diff options
Diffstat (limited to 'tmp/en-US/xml_tmp/git/secure-git-pull.xml')
-rw-r--r-- | tmp/en-US/xml_tmp/git/secure-git-pull.xml | 133 |
1 files changed, 0 insertions, 133 deletions
diff --git a/tmp/en-US/xml_tmp/git/secure-git-pull.xml b/tmp/en-US/xml_tmp/git/secure-git-pull.xml deleted file mode 100644 index 6d6cf0b..0000000 --- a/tmp/en-US/xml_tmp/git/secure-git-pull.xml +++ /dev/null @@ -1,133 +0,0 @@ -<?xml version='1.0' encoding='utf-8' ?> - <!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" - "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [ - <!ENTITY % BOOK_ENTITIES SYSTEM "Fedora_Cookbook.ent"> - %BOOK_ENTITIES; -]> -<!-- Do not edit above this line --> -<!-- - Please provide some information so we can give you credit: - name: Pete Travis - fas_id: immanetize - email: immanetize@fedoraproject.org ---> - -<section id="secure_git_pull"> - <title>Secure deployment with Git and SSH</title> - <para> - Git, a distributed version control system, can be used to transfer software and other files to remote systems. By configuring the remote system to pull content from a git repository on a schedule, deployment can be accomplished with a simple local merge. Configuring the system that hosts the repository to restrict access from the remote system enhances security without affecting the method's usefulness. - </para> - <section id="secure_git_pull-ingredients"> - <title>Required Ingredients</title> - <!-- list packages, services, other recipes etc that are required --> - <itemizedlist> - <listitem><para> - Two computers running Fedora with a working network connection. - </para></listitem> - <listitem><para> - Git installed on both systems, and a git repository on one. - <!-- TODO: need git recipe! --> - </para></listitem> - <listitem><para> - A dedicated user account. - </para></listitem> - <listitem><para> - A dedicated <xref linkend="ssh-keygen">SSH authentication key</xref> - </para></listitem> - </itemizedlist> - </section> - <section id="secure_git_pull-directions"> - <title>Directions</title> - <procedure> - <title>Configuring the host</title> - <step><para> - Create and configure a new user account to use for the transfer. For security reasons, this account will only be allowed to interact with git. - </para></step> - <substeps> - <step> - <para>First, identify the path to your git repository. Store it in a shell variable, for convenience.</para> - <screen> - <command> - <replaceable>repo_directory=/srv/repos/my-project.git</replaceable> - </command> - </screen> - </step> - <step> - <para>Create the user account.</para> - <screen> - <command> - useradd --home $repo_directory --shell /usr/bin/git-shell <replaceable>puller</replaceable> - </command> - </screen> - <para> - The options given to <command>useradd</command> restrict the user's account. Refer to the explanation below, and <command>man useradd</command> for further insight. - </para> - <simplelist> - <member> - <parameter>--home $repo_directory</parameter> - sets the account's home directory as the repository, using the shell variable from the previous step. - </member> - <member> - <parameter>--shell /usr/bin/git-shell</parameter> - Sets the login shell to <application>git shell</application>, a special utility provided with git that will only allow the user to execute git commands. - </member> - <member> - <parameter><replaceable>puller</replaceable></parameter> - The name of the user to create. Name the account something that will remind you of its purpose. - </member> - </simplelist> - </step> - <step> - <para> - Copy the <literal>public</literal> half of your ssh key into the user's home directory. - <screen> - <command>mkdir $repo_directory/.ssh/</command> - <command> - cp <replaceable>puller_id_rsa</replaceable>.pub $repo_direcory/.ssh/ - </command> - </screen> - </para> - </step> - <step> - <para>Give the user read only access to the repository</para> - <screen> - <command> - <!-- appropriate setfacl invocations here --> - </command> - </screen> - </step> - <step> - <formalpara> - <title><emphasis>Optional:</emphasis> tell git to ignore the ssh key</title> - <para> - You can add the ssh public key to your git repository to share it, or tell git to ignore they key with the instructions below. - <screen> - <command>pushd $repo_directory</command> - <command>echo ".ssh/" >> .gitignore</command> - <command>git add .gitignore</command> - <command>git commit -m "Ignore $repo_directory/.ssh"</command> - <command>popd</command> - </screen> - </para> - </formalpara> - </step> - </substeps> - <step> - <para> - Configure the remote host to use your repository - </para></step> - </procedure> - </section> - - <section> - <title>References</title> - <itemizedlist> - <listitem> - <para><ulink url="http://example.com">Upstream Documentation</ulink></para> - </listitem> - <listitem> - <para><ulink url="http://example.com/myblog/posts/todays_date" /></para> - </listitem> - </itemizedlist> - </section> - -</section> - - |