diff --git a/.gitignore b/.gitignore deleted file mode 100644 index b38118a..0000000 --- a/.gitignore +++ /dev/null @@ -1,5 +0,0 @@ -# IntelliJ project files -.idea -*.iml -out -gen diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 0000000..6303b82 --- /dev/null +++ b/.travis.yml @@ -0,0 +1,23 @@ +os: linux +arch: arm64-graviton2 + +sudo: required +services: + - docker +addons: + apt: + update: true + +env: + global: + - secure: Md/6iQ+iNJ//lyQyPIl43dU5oiaDV4NgJqiVDmW3hnLME0OLfHp5D7eba29T5TldUsE/wrJCuhFXoCqwUhgTdLWpiNUq7RVuZOMhd5Mpk4Q1Uqq45oo+l5XMJc1+Q2AIa6PI05T05UuknbMNzM9W4HX4o5r9pGUCtsfvX3Wy0YIfZ1zqApb9T/NiG4ponuUwIO+WpYQjztvMWCnbyRB7XcTYfms5gHm6D69iOP1ZS7DTH5xaTufnGLlqvhsTzDuHIt/Bt5vlKHq07DR0dkrmQGIul5yuMgYPD46+ckcuYc9cXFUCNCB6L8MJo2f0Do+nT+gKWzBY9dDRPqDDX4z4nNeoj15ZjwtigmX1MBzYc44CGfXLQQ0bDFzHyZdlm5ksf37yf78xV4eci8/Sy8OkmFQpa5Jd6cz4YJU1tB26JLgsgaE22Cv7vKFMUYNHLl0zWaI7X9i3qRrdFDwZ2VIi3qwOKE9mnNXS8NKyluUM9ZiAAW/nog2KcSoPlbmQSApdfkfg6CXY2cZEFiHThPAt41HAHc8m9axO+BVfkLTtlC5HQWBP7cy2Is9LkMfDDnAGQrP9VyqTAgV4AVq74zXX/j/tkfSiVvr/2YhpxUE9tBDB4Sahy6GsGTUw/TT4VROpk1wsc5PY/P91UKcvLNxog5QEQyAWt9lF6eoH9uGj2JA= + - secure: ZMmuA1ZZwO0NgG3Ev2JWw+/rQMeGYhY+ZuTyFxYHleT6YK07dGN1vnoFF2tfcrjg44xSNepNOXDYXRIC7b07iSw3NxISeaIiV9zfFLSFtMrMy0rLu1QOmjjr2ScLHoL7qN2xNvg4UEZ5Y+nELnJ+OyCJhmDyNLOEigdVKqTd2ruURae5zwPtRm66kEN11zLd+SsGQ6W7JJmx8hCEdFPmLA9RW0BHGlAackoISwKbnax3RTYwIhA296A8t0dug/N6OOCqx6DWhkbUhOv1p3Zoz1Dn2XeiRbGAeFrMguiHETYFHh835vqOHtZd2NI4ItxSLDB8wFDItKbttlVRKwbuyjPvYAOTCbNYlTA9eGRJPHnTBEcf/UesUnN0ILz7VolO7Tf+8eRd01P2wytlAR4bag01+3V8WchluWNZQpcZuSacFUiw2ATfMVV2VicquosjUw4tSruapQE49RNuzfzWBvSG1Vy2qRkT3CXL3HT9AY8N+qMlsTOK41yy23dGmCsj9QW+5Wjm/5b9gW9iNLF/UzVTPA6zxCYhRTdnSY4/6BnQJAv4hfKPPvAaC8E43IVps7kbrsNEBg9qSb6+qNEAL5bPcCfWlvO+UtTfPtvJZ8kyQQTMrSgZCrvd7o2BoQpU3Q4M2q48uWPiI0FPvkawMA0G2qJRkYxd4T1kQ8U4VXk= + +script: + - make build + +after_success: + - echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" + --password-stdin + - if [ "$TRAVIS_PULL_REQUEST" = "false" -a "$TRAVIS_BRANCH" = "master" ]; then + make release; fi diff --git a/Dockerfile b/Dockerfile index b1c9d0a..1f8a5a5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,22 +1,16 @@ -FROM alpine:3.4 +FROM alpine:latest -MAINTAINER Carlos Bernárdez "carlos@z4studios.com" +LABEL Maintainer="Frank Ittermann frank.ittermann@yahoo.de" -# "--no-cache" is new in Alpine 3.3 and it avoid using -# "--update + rm -rf /var/cache/apk/*" (to remove cache) -RUN apk add --no-cache \ -# openssh=7.2_p2-r1 \ +RUN apk update && \ + apk add --no-cache \ openssh \ -# git=2.8.3-r0 git -# Key generation on the server +# generate host keys RUN ssh-keygen -A -# SSH autorun -# RUN rc-update add sshd - -WORKDIR /git-server/ +WORKDIR /git-server # -D flag avoids password generation # -s flag changes user's shell @@ -34,8 +28,11 @@ COPY git-shell-commands /home/git/git-shell-commands # sshd_config file is edited for enable access key and disable access password COPY sshd_config /etc/ssh/sshd_config -COPY start.sh start.sh +COPY start.sh /start.sh +COPY motd /etc + +ENV ACCOUNT helmet EXPOSE 22 -CMD ["sh", "start.sh"] +CMD ["sh", "/start.sh"] diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..db48920 --- /dev/null +++ b/Makefile @@ -0,0 +1,18 @@ + +VERSION=1.0.0 +ACCOUNT?=fr123k +DEBUG?=false +REPOSITORIES?