Description
Details
- Provenance
Aaron Eppert <aeppert@gmail.com> Authored on Aug 18 2016, 23:00 GitHub <noreply@github.com> Committed on Aug 18 2016, 23:00
Event Timeline
/Dockerfile | ||
---|---|---|
13 | sudo and openssh-server are indeed needed. snedmail-bin is an extra artifact not related to "Add SSH support" | |
/files/etc/ssh-phabricator/sshd_config | ||
2 | DevCentral current code: # NOTE: You must have OpenSSHD 6.2 or newer; support for AuthorizedKeysCommand # was added in this version. AuthorizedKeysCommand /opt/phabricator-ssh-hook.sh AuthorizedKeysCommandUser vcs AllowUsers vcs vcs@ seems a little shorter than vcs-user@ To store to /usr/libexec and to avoid. sh suffix is a good idea, so okay for /usr/libexec/ssh-phabricator-hook. | |
4 | This should be the main SSH server. Rationale is at Wikimedia, there was for the Gerrit installation complaints about how it's difficult to configure firewall for this specific port. | |
12 | Must be tracked. PidFile /var/run/sshd-phabricator.pid | |
/files/etc/sudoers.d/phabricator | ||
1 | +/usr/bin/hg | |
2 | So Current DevCentral content is: vcs ALL=(app) SETENV: NOPASSWD: /usr/bin/git-upload-pack, /usr/bin/git-receive-pack, /usr/bin/hg, /usr/bin/svnserve app ALL=(app) SETENV: NOPASSWD: /usr/lib/git-core/git-http-backend, /usr/bin/hg | |
2 | Why git and git-http-backend? /usr/bin/git-upload-pack, /usr/bin/git-receive-pack, /usr/bin/hg, /usr/bin/svnserve | |
/files/usr/libexec/ssh-phabricator-hook | ||
3 | We choose it... | |
6 | This note isn't useful, we hardcode the path to the Dockerfile. | |
15 | Current DevCentral version: #!/bin/sh VCSUSER="vcs" ROOT="/opt/phabricator" if [ "$1" != "$VCSUSER" ]; then exit 1 fi exec "$ROOT/bin/ssh-auth" $@ | |
/files/usr/local/sbin/init-container | ||
9 | That must be a runit /service. There is no reason to spawn a server outside the supervisor process. /etc/service/sshd-phabricator/run #!/bin/sh exec 2>&1 exec /usr/sbin/sshd -D -e -f /etc/ssh/sshd_config.phabricator A log service is needed too: http://smarden.org/runit/faq.html#createlog | |
/ubuntu/aphlict-docker.conf | ||
1 | Extra artifact not related to "Add SSH support" | |
/ubuntu/phabricator-docker.conf | ||
1 | Extra artifact not related to "Add SSH support" |