git-ssh-wrapper 0.0.1

data/.gitignore

@@ -0,0 +1,4 @@
+pkg/*
+*.gem
+.bundle
+Gemfile.lock

data/Gemfile

@@ -0,0 +1,4 @@
+source "http://rubygems.org"
+
+# Specify your gem's dependencies in git-ssh-wrapper.gemspec
+gemspec

data/LICENSE

@@ -0,0 +1,22 @@
+Copyright (c) 2009 Martin Emde
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+And now the caps-lock text that's in these things:
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,20 @@
+# GitSSHWrapper
+
+Encapsulate the code you need to write out a permissive GIT_SSH script that
+can be used to connect git to protected git@github.com repositories.
+
+## Example
+
+    def get_refs
+      wrapper = GitSSHWrapper.new(:private_key_path => '~/.ssh/id_rsa')
+      `env #{wrapper.git_ssh} git ls-remote git@github.com:martinemde/git-ssh-wrapper.git`
+    ensure
+      wrapper.unlink
+    end
+
+OR
+
+    GitSSHWrapper.new(:private_key => Pathname.new('id_rsa').read)
+
+The wrapper creates Temfiles when it is initialized. They will be cleaned at
+program exit, or you can unlink them by calling #unlink like the example above.

data/Rakefile

@@ -0,0 +1,10 @@
+require 'bundler'
+Bundler::GemHelper.install_tasks
+
+require 'spec/rake/spectask'
+Spec::Rake::SpecTask.new(:spec) do |spec|
+  spec.libs << 'lib' << 'spec'
+  spec.spec_files = FileList['spec/**/*_spec.rb']
+end
+
+task :default => :spec

data/git-ssh-wrapper.gemspec

@@ -0,0 +1,18 @@
+# -*- encoding: utf-8 -*-
+Gem::Specification.new do |s|
+  s.name        = "git-ssh-wrapper"
+  s.version     = "0.0.1"
+  s.authors     = ["Martin Emde"]
+  s.email       = ["martin.emde@gmail.com"]
+  s.homepage    = "http://github.org/martinemde/git-ssh-wrapper"
+  s.summary     = %q{Generate a permissive GIT_SSH wrapper script on the fly}
+  s.description = %q{Generate a permissive GIT_SSH wrapper script using a private key string or file for use with git commands that need ssh.}
+
+  s.add_development_dependency "rspec"
+  s.add_development_dependency "open4"
+
+  s.files         = `git ls-files`.split("\n")
+  s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  s.require_paths = ["lib"]
+end

data/lib/git-ssh-wrapper.rb

@@ -0,0 +1,91 @@
+require 'tempfile'
+require 'pathname'
+
+class GitSSHWrapper
+
+  class PrivateKeyRequired < ArgumentError
+    def initialize
+      super "You must specify either :private_key_path (path to ssh private key) or :private_key (string of ssh private key)."
+    end
+  end
+
+  SAFE_MODE = 0600
+  EXEC_MODE = 0700
+
+  SSH_CONFIG = <<-CONFIG
+Host *
+PasswordAuthentication no
+StrictHostKeyChecking no
+RSAAuthentication yes
+ConnectTimeout 5
+IdentityFile %s
+CheckHostIP no
+  CONFIG
+
+  SCRIPT = <<-SCRIPT
+#!/bin/bash
+unset SSH_AUTH_SOCK
+ssh -F %s $*
+  SCRIPT
+
+  def self.tempfile(content, mode=SAFE_MODE)
+    file = Tempfile.new("git-ssh-wrapper")
+    file << content
+    file.chmod(mode)
+    file.flush
+    file.close
+    file
+  end
+
+  def self.with_wrapper(options)
+    wrapper = new(options)
+    yield wrapper
+  ensure
+    wrapper.unlink
+  end
+
+  attr_reader :path
+
+  def initialize(options)
+    if options[:private_key_path].to_s.empty? && options[:private_key].to_s.empty?
+      raise PrivateKeyRequired
+    end
+
+    @tempfiles  = []
+    @key_path   = options[:private_key_path] || tempfile(options[:private_key])
+    @ssh_config = ssh_config(@key_path)
+    @path       = script(@ssh_config)
+  end
+
+  def pathname
+    Pathname.new(path)
+  end
+
+  def git_ssh
+    "GIT_SSH='#{path}'"
+  end
+
+  def set_env
+    ENV['GIT_SSH'] = path
+  end
+
+  def unlink
+    @tempfiles.each { |file| file.unlink }.clear
+  end
+
+  private
+
+  def script(config_path)
+    tempfile(SCRIPT % config_path, EXEC_MODE)
+  end
+
+  def ssh_config(private_key_path)
+    tempfile(SSH_CONFIG % private_key_path)
+  end
+
+  def tempfile(content, mode=SAFE_MODE)
+    file = self.class.tempfile(content, mode)
+    @tempfiles << file
+    file.path
+  end
+end

