands/no-interactive-login index cb88a07..c0a213d 100755 --- a/git-shell-commands/no-interactive-login +++ b/git-shell-commands/no-interactive-login @@ -1,5 +1,5 @@ #!/bin/sh -printf '%s\n' "Welcome to git-server-docker!" +printf '\n' printf '%s\n' "You've successfully authenticated, but I do not" printf '%s\n' "provide interactive shell access." exit 128 diff --git a/motd b/motd new file mode 100644 index 0000000..d769dc0 --- /dev/null +++ b/motd @@ -0,0 +1,6 @@ +Welcome to git-server-docker! + +Provided to you from + +https://hub.docker.com/r/fr123k/git-server-docker/ +https://github.com/fr123k/git-server-docker diff --git a/sshd_config b/sshd_config index 8c9e576..a940997 100644 --- a/sshd_config +++ b/sshd_config @@ -35,8 +35,8 @@ # Logging # obsoletes QuietMode and FascistLogging -#SyslogFacility AUTH -#LogLevel INFO +SyslogFacility AUTH +LogLevel DEBUG # Authentication: @@ -50,9 +50,8 @@ RSAAuthentication yes PubkeyAuthentication yes # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 -# but this is overridden so installations will only check .ssh/authorized_keys -AuthorizedKeysFile .ssh/authorized_keys -#AuthorizedKeysFile /home/git/.ssh/authorized_keys +# but this is overridden so installations will only check /home/git/.ssh/authorized_keys +AuthorizedKeysFile /home/git/.ssh/authorized_keys #AuthorizedPrincipalsFile none diff --git a/start.sh b/start.sh old mode 100644 new mode 100755 index 6000392..a6c347f --- a/start.sh +++ b/start.sh @@ -1,23 +1,29 @@ #!/bin/sh +printenv | sort +ls -lha /git-server + # If there is some public key in keys folder # then it copies its contain in authorized_keys file -if [ "$(ls -A /git-server/keys/)" ]; then - cd /home/git - cat /git-server/keys/*.pub > .ssh/authorized_keys - chown -R git:git .ssh - chmod 700 .ssh - chmod -R 600 .ssh/* +if [ "$(ls -A /git-server/.keys/)" ]; then + cat /git-server/.keys/*.pub > /home/git/.ssh/authorized_keys + chown -R git:git /home/git/.ssh + chmod 700 /home/git/.ssh + chmod -R 600 /home/git/.ssh/* fi -# Checking permissions and fixing SGID bit in repos folder -# More info: https://github.com/jkarlosb/git-server-docker/issues/1 -if [ "$(ls -A /git-server/repos/)" ]; then - cd /git-server/repos - chown -R git:git . - chmod -R ug+rwX . - find . -type d -exec chmod g+s '{}' + -fi +mkdir /${ACCOUNT} + +cd /${ACCOUNT} +for d in /git-server/*/ ; do + repo=$(basename $d) + ln -s /git-server/$repo /${ACCOUNT}/$repo.git +done # -D flag avoids executing sshd as a daemon -/usr/sbin/sshd -D +if [ -z "$DEBUG" ] +then + /usr/sbin/sshd -D +else + /usr/sbin/sshd -D -E /var/log/auth.log +fi