Git Sync Daemon
Purpose
Provide a reusable, daemon-based git auto-sync workflow:
- - one repo list file
- one daemon process
- per-repo lock and independent failure isolation
- service management on macOS and Linux
Files
- - Engine: �INLINECODE0
- Control CLI: �INLINECODE1
Default Runtime Paths
- - State dir: �INLINECODE2
- Repo list: �INLINECODE3
- Log file: �INLINECODE4
Repo Entry Format
One line per repo:
CODEBLOCK0
Supported keys:
- -
remote (default origin) - INLINECODE7� (default current branch)
- INLINECODE8� (
1/0, true/false, default enabled)
Quick Start (macOS)
CODEBLOCK1
Quick Start (Linux)
CODEBLOCK2
Operations
- - Add repo: �INLINECODE11
- Remove repo: �INLINECODE12
- List repos: �INLINECODE13
- One cycle now: �INLINECODE14
- Status/log tail: �INLINECODE15
Service lifecycle:
- - macOS install: �INLINECODE16
- macOS uninstall: �INLINECODE17
- Linux install: �INLINECODE18
- Linux uninstall: �INLINECODE19
Production hardening checklist
Before enabling daemon mode in production:
- 1. SSH/auth baseline
- - Ensure service user can run non-interactive git over SSH to each remote.
- Preload host keys (
ssh-keyscan / StrictHostKeyChecking=accept-new) to avoid first-run failures. - Prefer explicit key routing in
~/.ssh/config (host/user/port/IdentityFile/IdentitiesOnly).
- 2. Service identity consistency
- - Install service with the same user that owns repo credentials and git config.
- Verify
git config --global user.name/user.email for that service user.
- 3. Repo registration policy
- - Register only clean, intended repos.
- Keep one canonical branch per repo entry; avoid detached HEAD targets.
- Use
enabled=0 for temporary pauses instead of deleting lines.
- 4. Observability
- - Keep logs in dedicated file and rotate externally if needed.
- Validate
run-once before enabling persistent service.
Safety Notes
- - The daemon does not force-push.
- Rebase conflicts are logged and isolated to the affected repo.
- If
git-lfs is required by hooks but missing, that repo is skipped with explicit error log. - On macOS launchd, PATH is expanded in both service env and daemon script to include Homebrew binaries.
- Recommended migration practice: first successful run should use baseline repos only; then gradually add more repos.
Git 同步守护进程
目的
提供一个可复用的、基于守护进程的 Git 自动同步工作流:
- - 一个仓库列表文件
- 一个守护进程
- 每个仓库独立锁定,故障隔离互不影响
- 支持 macOS 和 Linux 上的服务管理
文件
- - 引擎:scripts/gitsyncdaemon.sh
- 控制 CLI:scripts/gitsyncctl.sh
默认运行时路径
- - 状态目录:~/.config/git-sync-daemon
- 仓库列表:~/.config/git-sync-daemon/repos.conf
- 日志文件:~/.config/git-sync-daemon/git-sync-daemon.log
仓库条目格式
每行一个仓库:
text
/absolute/path/to/repo|remote=origin|branch=main|enabled=1
支持的键:
- - remote(默认 origin)
- branch(默认当前分支)
- enabled(1/0,true/false,默认启用)
快速开始(macOS)
bash
bash scripts/gitsyncctl.sh init
bash scripts/gitsyncctl.sh add-repo /Users/samwei12/Develop/config
bash scripts/gitsyncctl.sh run-once
bash scripts/gitsyncctl.sh install-launchd
bash scripts/gitsyncctl.sh status
快速开始(Linux)
bash
bash scripts/gitsyncctl.sh init
bash scripts/gitsyncctl.sh add-repo /path/to/repo
bash scripts/gitsyncctl.sh run-once
sudo bash scripts/gitsyncctl.sh install-systemd
bash scripts/gitsyncctl.sh status
操作
- - 添加仓库:bash scripts/gitsyncctl.sh add-repo <路径> [分支] [远程]
- 移除仓库:bash scripts/gitsyncctl.sh remove-repo <路径>
- 列出仓库:bash scripts/gitsyncctl.sh list-repos
- 立即执行一次同步:bash scripts/gitsyncctl.sh run-once
- 查看状态/日志尾部:bash scripts/gitsyncctl.sh status
服务生命周期:
- - macOS 安装:bash scripts/gitsyncctl.sh install-launchd
- macOS 卸载:bash scripts/gitsyncctl.sh uninstall-launchd
- Linux 安装:sudo bash scripts/gitsyncctl.sh install-systemd
- Linux 卸载:sudo bash scripts/gitsyncctl.sh uninstall-systemd
生产环境加固检查清单
在生产环境启用守护进程模式前:
- 1. SSH/认证基线
- - 确保服务用户能够通过 SSH 对每个远程仓库执行非交互式 Git 操作。
- 预加载主机密钥(ssh-keyscan / StrictHostKeyChecking=accept-new),避免首次运行失败。
- 建议在 ~/.ssh/config 中显式配置密钥路由(host/user/port/IdentityFile/IdentitiesOnly)。
- 2. 服务身份一致性
- - 使用与仓库凭据和 Git 配置相同的用户安装服务。
- 验证该服务用户的 git config --global user.name/user.email。
- 3. 仓库注册策略
- - 仅注册干净、预期的仓库。
- 每个仓库条目保持一个规范分支;避免分离 HEAD 目标。
- 临时暂停时使用 enabled=0,而非删除行。
- 4. 可观测性
- - 将日志保存在专用文件中,必要时进行外部轮转。
- 在启用持久化服务前,先验证 run-once 是否正常。
安全注意事项
- - 守护进程不会强制推送。
- 变基冲突会被记录并隔离到受影响的仓库。
- 如果钩子需要 git-lfs 但缺失,该仓库将被跳过并记录显式错误日志。
- 在 macOS launchd 中,PATH 会在服务环境和守护进程脚本中扩展,以包含 Homebrew 二进制文件。
- 推荐的迁移实践:首次成功运行应仅使用基线仓库;然后逐步添加更多仓库。
