Since I haven’t mentioned it yet, I am using the 32-bit version of Ubuntu Server 10.04 as the operating system for ease’s sake. I’m doing this to relax after all. (Sorry gentoo; you know I still love you.)
Setting up gitosis
So, gitosis. Why? It’s simple, there is no need to create user accounts for each contributor, and it runs over SSH.
What do we need to get this running?
Assumed to be already installed on the server:
- python
- SSH (server)
We will be installing on the server:
- python-setuptools
- git
- gitosis
Assumed to be already installed on the client:
- SSH (client)
- An SSH public/private key pair
- git
Let’s start with the server.
git is needed:
server$ sudo apt-get install git-core
One option for installing gitosis is through apt. However, I chose to install it “by hand.” Doing so is easy, but requires python-setuptools:
server$ sudo apt-get install python-setuptools
Using git we can clone the latest version of gitosis:
server$ git clone git://eagain.net/gitosis.git
server$ cd gitosis/
Installing gitosis is simple enough:
server$ sudo python setup.py install
We need to create a user on the server to be our git user:
server$ sudo adduser \
--system \
--shell /bin/sh \
--gecos 'git version control' \
--group \
--disabled-password \
--home /home/git \
git
This makes a user git with a home at /home/git. This is where all our repositories live.
Now we start to get into the tricky stuff.
A user to gitosis is an SSH public key. That is, if Bob and Alice are both contributors to a repository, gitosis needs only know their SSH public keys: bob.pub and alice.pub. Any repository that is configured to give access to users alice or bob refers to alice.pub or bob.pub respectively. More on this later.
However, I bring this up because gitosis is administered through a repository that is set up when you initialize gitosis (see Ouroboros.) In initializing gitosis, you need to specify the SSH public key of the user who will be able to configure gitosis further. This user is added to gitosis automagically and has write access to the admin repository off-the-bat.
(Note: the following suggests that admin computer is a separate computer from the server. While this makes sense for a server, the admin computer can be referring to the server if you wish. The idea is that unlike SSH, lighttpd, or other services, we don’t edit configuration files directly but instead clone the gitosis-admin repository, edit the configuration, and push the changes back via gitosis itself.
If your admin computer (denoted as user$) doesn’t have an SSH public/private key-pair, generate that now:
user$ ssh-keygen -t rsa
Ensure that the admin’s public key is on the server:
user$ scp ~/.ssh/id_rsa.pub server@server-address:~
This is assuming that your public key is ~/.ssh/id_rsa.pub locally, your server is located at server-address, and that your user on the server is named server. id_rsa.pub now lives in the home directory of the user server.
Okay.
It’s time to initialize gitosis:
server$ sudo -H -u git gitosis-init < ~/id_rsa.pub
It is also suggested that we change the permissions of the following file as they might not be set correctly by default:
server$ sudo chmod 755 \
/home/git/repositories/gitosis-admin.git/hooks/post-update
The above assumes that the home directory of the git user we created earlier is /home/git
Now gitosis should now let us start configuring.
Clone the aptly named gitosis-admin repository:
user$ git clone git@server-address:gitosis-admin.git
This will create a folder called gitosis-admin in the current directory containing the gitosis configuration files: gitosis.conf, the configuration file for git repositories; and keydir/, which initially contains the key you provided when initializing gitosis.
Adding a repository to gitosis
Now that we can clone the gitosis-admin repo, we can start to add our own.
To do this, we need to edit gitosis.conf located in the folder gitosis-admin.
The default gitosis.conf looks something like this:
[gitosis]
[gitosis-admin]
writable = gitosis-admin
members = user
Note that user was the comment in the public key we initialized gitosis with (by default it is related to the username and hostname the key was generated on.)
If you plan on using gitweb add the following for your new repository:
[repo ArbitraryProject]
description = A short description of a vaguely named project.
owner = Arbitrary Name
Note that the owner name doesn’t depend on any other names in gitosis.conf.
The following is what gives access to do the initial push for your repository:
[group ArbitraryProject]
writable = ArbitraryProject
members = bob
This allows user bob to write to the repository ArbitraryProject. The group name ArbitraryProject doesn’t need to match the value of writable.
If you want to give the user alice read-only access to the repository, add a readonly line:
[group ArbitraryProject]
writable = ArbitraryProject
members = bob
readonly = alice
Now that we’re done adding our repository to the gitosis.conf we can commit and push the changes with git:
user$ git commit -a -m “Added ArbitraryProject”
user$ git push
The second step of adding our repository is to push a git repository to the server.
Let’s assume we haven’t started our repository yet.
Let’s make the directory:
user$ mkdir project/
Let’s initialize the git repo:
user$ cd project/
user$ git init
We can now add our server as origin:
user$ git remote add origin git@server-address:ArbitraryProject.git
Let’s add a file to our repo and make our first commit:
user$ touch README
user$ git add README
user$ git commit -a -m “Initial commit.”
We now need to push everything to the gitosis server:
user$ git push origin master:refs/heads/master
The repository ArbitraryProject now exists on the server in /home/git/repositories/ArbitraryProject.git, if the home directory of the git user is /home/git/.
Adding a contributor to your project
As was mentioned earlier, a gitosis user is simply an SSH public key.
Our friend Alice wishes to be able to contribute to ArbitraryProject. She gives us her public key (alice.pub) by email/by scp/by sneakernet/on paper/etc. All we need to do is copy alice.pub to the directory gitosis-admin/keydir/ and track the file.
user$ cd gitosis-admin/
user$ ~/alice.pub gitosis-admin/keydir
user$ git add keydir/alice.pub
Now we can refer to Alice in our gitosis.conf:
[group ArbitraryProject]
writable = ArbitraryProject
members = user alice
Note that the name of the file is alice.pub and we refer to it as alice. If we renamed the file XYZ.pub we would refer to that key as XYZ in gitosis.conf.
Now we can push the changes:
user$ git commit -a -m “Added alice to ArbitraryProject”
user$ git push
Alice can now clone the repository:
alice$ git clone git@server-address:ArbitraryProject.git
And we’re done!
