HomeDevCentral

Merge 48b2ffbf1481dbab46100e6d5bf9999ec34826df into…
82a577551716Unpublished

Unpublished Commit · Learn More

Not On Permanent Ref: This commit is not an ancestor of any permanent ref.
This commit no longer exists in the repository. It may have been part of a branch which was deleted.This commit has been deleted in the repository: it is no longer reachable from any branch, tag, or ref.

Details

Provenance
Aaron Eppert <aeppert@gmail.com>Authored on Aug 18 2016, 23:00
GitHub <noreply@github.com>Committed on Aug 18 2016, 23:00

Event Timeline

GitHub <noreply@github.com> committed rDPHAB82a577551716: Merge 48b2ffbf1481dbab46100e6d5bf9999ec34826df into… (authored by Aaron Eppert <aeppert@gmail.com>).Aug 18 2016, 23:00
dereckson added inline comments.
/Dockerfile
13

sudo and openssh-server are indeed needed.

snedmail-bin is an extra artifact not related to "Add SSH support"

/files/etc/ssh-phabricator/sshd_config
2

DevCentral current code:

# NOTE: You must have OpenSSHD 6.2 or newer; support for AuthorizedKeysCommand
# was added in this version.

AuthorizedKeysCommand /opt/phabricator-ssh-hook.sh
AuthorizedKeysCommandUser vcs
AllowUsers vcs

vcs@ seems a little shorter than vcs-user@

To store to /usr/libexec and to avoid. sh suffix is a good idea, so okay for /usr/libexec/ssh-phabricator-hook.

4

This should be the main SSH server. Rationale is at Wikimedia, there was for the Gerrit installation complaints about how it's difficult to configure firewall for this specific port.

12

Must be tracked.

PidFile /var/run/sshd-phabricator.pid

/files/etc/sudoers.d/phabricator
1

+/usr/bin/hg

2

So Current DevCentral content is:

vcs ALL=(app) SETENV: NOPASSWD: /usr/bin/git-upload-pack, /usr/bin/git-receive-pack, /usr/bin/hg, /usr/bin/svnserve
app ALL=(app) SETENV: NOPASSWD: /usr/lib/git-core/git-http-backend, /usr/bin/hg
2

Why git and git-http-backend?

/usr/bin/git-upload-pack, /usr/bin/git-receive-pack, /usr/bin/hg, /usr/bin/svnserve

/files/usr/libexec/ssh-phabricator-hook
3

We choose it...

6

This note isn't useful, we hardcode the path to the Dockerfile.

15

Current DevCentral version:

#!/bin/sh

VCSUSER="vcs"
ROOT="/opt/phabricator"

if [ "$1" != "$VCSUSER" ];
then
  exit 1
fi

exec "$ROOT/bin/ssh-auth" $@
/files/usr/local/sbin/init-container
9

That must be a runit /service. There is no reason to spawn a server outside the supervisor process.

/etc/service/sshd-phabricator/run
#!/bin/sh
exec 2>&1
exec /usr/sbin/sshd -D -e -f /etc/ssh/sshd_config.phabricator

A log service is needed too: http://smarden.org/runit/faq.html#createlog

/ubuntu/aphlict-docker.conf
1

Extra artifact not related to "Add SSH support"

/ubuntu/phabricator-docker.conf
1

Extra artifact not related to "Add SSH support"

Commit No Longer Exists

This commit no longer exists in the repository.