From 0aa07c6892cd04330d5451f90221ed604c7aa7f6 Mon Sep 17 00:00:00 2001
From: anarcat <anarcat@web>
Date: Mon, 4 Apr 2016 19:51:50 +0000
Subject: ugh. so it works with ~/.ssh/git-annex

---
 ...l__58___bad_parameters_when_trying_to_configure_a_shell_sandbox.mdwn | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'doc')

diff --git a/doc/bugs/git-annex-shell__58___bad_parameters_when_trying_to_configure_a_shell_sandbox.mdwn b/doc/bugs/git-annex-shell__58___bad_parameters_when_trying_to_configure_a_shell_sandbox.mdwn
index 1cfbbb714..8a2142347 100644
--- a/doc/bugs/git-annex-shell__58___bad_parameters_when_trying_to_configure_a_shell_sandbox.mdwn
+++ b/doc/bugs/git-annex-shell__58___bad_parameters_when_trying_to_configure_a_shell_sandbox.mdwn
@@ -125,3 +125,5 @@ git-annex: get: 1 failed
 ### Have you had any luck using git-annex before? (Sometimes we get tired of reading bug reports all day and a lil' positive end note does wonders)
 
 I seem to recall I had that working in the past, and I feel I am probably doing something stupidly wrong, but here I am. Sorry about that, I'll be sure to fix the documentation more clearly (esp. in the [[git-annex-shell]] manpage when I figure it out! --[[anarcat]]
+
+Well, it looks like this PEBKAC here - could have sworn I had tested the wrapper, but it seems I didn't do it properly. I'll fixup the documentation for things to be clearer, but this is basically fixed now, with a proper ~/.ssh/git-annex. I don't understand why the wrapper is necessary, but thanks for the feedback! [[done]]
-- 
cgit v1.2.3


From bd1e8bbf92face63665202a9e96656f34b71dc86 Mon Sep 17 00:00:00 2001
From: anarcat <anarcat@web>
Date: Mon, 4 Apr 2016 19:58:43 +0000
Subject: add examples on how to manually setup the remote keys setup by the
 assistant

---
 doc/git-annex-shell.mdwn | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

(limited to 'doc')

diff --git a/doc/git-annex-shell.mdwn b/doc/git-annex-shell.mdwn
index 3ac9926ed..502a1358a 100644
--- a/doc/git-annex-shell.mdwn
+++ b/doc/git-annex-shell.mdwn
@@ -134,6 +134,28 @@ changed.
   If set, git-annex-shell will refuse to run commands that do not operate
   on the specified directory.
 
+# EXAMPLES
+
+git-annex-shell(1) is usually called through a wrapper installed by the git-annex-assistant(1) in the `~/.ssh/authorized_keys` file on the remote host. To make such a setup manually, you will need the following wrapper installed in `~/.ssh/git-annex-shell`:
+
+    #!/bin/sh
+    
+    set -e
+    if [ "x$SSH_ORIGINAL_COMMAND" != "x" ]; then
+        exec /usr/bin/git-annex-shell -c "$SSH_ORIGINAL_COMMAND"
+    else
+        exec /usr/bin/git-annex-shell -c "$@"
+    fi
+
+Then restrictions can be implemented to specific SSH keys using the
+`command=` parameter. For example, the following forces the key to be
+read-only, run only git-annex commands on the given directory:
+
+    command="GIT_ANNEX_SHELL_DIRECTORY=/srv/annex GIT_ANNEX_SHELL_LIMITED=true GIT_ANNEX_SHELL_READONLY=true ~/.ssh/git-annex-shell",no-agent-forwarding,no-port-forwarding,no-X11-forwarding ssh-rsa AAAAB3NzaC1y[...] user@example.com
+
+Obviously, `ssh-rsa AAAAB3NzaC1y[...] user@example.com` needs to
+replaced with your SSH key.
+
 # SEE ALSO
 
 [[git-annex]](1)
-- 
cgit v1.2.3


From cbea26ac5963f26a849cbabe4da027f3518fc52d Mon Sep 17 00:00:00 2001
From: anarcat <anarcat@web>
Date: Mon, 4 Apr 2016 20:00:40 +0000
Subject: Added a comment: clarified manpage

---
 .../comment_6_b3a0db1c2f11770b7c6f13964f2d1784._comment            | 7 +++++++
 1 file changed, 7 insertions(+)
 create mode 100644 doc/forum/Restricting_git-annex-shell_to_a_specific_repository/comment_6_b3a0db1c2f11770b7c6f13964f2d1784._comment

(limited to 'doc')

diff --git a/doc/forum/Restricting_git-annex-shell_to_a_specific_repository/comment_6_b3a0db1c2f11770b7c6f13964f2d1784._comment b/doc/forum/Restricting_git-annex-shell_to_a_specific_repository/comment_6_b3a0db1c2f11770b7c6f13964f2d1784._comment
new file mode 100644
index 000000000..bd0fdd0d0
--- /dev/null
+++ b/doc/forum/Restricting_git-annex-shell_to_a_specific_repository/comment_6_b3a0db1c2f11770b7c6f13964f2d1784._comment
@@ -0,0 +1,7 @@
+[[!comment format=mdwn
+ username="anarcat"
+ subject="clarified manpage"
+ date="2016-04-04T20:00:39Z"
+ content="""
+i have (hopefully) clarified the [[git-annex-shell]] manpage to clearly state how to setup a restricted repository. hopefully, that will avoid further mistakes. :) i am still unclear as to why the wrapper script is necessary, but that's a different issue. --[[anarcat]]
+"""]]
-- 
cgit v1.2.3