refactor: initial commit

salt/sys-git/files/client/git-core/git-init-qrexec

@@ -0,0 +1,53 @@
+#!/bin/sh
+
+# SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+set -eu
+
+usage(){
+  echo "Usage: ${helper} [<qube>] [<repository>]"
+  echo "Note: qube defaults to '@default' and repository to the current repository"
+  exit 1
+}
+
+is_git_repo(){
+  if ! git rev-parse --show-toplevel >/dev/null 2>&1; then
+    echo "Error: Either run from inside a git repository or provide it as an argument" >&2
+    usage
+  fi
+}
+
+helper="${0##*/git-}"
+case "${1-}" in
+  -h|--?help) usage;;
+  "") qube="@default";;
+  *) qube="${1}";;
+esac
+case "${2-}" in
+  "") is_git_repo; repo="$(basename "$(git rev-parse --show-toplevel)")";;
+  *) repo="${2}";;
+esac
+
+rpc="GitInit"
+vendor="qusal"
+default_qube="sys-git"
+rpc_cmd="${vendor}.${rpc}+${repo}"
+
+if command -v qrexec-client-vm >/dev/null; then
+  exec qrexec-client-vm -- "${qube}" "${rpc_cmd}"
+elif command -v qrexec-client >/dev/null; then
+  qubes_version="$(awk -F '=' '/^VERSION_ID=/{print $2}' /etc/os-release)"
+  if test "$(echo "${qubes_version}" | tr -d ".")" -le 41; then
+    if test "${qube}" = "@default"; then
+      qube="${default_qube}"
+    fi
+  else
+    policy="$(qrexec-policy --assume-yes-for-ask dom0 "${qube}" "${rpc_cmd}")"
+    qube="$(echo "${policy}" | awk -F '=' '/^target=/{print $2}')"
+  fi
+  exec qrexec-client -d "${qube}" -- "DEFAULT:QUBESRPC ${rpc_cmd} dom0"
+else
+  die "Qrexec programs not found: qrexec-client-vm, qrexec-client"
+fi

salt/sys-git/files/client/git-core/git-remote-qrexec

@@ -0,0 +1,107 @@
+#!/bin/sh
+
+# SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+## Portable git-remote-helper.
+## Rename this helper to git-remote-<scheme>.
+## Valid URL format: <scheme>://<authority>/<path>.
+## Supported commands: capabilities, connect.
+## Capabilities commands are sent to git-remote-<scheme>-<capability>.
+set -eu
+
+usage(){
+  echo "Usage: ${helper} <remote> [${scheme}://<authority>/<path>]" >&2
+}
+
+die(){
+  usage
+  echo "Error: ${1}" >&2
+  exit 1
+}
+
+## Validate URL and return it without the scheme.
+validate_url(){
+  url_valid=""
+  url_check="${1?}"
+  scheme_user_url="$(echo "${url_check}" | sed "s|://.*||")"
+
+  ## Scheme must be the same as the one in the name of this script.
+  ## Checks if Authority and Path exist, but not if they are valid, this is
+  ## implementation specific and should be checked by the connect helper.
+  case "${url_check}" in
+    "${scheme}"://*?/*?) url_valid="$(echo "${url_check}" | sed "s|.*://||")";;
+    "${scheme}"://*?) die "URL has no path to resource: '${url_check}'";;
+    "${scheme}"://) die "URL has no authority: '${url_check}'";;
+    *?://*) die "URL has unsupported scheme: '${scheme_user_url}'";;
+    *) die "URL has no scheme: '${url_check}'";;
+  esac
+
+  echo "${url_valid}"
+}
+
+## Send capabilities to remote helper specific for that capability.
+send_cap(){
+  exec_path="$(git --exec-path)"
+  test -n "${exec_path}" || die "Couldn't locate Git's executables path"
+
+  cap="${1}"
+  shift
+  cap_file="${script}-${cap}"
+  cap_path="${exec_path}/${cap_file}"
+
+  test -e "${cap_path}" ||  die "Git's exec path missing: '${cap_file}'"
+  test -x "${cap_path}" || die "Git script is not executable: '${cap_file}'"
+
+  "${cap_path}" "${@}"
+}
+
+## Basic requirements.
+command -v git >/dev/null || die "Command not found: 'git'"
+script="${0##*/}"
+helper="${script##git-}"
+scheme="${helper##remote-}"
+if test "${script}" != "git-remote-${scheme}" || test -z "${scheme}"; then
+  die "Script must be named with the format: git-remote-<scheme>"
+fi
+
+## Get remote name or show usage.
+case "${1-}" in
+  -h|--?help|"") usage; exit 1;;
+  *) remote="${1}";;
+esac
+
+## Get URL and Push URL (fallback to URL)
+case "${2-}" in
+  "")
+    ## Happens when 'remote-qrexec' is called directly from the command-line.
+    url="$(git remote get-url "${remote}" || true)"
+    pushurl="$(git remote get-url --push "${remote}" || true)"
+    ;;
+  *) url="${2}"; pushurl="${2}";;
+esac
+
+test -n "${url}" || die "Remote URL is unset"
+test -n "${pushurl}" || die "Remote Push URL is unset"
+
+url="$(validate_url "${url}")"
+pushurl="$(validate_url "${pushurl}")"
+
+## Communicate with the git-remote-helpers protocol.
+while read -r cmd arg; do
+  case "${cmd}" in
+    "") exit 0;;
+    "capabilities") printf "connect\n\n";;
+    "connect")
+      printf "\n";
+      case "${arg}" in
+        git-upload-pack) send_cap "${cmd}" "${arg}" "${url}";;
+        git-receive-pack) send_cap "${cmd}" "${arg}" "${pushurl}";;
+        "") die "Argument can't be empty";;
+        *) die "Unsupported argument: '${arg}'";;
+      esac
+      ;;
+    *) die "Unsupported command: '${cmd}'";;
+  esac
+done

