Gitosis

From DreamHost
Jump to: navigation, search

Note

Note that Gitosis is deprecated in the git community (see the discussion here) and gitolite is now recommended.

Git with Gitosis

Git by itself, out of the box, provides no method of access control. If you know a URL for a git repository, you can clone it. Without some mechanism of access control, you can commit to it as well. Gitosis is a wrapper that provides fine grained access control to your publicly visible git repositories.

You can configure gitosis such that each user has different authentication and authorization levels for each repository in the set of repositories contained in the directories of a user account.

This article describes how to install git and gitosis on a Dreamhost shared hosting account such that you have control over who can clone and commit to your git repositories.

This article was built by plagarizing, with permission, an article by Marco Borromeo. Thanks to Marco for his good work!

There are other methods of using git with your Dreamhost account. This article describes some of those methods. – That article links here. For additional features not found in Gitosis, see Gitolite.

NOTE: This article has been updated and simplified to reflect the most recent DH server configuration. If your DH server has python version < 2.4 or git version < 1.6, you may need to look for a version of this document from before 2011-04-22 for instructions on building your own copies of those programs.

Installing Git and Gitosis – An Overview

Installing Git and Gitosis requires a number of steps. Though none of the steps is difficult, the number of steps can be intimidating. Don't let it get to you. If you make a mistake, wipe it clean and start over.

Gitosis has some pre-requisites for it to do its job. You will need:

  • A user account on Dreamhost. This account will be used for the git repositories and nothing else.
Note that after successfully installing gitosis, you will NOT be able to login to this account. You can login to a different user account and su to this account if you need shell access.
  • SSH installed on your desktop computer. SSH is used both as a secure tunnel from your desktop computer to your Dreamhost user account and for authenticating your identity to gitosis. Each user of a gitosis managed repository will also require SSH on his desktop computer.
  • A current version of Gitosis. You will retrieve the gitosis package using git.

Installing Git and Gitosis – The Details

The procedures here presume your desktop computer is a PC running Linux.

For purposes of this tutorial the user name "repoman" will be used as the name of the user account that will hold your git repositories. The domain name "example.com" is used for your domain name. The directory "testrepo" will be used as exactly that: a test repository.

Create a user account

Using your Dreamhost account control panel, create a user account with shell access.

SSH keys

If you are not already using SSH generated public and private keys, you will need to have SSH on your desktop computer. After installing SSH, you will need to generate the public/private key pair. See: SSH for the How-To.

NOTE: do NOT add your RSA public key to the gitosis user's .ssh/authorized_keys. If you do this, you can still access this new account after installation, but gitosis will not able to let you push new repository, and you need to type full path when cloning gitosis-admin.conf later. Instead, use password to login this new account.

After creating your SSH key pair, use scp to copy your id_rsa.pub public key from your desktop computer to your DH user account as: $HOME/id_rsa.pub. This makes your public key available to the gitosis initialization. The gitosis initialization step is described later.

scp ~/.ssh/id_rsa.pub repoman@example.com:~/

Setting Persistent Environment Variables

You will set some environment variables on your DH user account that will cause the correct instances of python to be invoked. SSH into your "repoman" account and do the following.

cd
echo "export PATH=$HOME/bin:$PATH" >> .bashrc
echo "export PATH=$HOME/bin:$PATH" >> .bash_profile
source .bash_profile

Configuring Python

You need to set up a virtual python installation in your user directory in order to do local installations of python apps like Gitosis. The following is extracted from the method found here: http://peak.telecommunity.com/DevCenter/EasyInstall#creating-a-virtual-python.

mkdir ~/src
cd ~/src
wget http://peak.telecommunity.com/dist/virtual-python.py
python virtual-python.py
cd

Installing Gitosis

You will clone the gitosis repository and install from that repository.

cd ~/src
git clone git://eagain.net/gitosis.git
# Or try "git clone https://github.com/tv42/gitosis.git"
cd gitosis/
python setup.py install --prefix=$HOME
cd

Initializing Gitosis

Remember copying your public key to your user directory in an earlier step? You will use it in the following step to initialize gitosis. Afterwards it can be deleted since gitosis keeps its own copy of it.

cd
gitosis-init < id_rsa.pub
rm id_rsa.pub

You may have to change permissions on the post-update hook in the gitosis-admin repository. For me, gitosis didn't work without this step.

chmod 750 $HOME/repositories/gitosis-admin.git/hooks/post-update

Don't ask. It's magic. See this article [[1]]. The article discusses setting execute permissions on the post-update hook.