data/spec/git_ssh_wrapper_spec.rb

@@ -0,0 +1,83 @@
+require 'spec_helper'
+
+describe GitSSHWrapper do
+  shared_examples_for "a GIT_SSH wrapper" do
+    it "allows access to secure github repositories" do
+      lambda {
+        Open4.spawn("#{@git_ssh_wrapper.git_ssh} git ls-remote git@github.com:martinemde/git-ssh-wrapper.git refs/heads/master", :stdout => '', :stderr => '')
+      }.should_not raise_error
+    end
+
+    it "has a script path that really exists" do
+      lambda { @git_ssh_wrapper.pathname.realpath }.should_not raise_error
+    end
+
+    it "formats a string with the GIT_SSH= in front of the script" do
+      @git_ssh_wrapper.git_ssh.should == "GIT_SSH='#{@git_ssh_wrapper.path}'"
+    end
+
+    it "disappears when unlinked" do
+      pathname = @git_ssh_wrapper.pathname
+      @git_ssh_wrapper.unlink
+      pathname.should_not be_exist # ;_; syntax h8
+    end
+  end
+
+  context "with a key string" do
+    before { @git_ssh_wrapper = described_class.new(:private_key => private_key) }
+    after { @git_ssh_wrapper.unlink }
+    it_should_behave_like "a GIT_SSH wrapper"
+  end
+
+  context "with a key file" do
+    before { @git_ssh_wrapper = described_class.new(:private_key_path => private_key_path) }
+    after { @git_ssh_wrapper.unlink }
+    it_should_behave_like "a GIT_SSH wrapper"
+
+    it "should not delete the keyfile when unlinked" do
+      pathname = Pathname.new(private_key_path)
+      pathname.should be_exist
+      @git_ssh_wrapper.unlink
+      pathname.should be_exist
+    end
+  end
+
+  context "without a key" do
+    it "should raise a PrivateKeyRequired error (ArgumentError)" do
+      # the errors are the same, alternating just to ensure inheritence
+      lambda { described_class.new({}) }.should raise_error(GitSSHWrapper::PrivateKeyRequired)
+      lambda { described_class.new(:private_key => '') }.should raise_error(ArgumentError)
+      lambda { described_class.new(:private_key_path => '') }.should raise_error(GitSSHWrapper::PrivateKeyRequired)
+    end
+  end
+
+  context "#with_git_ssh" do
+    it "allows access to secure github repositories" do
+      GitSSHWrapper.with_wrapper(:private_key => private_key) do |wrapper|
+        lambda {
+          Open4.spawn("#{wrapper.git_ssh} git ls-remote git@github.com:martinemde/git-ssh-wrapper.git refs/heads/master", :stdout => '', :stderr => '')
+        }.should_not raise_error
+      end
+    end
+
+    it "has a script path that really exists" do
+      GitSSHWrapper.with_wrapper(:private_key => private_key) do |wrapper|
+        lambda { wrapper.pathname.realpath }.should_not raise_error
+      end
+    end
+
+    it "formats a string with the GIT_SSH= in front of the script" do
+      GitSSHWrapper.with_wrapper(:private_key => private_key) do |wrapper|
+        wrapper.git_ssh.should == "GIT_SSH='#{wrapper.path}'"
+      end
+    end
+
+    it "disappears when unlinked" do
+      pathname = nil
+      GitSSHWrapper.with_wrapper(:private_key => private_key) do |wrapper|
+        pathname = wrapper.pathname
+      end
+      pathname.should_not be_exist
+    end
+  end
+end

