Git with Gitosis
Git by itself, out of the box, provides no method of access control. If you know a URL for a git repository, you can clone it. Without some mechanism of access control, you can commit to it as well. Gitosis is a wrapper that provides fine grained access control to your publicly visible git repositories.
You can configure gitosis such that each user has different authentication and authorization levels for each repository in the set of repositories contained in the directories of a user account.
This article describes how to install git and gitosis on a Dreamhost shared hosting account such that you have control over who can clone and commit to your git repositories.
This article was built by plagarizing, with permission, an article by Marco Borromeo. Thanks to Marco for his good work!
NOTE: This article has been updated and simplified to reflect the most recent DH server configuration. If your DH server has python version < 2.4 or git version < 1.6, you may need to look for a version of this document from before 2011-04-22 for instructions on building your own copies of those programs.
Installing Git and Gitosis – An Overview
Installing Git and Gitosis requires a number of steps. Though none of the steps is difficult, the number of steps can be intimidating. Don't let it get to you. If you make a mistake, wipe it clean and start over.
Gitosis has some pre-requisites for it to do its job. You will need:
- A user account on Dreamhost. This account will be used for the git repositories and nothing else.
- Note that after successfully installing gitosis, you will NOT be able to login to this account. You can login to a different user account and su to this account if you need shell access.
- SSH installed on your desktop computer. SSH is used both as a secure tunnel from your desktop computer to your Dreamhost user account and for authenticating your identity to gitosis. Each user of a gitosis managed repository will also require SSH on his desktop computer.
- A current version of Gitosis. You will retrieve the gitosis package using git.
Installing Git and Gitosis – The Details
The procedures here presume your desktop computer is a PC running Linux.
For purposes of this tutorial the user name "repoman" will be used as the name of the user account that will hold your git repositories. The domain name "example.com" is used for your domain name. The directory "testrepo" will be used as exactly that: a test repository.
Create a user account
Using your Dreamhost account control panel, create a user account with shell access.
If you are not already using SSH generated public and private keys, you will need to have SSH on your desktop computer. After installing SSH, you will need to generate the public/private key pair. See: SSH for the How-To.
NOTE: do NOT add your RSA public key to the gitosis user's .ssh/authorized_keys. If you do this, you can still access this new account after installation, but gitosis will not able to let you push new repository, and you need to type full path when cloning gitosis-admin.conf later. Instead, use password to login this new account.
After creating your SSH key pair, use scp to copy your id_rsa.pub public key from your desktop computer to your DH user account as: $HOME/id_rsa.pub. This makes your public key available to the gitosis initialization. The gitosis initialization step is described later.
scp ~/.ssh/id_rsa.pub email@example.com:~/
Setting Persistent Environment Variables
You will set some environment variables on your DH user account that will cause the correct instances of python to be invoked. SSH into your "repoman" account and do the following.
cd echo "export PATH=$HOME/bin:$PATH" >> .bashrc echo "export PATH=$HOME/bin:$PATH" >> .bash_profile source .bash_profile
You need to set up a virtual python installation in your user directory in order to do local installations of python apps like Gitosis. The following is extracted from the method found here: http://peak.telecommunity.com/DevCenter/EasyInstall#creating-a-virtual-python.
mkdir ~/src cd ~/src wget http://peak.telecommunity.com/dist/virtual-python.py python virtual-python.py cd
You will clone the gitosis repository and install from that repository.
cd ~/src git clone git://eagain.net/gitosis.git # Or try "git clone https://github.com/tv42/gitosis.git" cd gitosis/ python setup.py install --prefix=$HOME cd
Remember copying your public key to your user directory in an earlier step? You will use it in the following step to initialize gitosis. Afterwards it can be deleted since gitosis keeps its own copy of it.
cd gitosis-init < id_rsa.pub rm id_rsa.pub
You may have to change permissions on the post-update hook in the gitosis-admin repository. For me, gitosis didn't work without this step.
chmod 750 $HOME/repositories/gitosis-admin.git/hooks/post-update
Don't ask. It's magic. See this article []. The article discusses setting execute permissions on the post-update hook.
