Bienvenido! - Willkommen! - Welcome!

Bitácora Técnica de Tux&Cía., Santa Cruz de la Sierra, BO
Bitácora Central: Tux&Cía.
Bitácora de Información Avanzada: Tux&Cía.-Información
May the source be with you!

Sunday, April 22, 2012

Hosting Git repositories

The Easy (and Secure) Way
Update (12-12-2010): For additional features not present in gitosis, check out gitolite.
Update (08-10-2008): For topics not covered here, I encourage everyone to read the gitosis README, bundled with the distribution. There is also an example.conf configuration file that illustrates more features than I have covered here.
I have been asked more and more these days, "How do I host a Git repository?" Usually it is assumed that some access control beyond simply read-only is involved (some users have commit rights). With access control comes issues of security, and that's a whole other bag of cats. This post is about presenting an answer to this question, without the fuss.
The rest of this article will be a tutorial showing you how to host and manage Git repositories with access control, easily and safely. I use an up and coming tool called gitosis that my friend Tv wrote to help make hosting git repos easier and safer. It manages multiple repositories under one user account, using SSH keys to identify users. However, users do *not* need shell accounts on the server, instead they will talk to one shared account that does not allow arbitrary commands. Git itself is used to setup gitosis and manage the Git repos, which pleases the recursion-seeking orthogonal CS-side of my brain.
Assumptions: I take my examples from a Ubuntu Linux server. While I haven't tested other systems, I imagine different Linux distributions, FreeBSD, OS X, etc... would be similar. Gitosis is written in Python, so you should have a copy of Python installed as well.
Enough talk, let's get down and dirty.

Install gitosis

gitosis is a tool for hosting git repositories (I'm repeating myself for those who skim :)
The first thing to do is grab a copy of gitosis and install it on your server:

cd ~/src
git clone git://eagain.net/gitosis.git
Notice that gitosis is extremely light-weight. The clone takes a mere couple seconds. Less is more, and I like that a lot.
Next, install it like so:

cd gitosis
python setup.py install
Don't use --prefix unless you like self-inflicted pain. It is possible to install gitosis in a non-standard location, but it's not nice. Read the Caveats section at the bottom and then come back here.
If you get this error:

-bash: python: command not found
or

Traceback (most recent call last):
  File "setup.py", line 2, in ?
    from setuptools import setup, find_packages
ImportError: No module named setuptools
You have to install Python setuptools. On Debian/Ubuntu systems, it's just:

sudo apt-get install python-setuptools
For other systems, someone tell me or leave a comment, so I can update this section and improve this tutorial.
The next thing to do is to create a user that will own the repositories you want to manage. This user is usually called git, but any name will work, and you can have more than one per system if you really want to. The user does not need a password, but does need a valid shell (otherwise, SSH will refuse to work).

sudo adduser \
    --system \
    --shell /bin/sh \
    --gecos 'git version control' \
    --group \
    --disabled-password \
    --home /home/git \
    git
You may change the home path to suit your taste. A successful user creation will look similar to:

No comments: