1 914dfb10 2023-05-21 jrmu version=pmwiki-2.3.20 ordered=1 urlencoded=1
2 914dfb10 2023-05-21 jrmu agent=Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36
4 914dfb10 2023-05-21 jrmu charset=UTF-8
6 914dfb10 2023-05-21 jrmu ctime=1684548319
7 914dfb10 2023-05-21 jrmu host=75.158.138.249
8 914dfb10 2023-05-21 jrmu name=Got.RemoteRepo-Draft
11 914dfb10 2023-05-21 jrmu text=! Summary%0a%0aThis document describes a way to configure a remote repo for hosting via git/got. The goal is to provide shared hosting of repos without needing to grant shared group privileges or even accounts on the hosting server. Users will store their repos in ~/public/gitgot/ which can be on the host, or on a different server all together. They will push/pull changes to it locally or via ssh as normal. A cronjob on the machine hosting the users home directory will rsync the users repo to a staging area in /var/gitgot/'''username'''/ and their ownership and permissions changed as configured. The script will need an account with permission to do this on the web host.%0a%0aA second script running on the web host will take the files from the staging area, change their ownership and permissions as needed to place them where needed to share them via gotweb or git clone. The use of the staging area is to allow for a remote script to place the files using ssh keys without a password and without permissions to modify anything except the git files on the public host. Both scripts will need to run as root on their respective machines, have doas capability, or use the openbsd pledge/unveil mechanism.%0a%0aThe repo will be staged in /var/gitgot/user/repo directory structure.%0a%0a! Setup the Hosts%0a%0a!! User Host%0a%0aThe user host can also be the web host, but we'll discuss them as being separate with notes as needed. You'll want to add a ~/public/gitgot folder to the users home directory if it already exists. This can be done automatically for new users by adding it to /etc/skel directory like this:%0a%0a[@%0adoas mkdir -p /etc/skel/public/gitgot%0adoas chown root.wheel /etc/skel/public/gitgot%0adoas chmod 755 /etc/skel/public/gitgot%0a@]%0a%0aThe script that does the moving of the files should have an account with access to the files in the staging area. It will need permissions to read the users home directory as well as write to the staging area. For now, we'll assume it'll be a script running via roots crontab, but ideally it should be run as a restricted user. It will need to have an ssh key to access the remote web host so we'll generate that also:%0a%0a[@%0adoas useradd -m gitgot%0adoas su - gitgot%0assh-keygen -t ed25519%0a@]%0a%0aUse the default path for the key file and leave the password empty. The output will look something like this:%0a%0a[@%0aGenerating public/private ed25519 key pair.%0aEnter file in which to save the key (/home/gitgot/.ssh/id_ed25519): %0aEnter passphrase (empty for no passphrase): %0aEnter same passphrase again: %0aYour identification has been saved in /home/gitgot/.ssh/id_ed25519%0aYour public key has been saved in /home/gitgot/.ssh/id_ed25519.pub%0aThe key fingerprint is:%0aSHA256:lyrfN6pDSRuVI112nfZiMh02aOoHxvgq5Y5jyY2QKpI gitgot@planetofnix.com%0aThe key's randomart image is:%0a+--[ED25519 256]--+%0a| . oo....|%0a| . =.o.+o.|%0a| = + o.o.|%0a| + =.o + .|%0a| . .SBo. + . |%0a| o =oo . |%0a| . . o.B.. . |%0a|E . B+=. o |%0a|.. ..++ooo . |%0a+----[SHA256]-----+%0a@]%0a%0aWe'll put the script for copying the files in ~/bin/gitgot-staging.pl These commands assume you are still logged in as the gitgot user.%0a%0a[@%0amkdir bin%0avim bin/gitgot-staging.pl%0a@]%0a%0a%0a%0a%0a%0a!! Using the Repo%0a%0a[@%0a%25commands%25[@%0assh username@got.ircnow.org git init --bare /var/git/reponame%0a@]%0a%0a[@%0agit remote add origin ssh://got.ircnow.org/var/git/reponame%0agit push --set-upstream origin master%0a@]%0a%0a
12 914dfb10 2023-05-21 jrmu time=1684619988
13 914dfb10 2023-05-21 jrmu author:1684619988=izzyb
14 914dfb10 2023-05-21 jrmu diff:1684619988:1684548351:=3,14c3,12%0a%3c This document describes a way to configure a remote repo for hosting via git/got. The goal is to provide shared hosting of repos without needing to grant shared group privileges or even accounts on the hosting server. Users will store their repos in ~/public/gitgot/ which can be on the host, or on a different server all together. They will push/pull changes to it locally or via ssh as normal. A cronjob on the machine hosting the users home directory will rsync the users repo to a staging area in /var/gitgot/'''username'''/ and their ownership and permissions changed as configured. The script will need an account with permission to do this on the web host.%0a%3c %0a%3c A second script running on the web host will take the files from the staging area, change their ownership and permissions as needed to place them where needed to share them via gotweb or git clone. The use of the staging area is to allow for a remote script to place the files using ssh keys without a password and without permissions to modify anything except the git files on the public host. Both scripts will need to run as root on their respective machines, have doas capability, or use the openbsd pledge/unveil mechanism.%0a%3c %0a%3c The repo will be staged in /var/gitgot/user/repo directory structure.