salt/sys-git/files/client/git-core/git-remote-qrexec-connect

@@ -0,0 +1,62 @@
+#!/bin/sh
+
+# SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+## Should be called by git-remote-qrexec.
+set -eu
+
+usage(){
+  echo "Usage: ${helper} git-upload-pack|git-receive-pack <qube>/<path>"
+  echo "Note: ${helper} is supposed to be called by ${parent_helper}"
+  exit 1
+}
+
+die(){
+  echo "Error: ${1}" >&2
+  exit 1
+}
+
+helper="${0##*/git-}"
+parent_helper="${helper%-*}"
+
+case "${1-}" in
+  -h|--?help|"") usage;;
+  *) arg="${1}";;
+esac
+case "${2-}" in
+  "") usage;;
+  *) url="${2}";;
+esac
+
+case "${arg}" in
+  git-upload-pack) rpc=GitFetch;;
+  git-receive-pack) rpc=GitPush;;
+  "") die "Argument can't be empty";;
+  *) die "Unsupported argument: '${arg}'";;
+esac
+
+qube="$(echo "${url}" | cut -d "/" -f1)"
+repo="$(echo "${url}" | cut -d "/" -f2-)"
+test -n "${repo}" || die "Repository name can't be empty"
+vendor="qusal"
+default_qube="sys-git"
+rpc_cmd="${vendor}.${rpc}+${repo}"
+
+if command -v qrexec-client-vm >/dev/null; then
+  exec qrexec-client-vm -- "${qube}" "${rpc_cmd}"
+elif command -v qrexec-client >/dev/null; then
+  qubes_version="$(awk -F '=' '/^VERSION_ID=/{print $2}' /etc/os-release)"
+  if test "$(echo "${qubes_version}" | tr -d ".")" -le 41; then
+    if test "${qube}" = "@default"; then
+      qube="${default_qube}"
+    fi
+  else
+    policy="$(qrexec-policy --assume-yes-for-ask dom0 "${qube}" "${rpc_cmd}")"
+    qube="$(echo "${policy}" | awk -F '=' '/^target=/{print $2}')"
+  fi
+  exec qrexec-client -d "${qube}" -- "DEFAULT:QUBESRPC ${rpc_cmd} dom0"
+else
+  die "Qrexec programs not found: qrexec-client-vm, qrexec-client"
+fi