NOTE: Gitosis, by default, closes you out from SSH access; to re-gain access to your user account used to host Gitosis, reconnect to Dreamhost server with another user account, and become the Gitosis user using “su” command.

Using Gitosis

Administering gitosis uses gitosis itself. Your public key gives you access to a repository called gitosos-admin.git. The gitosis-admin.git repository was created when you initialized gitosis in the previous step. To get access to this repository and its files, you will clone that repository from your Dreamhost user account to your desktop computer.

# on your desktop computer
cd projects  # or where ever you keep work in progress
git clone repoman@example.com:gitosis-admin.git
cd gitosis-admin

NOTE: The above didn't work for me, I had to change the 'git clone ...' line to:

git clone repoman@example.com:~/repositories/gitosis-admin.git

NOTE: When using TortoiseGit on Windows if you try to use repoman@example.com:~/repositories/gitosis-admin.git style URL you will get the error arguments to command look dangerous. Instead use repoman@example.com:gitosis-admin.git style of URL.

You now have the gitosis configuration file(s) on your desktop computer. Using these files you will add users and repositories to your remote host repositories.

Adding a Repository and (optional) User

To add a repository to your remote host, edit the gitosis.conf file in the gitosis-admin repository. After adding the repository to the gitosis controls, you will create the repository and push it to the remote host.

On your desktop computer, edit the gitosis.conf file. add a group and a repository

[group testrepogroup]
members = repoman@usershost
writable = testrepo

Where:

  • testrepogroup is the name of a group (not the repository)
  • members is the list of users permitted access to the testrepo repository (SSH public key identification)
  • writable = testrepo identifies the repository.

When you are adding new users, you will have to copy their public key into the directory 'keydir'. Follow the admonitions about spurious newline characters in SSH public keys.

Push the gitosis-admin repository back to the remote host.

# on your desktop computer
git commit -a -m"Add repository: testrepo, writable by repoman"
git push

The gitosis-admin repository is now back on your DH user account.

Creating a New Repository

On your desktop computer do this:

cd projects   # or where ever you keep stuff
mkdir testrepo
cd testrepo
git init
git remote add origin repoman@example.com:testrepo.git
# do some work, git add and commit files
git push origin master:refs/heads/master

Subsequent push to the remote repository does NOT require anything more than just "push". (This was not true for me on the original repo. It required editing .git/config. However, newly cloned versions of the repo did work with just "push".)

Your repository is now on your account at Dreamhost

Cloning a Repository

To clone your repository, do this:

git clone repoman@example.com:testrepo
# do some work. edit, add, delete, commit.
git push 

That should do the trick!

Additional Usage Information

The gitosis you cloned from eagain.net has additional information. See these files in the gitosis directory.

example.conf
README.rst
gitweb.conf

Note! There may be security holes in this setup. Use it at your own risk.

No consideration has been given to issues of upgrading the configuration over time.

Upgrading (draft)

Login to gitosis account

Gitosis initialization blocks direct ssh connection with password, but you can login (with ssh) to you regular dreamhost account (the one you use to host your websites) and do a:

 su your_gitosis_account

(put your gitosis account where you read your_gitosis_account)

After it asks for your gitosis account password, you will have shell access to that account so you can proceed to upgrade gitosis/fix permissions, etc.

External References

Marco Borromeo's tutorial on installing Gitosis on Dreamhost. Thank you Marco for this excellent tutorial. Marco's tutorial, with Marco's permission, is the source for much of this article.

git-scm.com is the "home" for git.

python.org is the "home for python.

pypi.python.org/pypi/setuptools is the "home" for python setuptools.

eagain.net is the home site for gitosis. He doesn't say much. You can clone the repository by saying

git clone git://eagain.net/gitosis.git

Hosting git repositories the easy and secure way. This article presumes you are installing gitosis on a server where you have root access. Some steps in this article will not work on your Dreamhost account. The article is nonetheless informative.

Github provides secure git hosting. Don't want to host your own git repositories? Maybe this is a good solution. Open source projects are hosted free. Private git hosting is available for a fee.

Oct 14, 2010. I tried the above and it didn't work for me, I've got another page where I'm hoping people can assist in getting up to date instructions.