%0a%3c %0a%3c ! Setup the Hosts%0a%3c %0a%3c !! User Host%0a%3c %0a%3c The user host can also be the web host, but we'll discuss them as being separate with notes as needed. You'll want to add a ~/public/gitgot folder to the users home directory if it already exists. This can be done automatically for new users by adding it to /etc/skel directory like this:%0a%3c %0a---%0a> This document describes a way to configure a remote repo for hosting via git/got. The goal is to provide shared hosting of repos without needing to grant shared group privileges to a common folder. Users will store files in their home directory with standard access controls. They will push/pull changes to it locally or via ssh. The repo will be synced to a staging area in /var and their permissions changed.%0a> %0a> It assumes the user has a shell account on the host machine.%0a> %0a> The repo will be staged in /var/git/user/repo directory structure with symlinks back to their home directory.%0a> %0a> %25commands%25[@%0a> ssh username@got.ircnow.org git init --bare /var/git/reponame%0a> @]%0a> %0a16,18c14,15%0a%3c doas mkdir -p /etc/skel/public/gitgot%0a%3c doas chown root.wheel /etc/skel/public/gitgot%0a%3c doas chmod 755 /etc/skel/public/gitgot%0a---%0a> git remote add origin ssh://got.ircnow.org/var/git/reponame%0a> git push --set-upstream origin master%0a20,76d16%0a%3c %0a%3c The script that does the moving of the files should have an account with access to the files in the staging area. It will need permissions to read the users home directory as well as write to the staging area. For now, we'll assume it'll be a script running via roots crontab, but ideally it should be run as a restricted user. It will need to have an ssh key to access the remote web host so we'll generate that also:%0a%3c %0a%3c [@%0a%3c doas useradd -m gitgot%0a%3c doas su - gitgot%0a%3c ssh-keygen -t ed25519%0a%3c @]%0a%3c %0a%3c Use the default path for the key file and leave the password empty. The output will look something like this:%0a%3c %0a%3c [@%0a%3c Generating public/private ed25519 key pair.%0a%3c Enter file in which to save the key (/home/gitgot/.ssh/id_ed25519): %0a%3c Enter passphrase (empty for no passphrase): %0a%3c Enter same passphrase again: %0a%3c Your identification has been saved in /home/gitgot/.ssh/id_ed25519%0a%3c Your public key has been saved in /home/gitgot/.ssh/id_ed25519.pub%0a%3c The key fingerprint is:%0a%3c SHA256:lyrfN6pDSRuVI112nfZiMh02aOoHxvgq5Y5jyY2QKpI gitgot@planetofnix.com%0a%3c The key's randomart image is:%0a%3c +--[ED25519 256]--+%0a%3c | . oo....|%0a%3c | . =.o.+o.|%0a%3c | = + o.o.|%0a%3c | + =.o + .|%0a%3c | . .SBo. + . |%0a%3c | o =oo . |%0a%3c | . . o.B.. . |%0a%3c |E . B+=. o |%0a%3c |.. ..++ooo . |%0a%3c +----[SHA256]-----+%0a%3c @]%0a%3c %0a%3c We'll put the script for copying the files in ~/bin/gitgot-staging.pl These commands assume you are still logged in as the gitgot user.%0a%3c %0a%3c [@%0a%3c mkdir bin%0a%3c vim bin/gitgot-staging.pl%0a%3c @]%0a%3c %0a%3c %0a%3c %0a%3c %0a%3c %0a%3c !! Using the Repo%0a%3c %0a%3c [@%0a%3c %25commands%25[@%0a%3c ssh username@got.ircnow.org git init --bare /var/git/reponame%0a%3c @]%0a%3c %0a%3c [@%0a%3c git remote add origin ssh://got.ircnow.org/var/git/reponame%0a%3c git push --set-upstream origin master%0a%3c @]%0a%3c %0a
15 914dfb10 2023-05-21 jrmu host:1684619988=75.158.138.249
16 914dfb10 2023-05-21 jrmu author:1684548351=izzyb
17 914dfb10 2023-05-21 jrmu diff:1684548351:1684548319:=1,3c1%0a%3c ! Summary%0a%3c %0a%3c This document describes a way to configure a remote repo for hosting via git/got. The goal is to provide shared hosting of repos without needing to grant shared group privileges to a common folder. Users will store files in their home directory with standard access controls. They will push/pull changes to it locally or via ssh. The repo will be synced to a staging area in /var and their permissions changed.%0a---%0a> ! Summary: This document describes a way to configure a remote repo for hosting via git/got. The goal is to provide shared hosting of repos without needing to grant shared group privileges to a common folder. Users will store files in their home directory with standard access controls. They will push/pull changes to it locally or via ssh. The repo will be synced to a staging area in /var and their permissions changed.%0a
18 914dfb10 2023-05-21 jrmu host:1684548351=75.158.138.249
19 914dfb10 2023-05-21 jrmu author:1684548319=izzyb
20 914dfb10 2023-05-21 jrmu diff:1684548319:1684548319:=1,14d0%0a%3c ! Summary: This document describes a way to configure a remote repo for hosting via git/got. The goal is to provide shared hosting of repos without needing to grant shared group privileges to a common folder. Users will store files in their home directory with standard access controls. They will push/pull changes to it locally or via ssh. The repo will be synced to a staging area in /var and their permissions changed.%0a%3c %0a%3c It assumes the user has a shell account on the host machine.%0a%3c %0a%3c The repo will be staged in /var/git/user/repo directory structure with symlinks back to their home directory.%0a%3c %0a%3c %25commands%25[@%0a%3c ssh username@got.ircnow.org git init --bare /var/git/reponame%0a%3c @]%0a%3c %0a%3c [@%0a%3c git remote add origin ssh://got.ircnow.org/var/git/reponame%0a%3c git push --set-upstream origin master%0a%3c @]%0a
21 914dfb10 2023-05-21 jrmu host:1684548319=75.158.138.249
