From aef3bb04284074945ffc900d9461e0b8d251d9ab Mon Sep 17 00:00:00 2001
From: Alec Warner <antarus@gentoo.org>
Date: Tue, 2 Jun 2020 00:30:01 -0700
Subject: Add github mirror hooks to githooks.

Signed-off-by: Alec Warner <antarus@gentoo.org>
---
 github-mirror/github-mirror      | 25 +++++++++++++++++++++++++
 github-mirror/github-ssh-wrapper |  9 +++++++++
 2 files changed, 34 insertions(+)
 create mode 100755 github-mirror/github-mirror
 create mode 100755 github-mirror/github-ssh-wrapper

diff --git a/github-mirror/github-mirror b/github-mirror/github-mirror
new file mode 100755
index 0000000..9b048e1
--- /dev/null
+++ b/github-mirror/github-mirror
@@ -0,0 +1,25 @@
+#!/bin/sh
+# based on https://github.com/miracle2k/gitolite-simple-mirror/blob/master/post-receive
+
+# simple gitolite mirroring
+
+# flush STDIN coming from git, because gitolite's own post-receive.mirrorpush
+# script does the same thing
+[ -t 0 ] || cat >/dev/null
+
+if [ -z "${GL_REPO}" ]; then
+	echo "GL_REPO not set" >&2
+	exit 1
+fi
+
+targets=$(git config --get gentoo.mirror.url)
+[ -z "${targets}" ] && exit 0
+
+export GIT_SSH_KEY=$(git config --get gentoo.mirror.pubkey)
+: ${GIT_SSH_KEY:=/home/mgorny/github-mirror/gentoo_github_id_rsa}
+export GIT_SSH=/home/mgorny/github-mirror/github-ssh-wrapper
+
+for target in ${targets}; do
+	# --force because someone may accidentally push into the mirror
+	git push --mirror --force ${target}
+done
diff --git a/github-mirror/github-ssh-wrapper b/github-mirror/github-ssh-wrapper
new file mode 100755
index 0000000..cb4f432
--- /dev/null
+++ b/github-mirror/github-ssh-wrapper
@@ -0,0 +1,9 @@
+#!/bin/sh
+# Use via GIT_SSH
+# Github is terrible and requires old ciphers/kex/macs
+CIPHERS='-o Ciphers=chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc'
+KEX='-o KexAlgorithms=curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1'
+MACS='-o MACs=hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,hmac-sha1'
+
+# Now run it
+exec ssh ${GIT_SSH_KEY:+-i} ${GIT_SSH_KEY} $CIPHERS $KEX $MACS "$@"
-- 
cgit v1.2.3-65-gdbad