From f4525524968ad9619ec953e4cb4e9e03f3ed2165 Mon Sep 17 00:00:00 2001 From: "Alex Pooley (@zuedev)" Date: Thu, 7 May 2026 17:48:58 +0100 Subject: Add git-wrapper script and update sshd_config for git user --- Dockerfile.debian | 10 ++++++++++ etc/ssh/sshd_config | 2 ++ usr/local/bin/git-wrapper | 16 ++++++++++++++++ 3 files changed, 28 insertions(+) create mode 100644 etc/ssh/sshd_config create mode 100644 usr/local/bin/git-wrapper diff --git a/Dockerfile.debian b/Dockerfile.debian index be25622..7379f23 100644 --- a/Dockerfile.debian +++ b/Dockerfile.debian @@ -40,6 +40,16 @@ RUN chmod +x /scripts/* # Copy git home overlay COPY home/git/* /home/git/ +# Copy git-wrapper +COPY usr/local/bin/git-wrapper /usr/local/bin/git-wrapper + +# Set appropriate permissions for the git-wrapper +RUN chmod +x /usr/local/bin/git-wrapper + +# Add our git-wrapper to a new Match block in the sshd_config +RUN echo "Match User git" >> /etc/ssh/sshd_config && \ + echo " ForceCommand /usr/local/bin/git-wrapper" >> /etc/ssh/sshd_config + # Make the entrypoint script executable RUN chmod +x /entrypoint.bash diff --git a/etc/ssh/sshd_config b/etc/ssh/sshd_config new file mode 100644 index 0000000..97ae415 --- /dev/null +++ b/etc/ssh/sshd_config @@ -0,0 +1,2 @@ +Match User git + ForceCommand /usr/local/bin/git-wrapper \ No newline at end of file diff --git a/usr/local/bin/git-wrapper b/usr/local/bin/git-wrapper new file mode 100644 index 0000000..b0e45b3 --- /dev/null +++ b/usr/local/bin/git-wrapper @@ -0,0 +1,16 @@ +#!/bin/bash +# Prepend /repositories/ to bare repo paths in git SSH commands +case "$SSH_ORIGINAL_COMMAND" in + git-upload-pack\'*|git-receive-pack\'*|git-upload-archive\'*) + cmd="${SSH_ORIGINAL_COMMAND%\'*}" + path="${SSH_ORIGINAL_COMMAND##*\'}" + path="${path%\'}" + # Prepend /repositories/ if not an absolute path + [[ "$path" != /* ]] && path="/repositories/$path" + exec $cmd "'$path'" + ;; + *) + echo "Invalid command" >&2 + exit 1 + ;; +esac \ No newline at end of file -- cgit v1.2.3