Gitosis + Git setup¶
Gitosis is a handy tool, allowing to control Git repositories with just one user account and to grant common users access to the repositories with SSH keys.
Gitosis aims at making Git repository hosting easier and safer. It controls several repositories with a single user account, using SSH keys for user authentication. Final users do no need accounts on the server, as they will log in through one common account: this will not let them execute random commands.
Installing gitosis¶
If the package is masked, unmask it.
emerge gitosis
Once gitosis is installed, the git user will be created (no password, /var/spool/gitosis/ set as the home directory).
Configuring gitosis¶
Creating a key for root¶
su ssh-keygen -t rsa
Two files will be created,
/root/.ssh/id_rsa.pub /root/.ssh/id_rsa
which are a public and a private rsa keys.
Creating a repository with settings¶
Copy the public key:
cp /root/.ssh/id_rsa.pub /tmp/id_rsa.pub
Create the repository:
sudo -H -u git gitosis-init < /tmp/id_rsa.pub
Delete the public key from /tmp:
rm /tmp/id_rsa.pub
If you intend to use git-web, you will have to modify the access rights for the directory, for the settings repository not to be seen on the web.
chmod 700 /var/spool/gitosis/repositories/gitosis-admin.git
Configuring the repository for users¶
Go to the /tmp directory:
cd /tmp
Clone the directory with settings:
git clone git@server_name:gitosis-admin.git
Go to the settings directory:
cd gitosis-admin
Copy the user's public key in the directory /tmp/gitosis-admin/keydir:
scp root@client_name:/home/user_name/.ssh/id_rsa.pub ./keydir/user_name@client_name.pub
Configure the new repository for the user username:
vi gitosis.conf
file before change
[gitosis] [group gitosis-admin] writable = gitosis-admin members = root@server_name
file after change
[gitosis] [group gitosis-admin] writable = gitosis-admin members = root@server_name [group group1] writable = project1 members = root@server_name user_name@client_name
Make a commit for changes:
git commit -am "Granted access for developer@remotehost to project1"
Record the repository with settings:
git push origin master
Creating a new repository¶
cd /var/spool/gitosis/repositories mkdir project1.git cd project1.git git --bare init
Users will be able to access this repository on their computers, via ssh,
git clone ssh://git@server_name/project1.git
without being prompted for a password (with the public key).
Checking sshd¶
The sshd daemon must be running.
The user must be granted SSH access to git in /etc/ssh/sshd_config
Configuring git-daemon¶
vi /etc/conf.d/git-daemon GITDAEMON_OPTS="--syslog --port=9418 --base-path=/var/spool/gitosis/repositories/ --export-all" GIT_USER="apache"
If there are any problems, change the port number (specified as --port=9418) to another value and restart the git daemon, then change it back and restart the daemon again.
/etc/init.d/git-daemon restart
Problems with restarting the git daemon¶
When you restart the daemon, there may be problems reopening the port; the error will be logged in /var/log/message as:
git-daemon[pid]: unable to allocate any listen sockets on host (null) port 9418
To avoid this, you should add the --reuseaddr option to GITDAEMON_OPTS.
Creating a user key¶
The user must execute the following on their computer:
ssh-keygen -t rsa
Two keys will be generated in the user .ssh directory,
id_rsa id_rsa.pub
the private and the public (.pub) keys.
If the public key is stored in the keys directory of the gitosis settings repository on the server and if the access rights are specified accordingly in gitosis.conf, the user will be granted access to the repositories on the server.