Posts Tagged ‘gitolite’

Git hooks – 2 : server side to manage git-svn case

Wednesday, September 8th, 2010

Let’s continue on the server side, actually it is quite simple as you can image, if you always read my blog, you should know the git-svn case. SVN-GIT INTEGRATION (4) , DO WE NEED SEPERATE GIT SERVER ?

Inside that blog, it is stated to have pre-receive hook to reject the pushes without commited to svn repository yet.

How hooks works in server side

It is the same as client hooks, the hooks in server sides are located directly under “repo”

rdccaiy@EV001B3832ED81 ~/git/repo/hookcheck (BARE:master)
$ ls
HEAD  config  description  hooks  info  objects  refs

According to the githooks explaination, the pre-receive hook is invoked just before starting to update refs on the remote repository

So I put the simple pre-receive script there to see how it works, the script is put under hooks like

$ cat pre-receive
#!/bin/sh
#
version=$(git version)
echo "i am in server side, and git version is $version"

It is simple shell script to print out the git version to client, now let’s see what happens when I do push

$ git push
Counting objects: 11, done.
..
Unpacking objects: 100% (9/9), done.
remote: i am in server side, and git version is git version 1.7.1.msysgit.0

Last message is exact what I want, Bingo.

How to reject committed message without git-svn-id

Ok, now it is just to find suitable git command to do this, and git-rev-list and git show commands works perfect there, I just need to scan all the commited messages one by one and if non git-svn-id message is found, exit 1 to tell the push failed.

And also pre-receive got parameters from stdin as

<old-value> SP <new-value> SP <ref-name> LF

Any way, combine them together, I get something like below

$ cat hooks/pre-receive
#!/bin/sh
#
while read old new name; do
        # echo $old $new $name
        for rev in $(git rev-list $old..$new)
        do
                #echo "hello $rev"
                git show -s --pretty=medium $rev | grep 'git-svn-id:' > /dev/null
                out=$?
                if [ $out -ne 0 ]; then
                        echo "Please commit the message $rev to svn repository first"
                        exit 1
                fi
        done
done

Then in the client, I will get something like below

$ git push
...
Unpacking objects: 100% (9/9), done.
remote: Please commit the message 7bc1de57f92a5135f5365be70fdf7e16f75c2087 to svn repository first
To c:/Users/rdccaiy/git/repo/hookcheck
 ! [remote rejected] master -> master (pre-receive hook declined)
error: failed to push some refs to 'c:/Users/rdccaiy/git/repo/hookcheck'

How to setup in gitolite

Originially I am thinking there are better ways to do it in gitolite, after asked in their discussion group, I notice it is better to put the scripts to each wanted repository by yourself, gitolite can’t help a lot.

Just remember update is already used by gitolite, you need name it update.seconday, see gitolite guideline on hooks http://github.com/sitaramc/gitolite/blob/pu/doc/2-admin.mkd#_hook_chaining

And also read http://github.com/sitaramc/gitolite/blob/pu/doc/shell-games.mkd for why it is not done by gitolite-admin (security)

Tags: , , , ,
Posted in tool | No Comments »

implement git-model in gitolite – 1

Thursday, September 2nd, 2010

As I mentioned before http://nvie.com/git-model really gives a start point for you to arrange the branch disciplines for your product development, the main concepts are

  • long lived master/develop branch existing on central repository, it is similar to one branch concept to force every develop teams to work together. master branch is used for official only, and mainly develop branch is for teams
  • supporting branch (feature/hotfixs) exists short-live only, they probably should be controlled not so much to mess the central repo.

image

Since we use gitolite now, therefore, I try to map it to rules in gitolite, the use case are

  • master branch and tags are managed by special team (like configration management team) with all permisson
  • team members (like gear team) work towards develop branch.
  • everyone (except admins) have no permission to create other branch.

I take a look at the document in gitolite http://github.com/sitaramc/gitolite/blob/master/doc/3-faq-tips-etc.mkd#security_access_control_and_auditing, and have below in hands (part of conf/gitolite.conf)

@gearteam = alice bob charlie dave
@cmteam   = euler
@admins   = user
repo    app
    RW      master$         = @cmteam
    RW      refs/tags       = @cmteam
    RW      develop$        = @gearteam
    RW+                     = @admins @cmteam

And I made a quick test using alice and euler account, seems working ;-) , I am checking with gitolite google group to get support to see whether it fullfils my needs.

[updated: corrected by sitaram, originally I treat the supporting branches exist in local only]
[updated: corrected by sitaram, it should be develop$ instead of develop to avoid develop1, develop2..]

Tags: ,
Posted in tool | No Comments »

git – how to backup feature branch ? – 1

Monday, August 16th, 2010

imageIn Vircent’s A successful Git branching model, he recommends to create master/develop branch in central repository only. This is very useful for git in enterpreise to control the branches in central especial in the beginning.

It also means the feature and other supporting branches are short-alive branch and located in person notebook only, it is risky for feature branch because if the PC is dead or lost, the work disappears.

