git_chroot

Create chroot for git-daemon(1)
Log | Files | Refs | README | LICENSE

commit 05cf8539c6793c373d97c5f2cad1a25d4dc573f5
parent 87ad809637510b36a7391ec0df98e82366b1c099
Author: Kyle Milz <krwmilz@gmail.com>
Date:   Sun, 21 Nov 2021 16:31:52 +0000

reformat README in phrack style

Diffstat:
MREADME | 65++++++++++++++++++++++++++++++++++++-----------------------------
1 file changed, 36 insertions(+), 29 deletions(-)

diff --git a/README b/README @@ -1,40 +1,45 @@ -This script tries to mitigate risk when hosting code repositories -with git-daemon(1). By default git-daemon(1) has access to the -entire file system, and has no command line options to chroot(8) -itself. +--[ 0 - Contents ------------------------------------------------------------------------ -- CONTENTS ------------------------------------------------------------ +1 - Releases +2 - Introduction + 2.1 - Dumb HTTP + 2.2 - Native GIT +3 - Implementation -1. Releases -2. Introduction -3. Implementation +--[ 1 - Releases ------------------------------------------------------------------------ -- 1. RELEASES --------------------------------------------------------- +Latest: 70 on November 14 2021 +Install: # sh chroot_gitdaemon.sh -Latest release: 70 on November 14, 2021 -Install: # sh chroot_gitdaemon_70.sh +--[ 2 - Introduction ------------------------------------------------------------------------ -- 2. INTRODUCTION ----------------------------------------------------- +This script isolates git-daemon(1) while hosting code repositories +with it. Without this script, git-daemon(1) has access to the +entire file system, and has no command line options to isolate +itself. There are a few protocols to serve git(1) repositories: - dumb http - git - others -The dumb http protocol is easy to set up, but the performance is -not great: + +--[ 2.1 - Dumb HTTP + +The dumb http protocol is easy to set up if you are already running an HTTP +server, but the performance is not great: $ time git clone http://www.0x30.net/git/citrun Cloning into 'citrun'... Fetching objects: 10233, done. 2m03.64s real 0m02.89s user 0m03.77s system -Now the git protocol over git-daemon(1): + +--[ 2.2 - Native GIT + +The performance of the native git-daemon(1) protocol is better: $ time git clone git://www.0x30.net/citrun Cloning into 'citrun'... @@ -45,19 +50,21 @@ remote: Total 10233 (delta 6802), reused 7596 (delta 4866), pack-reused 0 Receiving objects: 100% (10233/10233), 2.19 MiB | 615.00 KiB/s, done. Resolving deltas: 100% (6802/6802), done. 0m08.89s real 0m01.09s user 0m00.18s system -</pre> -The performance of the native git(1) protocol is about 10x of http, -but git-daemon(1) cannot be trusted by default with filesystem wide -access permissions. Other people suggested a workaround was possible +This benchmark shows that the native git-daemon(1) protocol is about 10x +faster than dumb HTTP. + +However git-daemon(1) has filesystem wide access permissions by default, +which makes running it risky. + +Other people suggested a workaround was possible https://marc.info/?l=openbsd-ports&m=146460119010262&w=2 . ------------------------------------------------------------------------ -- 3. IMPLEMENTATION --------------------------------------------------- +--[ 3 - Implementation + +This script creates a chroot(8) for git-daemon(1) to run inside. -This script implementation creates a chroot(8) environment for -git-daemon(1) to run inside. It tries to be shell agnostic but was -only tested with ksh(1). It creates all of the necessary files and -directories, copies git-daemon and its dependencies into the root, -and then modifies the stock rc.d(8) script to start it correctly. +It creates all of the necessary files and directories, copies +git-daemon and its dependencies into the root, and then modifies +the stock rc.d(8) script to start it correctly.