Project: GlitterGallery
We had a minor set back with implementation of git protocols. I worked on git https protocol but later I found out that sparkleshare only supports ssh protocol. Until now we were planning to host on openshift. I needed access of ~/.ssh/authorized_keys file for git ssh to work but OS doesn’t give away that access. Time to move to VPS. Kevin got me set up with one and Pingou helped me figure out a few details.
First I needed to make changes to our web interface so that users can add their public key to their profiles. This would also mean addition of a keys model and generation of fingerprint for keys. Next thing is validation of keys when push or pull is made over ssh. This involves two steps namely, authentication and authorization. OpenSSH server handles the authentication part and for authorization I have set up git shell, which makes an api call to glittergallery to check user access. Besides authorization git shell also limits ssh access to git related commands.
Git shell I am using is just a fork of gitlab-shell. I am hoping that I won’t need to make any changes to it, however we won’t be supporting all the features (git-annex and git-lfs) of gitlab-shell yet.
Hi! You’ve got a major typo 😀 ‘openshit’ should be ‘openshift’ at the end of the third sentence!
LikeLike
Thanks Gerard! Fixed it.
LikeLike
Hi, you said: “I needed access of ~/.ssh/authorized_keys file for git ssh to work but [OpenShift] doesn’t give away that access.” You can collaborate on a particular application on OpenShift by adding other OpenShift accounts (including free-tier accounts) as collaborators: https://help.openshift.com/hc/en-us/articles/202398940-Collaborative-Development-on-OpenShift
If you grant “edit” or “administer” permissions, you’ll be able to do a git pull/push over SSH with the collaborator account.
Come hit us up on freenode #openshift if there’s anything else we can help with!
LikeLike
Hi Sten! I had talked to Marek (https://github.com/marekjelen) and he had suggest same solution. However he pointed out limitation that I will have no control over who pushes where and everyone with the key can access my application code.
LikeLike