data/spec/spec.opts

@@ -0,0 +1 @@
+--color

data/spec/spec_helper.rb

@@ -0,0 +1,25 @@
+unless defined? Bundler
+  require 'rubygems'
+  require 'bundler'
+  Bundler.setup
+end
+
+$LOAD_PATH.unshift(File.dirname(__FILE__))
+$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
+require 'git-ssh-wrapper'
+require 'spec'
+require 'open4'
+
+module TestPrivateKey
+  def private_key
+    private_key_path.read
+  end
+
+  def private_key_path
+    Pathname.new('spec/test_key').realpath
+  end
+end
+
+Spec::Runner.configure do |config|
+  config.include TestPrivateKey
+end

data/spec/test_key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEAtyIuIRs9To4WJOsNgdRviR5Ud5Z1Ouk1FK6UcvvAz8+Z5E2j
+scVh8ukrBF8hwCGMi4tUy34Qg4tNGS5Y6LbiIWYb9C6ucbUCnxOzonyS80BlBpJi
+R/D29ylgA7HXfkIfoE8Duo7lzB3ZYHmNSRCES1y7rhTzOcvuyf08CzedJ68EU0Z1
+twg64Bksjcv0kDWAMCOKwhVjc0UY2y9PFjFr+GWIcwfT8opChLuDSA1NQCT54DVd
+4yUYMYdZyPM9egYw8aglxatT8BSA+rFjYuSlYmwUzdPR7hDYS7VHXcd2XGH0sOHG
+VgapvMGXYWPu0O2BGxAiVty3njuh3vLUDCTBBwIBIwKCAQAvF2rykfnSXw0CLdBF
+9Mw5M69R8307CMSBqTwdkTGUhdcdcwzV8O1NF2LVPQitv3vpXleiCnlGZaYcawDr
+Yjol2G2Wj6kzLoulP5SXfx55EI8BsJzt7YFVf6r5osJiS4R5resEFh3VZsLeSyRU
+ndjgLcncToevxrm+6ViVK47PsDnSF5NMdsLFH0RedTEwjU09+xSfWmXyL36bx4Kr
+UuzvO7zg2Fif6pqDibWa990mFaQHA6zmHVSzMYvxtfG7yGcderxolNCD0Z455TY4
+R6MRdJbwUgguWnulvfsIxbrqOHGDX/iIVZbLsNMyEUUlxAeIXJSWQxRt00mwNQLl
+3dGDAoGBAOSnHoXjUZMSFl2pLgaxFg5aVudIjpyK6YfVQaOCgIRTyVZd4fRoryMS
+Yx0lufsZGH/OSw7Wdz10FDqATroIr7P9UpFGNqwenn4iubQMRhWj4u8or2Wvzll3
+phaj6aYsCawLugfxyfX0C/I2fz9/y3dFbTuESAigkB99ccUC/BllAoGBAM0JWnoc
+IbJdpaiRubzM+fAdpuF/mQGP28EZ5cvc/KOQev44+PiqLlTIJGsAj2foRopoajzj
+H1h2XRuANkklSyTXBn7owCeX8X8TQ2q0pGrsbmjiHkxtjUik1wsl+U6hfMgYB9tu
+fhQF6YxLvfe+RCVuAfpRVu3EWWPQsudSWD/7AoGAGiG6WHHALhCyGVUp1OEJ1cEu
+gNUXnNys+ZS3C19fJRDjz1svxCk4lks+hvz/T+WcZmC4HvPwXstwBq+T+AD+IzLk
+3WccMO2OdNDExB6o7IfCKfYFarUBo9Mo7KUEwoiwpfK2LMstBiqFBb0V218P8F+0
+tlhCvyhK/EjZzV9tRLsCgYEAjJizEednkEA3FIEu590DKE7Y1SRLqUyz8iBjD3L2
+YYeky5TH+vhaSMPBM24ZMU7RSPckRwIkH2cbRg7GI4dJeFjugui+RwkaoEe5MzoK
+V/KU2jSnD9YXvMjN+QQYqvJkMW+QW/P+rqT36yyfhU9Eq/OplbQeWeW5o4fLIkcX
+8VsCgYEAnHEDk4IIOX2ji7jy2WpgigabS8Eu9MjrcvVg/yIF0RUzAiTqyyn+vfcp
+p7v5pGEH8My79GDTzwOLTFbB/GjNw0e9t2hpcu3je12QGp/IIqQACdG7kvM4FYx7
+0TkYcc6cR7dxLt+mocxvn9XVw8WqK1BlQcXa/YsV80oZ1DlbqcA=
+-----END RSA PRIVATE KEY-----

