3 files changed, 28 insertions, 0 deletions

diff --git a/Dockerfile.debian b/Dockerfile.debian
index be25622..7379f23 100644
--- a/Dockerfile.debian
+++ b/Dockerfile.debian
@@ -40,6 +40,16 @@ RUN chmod +x /scripts/*
 # Copy git home overlay
 COPY home/git/* /home/git/
 
+# Copy git-wrapper
+COPY usr/local/bin/git-wrapper /usr/local/bin/git-wrapper
+
+# Set appropriate permissions for the git-wrapper
+RUN chmod +x /usr/local/bin/git-wrapper
+
+# Add our git-wrapper to a new Match block in the sshd_config
+RUN echo "Match User git" >> /etc/ssh/sshd_config && \
+    echo "    ForceCommand /usr/local/bin/git-wrapper" >> /etc/ssh/sshd_config
+
 # Make the entrypoint script executable
 RUN chmod +x /entrypoint.bash
 
diff --git a/etc/ssh/sshd_config b/etc/ssh/sshd_config
new file mode 100644
index 0000000..97ae415
--- /dev/null
+++ b/etc/ssh/sshd_config
@@ -0,0 +1,2 @@
+Match User git
+    ForceCommand /usr/local/bin/git-wrapper
\ No newline at end of file
diff --git a/usr/local/bin/git-wrapper b/usr/local/bin/git-wrapper
new file mode 100644
index 0000000..b0e45b3
--- /dev/null
+++ b/usr/local/bin/git-wrapper
@@ -0,0 +1,16 @@
+#!/bin/bash
+# Prepend /repositories/ to bare repo paths in git SSH commands
+case "$SSH_ORIGINAL_COMMAND" in
+  git-upload-pack\'*|git-receive-pack\'*|git-upload-archive\'*)
+    cmd="${SSH_ORIGINAL_COMMAND%\'*}"
+    path="${SSH_ORIGINAL_COMMAND##*\'}"
+    path="${path%\'}"
+    # Prepend /repositories/ if not an absolute path
+    [[ "$path" != /* ]] && path="/repositories/$path"
+    exec $cmd "'$path'"
+    ;;
+  *)
+    echo "Invalid command" >&2
+    exit 1
+    ;;
+esac
\ No newline at end of file