aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlec Warner <antarus@gentoo.org>2020-06-02 00:30:01 -0700
committerAlec Warner <antarus@gentoo.org>2020-06-02 00:30:01 -0700
commitaef3bb04284074945ffc900d9461e0b8d251d9ab (patch)
tree3c2b0cc7994513a867ee9ffacd8661666b94d3e4
parentlocal/require-signed-push: fix typo (diff)
downloadgithooks-aef3bb04284074945ffc900d9461e0b8d251d9ab.tar.gz
githooks-aef3bb04284074945ffc900d9461e0b8d251d9ab.tar.bz2
githooks-aef3bb04284074945ffc900d9461e0b8d251d9ab.zip
Add github mirror hooks to githooks.
Signed-off-by: Alec Warner <antarus@gentoo.org>
-rwxr-xr-xgithub-mirror/github-mirror25
-rwxr-xr-xgithub-mirror/github-ssh-wrapper9
2 files changed, 34 insertions, 0 deletions
diff --git a/github-mirror/github-mirror b/github-mirror/github-mirror
new file mode 100755
index 0000000..9b048e1
--- /dev/null
+++ b/github-mirror/github-mirror
@@ -0,0 +1,25 @@
+#!/bin/sh
+# based on https://github.com/miracle2k/gitolite-simple-mirror/blob/master/post-receive
+
+# simple gitolite mirroring
+
+# flush STDIN coming from git, because gitolite's own post-receive.mirrorpush
+# script does the same thing
+[ -t 0 ] || cat >/dev/null
+
+if [ -z "${GL_REPO}" ]; then
+ echo "GL_REPO not set" >&2
+ exit 1
+fi
+
+targets=$(git config --get gentoo.mirror.url)
+[ -z "${targets}" ] && exit 0
+
+export GIT_SSH_KEY=$(git config --get gentoo.mirror.pubkey)
+: ${GIT_SSH_KEY:=/home/mgorny/github-mirror/gentoo_github_id_rsa}
+export GIT_SSH=/home/mgorny/github-mirror/github-ssh-wrapper
+
+for target in ${targets}; do
+ # --force because someone may accidentally push into the mirror
+ git push --mirror --force ${target}
+done
diff --git a/github-mirror/github-ssh-wrapper b/github-mirror/github-ssh-wrapper
new file mode 100755
index 0000000..cb4f432
--- /dev/null
+++ b/github-mirror/github-ssh-wrapper
@@ -0,0 +1,9 @@
+#!/bin/sh
+# Use via GIT_SSH
+# Github is terrible and requires old ciphers/kex/macs
+CIPHERS='-o Ciphers=chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc'
+KEX='-o KexAlgorithms=curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1'
+MACS='-o MACs=hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,hmac-sha1'
+
+# Now run it
+exec ssh ${GIT_SSH_KEY:+-i} ${GIT_SSH_KEY} $CIPHERS $KEX $MACS "$@"