| 1 | #!/bin/bash |
| 2 | # /var/lib/git/git-shell-commands/shithubd — invoked when the |
| 3 | # `git` user's login shell (git-shell) handles the AKC's forced |
| 4 | # `command="shithubd ssh-shell <user_id>"`. git-shell only allows |
| 5 | # its three built-in commands plus entries under git-shell-commands/; |
| 6 | # a bare `shithubd` token here lets us keep the defense layer. |
| 7 | # |
| 8 | # This wrapper sources /etc/shithub/web.env (DATABASE_URL + |
| 9 | # REPOS_ROOT) before exec'ing the real binary so the ssh-shell |
| 10 | # subcommand's config.Load() has the values it needs. Without this |
| 11 | # wrapper, ssh-shell exits with "config: read /etc/shithub/config.toml: |
| 12 | # permission denied" (the loader's misleading error wrap on a missing |
| 13 | # file with no env fallback). |
| 14 | # |
| 15 | # Runs as the SSH login user (`git`), which must be a member of the |
| 16 | # `shithub` group so it can read web.env. |
| 17 | |
| 18 | set -e |
| 19 | set -a |
| 20 | . /etc/shithub/web.env |
| 21 | set +a |
| 22 | exec /usr/local/bin/shithubd "$@" |