=$(PWD)/../ +export NAME=fr123k/git-server-docker +export IMAGE="${NAME}:${VERSION}" +export LATEST="${NAME}:latest" + +build: ## Build the jenkins in docker image. + docker build -t $(IMAGE) -f Dockerfile . + +release: build ## Push docker image to docker hub + docker tag ${IMAGE} ${LATEST} + docker push ${NAME} + +git-server: + docker run -p 22:22 -it -v $(REPOSITORIES):/git-server -e DEBUG=$(DEBUG) -e ACCOUNT=$(ACCOUNT) --name github --rm ${IMAGE} diff --git a/README.md b/README.md index 168a01f..c2c1314 100644 --- a/README.md +++ b/README.md @@ -1,76 +1,181 @@ # git-server-docker -A lightweight Git Server Docker image built with Alpine Linux. Available on [GitHub](https://github.com/jkarlosb/git-server-docker) and [Docker Hub](https://hub.docker.com/r/jkarlos/git-server-docker/) +A lightweight Git Server Docker image built with Alpine Linux. Available on [GitHub](https://github.com/fr123k/git-server-docker) and [Docker Hub](https://hub.docker.com/r/fr123k/git-server-docker/) -!["image git server docker" "git server docker"](https://raw.githubusercontent.com/jkarlosb/git-server-docker/master/git-server-docker.jpg) +## Use Case -### Basic Usage +### Local Jenkins use Local Git Repository -How to run the container in port 2222 with two volumes: keys volume for public keys and repos volume for git repositories: +The major motivation for the local git server docker container is to provide a way for a local jenkins running in docker to use local git repositories instead of github for example. - $ docker run -d -p 2222:22 -v ~/git-server/keys:/git-server/keys -v ~/git-server/repos:/git-server/repos jkarlos/git-server-docker +The following steps describe a way to use the local git server in jenkins without changing the github url of the jobs in jenkins. They can still point to the original github respositories. -How to use a public key: +#### Local DNS - Copy them to keys folder: - - From host: $ cp ~/.ssh/id_rsa.pub ~/git-server/keys - - From remote: $ scp ~/.ssh/id_rsa.pub user@host:~/git-server/keys - You need restart the container when keys are updated: - $ docker restart - -How to check that container works (you must to have a key): +Setup a domain like `local.github.com` that is then used by jenkins. - $ ssh git@ -p 2222 - ... - Welcome to git-server-docker! - You've successfully authenticated, but I do not - provide interactive shell access. - ... +```bash +echo "192.168.65.2 local.github.com" >> /etc/hosts +``` -How to create a new repo: +The ip address `192.168.65.2` is specific to your operating system and only works from within a docker container. +**This ip address work on MacOS.** - $ cd myrepo - $ git init --shared=true - $ git add . - $ git commit -m "my first commit" - $ cd .. - $ git clone --bare myrepo myrepo.git +#### Git Config -How to upload a repo: +Add or change the `%{JENKINS_HOME}/.gitconfig` with the following setting. +``` +[url "ssh://git@local.github.com"] + insteadOf = https://github.com/ - From host: - $ mv myrepo.git ~/git-server/repos - From remote: - $ scp -r myrepo.git user@host:~/git-server/repos +[url "ssh://git@local.github.com/"] + insteadOf = git@github.com: +``` -How clone a repository: +#### Local Github Server + +Run the docker git server container on the port 22 (sshd) and specify the github account like `fr123k`. + +`docker run -p 22:22 -it -v $(PWD)/../:/git-server `**`-e ACCOUNT=fr123k`**` --name github --rm fr123k/git-server-docker` + +If something is not as expected check the [Troubleshooting](#Troubleshooting) section. - $ git clone ssh://git@:2222/git-server/repos/myrepo.git +## Basic Usage ### Arguments * **Expose ports**: 22 * **Volumes**: - * */git-server/keys*: Volume to store the users public keys - * */git-server/repos*: Volume