Re: Pushing a git repository to a new server

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Sun, Feb 10, 2013 at 04:00:56PM -0500, Ethan Reesor wrote:

> I'm looking to make a command to push a git repo to a new server. The
> way I just did it is as follows:
> 
> localhost> git clone --bare /path/to/MyRepo /path/to/tmpdir/MyRepo.git
> localhost> tar xz /path/to/tmpdir/MyRepo.git | ssh myuser@remotehost
> tar cz \~/      # If I don't escape '~', my local machine expands it
> localhost> ssh myuser@remotehost
> remotehost> sudo chown -R git:git MyRepo.git

What's wrong with
$ ssh myuser@remotehost 'mkdir /path/to/MyRepo.git; cd $_; git init --bare'
$ git push --all git@remotehost:MyOtherRepo.git
?

> The reason I had to use my user is the git user's shell is git-prompt

There's no such thing as git-prompt.  The restricted login shell for
SSH-only access typically used for such a "virtual" Git user is
git-shell.

> and ~git/git-shell-commands is empty. I have repos set up using
> 'git@remotehost:MyOtherRepo.git' as the remote and everything works.
> 
> How do I make a git command that can talk to the server using
> git-prompt like the other commands do?

It's not really clear what do you want to achieve.
The reason the git-shell shell is *restricted* (read its manual page)
is to shrink the surface of possible attacks in the case the shell
account used for accessing Git repos over SSH is compromized (the key or
password stolen, for instance).  This is achieved by only allowing
commands like git-upload-pack etc in the shell (no general file
manipulation commands etc).  So what creating "git command that can
talk to the server using git-prompt ..." would really buy you?

I think the way to go is to start using gitolite [1] or implement by
hand a subset of what it does (a custom login shell which is allowed to
do certain things in a special area of the filesystem designated to keep
Git repositories) or just set up a special account on the server
("git-admin", for instance) which would have a regular login shell set
for it and would be in the same group as the user "git" (or even have
the same UID) so that they could share the files they create (subject to
active umasks of processes run as both users though).

1. https://github.com/sitaramc/gitolite

--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]