Building notes, projects, and occasional rants

Installing gitosis

Gitosis is a wonderful little system to manage Git repositories, providing access over SSH, with tight access control and using only one shell account.

The installation instructions provided with the README.rst, and the Hosting Git article by Garry Dolley provide you most of what you need to install it. But they cover the most basic installation where everything is in your system PATH.

My setup is not standard at all, so the process needs to be tweaked a bit.

Although not mentioned, Gitosis requires a recent version of Python (at least more recent than my system 2.3.4) and setuptools (also missing from my system).

I choose to compile all the dependencies. To isolate this as much as possible, I created an account gitdeps to hold all the stuff I need to run Gitosis.

I logged in as gitdeps and did:

# make sure other users can use this commands
chmod 711 $HOME
mkdir src && cd src

# Install Python
tar zxf Python-2.5.2.tgz
cd Python-2.5.2
./configure --prefix=$HOME
make install
cd ..
export PATH=$HOME/bin:$PATH

# Install setuptools

# Install Git
tar zxf git-
cd git-
./configure --prefix=$HOME
make install
cd ..

# Install Gitosis
git clone git://
cd gitosis
python install

You should have all the software needed to run Gitosis now.

The rest of the installation is pretty simple. You need a couple of things:

  • choose a directory to hold all the files: we will assume /home/git but you can use whatever you want;
  • a user account for the system: usually this user is git. You can have several Gitosis installations in the same server, each one using a different user;
  • the SSH public key of the user that will be the initial administrator of Gitosis.

To create the git user, you should use the proper tool for your operating system. The README.rst provides the command to run on a Debian-like system. I'm using CentOS so the command is this:

# As root
useradd \
      -s /bin/sh \
      -c 'git version control' \
      -r \
      -d /home/git \
mkdir -p /home/git
chown git:git /home/git

After this, you just need to initialize the Gitosis system. Do:

# As root
export PATH
sudo -H -u git gitosis-init < /path/to/

You should see two lines of output:

Initialized empty Git repository in /home/git/repositories/gitosis-admin.git/
Reinitialized existing Git repository in /home/git/repositories/gitosis-admin.git/

On a standard system, that would be it. But we have all the binaries in a non-standard directory, /home/gitdeps/bin. To make sure that they are found, we need to tweak the SSH instalation.

First, you need to create a SSH environment file with the proper PATH to use:

# as root
echo "PATH=/home/gitdeps/bin:/bin:/usr/bin:/usr/local/bin" > ~git/.ssh/environment
chown git:git ~git/.ssh/environment
chmod 400 ~git/.ssh/environment

Then you need to make sure that your sshd is configured to read the file. Edit the /etc/ssh/sshd_config file. There are two settings you must check:

  • PermitUserEnvironment: must be yes;
  • UseLogin: must be no.

If UseLogin is yes, proceed with caution. You might break ssh service for other users. One alternative (left as an exercise to the reader) is to use a separate sshd just for the git user.

Restart your sshd. And we are done.

To manage Gitosis, you clone the gitosis-admin.git repository. Inside your local copy, you'll find a gitosis.conf and a keydir/ directory with the public keys of all the users, in the format

# on your laptop/desktop
git clone [email protected]:gitosis-admin.git
cd gitosis-admin
ls -la *
-rw-rw-r--  1 melo  staff  91 Sep 20 15:44 gitosis.conf

total 8
-rw-rw-r--  1 melo  staff  666 Sep 20 15:44 [email protected]

Have the appropriate amount of fun.