Wikibooks

Git/Gitosis

< Git

Gitosis is a tool to secure centralized Git repositories, permitting multiple maintainers to manage the same project at once, by restricting the access to only over a secure network protocol.

Installing Gitosis

edit

Checkout the Gitosis Repository

edit

To install Gitosis, you first must have the Git client installed. Once installed, checkout a copy of Gitosis from its repository: 

 git clone git://eagain.net/gitosis.git

Install: 

 cd gitosis
 python setup.py install

Create a User to Manage the Repositories

edit

Create a user to manage the repositories: 

 sudo adduser \
   --system \
   --shell /bin/sh \
   --gecos 'git version control' \
   --group \
   --disabled-password \
   --home /home/git \
   git

If you don't already have a public RSA key, create one on your local computer: 

 ssh-keygen -t rsa

Copying Your Public Key to the Gitosis Server

edit

Copy this key to the Gitosis server. Assuming you are in your home directory: 

 scp .ssh/id_rsa.pub user@example.com:/tmp

Setting up Gitosis

edit

Initializing Gitosis

edit

Initialize Gitosis: 

 sudo -H -u git gitosis-init < /tmp/id_rsa.pub

Upon success, you will see: 

 Initialized empty Git repository in ./
 Initialized empty Git repository in ./

Ensure the Git post-update hook has the correct permissions: 

 sudo chmod 755 /home/git/repositories/gitosis-admin.git/hooks/post-update


Configuring Gitosis

edit

Clone the Gitosis Repository

edit

Gitosis creates its own Git repository. To configure Gitosis, you will clone this repository, set your configuration options, then push your configuration back to the Gitosis server.

Cloning the Gitosis repository: 

 git clone git@example.com:gitosis-admin.git
 cd gitosis-admin

Creating a Repository

edit

Edit gitosis.conf

An example of a default gitosis.conf: 

 [gitosis]                  

 [group gitosis-admin]
 writable = gitosis-admin
 members = jdoe

Defining Groups, Members, Permissions, and Repositories

edit

You can define groups of members and what permissions they will have to repositories like so: 

 [group blue_team]
 members = john martin stephen
 writable = tea_timer coffee_maker

In this example, anyone in the group blue_team, in this case john, martin, and stephen, will be able to write to the Git repositories tea_timer and coffee_maker

Save, commit, and push this file. 

 git commit -am "Give john, martin, and stephen access to the repositories tea_timer and coffee_maker."
 git push

Creating a Repository

edit

Next, create one of the repositories. You'll want to change to the directory where you you want to store your local copy of the Git repository first.

Create the repository: 

 mkdir tea_timer
 cd tea_timer
 git init
 git remote add origin git@example.com:tea_timer.git
 # Add some files and commit.
 git push origin master:refs/heads/master
 # The previous line links your local branch master to the remote branch master so you can automatically fetch and merge with git pull.

Adding Users to a Repository

edit

Users are identified by their public RSA keys. Gitosis keeps these keys inside the directory keydir within the gitosis-admin repository. Users are linked to their Git username by the name of the key file. For example, adding an RSA key to keydir/john.pub will link the user john to the machine defined by the RSA within john.pub. Keys must end in .pub!

Add a user: 

 cd gitosis-admin
 cp /path/to/rsa/key/john.pub keydir/
 git add keydir/*
 git commit -am "Adding the john account."
 git push

John can now clone the git repositories he has access to as defined by gitosis.conf. In this case, he can both read and write to the repository as he has writable permissions.

edit
Retrieved from "https://en.wikibooks.org/w/index.php?title=Git/Gitosis&oldid=3306659"