How to setup git, gitosis and gitweb
The following how-to applies to Ubuntu-Server 10.04 (Lucid Lynx) and covers installation and configuration of git, gitosis and gitweb.
First, update apt and install all necessary programs and its dependencies:
The installation routine of gitosis creates a user git and a group gitosis which later will be used to access it’s repositories. To set up gitosis you need to copy the client’s public key to the server. If you don’t have a keypair, you can generate one on your client (local) machine by invoking:
It is recommended to pass an email address as comment because it will be used as key identification from gitosis later on. By default, the keypair will be stored in ~/.ssh: id_rsa (private key) and id_rsa.pub (public key).
Now copy the public key to the server e.g. with scp and initialize gitosis with that key:
This is all that needs to be done to install git, gitosis and gitweb.
Some configuration has to take place to ensure a flawless experience. There ain’t nothing to configure for git per se on the server, that’s why gitweb configuration comes next.
For gitweb configuration fire up your favourite editor, point it to /etc/gitweb.conf and change it to look like this:
# path to git projects (.git) #$projectroot = "/var/cache/git"; $projectroot = "/srv/gitosis/git"; # directory to use for temp files $git_temp = "/tmp"; # target of the home link on top of all pages #$home_link = $my_uri || "/"; # html text to include at home page $home_text = "indextext.html"; # file with project list; by default, simply scan the projectroot dir. #$projects_list = $projectroot; $projects_list = "/srv/gitosis/gitosis/projects.list"; # By default, gitweb will happily let people browse any repository # they guess the name of. This may or may not be what you want. # I prefer to set these, to allow exactly the repositories in # projects.list to be browsed. $export_ok = ""; $strict_export = "true"; # stylesheet to use $stylesheet = "/gitweb/gitweb.css"; # logo to use $logo = "/gitweb/git-logo.png"; # the 'favicon' $favicon = "/gitweb/git-favicon.png";
Changes explained: First, you point gitweb to the path where gitosis will host the repositories and to the project list file. Furthermore you restrict access, so that only projects you want to, become browsable.
On the client side, all you have to do is add the gitosis server, the git user (Note: you always communicate with the gitosis server as git) and your (or more correct: gits’) private key to ~/.ssh/config:
Host your.server.com User git IdentityFile /path/to/the/private_key/id_rsa
If you have a default SSH configuration on your server (e.g.: default port, default AuthorizedKeysFile path, every user may log on, …), the rest of this chapter can be skipped.
Restricted SSH Access
It is quite common and advisable to restrict ssh access only to trusted/known users. Just add git to the AllowUsers line in /etc/ssh/sshd_config:
AllowUsers user1 user2 user3 git
If sshd is not listening at port 22 but on some other port (e.g.: 12345), simply add it to ~/.ssh/config at the client machine.
Host your.server.com User git Port 12345 IdentityFile /path/to/the/private_key/id_rsa
If you happen to use a different structure for your key files because you’re using an encrypted home directory and use ssh key authentication to log in your server, you should be aware NOT to copy the public key you created before, but the modfied one found at /srv/gitosis/.ssh/authorized_keys. If you don’t do this, on the one hand gitosis won’t work properly and on the other hand you open a security hole if you plan to have multiple users using git on that server.
Gitosis configuration takes place on your local machine. Just clone gitosis-admin.git and edit gitosis.conf:
Illustrative a new repo (foobar) that will be browsable through gitweb and writable by a new group (foobar) with a new user (email@example.com) will be created:
[group foobar] writable = foobar members = firstname.lastname@example.org [repo foobar] gitweb = yes description = This is a Test Repo owner = foo
Now save that file and commit it:
The repository will be created as soon as you push the changes back to the server, but nobody will be able to clone it until you copy foo’s public key to gitosis-admin/keydir. For this purpose another dummy keypair will be created and copied to the aformentioned directory:
Almost done. To properly checkout the repository as “email@example.com” simply add/change the key in ~/.ssh/config to include the private key:
Host your.server.com User git Port 12345 # IdentityFile /path/to/the/private_key/id_rsa IdentityFile ~/.ssh/foobar
Note that for testing purposes the main private key was commented. The afore described procedure is basically all you have to do to add new users to the gitosis system. Now checkout your test repository with
That’s it, have fun. 😉