git-ssh-wrapper 0.1.0 → 0.2.0

data/README.md

@@ -1,10 +1,49 @@
 # GitSSHWrapper
 
-Encapsulate the code you need to write out a permissive GIT_SSH script that
+Encapsulate the code you need to write out a permissive GIT\_SSH script that
 can be used to connect git to protected git@github.com repositories.
 
-## Example
+Includes two bin scripts, `git-ssh-wrapper` and `git-ssh` that can be used
+inline to call git with GIT\_SSH set properly. See examples below.
 
+## What it does
+
+This gem provides a simple way to connect to git servers using keys that have
+not been added to your authentication agent with ssh-add, or keys which you
+only have saved as a string instead of written to a file.
+
+This is especially useful for scripts that need to automate connections to a
+server using keys that are not intended to be part of the system on which the
+script is running.
+
+This script is designed to *always work* even if hosts keys change or the ssh
+agent is being too paranoid or having a bad day.
+
+A common use case is connecting to github.com to retrieve repositories,
+submodules, or ref listings using read-only "deploy keys" or bundling a Gemfile
+that contains private repositories accessible by a certain deploy key.
+
+## Command Line
+
+You can use the included command line tool to call git commands directly.
+
+    $ git-ssh-wrapper ~/.ssh/id_rsa git fetch origin
+    $ git merge origin/master
+    $ git-ssh-wrapper ~/.ssh/id_rsa git push origin master
+
+    $ git-ssh-wrapper ~/.ssh/id_rsa bundle install
+
+A shortcut command `git-ssh` is also included that inserts `git` automatically.
+
+    $ git-ssh ~/.ssh/id_rsa fetch origin  # git fetch origin
+
+You'll probably use this version if you're writing commands by hand.
+
+## Ruby Example
+
+Accessing git servers programatically in ruby:
+
+    # :log_level default is 'INFO'
     def get_refs
       wrapper = GitSSHWrapper.new(:private_key_path => '~/.ssh/id_rsa', :log_level => 'ERROR')
       `env #{wrapper.git_ssh} git ls-remote git@github.com:martinemde/git-ssh-wrapper.git`
@@ -14,16 +53,46 @@ can be used to connect git to protected git@github.com repositories.
 
 OR
 
-    # :log_level default in 'INFO'
     def get_refs
-      GitSSHWrapper.new(:private_key_path => '~/.ssh/id_rsa') do |wrapper|
-        `env #{wrapper.cmd_prefix} git ls-remote git@github.com:martinemde/git-ssh-wrapper.git`
+      private_key_data_string = get_key_data_somehow
+      GitSSHWrapper.with_wrapper(:private_key => private_key_data_string) do |wrapper|
+        wrapper.set_env
+        `git ls-remote git@github.com:martinemde/git-ssh-wrapper.git`
       end
     end
 
 OR
 
     wrapper = GitSSHWrapper.new(:private_key => Pathname.new('id_rsa').read)
+    `git ls-remote git@github.com:martinemde/git-ssh-wrapper.git`
+    wrapper.unlink
 
 The wrapper creates Tempfiles when it is initialized. They will be cleaned at
-program exit, or you can unlink them by calling #unlink like the example above.
+program exit, or you can unlink them by calling #unlink.
+
+## How it works
+
+When connecting to a git server using ssh, if the GIT\_SSH environment variable
+is set, git will use $GIT\_SSH instead of `ssh` to connect.
+
+The script generated will look something like this:
+(as long as I've kept this documentation up-to-date properly)
+
+    unset SSH_AUTH_SOCK
+    ssh -o CheckHostIP=no \
+        -o IdentitiesOnly=yes \
+        -o LogLevel=LOG_LEVEL \
+        -o StrictHostKeyChecking=no \
+        -o PasswordAuthentication=no \
+        -o UserKnownHostsFile=TEMPFILE \
+        -o IdentityFile=PRIVATE_KEY_PATH \
+        $*
+
+The result is an ssh connection that won't use your ssh-added keys, won't prompt
+for passwords, doesn't save known hosts and doesn't require strict host key
+checking.
+
+A tempfile is generated to absorb known hosts to prevent these constant warnings:
+`Warning: Permanently added 'xxx' (RSA) to the list of known hosts.`
+
+The tempfile is cleaned when the wrapper is unlinked or the program exits.

