Git/Gitosis
Gitosis is a tool to secure centralized Git repositories, permitting multiple maintainers to manage the same project at once, by restricting the access to only over a secure network protocol.
Installing Gitosis
[edit | edit source]Checkout the Gitosis Repository
[edit | edit source]To install Gitosis, you first must have the Git client installed. Once installed, checkout a copy of Gitosis from its repository:
git clone git://eagain.net/gitosis.git
Install:
cd gitosis python setup.py install
Create a User to Manage the Repositories
[edit | edit source]Create a user to manage the repositories:
sudo adduser \ --system \ --shell /bin/sh \ --gecos 'git version control' \ --group \ --disabled-password \ --home /home/git \ git
If you don't already have a public RSA key, create one on your local computer:
ssh-keygen -t rsa
Copying Your Public Key to the Gitosis Server
[edit | edit source]Copy this key to the Gitosis server. Assuming you are in your home directory:
scp .ssh/id_rsa.pub user@example.com:/tmp
Setting up Gitosis
[edit | edit source]Initializing Gitosis
[edit | edit source]Initialize Gitosis:
sudo -H -u git gitosis-init < /tmp/id_rsa.pub
Upon success, you will see:
Initialized empty Git repository in ./ Initialized empty Git repository in ./
Ensure the Git post-update hook has the correct permissions:
sudo chmod 755 /home/git/repositories/gitosis-admin.git/hooks/post-update
Configuring Gitosis
[edit | edit source]Clone the Gitosis Repository
[edit | edit source]Gitosis creates its own Git repository. To configure Gitosis, you will clone this repository, set your configuration options, then push your configuration back to the Gitosis server.
Cloning the Gitosis repository:
git clone git@example.com:gitosis-admin.git cd gitosis-admin
Creating a Repository
[edit | edit source]Edit gitosis.conf
An example of a default gitosis.conf:
[gitosis]
[group gitosis-admin] writable = gitosis-admin members = jdoe
Defining Groups, Members, Permissions, and Repositories
[edit | edit source]You can define groups of members and what permissions they will have to repositories like so:
[group blue_team] members = john martin stephen writable = tea_timer coffee_maker
In this example, anyone in the group blue_team, in this case john, martin, and stephen, will be able to write to the Git repositories tea_timer and coffee_maker
Save, commit, and push this file.
git commit -am "Give john, martin, and stephen access to the repositories tea_timer and coffee_maker." git push
Creating a Repository
[edit | edit source]Next, create one of the repositories. You'll want to change to the directory where you you want to store your local copy of the Git repository first.
Create the repository:
mkdir tea_timer cd tea_timer git init git remote add origin git@example.com:tea_timer.git # Add some files and commit. git push origin master:refs/heads/master # The previous line links your local branch master to the remote branch master so you can automatically fetch and merge with git pull.
Adding Users to a Repository
[edit | edit source]Users are identified by their public RSA keys. Gitosis keeps these keys inside the directory keydir within the gitosis-admin repository. Users are linked to their Git username by the name of the key file. For example, adding an RSA key to keydir/john.pub will link the user john to the machine defined by the RSA within john.pub. Keys must end in .pub!
Add a user:
cd gitosis-admin cp /path/to/rsa/key/john.pub keydir/ git add keydir/* git commit -am "Adding the john account." git push
John can now clone the git repositories he has access to as defined by gitosis.conf. In this case, he can both read and write to the repository as he has writable permissions.