Issue #7085 has been updated by shyouhei (Shyouhei Urabe).


Memo: how to reboot the svn->git gateway

Prerequisite

1. You need be a ruby core committer; you'll have to access the ruby's
   canonical svn repo.

2. You need have a valid github account.  Let me (shyouhei) know your
   github id, so that I can let you push things to github/ruby/ruby.

3. You need register non-passphrased SSH public keys to both the ruby
   repo and github.  Securely manage the private counterpart of them.

4. You need have a reliable place as I wrote before.

5. You need a working server: inside that reliable place, with git(1),
   svn(1), as well as git-svn(1) properly set up.

Installation

1. Download following URL.  This is the verbatim copy of the gateway
   script and its working directory, created right at the moment I
   shut my old gateway down.

   ftp://ftp.ruby-lang.org/pub/incoming/ruby-gateway.tar.xz.gpg

2. The file mentioned above is a GPG signed LZMA compressed TAR
   file. *NEVER* *FORGET* to make sure the thing you downloaded is
   properly signed by me.

3. Inside the tarball is a tiny script named github.sh.  This is the
   gateway itself.  Just invoke this script with no args and it will
   do everything needed -- works for me at least.  You might have to
   modify the script to fit your directory placement though.

4. Once you are sure the script works well, setup a cron job to 
   periodically run the script.

    * * * * * sh github.sh

   That's all.  May the source be with you.
----------------------------------------
Bug #7085: Subversion ??? GitHub gateway stops.
https://bugs.ruby-lang.org/issues/7085#change-29787

Author: shyouhei (Shyouhei Urabe)
Status: Open
Priority: Immediate
Assignee: 
Category: Project
Target version: 
ruby -v: not version dependent


Abstract: Sorry  for your inconvenience.  Due to  my resigning job
at  netlab.jp, the Subversion  to GitHub  gateway stops  now.  The
gateway was located there, maintained by me.

Biggest problem to reboot the gateway is its ssh private keys.  it
first ssh into the canonical svn server to pull the repo, then ssh
into github to  push it.  Both ssh sessions  need private keys and
as the gateway  runs totally automatic using cron,  those keys are
not passphrased.

Ruby's  canonical repo  has once  been cracked.   GitHub  also had
vulnerability  before.  Leaking  these  keys is  a serious  threat
against our  project. A malicious  codes can be injected  by using
(either of) them.

So sorry,  I don't  want to put  these keys  on any VPS,  IaaS, or
colocations or anything like that.   Doing so is in fact easy, and
makes  the  gateway  working  again,  but will  introduce  a  huge
security threat.

In  order to  properly  fix  this sitution,  a  RELIABLE place  is
mandatory, where no access is  possible from the internet, yet the
gateway  itself  can  connect  to  ruby-lang.org  and  github.com.
Normal  company   intranets  behind  NATs   should  suffice,  like
netlab.jp was, Though I doubt a "normal" company intranet will not
welcome a black box like the gateway.

=========

Github?????????????????伴??????止??????????????????????????
?????込??????????????????????????????????????????????????????
??????????????深????詫?????????????????????????足????????????????????
??????

????????????github????????????????????????????????????????????????
??????????????????????????????????????????????????????????????
?????????????NaCl??京??社??????席??設置?????????????????????????中???
??????????????????????????????????????????止?????????????????????????????
???????????????巻??添??????止????????????形??????

復????????????????????ssh????????????????????????????????
???ruby???svn????????ssh??????????????????????????次???github???ssh???
????????????????????????????????????????cron??????????????????????使???
???????????????????????????????????????????????????????????
?????????????????

Ruby????????????????????????????績???????????????github???????弱??
??????????????績??????????????????????????????????????????????????????
ssh????????????????????????????????????????????????????Ruby???
???????????????????????????????????????????????????????????????
??????????????管??????????????設置?????????????????????????????????
VPS???????????????????????????????????????????????????????度????????
?????移???????????????確??????????????????確?????????確??????ssh
agent forwarding?????????????????

??????????????????????????????????github???????????復???????????????????
??????????????????正確?????????????????????????????????????????
????????????????????????????????????念????????????????????????????
????????????????????????????????(??????????????????????ruby-lang.org???
github.com?????????????張?????)???????????????????????度信????
???????????????????設置??????????????????????????????????????????????????????
??????????????????????????????????業?社?????????????????????????
?????????????????????????社業??????????????設置?????????????????????


-- 
http://bugs.ruby-lang.org/