Gitosis

From DreamHost

Contents 1 Git with Gitosis 1.1 Installing Git and Gitosis – An Overview 2 Installing Git and Gitosis – The Details 2.1 Create a user account 2.2 SSH keys 2.3 Installing Git 2.4 Installing Python 2.5 Installing Python Install Tools 2.6 Installing Gitosis 2.7 Setting Persistent Environment Variables 2.8 Initializing Gitosis 3 Using Gitosis 3.1 Adding a Repository and (optional) User 3.2 Creating a New Repository 3.3 Cloning a Repository 3.4 Clean Up Loose Ends 3.5 Additional Usage Information 4 Upgrading (draft) 4.1 Login to gitosis account 5 External References

Git with Gitosis

Git by itself, out of the box, provides no method of access control. If you know a URL for a git repository, you can clone it. Without some mechanism of access control, you can commit to it as well. Gitosis is a wrapper that provides fine grained access control to your publicly visible git repositories.

You can configure gitosis such that each user has different authentication and authorization levels for each repository in the set of repositories contained in the directories of a user account.

This article describes how to install git and gitosis on a Dreamhost shared hosting account such that you have control over who can clone and commit to your git repositories.

This article was built by plagarizing, with permission, an article by Marco Borromeo. Thanks to Marco for his good work!

There are other methods of using git with your Dreamhost account. This article describes some of those methods. – That article links here.

Installing Git and Gitosis – An Overview

Installing Git and Gitosis requires a number of steps. Though none of the steps is difficult, the number of steps can be intimidating. Don't let it get to you. If you make a mistake, wipe it clean and start over.

Gitosis has some pre-requisites for it to do its job. You will need:

• A user account on Dreamhost. This account will be used for the git repositories and nothing else.

Note that after successfully installing gitosis, you will NOT be able to login to this account. You can login to a different user account and su to this account if you need shell access.

• SSH installed on your desktop computer. SSH is used both as a secure tunnel from your desktop computer to your Dreamhost user account and for authenticating your identity to gitosis. Each user of a gitosis managed repository will also require SSH on his desktop computer.
• A recent version, custom built, instance of git. Dreamhost has pre-installed git on many of its web hosts, however, a more recent version with some specific build-time options is a better idea.
• An updated instance of Python installed in the user account that will contain your git repositories. The default Dreamhost Python will not work; the default python is 2.3.5 from the Debian distribution. You will need python at 2.4 or higher.
• The python setuptools package. Setuptools are required to install the gitosis package.
• A current version of Gitosis. You will retrieve the gitosis package using git.

Installing Git and Gitosis – The Details

The procedures here presume your desktop computer is a PC running Linux.

For purposes of this tutorial the user name repoman will be used as the name of the user account that will hold your git repositories. The domain name example.com is used for your domain name. The directory testrepo will be used as exactly that: a test repository.

Create a user account

Using your Dreamhost account control panel, create a user account with shell access.

SSH keys

If you are not already using SSH generated public and private keys, you will need to have SSH on your desktop computer. After installing SSH, you will need to generate the public/private key pair. See: SSH for the How-To.

After creating your SSH key pair, use your FTP client to copy your id_rsa.pub public key from your desktop computer to your DH user account as: $HOME/tmp/id_rsa.pub. This makes your public key available to the gitosis initialization. The gitosis initialization step is described later.

Installing Git

Many DH hosts have git installed. The git on my DH host is at 1.5.4.1. A more recent release is suggested. At this writing (3-2009) git 1.6.2.1 is current. Before using this procedure check with the git home site for the current release.

cd
mkdir src
cd src
wget http://kernel.org/pub/software/scm/git/git-1.6.2.1.tar.gz
tar xzf git-1.6.2.1.tar.gz
cd git-1.6.2.1
./configure -prefix=$HOME NO_MMAP=1
make
make install

Installing Python

Gitosis requires Python at version 2.4 or higher.

See Python for a discussion of installing a custom version of Python.

cd ~/src
wget http://www.python.org/ftp/python/2.4.6/Python-2.4.6.tgz
tar xzf Python-2.4.6.tgz
cd Python-2.4.6
./configure --prefix=$HOME
make
make install

Installing Python Install Tools

Gitosis is implemented in python and is packaged as a python package. The python install tools are required to install gitosis. You need the install tools matching the release of python you are using.

cd ~/src
mkdir -p $HOME/lib/python2.4/site-packages
export PYTHONPATH=$HOME/lib/python2.4/site-packages
wget http://pypi.python.org/packages/2.4/s/setuptools/setuptools-0.6c9-py2.4.egg
sh setuptools-0.6c9-py2.4.egg --prefix=$HOME
cd

Installing Gitosis

You will clone the gitosis repository and install from that repository.

cd ~/src
git clone git://eagain.net/gitosis.git
cd gitosis/
export PATH=$HOME/bin:$PATH
python setup.py install --prefix=$HOME
cd

Setting Persistent Environment Variables

You will set some environment variables on your DH user account that will cause the correct instances of git and python to be invoked.