data/bin/git-ssh

@@ -0,0 +1,4 @@
+#!/usr/bin/env ruby
+$:.unshift File.expand_path('../lib', File.dirname(__FILE__))
+require 'git-ssh-wrapper/cli'
+GitSSHWrapper::CLI.git_ssh

data/bin/git-ssh-wrapper

@@ -0,0 +1,4 @@
+#!/usr/bin/env ruby
+$:.unshift File.expand_path('../lib', File.dirname(__FILE__))
+require 'git-ssh-wrapper/cli'
+GitSSHWrapper::CLI.wrapper

data/git-ssh-wrapper.gemspec

@@ -1,7 +1,10 @@
 # -*- encoding: utf-8 -*-
+$:.unshift File.expand_path('lib', File.dirname(__FILE__))
+require 'git-ssh-wrapper/version'
+
 Gem::Specification.new do |s|
   s.name        = "git-ssh-wrapper"
-  s.version     = "0.1.0"
+  s.version     = GitSSHWrapper::VERSION
   s.authors     = ["Martin Emde"]
   s.email       = ["martin.emde@gmail.com"]
   s.homepage    = "http://github.org/martinemde/git-ssh-wrapper"
@@ -10,7 +13,6 @@ Gem::Specification.new do |s|
 
   s.add_development_dependency "rake"
   s.add_development_dependency "rspec", '~> 2.0'
-  s.add_development_dependency "open4"
 
   s.files         = `git ls-files`.split("\n")
   s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")

data/lib/git-ssh-wrapper.rb

@@ -12,14 +12,12 @@ class GitSSHWrapper
   SAFE_MODE = 0600
   EXEC_MODE = 0700
 
-
-  def self.tempfile(content, mode=SAFE_MODE)
-    file = Tempfile.new("git-ssh-wrapper")
-    file << content
-    file.chmod(mode)
-    file.flush
-    file.close
-    file
+  # command given as an array for Kernel#system
+  def self.run(command, options)
+    with_wrapper(options) do |wrapper|
+      wrapper.set_env
+      system *command
+    end
   end
 
   def self.with_wrapper(options)
@@ -52,10 +50,16 @@ class GitSSHWrapper
   alias git_ssh cmd_prefix
 
   def set_env
+    @old_git_ssh = ENV['GIT_SSH']
     ENV['GIT_SSH'] = path
   end
 
+  def unset_env
+    ENV['GIT_SSH'] = @old_git_ssh
+  end
+
   def unlink
+    unset_env
     @tempfiles.each { |file| file.unlink }.clear
   end
 
@@ -65,12 +69,20 @@ class GitSSHWrapper
     tempfile(<<-SCRIPT, EXEC_MODE)
 #!/bin/sh
 unset SSH_AUTH_SOCK
-ssh -o 'CheckHostIP no' -o 'StrictHostKeyChecking no' -o 'PasswordAuthentication no' -o 'LogLevel #{log_level}' -o 'IdentityFile #{private_key_path}' -o 'IdentitiesOnly yes' -o 'UserKnownHostsFile /dev/null' $*
+ssh -o CheckHostIP=no -o IdentitiesOnly=yes -o LogLevel=#{log_level} -o StrictHostKeyChecking=no -o PasswordAuthentication=no -o UserKnownHostsFile=#{known_hosts_file} -o IdentityFile=#{private_key_path} $*
     SCRIPT
   end
 
+  def known_hosts_file
+    @known_hosts_file ||= tempfile('')
+  end
+
   def tempfile(content, mode=SAFE_MODE)
-    file = self.class.tempfile(content, mode)
+    file = Tempfile.new("git-ssh-wrapper")
+    file << content
+    file.chmod(mode)
+    file.flush
+    file.close
     @tempfiles << file
     file.path
   end

data/lib/git-ssh-wrapper/cli.rb

@@ -0,0 +1,79 @@
+require 'git-ssh-wrapper'
+require 'git-ssh-wrapper/version'
+
+class GitSSHWrapper::CLI
+  # Calls any command with GIT_SSH set.
+  #
+  # Examples of argv:
+  #   [key_path, git, fetch, origin]
+  #   [key_path, some/script, that, calls, git]
+  def self.wrapper(args=ARGV)
+    new(*args).call
+  end
+
+  # Inserts git into the command if it's not there.
+  # The command must be a git command.
+  #
+  # Examples of argv:
+  #   [key_path, fetch, origin]
+  #   [key_path, git, fetch, origin]
+  def self.git_ssh(args=ARGV)
+    key, *command = *args
+    command.unshift('git') unless command.first == 'git'
+    new(key, *command).call
+  end
+
+  attr_reader :key, :command
+
+  def initialize(*args)
+    @key, *@command = *args
+  end
+
+  def call
+    if %w[--help -h help].include?(key)
+      print_help
+    end
+
+    if %w[--version -v].include?(key)
+      print_version
+    end
+
+    if key.nil? || command.empty?
+      error
+    elsif !File.exist?(key)
+      error "private key not found: #{key.inspect}"
+    end
+
+    GitSSHWrapper.with_wrapper(:private_key_path => key) do |wrapper|
+      wrapper.set_env
+      system *command
+      exit $?.exitstatus
+    end
+
+    exit 1
+  end
+
+  def print_help
+    puts "Run remote git commands using only the specified ssh private key."
+    puts
+    puts usage
+    exit 0
+  end
+
+  def print_version
+    puts "git-ssh-wrapper version #{GitSSHWrapper::VERSION}"
+    exit 0
+  end
+
+  def bin
+    File.basename($0)
+  end
+
+  def usage
+    "usage:\t#{bin} ssh.key command"
+  end
+
+  def error(message=nil)
+    abort [message,usage].compact.join("\n")
+  end
+end

data/lib/git-ssh-wrapper/version.rb

@@ -0,0 +1,3 @@
+class GitSSHWrapper
+  VERSION = '0.2.0'
+end

data/spec/bin_git_ssh_spec.rb

@@ -0,0 +1,39 @@
+require 'spec_helper'
+
+describe 'git-ssh script' do
+  let(:bin)       { GIT_SSH_BIN }
+  let(:usage)     { "usage:\tgit-ssh ssh.key command\n" }
+
+  it "prints usage information with no args" do
+    run_fails(bin).should == usage
+  end
+
+  it "prints help on -h, --help, or help" do
+    help = "Run remote git commands using only the specified ssh private key.\n\n#{usage}"
+    run_succeeds(bin, '-h').should == help
+    run_succeeds(bin, 'help').should == help
+    run_succeeds(bin, '--help').should == help
+  end
+
+  it "aborts if you don't specify a key" do
+    run_fails(bin, 'git st').should == "private key not found: \"git\"\n#{usage}"
+  end
+
+  it "just calls git without args if you don't specify a command" do
+    run_fails(bin, private_key_path).should == `git`
+  end
+
+  it "allows access to secure github repositories" do
+    run_succeeds(bin, private_key_path, 'ls-remote git@github.com:martinemde/git-ssh-wrapper.git refs/heads/master')
+  end
+
+  it "exits with the status of the child command" do
+    run_succeeds(bin, private_key_path, 'status')
+    run_fails(bin, private_key_path, 'notfound')
+  end
+
+  it "does not delete the keyfile" do
+    run_succeeds(bin, private_key_path, 'status')
+    private_key_path.should exist
+  end
+end

data/spec/bin_wrapper_spec.rb

@@ -0,0 +1,50 @@
+require 'spec_helper'
+
+describe 'git-ssh-wrapper script' do
+  let(:print_env) { ROOT_PATH.join('spec/print_env') }
+  let(:bin)       { WRAPPER_BIN }
+  let(:usage)     { "usage:\tgit-ssh-wrapper ssh.key command\n" }
+
+  it "prints usage information with no args" do
+    run_fails(bin).should == usage
+  end
+
+  it "prints help on -h, --help, or help" do
+    help = "Run remote git commands using only the specified ssh private key.\n\n#{usage}"
+    run_succeeds(bin, '-h').should == help
+    run_succeeds(bin, 'help').should == help
+    run_succeeds(bin, '--help').should == help
+  end
+
+  it "aborts if you don't specify a key" do
+    run_fails(bin, 'git st').should == "private key not found: \"git\"\n#{usage}"
+  end
+
+  it "aborts if you didn't specify a command" do
+    run_fails(bin, private_key_path).should == usage
+  end
+
+  it "allows access to secure github repositories" do
+    run_succeeds(bin, private_key_path, 'git ls-remote git@github.com:martinemde/git-ssh-wrapper.git refs/heads/master')
+  end
+
+  it "sets the GIT_SSH environment variable" do
+    run_succeeds(bin, private_key_path, print_env_script).chomp.should =~ /git-ssh-wrapper/ # the tempfile includes this in the name
+  end
+
+  it "cleans up after execution" do
+    run_succeeds(bin, private_key_path, 'true')
+    `#{print_env_script}`.chomp.should be_empty
+    ENV['GIT_SSH'].should be_nil
+  end
+
+  it "exits with the status of the child command" do
+    run_succeeds(bin, private_key_path, 'true')
+    run_fails(bin, private_key_path, 'false')
+  end
+
+  it "does not delete the keyfile" do
+    run_succeeds(bin, private_key_path, 'true')
+    private_key_path.should exist
+  end
+end

data/spec/git_ssh_wrapper_spec.rb

@@ -18,7 +18,7 @@ describe GitSSHWrapper do
     it "disappears when unlinked" do
       pathname = subject.pathname
       subject.unlink
-      pathname.should_not be_exist # ;_; syntax h8
+      pathname.should_not exist
     end
   end
 