to store the repositories + * **/git-server/**: Volume to store the repositories +* **Environment Variables**: + * **ACCOUNT**: Name of the git account + * **DEBUG**: If exits enable debug logging of the sshd to the file `/var/log/auth.log`. Useful for troubleshooting + +### Git Repository Volume + +The volume has to be mounted to /git-server mount point. +It has to contain the `.keys` folder with all the public keys +for the ssh authentication. + +* -v (local_git_repository):/git-server/ + +Example mount directory that is above the current one as a git repository. + +`docker run -p 2222:22 -it `**`-v $(PWD)/../:/git-server`**` --name github --rm fr123k/git-server-docker` + +### Git Account Name + +The name of the git repository. +* -e ACCOUNT=(name of the git account) default: helmet + +For example +`docker run -p 2222:22 -it -v $(PWD)/../:/git-server `**`-e ACCOUNT=fr123k`**` --name github --rm fr123k/git-server-docker` + +### Git Account Name + +The name of the git repository. +* -e DEBUG=true + +For example +`docker run -p 2222:22 -it -v $(PWD)/../:/git-server `**`-e DEBUG=true`**` --name github --rm fr123k/git-server-docker` + +### Local SSH Git Server + +How to run the container in port 22 (sshd). + +`docker run -d -p `**`22:22`**` -v ~/git-server/repos:/git-server/ fr123k/git-server-docker/` + +### Local Git Repositories + +**After adding git repository described below the docker container has to be always restarted.** +How to create a new repo: + +```bash +mkdir local-git-repo +cd local-git-repo/ +git init --shared=true +git add . +git commit -m "my first commit" +``` + +How to upload a repo: + +From host: +```bash +mv local-git-repo ~/git-server/ +``` +From remote: +```bash +scp -r local-git-repo user@host:~/git-server/ +``` + +How clone a repository: + +```bash +git clone ssh://git@127.0.0.1:22/helmet/local-git-repo.git +``` + +## Troubleshooting + +### Validate Local SSH Git Server + +How to check that container and the authentication keys works. +`ssh git@127.0.0.1 -p 22` +The expected output looks like this. +``` +Welcome to git-server-docker! + +Provided to you from + +https://hub.docker.com/r/fr123k/git-server-docker/ +https://github.com/fr123k/git-server-docker + +You've successfully authenticated, but I do not +provide interactive shell access. +Connection to 127.0.0.1 closed. +``` ### SSH Keys How generate a pair keys in client machine: - $ ssh-keygen -t rsa +```bash +ssh-keygen -t rsa +``` How upload quickly a public key to host volume: - $ scp ~/.ssh/id_rsa.pub user@host:~/git-server/keys +```bash +scp ~/.ssh/id_rsa.pub user@host:~/git-server/.keys +``` + +## Docker Image + +All `make` commands can only be from the folder where the Makefile is located. + +### Build + +How to build the docker image: + +```bash +make build +``` +or +```bash +docker build -t git-server-docker . +``` -### Build Image +### Run -How to make the image: +How to run the image: - $ docker build -t git-server-docker . - -### Docker-Compose +```bash +make REPOSITORIES=$(PWD)/../ ACCOUNT=fr123k git-server +``` +or +```bash +docker run -p 22:22 -it -v $(PWD)/../ :/git-server -e ACCOUNT=fr123k --name github --rm "fr123k/git-server-docker" +``` -You can edit docker-compose.yml and run this container with docker-compose: +# Todo - $ docker-compose up -d +* support multiple accounts diff --git a/docker-compose.yml b/docker-compose.yml deleted file mode 100644 index cded791..0000000 --- a/docker-compose.yml +++ /dev/null @@ -1,15 +0,0 @@ -version: '2' - -services: - - git-server: - image: jkarlos/git-server-docker - #build: . - restart: always - container_name: git-server - ports: - - "2222:22" - volumes: - - ~/git-server/keys:/git-server/keys - - ~/git-server/repos:/git-server/repos - diff --git a/git-server-docker.jpg b/git-server-docker.jpg deleted file mode 100644 index bfcee38..0000000 Binary files a/git-server-docker.jpg and /dev/null differ diff --git a/git-shell-commands/no-interactive-login b/git-shell-commands/no-interactive-login index cb88a07..c0a213d 100755 --- a/git-shell-commands/no-interactive-login +++ b/git-shell-commands/no-interactive-login @@ -1,5 +1,5 @@ #!/bin/sh -printf '%s\n' "Welcome to git-server-docker!" +printf '\n' printf '%s\n' "You've successfully authenticated, but I do not" printf '%s\n' "provide interactive shell access." exit 128 diff --git a/motd b/motd new file mode 100644 index 0000000..d769dc0 --- /dev/null +++ b/motd @@ -0,0 +1,6 @@ +Welcome to git-server-docker! + +Provided to you from + +https://hub.docker.com/r/fr123k/git-server-docker/ +https://github.com/fr123k/git-server-docker diff --git a/sshd_config b/sshd_config index 8c9e576..e762119 100644 --- a/sshd_config +++ b/sshd_config @@ -35,8 +35,8 @@ # Logging # obsoletes QuietMode and FascistLogging -#SyslogFacility AUTH -#LogLevel INFO +SyslogFacility AUTH +LogLevel DEBUG # Authentication: @@ -50,8 +50,7 @@ RSAAuthentication yes PubkeyAuthentication yes # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 -# but this is overridden so installations will only check .ssh/authorized_keys -AuthorizedKeysFile .ssh/authorized_keys +# but this is overridden so installations will only check /home/git/.ssh/authorized_keys #AuthorizedKeysFile /home/git/.ssh/authorized_keys #AuthorizedPrincipalsFile none diff --git a/start.sh b/start.sh old mode 100644 new mode 100755 index 6000392..a09e535 --- a/start.sh +++ b/start.sh @@ -1,23 +1,43 @@ #!/bin/sh +printenv | sort +ls -lha /git-server + # If there is some public key in keys folder # then it copies its contain in authorized_keys file -if [ "$(ls -A /git-server/keys/)" ]; then - cd /home/git - cat /git-server/keys/*.pub > .ssh/authorized_keys - chown -R git:git .ssh - chmod 700 .ssh - chmod -R 600 .ssh/* +if [ "$(ls -A /git-server/.keys/)" ]; then + cat /git-server/.keys/*.pub > /home/git/.ssh/authorized_keys + chown -R git:git /home/git/.ssh + chmod 700 /home/git/.ssh + chmod -R 600 /home/git/.ssh/* fi -# Checking permissions and fixing SGID bit in repos folder -# More info: https://github.com/jkarlosb/git-server-docker/issues/1 -if [ "$(ls -A /git-server/repos/)" ]; then - cd /git-server/repos - chown -R git:git . - chmod -R ug+rwX . - find . -type d -exec chmod g+s '{}' + +# add ${ACCOUNT} user to support git clone for https://github.com/account as well. +adduser -D --home /home/${ACCOUNT} --shell /bin/sh ${ACCOUNT} +PASSWORD=$(date | md5sum | cut -d " " -f 0) +echo "${ACCOUNT}:${PASSWORD}" | chpasswd +addgroup ${ACCOUNT} git + +if [ "$(ls -A /git-server/.keys/)" ]; then + mkdir /home/${ACCOUNT}/.ssh + cat /git-server/.keys/*.pub > /home/${ACCOUNT}/.ssh/authorized_keys + chown -R ${ACCOUNT}:git /home/${ACCOUNT}/.ssh + chmod 700 /home/${ACCOUNT}/.ssh + chmod -R 600 /home/${ACCOUNT}/.ssh/* fi +mkdir /${ACCOUNT} + +cd /${ACCOUNT} +for d in /git-server/*/ ; do + repo=$(basename $d) + ln -s /git-server/$repo /${ACCOUNT}/$repo.git +done + # -D flag avoids executing sshd as a daemon -/usr/sbin/sshd -D +if [ -z "$DEBUG" ] +then + /usr/sbin/sshd -D +else + /usr/sbin/sshd -D -E /var/log/auth.log +fi