Gitosis

From CBLFS
Revision as of 10:34, 8 November 2009 by Jciccone (talk | contribs) (Git User/Group)
Jump to navigationJump to search
Download Source: See Below

Introduction to Gitosis

gitosis aims to make hosting git repos easier and safer. It manages multiple repositories under one user account, using SSH keys to identify users. End users do not need shell accounts on the server, they will talk to one shared account that will not let them run arbitrary commands.

Project Homepage: Unknown

Getting the Source

Make sure that you have GIT installed and working then execute the following command:

git clone git://eagain.net/gitosis.git

You may wish to create a tarball of the checked out code for future reference.

tar cvjf gitosis-$(date '+%Y%m%d').tar.bz2 gitosis

Dependencies

Required

Recommended

  • Sudo (For Configuration, su can be used instead)

Git User/Group

groupadd -g 55 git &&
useradd -c 'GIT User' -d /srv/git -g git -s /bin/bash -u 55 git &&
install -d -o git -g git -d /srv/git

For Gitosis to work properly a password will have to be set for the git user. Without this password logins may not be allowed even using public keys. You never need to remember the password again so I recommend making it completely random.

passwd git

Non-Multilib

Install the package

python setup.py install

Multilib

32Bit

Install the package

USE_ARCH=32 python setup.py install

N32

Install the package

USE_ARCH=n32 python setup.py install

64Bit

Install the package

USE_ARCH=64 python setup.py install

Configuring Gitosis

Initial Setup and Gitosis Admin

If you do not already have a ssh key for your user generate one now with:

ssh-keygen -t rsa

Two files will be generated in your ~/.ssh directory, id_rsa and id_rsa.pub. Copy id_rsa.pub to the machine with the Gitosis install. Any directory that the git user has access too works. Then execute the following command:

sudo -H -u git gitosis-init < /path/to/id_rsa.pub

Note: -H makes sudo switch the user's home directory. -u git says to switch to the git user.

The previous command authorized that public key to the Gitosis repository.

On the machine with the Gitosis install make sure that the post-update hook is executable in the Gitosis repository:

chmod -v 755 /srv/git/repositories/gitosis-admin.git/hooks/post-update

From the machine that you created the ssh key on, create a clone of the gitosis repository:

git clone git@[YOUR_SERVER_HOSTNAME]:gitosis-admin.git
cd gitosis-admin

Setting up a Repository

The following configuration should serve as an example only.

From inside of the gitosis-admin directory that was checked out in the last step open the gitosis.conf file. You should see something along the lines of the following:

[gitosis]                  

gitweb = no
daemon = no

[group gitosis-admin]
writable = gitosis-admin
members = jdoe                     

To add another repo we need to make an entry in this file so that it will be writable.

[group myteam]
members = jdoe
writable = testrepo

Save this addition to gitosis.conf, commit and push it:

git commit -a -m "Allow jdoe write access to testrepo."
git push

Now that the user has access to the repo it's time to actually create it:

mkdir testrepo
cd testrepo
git init 
git remote add origin git@[YOUR_SERVER_HOSTNAME]:testrepo.git

# Add / Commit some files to the local repo
# Don't forgot to commit the changes or you _WILL_ get an error

git push origin master:refs/heads/master

Adding Users

For people to access to the GIT repositories through Gitosis they have to have public keys of their own. They can generate one the same way that we did in the first step with the following:

ssh-keygen -t rsa

After they generate the key get them to send you the id_rsa.pub file, and only that file. Inside of the gitosis-admin directory you should see a directory named keydir. Copy the id_rsa.pub key provided to you by the user into that directory using a unique name, such as username@hostname or just username. Add the keys to the repository, modify gitosis.conf so that the new keys can write to the appropriate repositories. Separate usernames with a space. Then commit all of the change to the gitosos-admin repository and push it back to the server.

Now the new users should be able to close the repository in the same manner that we accessed them above.

Reference: http://scie.nti.st/2007/11/14/hosting-git-repositories-the-easy-and-secure-way

Retrieved from "?title=Gitosis&oldid=19616"