updates and cleanups

Signed-off-by: Jess Frazelle <jess@mesosphere.com>
2025-12-08 14:22:40 +01:00 · 2016-04-06 03:32:01 -07:00
parent 7b22735e75
commit a85814d20e
7 changed files with 151 additions and 7 deletions
--- a/gitserver/Dockerfile
+++ b/gitserver/Dockerfile
@@ -0,0 +1,34 @@
+# Run a git server in a container.
+#
+# docker run --rm -it -p 1234:22 \
+# 	-e DEBUG=true \
+# 	-e "PUBKEY=$(cat ~/.ssh/id_ed25519.pub)" \
+# 	--name gitserver \
+# 	jess/gitserver
+FROM alpine:latest
+MAINTAINER Jessica Frazelle <jess@docker.com>
+
+ENV HOME /root
+
+RUN apk update && apk add \
+	git \
+	openssh \
+	&& rm -rf /var/cache/apk/* \
+	&& sed -i "s/#PasswordAuthentication yes/PasswordAuthentication no/" /etc/ssh/sshd_config \
+	&& sed -i "s/#PubkeyAuthentication yes/PubkeyAuthentication yes/" /etc/ssh/sshd_config \
+	&& echo -e "AllowUsers git\n" >> /etc/ssh/sshd_config \
+	&& echo -e "Port 22\n" >> /etc/ssh/sshd_config \
+	&& addgroup git \
+	&& adduser -D -S -s /usr/bin/git-shell -h /home/git -g git git \
+	&& mkdir -p /home/git/.ssh \
+	&& chown -R git:git /home/git \
+	&& passwd -u git
+
+ENV HOME /home/git
+EXPOSE 22
+WORKDIR $HOME
+
+COPY ./start.sh /
+
+ENTRYPOINT ["/start.sh"]
+CMD ["/usr/sbin/sshd", "-D", "-e", "-f", "/etc/ssh/sshd_config"]
--- a/gitserver/start.sh
+++ b/gitserver/start.sh
@@ -0,0 +1,61 @@
+#!/bin/sh
+set -e
+
+[ "$DEBUG" == 'true' ] && set -x
+
+DAEMON=sshd
+HOSTKEY=/etc/ssh/ssh_host_ed25519_key
+
+# create the host key if not already created
+if [ ! -f "${HOSTKEY}" ]; then
+	ssh-keygen -A
+fi
+
+[ "$PUBKEY" ] && echo "$PUBKEY" > ${HOME}/.ssh/authorized_keys
+
+# Fix permissions, if writable
+if [ -w ${HOME}/.ssh ]; then
+    chown git:git ${HOME}/.ssh && chmod 700 ${HOME}/.ssh/
+fi
+if [ -w ${HOME}/.ssh/authorized_keys ]; then
+    chown git:git ${HOME}/.ssh/authorized_keys
+    chmod 600 ${HOME}/.ssh/authorized_keys
+fi
+
+# Warn if no config
+if [ ! -e ${HOME}/.ssh/authorized_keys ]; then
+  echo "WARNING: No SSH authorized_keys found for git"
+fi
+
+# set the default shell
+mkdir -p $HOME/git-shell-commands
+cat >$HOME/git-shell-commands/no-interactive-login <<\EOF
+#!/bin/sh
+printf '%s\n' "Hi $USER! You've successfully authenticated, but I do not"
+printf '%s\n' "provide interactive shell access."
+exit 128
+EOF
+chmod +x $HOME/git-shell-commands/no-interactive-login
+
+stop() {
+    echo "Received SIGINT or SIGTERM. Shutting down $DAEMON"
+    # Get PID
+    pid=$(cat /var/run/$DAEMON/$DAEMON.pid)
+    # Set TERM
+    kill -SIGTERM "${pid}"
+    # Wait for exit
+    wait "${pid}"
+    # All done.
+    echo "Done."
+}
+
+echo "Running $@"
+if [ "$(basename $1)" == "$DAEMON" ]; then
+    trap stop SIGINT SIGTERM
+    $@ &
+    pid="$!"
+    mkdir -p /var/run/$DAEMON && echo "${pid}" > /var/run/$DAEMON/$DAEMON.pid
+    wait "${pid}" && exit $?
+else
+    exec "$@"
+fi