Vircent didn’t discuss this a lot, and one way that gitolite provides is person branch (see http://github.com/sitaramc/gitolite/blob/master/doc/3-faq-tips-etc.mkd#personal_branches)

In gitolite.conf, we can define like below

   1: repo    myphone

   2:         RW+                     = larrycai

   3:         RW+ personal/USER/      = @userlist

Then for larrycai, some work are done in feature1 branch and backup to private repo in central

   1: $ git checkout -b feature1

   2: # develop feature1

   3: $ git commit -am "test feature branch"

   4: $ git push origin feature1:refs/personal/larrycai/feature1

For other user then can do below for get this branch

   1: $ git clone git@gitserver:myphone

   2: $ cd myphone/

   3: $ git fetch origin refs/personal/larrycai/feature1:feature1_from_larry

   4: $ git branch -a

   5:   feature1_from_larry

   6: * master

   7:   remotes/origin/HEAD -> origin/master

   8:   remotes/origin/master

   9: $ git checkout feature1_from_larry

  10: # yes, we get it.

See details in http://www.kernel.org/pub/software/scm/git/docs/git-push.html to understand more for git push command.

There are two issues I need to think about besides understanding git push command

  1. How to cooperate with feature branch in the team ? via extra repo ? or this personal repo ?
  2. How to know whether there is person branch existing in gitolite

Tags: ,
Posted in tool | No Comments »

Let’s play with git – gitolite & gitweb

Friday, July 2nd, 2010

Try to anwser some own questions yesterday (Let’s play with Git – settig up gitolite (not done))

  1. (question 1:, do I need to set the git-daemon for this? , seems not)
    No, it doesn’t need the git-daemon, it hooks into ssh protocol to forward the authentication to git command (sth. like this) 
       1: git@ubuntu:~$ more .ssh/authorized_keys

       2: # gitolite start

       3: command="/usr/share/gitolite/gl-auth-command rdccaiy",no-port-forwarding,no-X11-forwarding,no-a

       4: gent-forwarding,no-pty ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA4gfE1pdb0kpDeHAZ0olyMizYg0tMwikt3hOC

       5: iYRMdXKmn6LX2ybhfgVWixwOb88IOdiW2pOS3g1....

  2. (question 2: I have to use git clone git@192.168.56.151:repositories/gitolite-admin, in document, repositories should not be included)

    It is a typical error on the public key (my problem is use openssh to generate key, while using putty’s ssh to connect), see 6-ssh-troubleshooting.mkd in gitolite

  3. (question 3: rdccaiy is not used in current step ?)

    It is answered in question 1, the private key will be matched (no password used), it will be done automatically

Anyway, playing with git server, you need strong ssh knowledge, otherwise you will be confused, let’s continue on the configuration, and I try to add another user “user” into gitolite admin

Add user to admin the gitolite

One of the neat thing in gitolite is most of tasks are finished in config file, and it is under git control (fullfil some audit pilicy)

   1: $ git clone git@192.168.56.151:gitolite-admin

   2: $ cd gitolite-admin

   3: # edit conf/gitolite.conf

   4: $ more gitolite-admin/conf/gitolite.conf

   5:        repo    gitolite-admin

   6:                 RW+     =   rdccaiy user

   7: # copy user's public key to 

   8: $ scp user@192.168.56.151:.ssh/id_rsa.pub keydir/user.pub

   9: $ git add keydir/user.pub

  10: $ git commit -a -m "add user"

  11: $ git push

Then switch to user “user” in my virtual machine, I can clone out the gitolite-admin as well (since I am admin now)

Add new repository

It is similar to the above the configure, clone out, update the conf file (I add new repo proj), and commit

   1: user@ubuntu:~/git/gitolite-admin$ vi conf/gitolite.conf

   2: user@ubuntu:~/git/gitolite-admin$ more conf/gitolite.conf

   3: ..

   4:         repo    proj

   5:                 RW+     =   @all

   6: ..

   7: user@ubuntu:~/git/gitolite-admin$ git commit -a -m "add new repo"

   8: [master 87cf1b1] add new repo

   9:  1 files changed, 3 insertions(+), 0 deletions(-)

  10: user@ubuntu:~/git/gitolite-admin$ git push

  11: Counting objects: 7, done.

  12: Compressing objects: 100% (3/3), done.

  13: Writing objects: 100% (4/4), 370 bytes, done.

  14: Total 4 (delta 1), reused 0 (delta 0)

  15: remote: Already on 'master'

  16: remote: creating proj...

  17: remote: Initialized empty Git repository in /home/git/repositories/proj.git/

  18: To git@192.168.56.151:gitolite-admin

  19:    09a85e3..87cf1b1  master -> master

See Line 16/17: the gitolite will automatically create the repository for me, excellent. see reference : 2-admin.mkd and http://progit.org/book/ch4-8.html

Then it is more time to understand the config files to config the authority.

Config it with Gitweb

The document is not clear, http://github.com/sitaramc/gitolite/blob/pu/doc/3-faq-tips-etc.mkd#helping_with_gitweb, after hacking into gitweb cgi script (bring me back to 10 years ago on perl script ;-) , I just want to give quick solution, it is possible to arrange access control on http as well.

