Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Fetching contributors…

Cannot retrieve contributors at this time

executable file 66 lines (52 sloc) 2.123 kB

This document attempts to describe one way to integrate Monkeysphere authentication with gitolite.

We presuppose that you have a system with a new enough version of Monkeysphere to support ssh authorized_keys options, and that you are not making use of monkeysphere-authentication on this system.

As a first step, import the key or keys you wish to act as Monkeysphere certifiers into the GnuPG public keyring of the gitolite user (for example, gpg --keyserver pool.sks-keyservers.net --recv-keys B0AE9A02) Then edit such keys (gpg --edit B0AE9A02) and assign them ultimate ownertrust.

Next install a script of this nature as post-update.secondary in the hooks/ directory of the gitolite-admin repository. You can also follow the "using hooks" section in gitolite's "admin" document to let gitolite put your new hook in the correct place.

#!/bin/zsh

# this should use locking

pushd ${GL_ADMINDIR}

if [[ -d monkeydir ]]
then
    cp ~/.monkeysphere/authorized_user_ids ~/.monkeysphere/old-authorized_user_ids
    rm -f ~/.monkeysphere/new-authorized_user_ids
    for i in monkeydir/*.pub
    do
        username=$i:t:r
    for j in ${(f)"$(<$i)"}
        do
            cat >> ~/.monkeysphere/new-authorized_user_ids <<EOF
$j
  command="/usr/share/gitolite/gl-auth-command $username"
  no-port-forwarding
  no-X11-forwarding
  no-agent-forwarding
  no-pty
EOF

        done
    done

    mv ~/.monkeysphere/new-authorized_user_ids ~/.monkeysphere/authorized_user_ids
    monkeysphere update-authorized_keys
fi

popd

ADMIN_POST_UPDATE_CHAINS_TO=hooks/post-update.tertiary

if [[ -f $ADMIN_POST_UPDATE_CHAINS_TO || -L $ADMIN_POST_UPDATE_CHAINS_TO ]]; then
    exec $ADMIN_POST_UPDATE_CHAINS_TO "$@"
fi

Finally, place username.pub files containing OpenPGP IDs into a directory called monkeydir/ in the root of the gitolite-admin repository. If everything has been set up correctly, adding and pushing these files should then result in the appropriate generation of ~/.ssh/authorized_keys.

Jump to Line
Something went wrong with that request. Please try again.