Note! Don't copy/paste the example commands. WikiMedia converted my nice double-quotes into something bash does not like. Copy/paste, but edit before hitting enter(!)

cd
echo “export PYTHONPATH=$HOME/lib/python2.4/site-packages/” >> .bashrc
echo “export PYTHONPATH=$HOME/lib/python2.4/site-packages/” >> .bash_profile
echo “export PATH=$HOME/bin:$PATH” >> .bashrc
echo “export PATH=$HOME/bin:$PATH” >> .bash_profile
. ~/.bash_profile

Initializing Gitosis

Remember copying your public key to $HOME/tmp in an earlier step? You will use it in the following steps to initialize gitosis.

cd
gitosis-init < tmp/id_rsa.pub

You may have to change permissions on the post-update hook in the gitosis-admin repository. For me, gitosis didn't work without this step.

chmod 750 $HOME/repositories/gitosis-admin.git/hooks/post-update

Don't ask. It's magic. See this article [[1]]. The article discusses setting execute permissions on the post-update hook.

NOTE: Gitosis, by default, closes you out from SSH access; to re-gain access to your user account used to host Gitosis, reconnect to Dreamhost server with another user account, and become the Gitosis user using “su” command.

Using Gitosis

Administering gitosis uses gitosis itself. Your public key gives you access to a repository called gitosos-admin.git. The gitosis-admin.git repository was created when you initialized gitosis in the previous step. To get access to this repository and its files, you will clone that repository from your Dreamhost user account to your desktop computer.

# on your desktop computer
cd projects  # or where ever you keep work in progress
git clone repoman@example.com:gitosis-admin.git
cd gitosis-admin

You now have the gitosis configuration file(s) on your desktop computer. Using these files you will add users and repositories to your remote host repositories.

Adding a Repository and (optional) User

To add a repository to your remote host, edit the gitosis.conf file in the gitosis-admin repository. After adding the repository to the gitosis controls, you will create the repository and push it to the remote host.

On your desktop computer, edit the gitosis.conf file. add a group and a repository

[group testrepogroup]
members = repoman@usershost
writable = testrepo

Where:

• testrepogroup is the name of a group (not the repository)
• members is the list of users permitted access to the testrepo repository (SSH public key identification)
• writable = testrepo identifies the repository.

When you are adding new users, you will have to copy their public key into the directory 'keydir'. Follow the admonitions about spurious newline characters in SSH public keys.

Push the gitosis-admin repository back to the remote host.

# on your desktop computer
git commit -a -m"Add repository: testrepo, writable by repoman"
git push

The gitosis-admin repository is now back on your DH user account.

Creating a New Repository

On your desktop computer do this:

cd projects   # or where ever you keep stuff
mkdir testrepo
cd testrepo
git init
git remote add origin repoman@example.com:testrepo.git
# do some work, git add and commit files
git push origin master:refs/heads/master

Subsequent push to the remote repository does NOT require anything more than just "push".

Your repository is now on your account at Dreahost

Cloning a Repository

To clone your repository, do this:

git clone repoman@example.com:testrepo
# do some work. edit, add, delete, commit.
git push 

That should do the trick!

Clean Up Loose Ends

Building all the parts used a lot of disk space. After the build you don't need all the files in the $HOME/src directory. you can discard the extracted .tgz files, keeping only the .tgz files themselves. Yes, you have unlimited storage. Be nice, clean up anyway.

Additional Usage Information

The gitosis you cloned from eagain.net has additional information. See these files in the gitosis directory.

example.conf
README.rst
gitweb.conf

Note! There may be security holes in this setup. Use it at your own risk.

No consideration has been given to issues of upgrading the configuration over time.

Upgrading (draft)

Login to gitosis account

Gitosis initialization blocks direct ssh connection with password, but you can login (with ssh) to you regular dreamhost account (the one you use to host your websites) and do a:

 su your_gitosis_account

(put your gitosis account where you read your_gitosis_account)

After it asks for your gitosis account password, you will have shell access to that account so you can proceed to upgrade gitosis/fix permissions, etc.

External References

Marco Borromeo's tutorial on installing Gitosis on Dreamhost. Thank you Marco for this excellent tutorial. Marco's tutorial, with Marco's permission, is the source for much of this article.

git-scm.com is the "home" for git.

python.org is the "home for python.

pypi.python.org/pypi/setuptools is the "home" for python setuptools.

eagain.net is the home site for gitosis. He doesn't say much. You can clone the repository by saying

git clone git://eagain.net/gitosis.git

Hosting git repositories the easy and secure way. This article presumes you are installing gitosis on a server where you have root access. Some steps in this article will not work on your Dreamhost account. The article is nonetheless informative.

Github provides secure git hosting. Don't want to host your own git repositories? Maybe this is a good solution. Open source projects are hosted free. Private git hosting is available for a fee.