NOTE: Gitosis, by default, closes you out from SSH access; to re-gain access to your user account used to host Gitosis, reconnect to Dreamhost server with another user account, and become the Gitosis user using “su” command.
Administering gitosis uses gitosis itself. Your public key gives you access to a repository called gitosos-admin.git. The gitosis-admin.git repository was created when you initialized gitosis in the previous step. To get access to this repository and its files, you will clone that repository from your Dreamhost user account to your desktop computer.
# on your desktop computer cd projects # or where ever you keep work in progress git clone firstname.lastname@example.org:gitosis-admin.git cd gitosis-admin
NOTE: The above didn't work for me, I had to change the 'git clone ...' line to:
git clone email@example.com:~/repositories/gitosis-admin.git
NOTE: When using TortoiseGit on Windows if you try to use firstname.lastname@example.org:~/repositories/gitosis-admin.git style URL you will get the error arguments to command look dangerous. Instead use email@example.com:gitosis-admin.git style of URL.
You now have the gitosis configuration file(s) on your desktop computer. Using these files you will add users and repositories to your remote host repositories.
Adding a Repository and (optional) User
To add a repository to your remote host, edit the gitosis.conf file in the gitosis-admin repository. After adding the repository to the gitosis controls, you will create the repository and push it to the remote host.
On your desktop computer, edit the gitosis.conf file. add a group and a repository
[group testrepogroup] members = repoman@usershost writable = testrepo
- testrepogroup is the name of a group (not the repository)
- members is the list of users permitted access to the testrepo repository (SSH public key identification)
- writable = testrepo identifies the repository.
When you are adding new users, you will have to copy their public key into the directory 'keydir'. Follow the admonitions about spurious newline characters in SSH public keys.
Push the gitosis-admin repository back to the remote host.
# on your desktop computer git commit -a -m"Add repository: testrepo, writable by repoman" git push
The gitosis-admin repository is now back on your DH user account.
Creating a New Repository
On your desktop computer do this:
cd projects # or where ever you keep stuff mkdir testrepo cd testrepo git init git remote add origin firstname.lastname@example.org:testrepo.git # do some work, git add and commit files git push origin master:refs/heads/master
Subsequent push to the remote repository does NOT require anything more than just "push". (This was not true for me on the original repo. It required editing .git/config. However, newly cloned versions of the repo did work with just "push".)
Your repository is now on your account at Dreamhost
Cloning a Repository
To clone your repository, do this:
git clone email@example.com:testrepo # do some work. edit, add, delete, commit. git push
That should do the trick!
Additional Usage Information
The gitosis you cloned from eagain.net has additional information. See these files in the gitosis directory.
example.conf README.rst gitweb.conf
Note! There may be security holes in this setup. Use it at your own risk.
No consideration has been given to issues of upgrading the configuration over time.
Login to gitosis account
Gitosis initialization blocks direct ssh connection with password, but you can login (with ssh) to you regular dreamhost account (the one you use to host your websites) and do a:
(put your gitosis account where you read your_gitosis_account)
After it asks for your gitosis account password, you will have shell access to that account so you can proceed to upgrade gitosis/fix permissions, etc.
Marco Borromeo's tutorial on installing Gitosis on Dreamhost. Thank you Marco for this excellent tutorial. Marco's tutorial, with Marco's permission, is the source for much of this article.
git-scm.com is the "home" for git.
python.org is the "home for python.
pypi.python.org/pypi/setuptools is the "home" for python setuptools.
eagain.net is the home site for gitosis. He doesn't say much. You can clone the repository by saying
git clone git://eagain.net/gitosis.git
Hosting git repositories the easy and secure way. This article presumes you are installing gitosis on a server where you have root access. Some steps in this article will not work on your Dreamhost account. The article is nonetheless informative.
Github provides secure git hosting. Don't want to host your own git repositories? Maybe this is a good solution. Open source projects are hosted free. Private git hosting is available for a fee.
Oct 14, 2010. I tried the above and it didn't work for me, I've got another page where I'm hoping people can assist in getting up to date instructions.