Installing gitosis
Gitosis is a wonderful little system to manage Git repositories, providing access over SSH, with tight access control and using only one shell account.
The installation instructions provided with the README.rst, and the Hosting Git article by Garry Dolley provide you most of what you need to install it. But they cover the most basic installation where everything is in your system PATH
.
My setup is not standard at all, so the process needs to be tweaked a bit.
Although not mentioned, Gitosis requires a recent version of Python (at least more recent than my system 2.3.4) and setuptools
(also missing from my system).
I choose to compile all the dependencies. To isolate this as much as possible, I created an account gitdeps
to hold all the stuff I need to run Gitosis.
I logged in as gitdeps
and did:
# make sure other users can use this commands
chmod 711 $HOME
mkdir src && cd src
# Install Python
wget http://www.python.org/ftp/python/2.5.2/Python-2.5.2.tgz
tar zxf Python-2.5.2.tgz
cd Python-2.5.2
./configure --prefix=$HOME
make
make install
cd ..
export PATH=$HOME/bin:$PATH
# Install setuptools
wget http://peak.telecommunity.com/dist/ez_setup.py
python ez_setup.py
# Install Git
wget http://kernel.org/pub/software/scm/git/git-1.6.0.2.tar.gz
tar zxf git-1.6.0.2.tar.gz
cd git-1.6.0.2
./configure --prefix=$HOME
make
make install
cd ..
# Install Gitosis
git clone git://eagain.net/gitosis.git
cd gitosis
python setup.py install
You should have all the software needed to run Gitosis now.
The rest of the installation is pretty simple. You need a couple of things:
- choose a directory to hold all the files: we will assume
/home/git
but you can use whatever you want; - a user account for the system: usually this user is
git
. You can have several Gitosis installations in the same server, each one using a different user; - the SSH public key of the user that will be the initial administrator of Gitosis.
To create the git
user, you should use the proper tool for your operating system. The README.rst
provides the command to run on a Debian-like system. I'm using CentOS so the command is this:
# As root
useradd \
-s /bin/sh \
-c 'git version control' \
-r \
-d /home/git \
git
mkdir -p /home/git
chown git:git /home/git
After this, you just need to initialize the Gitosis system. Do:
# As root
PATH=/home/gitdeps/bin:$PATH
export PATH
sudo -H -u git gitosis-init < /path/to/gitosis_admin_ssh_public_key.pub
You should see two lines of output:
Initialized empty Git repository in /home/git/repositories/gitosis-admin.git/
Reinitialized existing Git repository in /home/git/repositories/gitosis-admin.git/
On a standard system, that would be it. But we have all the binaries in a non-standard directory, /home/gitdeps/bin
. To make sure that they are found, we need to tweak the SSH instalation.
First, you need to create a SSH environment file with the proper PATH to use:
# as root
echo "PATH=/home/gitdeps/bin:/bin:/usr/bin:/usr/local/bin" > ~git/.ssh/environment
chown git:git ~git/.ssh/environment
chmod 400 ~git/.ssh/environment
Then you need to make sure that your sshd is configured to read the file. Edit the /etc/ssh/sshd_config
file. There are two settings you must check:
PermitUserEnvironment
: must beyes
;UseLogin
: must beno
.
If UseLogin
is yes
, proceed with caution. You might break ssh service for other users. One alternative (left as an exercise to the reader) is to use a separate sshd just for the git
user.
Restart your sshd. And we are done.
To manage Gitosis, you clone the gitosis-admin.git
repository. Inside your local copy, you'll find a gitosis.conf
and a keydir/
directory with the public keys of all the users, in the format USER_ID.pub
.
# on your laptop/desktop
git clone [email protected]:gitosis-admin.git
cd gitosis-admin
ls -la *
-rw-rw-r-- 1 melo staff 91 Sep 20 15:44 gitosis.conf
keydir:
total 8
-rw-rw-r-- 1 melo staff 666 Sep 20 15:44 [email protected]
Have the appropriate amount of fun.