@@ -34,10 +34,9 @@ describe GitSSHWrapper do
     it_should_behave_like "a GIT_SSH wrapper"
 
     it "should not delete the keyfile when unlinked" do
-      pathname = Pathname.new(private_key_path)
-      pathname.should be_exist
+      private_key_path.should exist
       subject.unlink
-      pathname.should be_exist
+      private_key_path.should exist
     end
   end
 

data/spec/print_env

@@ -0,0 +1,4 @@
+#!/bin/bash
+if [[ -x "$GIT_SSH" ]]; then
+  echo $GIT_SSH
+fi

data/spec/spec_helper.rb

@@ -8,18 +8,50 @@ $LOAD_PATH.unshift(File.dirname(__FILE__))
 $LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
 require 'git-ssh-wrapper'
 require 'rspec'
-require 'open4'
 
-module TestPrivateKey
+ROOT_PATH        = Pathname.new("..").expand_path(File.dirname(__FILE__))
+PRIVATE_KEY_PATH = ROOT_PATH.join('spec/test_key').realpath.freeze
+PRIVATE_KEY      = PRIVATE_KEY_PATH.read.freeze
+GIT_SSH_BIN      = ROOT_PATH.join('bin/git-ssh').freeze
+WRAPPER_BIN      = ROOT_PATH.join('bin/git-ssh-wrapper').freeze
+PRINT_ENV_SCRIPT = ROOT_PATH.join('spec/print_env').freeze
+
+module SpecHelpers
+  def exist
+    be_exist
+  end
+
   def private_key
-    private_key_path.read
+    PRIVATE_KEY
   end
 
   def private_key_path
-    Pathname.new('spec/test_key').realpath
+    PRIVATE_KEY_PATH
+  end
+
+  def print_env_script
+    PRINT_ENV_SCRIPT
+  end
+
+  def run_succeeds(bin, *args)
+    cmd = ([bin] + args).flatten.join(' ')
+    ret = `#{cmd} 2>&1`
+    if !$?.success?
+      fail "Expected exit status 0, got #{$?.exitstatus}.\n\t#{cmd}\n\t#{ret}"
+    end
+    ret
+  end
+
+  def run_fails(bin, *args)
+    cmd = ([bin] + args).flatten.join(' ')
+    ret = `#{cmd} 2>&1`
+    if $?.success?
+      fail "Expected failure.\n\t#{cmd}\n\t#{ret}"
+    end
+    ret
   end
 end
 
 RSpec.configure do |config|
-  config.include TestPrivateKey
+  config.include SpecHelpers
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: git-ssh-wrapper
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.2.0
   prerelease: 
 platform: ruby
 authors:
@@ -9,11 +9,11 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-02-18 00:00:00.000000000 Z
+date: 2012-11-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
-  requirement: &70113546137280 !ruby/object:Gem::Requirement
+  requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -21,10 +21,15 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70113546137280
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rspec
-  requirement: &70113546135600 !ruby/object:Gem::Requirement
+  requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -32,23 +37,19 @@ dependencies:
         version: '2.0'
   type: :development
   prerelease: false
-  version_requirements: *70113546135600
-- !ruby/object:Gem::Dependency
-  name: open4
-  requirement: &70113546148800 !ruby/object:Gem::Requirement
+  version_requirements: !ruby/object:Gem::Requirement
     none: false
     requirements:
-    - - ! '>='
+    - - ~>
       - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: *70113546148800
+        version: '2.0'
 description: Generate a permissive GIT_SSH wrapper script using a private key string
   or file for use with git commands that need ssh.
 email:
 - martin.emde@gmail.com
-executables: []
+executables:
+- git-ssh
+- git-ssh-wrapper
 extensions: []
 extra_rdoc_files: []
 files:
@@ -57,9 +58,16 @@ files:
 - LICENSE
 - README.md
 - Rakefile
+- bin/git-ssh
+- bin/git-ssh-wrapper
 - git-ssh-wrapper.gemspec
 - lib/git-ssh-wrapper.rb
+- lib/git-ssh-wrapper/cli.rb
+- lib/git-ssh-wrapper/version.rb
+- spec/bin_git_ssh_spec.rb
+- spec/bin_wrapper_spec.rb
 - spec/git_ssh_wrapper_spec.rb
+- spec/print_env
 - spec/spec_helper.rb
 - spec/test_key
 - spec/test_key.pub
@@ -77,7 +85,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: -3599100337838962590
+      hash: -3272220434625762096
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements:
@@ -86,15 +94,18 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: -3599100337838962590
+      hash: -3272220434625762096
 requirements: []
 rubyforge_project: 
-rubygems_version: 1.8.15
+rubygems_version: 1.8.24
 signing_key: 
 specification_version: 3
 summary: Generate a permissive GIT_SSH wrapper script on the fly
 test_files:
+- spec/bin_git_ssh_spec.rb
+- spec/bin_wrapper_spec.rb
 - spec/git_ssh_wrapper_spec.rb
+- spec/print_env
 - spec/spec_helper.rb
 - spec/test_key
 - spec/test_key.pub