Create projects.list and give read permission 755 to that repo, add description under it to describe your project

   1: git@ubuntu:~$ more projects.list

   2: proj.git rdccaiy

   3: git@ubuntu:~$ ls -al repositories/proj.git/

   4: ..

   5: -rwxr-xr-x 1 git git   11 2010-06-30 14:14 description

And update gitweb’s configuration

   1: git@ubuntu:~$ more /etc/gitweb.conf

   2: # path to git projects (<project>.git)

   3: $projectroot = "/home/git/repositories";

   4: # file with project list; by default, simply scan the projectroot dir.

   5: $projects_list = "/home/git/projects.list";

Good to see this again with gitolite.

image

Summary with gitolite over gitosis

- development is more active (it means it is improving ..)

- easy setup, and all changes are in git repositories (changes are logged, audit)

- better access control

One small disadvantage is it is less popular and less documentation, while when u understand it, it is ok.
[updated after Sitaram's comments], the documentation here means the public information you can find in google, the document from the tool itself (in github) are quite good, and author Sitaram is willing to answer your questions related to gitolite

Tags: , , , ,
Posted in tool | 9 Comments »

Let’s play with Git – settig up gitolite (not done)

Thursday, July 1st, 2010

The reason to select gitosis application use instead of ssh:// protocol directly (it is kind of good reuse, and one of the reason we choose git instead of mercurial)

Gitosis also uses the ssh protocol. The difference between a plain ssh and gitosis is that gitosis applies a more precise access control to your repositores than plain ssh. With plain ssh, you rely on the underlying OS permissions on the repository to manage access to it. Also, it is a lot less secure in the sense that you must allow ssh access to your git server;

So it is time to continue with gitosis, install it directly using apt-get command

   1: user@ubuntu:~$ sudo apt-get install gitosis

   2: ..

   3: user@ubuntu:~$ dpkg -l gitosis

   4: ii  gitosis           0.2+20090917-2

imageseems little old, while when I check the project (http://eagain.net/gitweb/?p=gitosis.git), it seems, this is last updated version, and there is no update for long time, compare to git release, it is strange, “BAD SMELL”.

Maybe as Patrick suggested, I should look into Gitolite (http://github.com/sitaramc/gitolite) instead, this is a rewrite in perl from gitosis which is python based. (interesting ;-)

Reference: Determine the access control solution for GIT

And let’s follow up gitolite document to install http://github.com/sitaramc/gitolite/blob/pu/doc/0-INSTALL.mkd

Download/Install gitolite

Let’s download first, I can’t find it in github, after google, I got from http://packages.debian.org/unstable/main/gitolite, it is the 1.5.3-1, same as latest version from github, looks good, install it via dpkg, it is fine

   1: user@ubuntu:~$ dpkg -L gitolite

   2: /etc/gitolite

   3: /etc/gitolite/example.conf

   4: ..

   5: /usr/bin/gl-setup

   6: /usr/share/gitolite

   7: /usr/share/gitolite/hooks

   8: /usr/share/gitolite/hooks/common

   9: ..

Install gitolite

   1: [Vista msysgit git Client]

   2: $ ssh-keygen

   3: (rdccaiy,gitolite)

   4: $ scp id_rsa.pub user@192.168.56.151:/tmp/rdccaiy.pub

   5: [Ubunut git Server 192.168.56.191]

   6: user@ubuntu:~$ sudo su - git

   7: git@ubuntu:~$ gl-setup /tmp/rdccaiy.pub

   8: ..

   9: creating gitolite-admin...

  10: Initialized empty Git repository in /home/git/repositories/gitolite-admin.git/

  11: ..

  12: [Vista]

  13: $ git clone git@192.168.56.151:repositories/gitolite-admin

(question 1:, do I need to set the git-daemon for this? , seems not)

(question 2: I have to use git clone git@192.168.56.151:repositories/gitolite-admin, in document, repositories should not be included)

(question 3: rdccaiy is not used in current step ?)

configure gitolite

I cloned out the code and try to modify sth. and push it back, unfortunately I got error below

   1: user@ubuntu:~/gitolite-admin$ git push origin master

   2: Counting objects: 12, done.

   3: Compressing objects: 100% (7/7), done.

   4: Writing objects: 100% (8/8), 989 bytes, done.

   5: Total 8 (delta 1), reused 0 (delta 0)

   6: remote: Use of uninitialized value in do "file" at hooks/update line 36.

   7: remote: Null filename used at hooks/update line 36.

   8: remote: error: hook declined to update refs/heads/master

   9: To git@192.168.56.151:repositories/gitolite-admin

  10:  ! [remote rejected] master -> master (hook declined)

  11: error: failed to push some refs to 'git@192.168.56.151:repositories/gitolite-admin'

Not easily figured out, need lucky again.

There are less documents on gitolite, though from document, it is more secure compare to gitosis.

Tags: , ,
Posted in tool | 3 Comments »