git_chroot

Create chroot for git-daemon(1)
Log | Files | Refs | README

commit e4d438de25e5574fa4b1dd2066b5f422023ebeba
parent cd229fb9137f49a11d1cdad0eb2f64a016c27af2
Author: Kyle Milz <krwmilz@gmail.com>
Date:   Sat, 30 Apr 2022 22:39:56 +0000

tweak and update README

Diffstat:
MREADME | 65++++++++++++++++++++++++++---------------------------------------
1 file changed, 26 insertions(+), 39 deletions(-)

diff --git a/README b/README @@ -1,55 +1,41 @@ ---[ 0 - Contents + git-daemon(1) chroot(8) +========================= -1 - Releases -2 - Introduction - 2.1 - Dumb HTTP - 2.2 - Native GIT -3 - Implementation +This script isolates git-daemon(1) inside a chroot. Without this, +git-daemon(1) has access to the entire file system. +Latest Release: 71 on April 29 2022 +Install: # sh chroot_gitdaemon.sh ---[ 1 - Releases -Latest: 70 on November 14 2021 -Install: # sh chroot_gitdaemon.sh - - ---[ 2 - Introduction - -This script isolates git-daemon(1) while hosting code repositories -with it. Without this script, git-daemon(1) has access to the -entire file system, and has no command line options to isolate -itself. + Protocols +---------- There are a few protocols to serve git(1) repositories: -- dumb http -- git -- others - ---[ 2.1 - Dumb HTTP + - dumb http + - git + - others The dumb http protocol is easy to set up if you are already running an HTTP server, but the performance is not great: -$ time git clone http://www.0x30.net/git/citrun -Cloning into 'citrun'... -Fetching objects: 10233, done. - 2m03.64s real 0m02.89s user 0m03.77s system - - ---[ 2.2 - Native GIT + $ time git clone http://www.0x30.net/git/citrun + Cloning into 'citrun'... + Fetching objects: 10233, done. + 2m03.64s real 0m02.89s user 0m03.77s system The performance of the native git-daemon(1) protocol is better: -$ time git clone git://www.0x30.net/citrun -Cloning into 'citrun'... -remote: Enumerating objects: 10233, done. -remote: Counting objects: 100% (10233/10233), done. -remote: Compressing objects: 100% (5236/5236), done. -remote: Total 10233 (delta 6802), reused 7596 (delta 4866), pack-reused 0 -Receiving objects: 100% (10233/10233), 2.19 MiB | 615.00 KiB/s, done. -Resolving deltas: 100% (6802/6802), done. - 0m08.89s real 0m01.09s user 0m00.18s system + $ time git clone git://www.0x30.net/citrun + Cloning into 'citrun'... + remote: Enumerating objects: 10233, done. + remote: Counting objects: 100% (10233/10233), done. + remote: Compressing objects: 100% (5236/5236), done. + remote: Total 10233 (delta 6802), reused 7596 (delta 4866), pack-reused 0 + Receiving objects: 100% (10233/10233), 2.19 MiB | 615.00 KiB/s, done. + Resolving deltas: 100% (6802/6802), done. + 0m08.89s real 0m01.09s user 0m00.18s system This benchmark shows that the native git-daemon(1) protocol is about 10x faster than dumb HTTP. @@ -61,7 +47,8 @@ Other people suggested a workaround was possible https://marc.info/?l=openbsd-ports&m=146460119010262&w=2 . ---[ 3 - Implementation + Implementation +--------------- This script creates a chroot(8) for git-daemon(1) to run inside.