How to setup git, gitosis and gitweb

The following how-to applies to Ubuntu-Server 10.04 (Lucid Lynx) and covers installation and configuration of git, gitosis and gitweb.

Setup

First, update apt and install all necessary programs and its dependencies:

user@server:~$ sudo apt-get update
user@server:~$
sudo apt-get install git-core gitosis gitweb

The installation routine of gitosis creates a user git and a group gitosis which later will be used to access it’s repositories. To set up gitosis you need to copy the client’s public key to the server. If you don’t have a keypair, you can generate one on your client (local) machine by invoking:

user@client:~$ ssh-keygen -C 'yourMail@host.com'

It is recommended to pass an email address as comment because it will be used as key identification from gitosis later on. By default, the keypair will be stored in ~/.ssh: id_rsa (private key) and id_rsa.pub (public key).

Now copy the public key to the server e.g. with scp and initialize gitosis with that key:

user@client:~$ scp .ssh/id_rsa.pub user@server:/tmp
user@server:~$ sudo -H -u git gitosis-init < /tmp/id_rsa.pub

This is all that needs to be done to install git, gitosis and gitweb.

Configuration

Some configuration has to take place to ensure a flawless experience. There ain’t nothing to configure for git per se on the server, that’s why gitweb configuration comes next.

Gitweb

For gitweb configuration fire up your favourite editor, point it to /etc/gitweb.conf and change it to look like this:

# path to git projects (.git)
#$projectroot = &quot;/var/cache/git&quot;;
$projectroot = &quot;/srv/gitosis/git&quot;;

# directory to use for temp files
$git_temp = &quot;/tmp&quot;;

# target of the home link on top of all pages
#$home_link = $my_uri || &quot;/&quot;;

# html text to include at home page
$home_text = &quot;indextext.html&quot;;

# file with project list; by default, simply scan the projectroot dir.
#$projects_list = $projectroot;
$projects_list = &quot;/srv/gitosis/gitosis/projects.list&quot;;

# By default, gitweb will happily let people browse any repository
# they guess the name of. This may or may not be what you want.
# I prefer to set these, to allow exactly the repositories in
# projects.list to be browsed.
$export_ok = &quot;&quot;;
$strict_export = &quot;true&quot;;

# stylesheet to use
$stylesheet = &quot;/gitweb/gitweb.css&quot;;

# logo to use
$logo = &quot;/gitweb/git-logo.png&quot;;

# the 'favicon'
$favicon = &quot;/gitweb/git-favicon.png&quot;;

Changes explained: First, you point gitweb to the path where gitosis will host the repositories and to the project list file. Furthermore you restrict access, so that only projects you want to, become browsable.

SSH

On the client side, all you have to do is add the gitosis server, the git user (Note: you always communicate with the gitosis server as git) and your (or more correct: gits’) private key to ~/.ssh/config:

Host your.server.com
    User git
    IdentityFile /path/to/the/private_key/id_rsa

If you have a default SSH configuration on your server (e.g.: default port, default AuthorizedKeysFile path, every user may log on, …), the rest of this chapter can be skipped.

 

Restricted SSH Access

It is quite common and advisable to restrict ssh access only to trusted/known users. Just add git to the AllowUsers line in /etc/ssh/sshd_config: AllowUsers user1 user2 user3 git

Non-Standard Port

If sshd is not listening at port 22 but on some other port (e.g.: 12345), simply add it to ~/.ssh/config at the client machine.

Host your.server.com
    User git
    Port 12345
    IdentityFile /path/to/the/private_key/id_rsa

AuthorizedKeysFile

If you happen to use a different structure for your key files because you’re using an encrypted home directory and use ssh key authentication to log in your server, you should be aware NOT to copy the public key you created before, but the modfied one found at /srv/gitosis/.ssh/authorized_keys. If you don’t do this, on the one hand gitosis won’t work properly and on the other hand you open a security hole if you plan to have multiple users using git on that server.

Gitosis

Gitosis configuration takes place on your local machine. Just clone gitosis-admin.git and edit gitosis.conf:

user@client:~$ git clone git@server.com:gitosis-admin.git
user@client:~$ cd gitosis-admin
user@client:~/gitosis-admin$ vi gitosis.conf

Illustrative a new repo (foobar) that will be browsable through gitweb and writable by a new group (foobar) with a new user (foo@bar.org) will be created:

[group foobar]
writable = foobar
members = foo@bar.org

[repo foobar]
gitweb = yes
description = This is a Test Repo
owner = foo

Now save that file and commit it:

 

user@client:~/gitosis-admin$ git commit -a -m "added a test repo"

The repository will be created as soon as you push the changes back to the server, but nobody will be able to clone it until you copy foo’s public key to gitosis-admin/keydir. For this purpose another dummy keypair will be created and copied to the aformentioned directory:

user@client:~/gitosis-admin$ ssh-keygen -C "foo@bar.org" -f ~/.ssh/foobar
user@client:~/gitosis-admin$ mv ~/.ssh/foobar.pub keydir/foo@bar.org.pub
user@client:~/gitosis-admin$ git add keydir/foo@bar.org.pub
user@client:~/gitosis-admin$ git commit -m "added test public key file"
user@client:~/gitosis-admin$ git push

Almost done. To properly checkout the repository as “foo@bar.org” simply add/change the key in ~/.ssh/config to include the private key:

Host your.server.com
    User git
    Port 12345
#    IdentityFile /path/to/the/private_key/id_rsa
    IdentityFile ~/.ssh/foobar

Note that for testing purposes the main private key was commented. The afore described procedure is basically all you have to do to add new users to the gitosis system. Now checkout your test repository with

 

user@client:~$ git clone git@server:foobar.git

That’s it, have fun.😉

References

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: