Posts Tagged → bzr
Switch from Bazaar to Git
Recently I had to switch a project from Bazaar to Git. Fortunately this has become quite easy using the right plugins. Just in case anyone out there needs to do the same: these are the steps if you want to keep your version history.
Git comes with an import plugin, bzr has an export plugin available. On debian based distros you might need to install the latter using
# available in lenny-backports, squeeze and ubuntu since 9.10 sudo apt-get install bzr-fastimport
Assuming you have Bazaar repository in the folder ./bzr-repo just follow these steps to clone it to a git repoitory in the folder ./git-repo:
BZR=./bzr-repo GIT=./git-repo mkdir $GIT cd $GIT git init bzr fast-export ../$BZR/ | git fast-import git checkout cd ..
The best part is: If you missed some revisions of Bazaar, e.g. because you forgot to merge an important branch, you can easily repeat the line bzr fast-export ../$BZR/ | git fast-import and Git should be smart enough to only import missing revisions.
Bazaar over chrooted sftp
How to set up bzr for chrooted sftp users
How to restrict a user’s access to sftp://.../var/bzr
For the prototyping editor itself and for a lot of our clients’ projects we are heavy Bazaar users at pidoco° to manage our distributed workflow. When we started some years ago we just installed bzr on one of the test servers where all of the developers had ssh access anyway. We put the repositories in /var/bzr and used sftp to checkout/push/pull source changes. This was handy as a sftp server comes with openssh installed.
As the team grew over the years we got to a point where we wanted to give new developers access to the bzr repositories without giving them full ssh access. However we did not want to have to change all the urls for existing repositories. Luckily this can be achieved easily since Debian Lenny.
Per Server Settings
On our scm server we have a user group called bzr that grants read/write access to most of the repositories (except of some personal or release branches) to all users with bzr access. And now we added the group sftponly. All users in this group will be restricted to sftp access only instead of a full shell.
sudo addgroup sftponly sudo addgroup bzr
You probably have to add ‘/usr/lib/sftp-server’ to /etc/shells to make it a valid shell, eg. like this:
root@host # echo '/usr/lib/sftp-server' >> /etc/shells
The following settings in /etc/ssh/sshd_config force the internal sftp server to be used by openssh and change the root directory for all users in the group sftponly to /var/chroot. Make sure to restart sshd afterwards.
Subsystem sftp internal-sftp
Match Group sftponly
ChrootDirectory /var/chroot
AllowTCPForwarding no
X11Forwarding no
ForceCommand internal-sftp
Up to now our repositories have been in /var/bzr. These need to be moved to /var/chroot/var/bzr to let the sftponly users access them. /var/chroot needs to have root:root as owner for openssh to work correctly. For the existing ssh users we add a symbolic link to keep the old paths working:
sudo mkdir /var/chroot sudo chown root:root /var/chroot sudo mkdir /var/chroot/var sudo mv /var/bzr /var/chroot/var sudo ln -s /var/chroot/var/bzr /var/bzr
Per User Settings
giving the user username sftp access, but nor ssh access:
USERNAME=username # give the user a name
sudo adduser ${USERNAME} # add user and data to system
sudo usermod -s /usr/lib/sftp-server ${USERNAME} # disallow ssh/bash, allow ssh/ftp (sftp)
sudo adduser ${USERNAME} bzr # allow group access to most bzr folders
sudo adduser ${USERNAME} sftponly # disallow access to /, allow access to /var/bzr
This changes user’s shell to sftp-server.
Result
As a result of these settings both normal ssh users as well as restricted users in the sftponly group can use the same url for their shared repositories
bzr checkout sftp://my.domain/var/bzr/my_repository. By using chroot however users in the group sftponly are restricted to using sftp and can only access the folders in the bzr subdirectory.
Sources
In the Debian Administration Weblog you can find information on how to setup an OpenSSH SFTP chroot() with ChrootDirectory and on how to restrict users to SFTP only instead of SSH.