* Git push from bare repo
@ 2010-05-28 6:57 Goran Mekić
2010-05-28 9:15 ` Andreas Ericsson
0 siblings, 1 reply; 5+ messages in thread
From: Goran Mekić @ 2010-05-28 6:57 UTC (permalink / raw)
To: git
I have to push from first server to second (yeah, the names are great
:o) when ever someone pushes to first server. It should be done using
post-receive hook, for example. The problem is that I can not specify ssh
key, and even if I could, anything but 600 perm for the key is rejected.
What would be the best way to acomplish this? Thanx!
--
FreeB(eer)S(ex)D(rugs) are the real daemons
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Git push from bare repo
2010-05-28 6:57 Git push from bare repo Goran Mekić
@ 2010-05-28 9:15 ` Andreas Ericsson
2010-05-28 12:28 ` Goran Mekić
0 siblings, 1 reply; 5+ messages in thread
From: Andreas Ericsson @ 2010-05-28 9:15 UTC (permalink / raw)
To: Goran Mekić; +Cc: git
On 05/28/2010 08:57 AM, Goran Mekić wrote:
>
> I have to push from first server to second (yeah, the names are great
> :o) when ever someone pushes to first server. It should be done using
> post-receive hook, for example. The problem is that I can not specify ssh
> key, and even if I could, anything but 600 perm for the key is rejected.
> What would be the best way to acomplish this? Thanx!
>
Why can't you specify ssh key, and why can't you set the key to have perms
0600 and let it reside in a directory with perms 0700?
The post-receive hook is just a shell-script, basically.
--
Andreas Ericsson andreas.ericsson@op5.se
OP5 AB www.op5.se
Tel: +46 8-230225 Fax: +46 8-230231
Considering the successes of the wars on alcohol, poverty, drugs and
terror, I think we should give some serious thought to declaring war
on peace.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Git push from bare repo
2010-05-28 9:15 ` Andreas Ericsson
@ 2010-05-28 12:28 ` Goran Mekić
2010-05-28 12:59 ` BJ Hargrave
0 siblings, 1 reply; 5+ messages in thread
From: Goran Mekić @ 2010-05-28 12:28 UTC (permalink / raw)
To: git
On Fri, 28 May 2010 11:15:17 +0200, Andreas Ericsson <ae@op5.se> wrote:
> On 05/28/2010 08:57 AM, Goran Mekić wrote:
>>
>> I have to push from first server to second (yeah, the names are
>> great
>> :o) when ever someone pushes to first server. It should be done using
>> post-receive hook, for example. The problem is that I can not specify
ssh
>> key, and even if I could, anything but 600 perm for the key is
rejected.
>> What would be the best way to acomplish this? Thanx!
>>
>
> Why can't you specify ssh key, and why can't you set the key to have
perms
> 0600 and let it reside in a directory with perms 0700?
>
> The post-receive hook is just a shell-script, basically.
There's more then one developer and 600 is set to just one user.
Post-receive hook is executed as developer doing push. The accounts are in
LDAP, but I can't set all their UID number to same number because it's
used
for PAM. I was thinking about ACL. Is that even a solution? The dumb one
would be cron, but I wish I avoid pushing when there's no change.
--
FreeB(eer)S(ex)D(rugs) are the real daemons
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Git push from bare repo
2010-05-28 12:28 ` Goran Mekić
@ 2010-05-28 12:59 ` BJ Hargrave
2010-05-29 11:01 ` Gelonida
0 siblings, 1 reply; 5+ messages in thread
From: BJ Hargrave @ 2010-05-28 12:59 UTC (permalink / raw)
To: Goran Mekić; +Cc: git
On May 28, 2010, at 08:28 , Goran Mekić wrote:
> There's more then one developer and 600 is set to just one user.
> Post-receive hook is executed as developer doing push. The accounts are in
> LDAP, but I can't set all their UID number to same number because it's
> used
> for PAM. I was thinking about ACL. Is that even a solution? The dumb one
> would be cron, but I wish I avoid pushing when there's no change.
>
What about having a script which does the push have setuid to the owner of the key. Then the post-receive hook can invoke that script which will have access to the ssh key to do the push.
--
BJ
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Git push from bare repo
2010-05-28 12:59 ` BJ Hargrave
@ 2010-05-29 11:01 ` Gelonida
0 siblings, 0 replies; 5+ messages in thread
From: Gelonida @ 2010-05-29 11:01 UTC (permalink / raw)
To: git
BJ Hargrave wrote:
> On May 28, 2010, at 08:28 , Goran Mekić wrote:
>> There's more then one developer and 600 is set to just one user.
>> Post-receive hook is executed as developer doing push. The accounts are in
>> LDAP, but I can't set all their UID number to same number because it's
>> used
>> for PAM. I was thinking about ACL. Is that even a solution? The dumb one
>> would be cron, but I wish I avoid pushing when there's no change.
>>
>
> What about having a script which does the push have setuid to the owner of the key. Then the post-receive hook can invoke that script which will have access to the ssh key to do the push.
That should work.
another option would be, that the post receive hook copies the ssh-key
file, changes its permission andcontinues only then to push.
If all users have ssh access to first server AND to second server and
all users use ssh-agent, then all users had just to make sure, that they
do agent forwarding in their .ssh/config script.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2010-05-29 11:06 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-05-28 6:57 Git push from bare repo Goran Mekić
2010-05-28 9:15 ` Andreas Ericsson
2010-05-28 12:28 ` Goran Mekić
2010-05-28 12:59 ` BJ Hargrave
2010-05-29 11:01 ` Gelonida
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).