data/spec/test_key.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtyIuIRs9To4WJOsNgdRviR5Ud5Z1Ouk1FK6UcvvAz8+Z5E2jscVh8ukrBF8hwCGMi4tUy34Qg4tNGS5Y6LbiIWYb9C6ucbUCnxOzonyS80BlBpJiR/D29ylgA7HXfkIfoE8Duo7lzB3ZYHmNSRCES1y7rhTzOcvuyf08CzedJ68EU0Z1twg64Bksjcv0kDWAMCOKwhVjc0UY2y9PFjFr+GWIcwfT8opChLuDSA1NQCT54DVd4yUYMYdZyPM9egYw8aglxatT8BSA+rFjYuSlYmwUzdPR7hDYS7VHXcd2XGH0sOHGVgapvMGXYWPu0O2BGxAiVty3njuh3vLUDCTBBw==

metadata

@@ -0,0 +1,110 @@
+--- !ruby/object:Gem::Specification 
+name: git-ssh-wrapper
+version: !ruby/object:Gem::Version 
+  hash: 29
+  prerelease: false
+  segments: 
+  - 0
+  - 0
+  - 1
+  version: 0.0.1
+platform: ruby
+authors: 
+- Martin Emde
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2010-12-04 00:00:00 -08:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: rspec
+  prerelease: false
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
+  type: :development
+  version_requirements: *id001
+- !ruby/object:Gem::Dependency 
+  name: open4
+  prerelease: false
+  requirement: &id002 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
+  type: :development
+  version_requirements: *id002
+description: Generate a permissive GIT_SSH wrapper script using a private key string or file for use with git commands that need ssh.
+email: 
+- martin.emde@gmail.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: []
+
+files: 
+- .gitignore
+- Gemfile
+- LICENSE
+- README.md
+- Rakefile
+- git-ssh-wrapper.gemspec
+- lib/git-ssh-wrapper.rb
+- spec/git_ssh_wrapper_spec.rb
+- spec/spec.opts
+- spec/spec_helper.rb
+- spec/test_key
+- spec/test_key.pub
+has_rdoc: true
+homepage: http://github.org/martinemde/git-ssh-wrapper
+licenses: []
+
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.3.7
+signing_key: 
+specification_version: 3
+summary: Generate a permissive GIT_SSH wrapper script on the fly
+test_files: 
+- spec/git_ssh_wrapper_spec.rb
+- spec/spec.opts
+- spec/spec_helper.rb
+- spec/test_key
+- spec/test_key.pub