Posts Tagged ‘gitosis’

Let’s play with git – gitolite & gitweb

Friday, July 2nd, 2010

Try to anwser some own questions yesterday (Let’s play with Git – settig up gitolite (not done))

  1. (question 1:, do I need to set the git-daemon for this? , seems not)
    No, it doesn’t need the git-daemon, it hooks into ssh protocol to forward the authentication to git command (sth. like this) 
       1: git@ubuntu:~$ more .ssh/authorized_keys

       2: # gitolite start

       3: command="/usr/share/gitolite/gl-auth-command rdccaiy",no-port-forwarding,no-X11-forwarding,no-a

       4: gent-forwarding,no-pty ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA4gfE1pdb0kpDeHAZ0olyMizYg0tMwikt3hOC

       5: iYRMdXKmn6LX2ybhfgVWixwOb88IOdiW2pOS3g1....

  2. (question 2: I have to use git clone git@192.168.56.151:repositories/gitolite-admin, in document, repositories should not be included)

    It is a typical error on the public key (my problem is use openssh to generate key, while using putty’s ssh to connect), see 6-ssh-troubleshooting.mkd in gitolite

  3. (question 3: rdccaiy is not used in current step ?)

    It is answered in question 1, the private key will be matched (no password used), it will be done automatically

Anyway, playing with git server, you need strong ssh knowledge, otherwise you will be confused, let’s continue on the configuration, and I try to add another user “user” into gitolite admin

Add user to admin the gitolite

One of the neat thing in gitolite is most of tasks are finished in config file, and it is under git control (fullfil some audit pilicy)

   1: $ git clone git@192.168.56.151:gitolite-admin

   2: $ cd gitolite-admin

   3: # edit conf/gitolite.conf

   4: $ more gitolite-admin/conf/gitolite.conf

   5:        repo    gitolite-admin

   6:                 RW+     =   rdccaiy user

   7: # copy user's public key to 

   8: $ scp user@192.168.56.151:.ssh/id_rsa.pub keydir/user.pub

   9: $ git add keydir/user.pub

  10: $ git commit -a -m "add user"

  11: $ git push

Then switch to user “user” in my virtual machine, I can clone out the gitolite-admin as well (since I am admin now)

Add new repository

It is similar to the above the configure, clone out, update the conf file (I add new repo proj), and commit

   1: user@ubuntu:~/git/gitolite-admin$ vi conf/gitolite.conf

   2: user@ubuntu:~/git/gitolite-admin$ more conf/gitolite.conf

   3: ..

   4:         repo    proj

   5:                 RW+     =   @all

   6: ..

   7: user@ubuntu:~/git/gitolite-admin$ git commit -a -m "add new repo"

   8: [master 87cf1b1] add new repo

   9:  1 files changed, 3 insertions(+), 0 deletions(-)

  10: user@ubuntu:~/git/gitolite-admin$ git push

  11: Counting objects: 7, done.

  12: Compressing objects: 100% (3/3), done.

  13: Writing objects: 100% (4/4), 370 bytes, done.

  14: Total 4 (delta 1), reused 0 (delta 0)

  15: remote: Already on 'master'

  16: remote: creating proj...

  17: remote: Initialized empty Git repository in /home/git/repositories/proj.git/

  18: To git@192.168.56.151:gitolite-admin

  19:    09a85e3..87cf1b1  master -> master

See Line 16/17: the gitolite will automatically create the repository for me, excellent. see reference : 2-admin.mkd and http://progit.org/book/ch4-8.html

Then it is more time to understand the config files to config the authority.

Config it with Gitweb

The document is not clear, http://github.com/sitaramc/gitolite/blob/pu/doc/3-faq-tips-etc.mkd#helping_with_gitweb, after hacking into gitweb cgi script (bring me back to 10 years ago on perl script ;-) , I just want to give quick solution, it is possible to arrange access control on http as well.

Create projects.list and give read permission 755 to that repo, add description under it to describe your project

   1: git@ubuntu:~$ more projects.list

   2: proj.git rdccaiy

   3: git@ubuntu:~$ ls -al repositories/proj.git/

   4: ..

   5: -rwxr-xr-x 1 git git   11 2010-06-30 14:14 description

And update gitweb’s configuration

   1: git@ubuntu:~$ more /etc/gitweb.conf

   2: # path to git projects (<project>.git)

   3: $projectroot = "/home/git/repositories";

   4: # file with project list; by default, simply scan the projectroot dir.

   5: $projects_list = "/home/git/projects.list";

Good to see this again with gitolite.

image

Summary with gitolite over gitosis

- development is more active (it means it is improving ..)

- easy setup, and all changes are in git repositories (changes are logged, audit)

- better access control

One small disadvantage is it is less popular and less documentation, while when u understand it, it is ok.
[updated after Sitaram's comments], the documentation here means the public information you can find in google, the document from the tool itself (in github) are quite good, and author Sitaram is willing to answer your questions related to gitolite

Tags: , , , ,
Posted in tool | 9 Comments »

Let’s play with Git – settig up gitolite (not done)

Thursday, July 1st, 2010

The reason to select gitosis application use instead of ssh:// protocol directly (it is kind of good reuse, and one of the reason we choose git instead of mercurial)

Gitosis also uses the ssh protocol. The difference between a plain ssh and gitosis is that gitosis applies a more precise access control to your repositores than plain ssh. With plain ssh, you rely on the underlying OS permissions on the repository to manage access to it. Also, it is a lot less secure in the sense that you must allow ssh access to your git server;

So it is time to continue with gitosis, install it directly using apt-get command

   1: user@ubuntu:~$ sudo apt-get install gitosis

   2: ..

   3: user@ubuntu:~$ dpkg -l gitosis

   4: ii  gitosis           0.2+20090917-2

imageseems little old, while when I check the project (http://eagain.net/gitweb/?p=gitosis.git), it seems, this is last updated version, and there is no update for long time, compare to git release, it is strange, “BAD SMELL”.

Maybe as Patrick suggested, I should look into Gitolite (http://github.com/sitaramc/gitolite) instead, this is a rewrite in perl from gitosis which is python based. (interesting ;-)

Reference: Determine the access control solution for GIT

And let’s follow up gitolite document to install http://github.com/sitaramc/gitolite/blob/pu/doc/0-INSTALL.mkd

Download/Install gitolite

Let’s download first, I can’t find it in github, after google, I got from http://packages.debian.org/unstable/main/gitolite, it is the 1.5.3-1, same as latest version from github, looks good, install it via dpkg, it is fine

   1: user@ubuntu:~$ dpkg -L gitolite

   2: /etc/gitolite

   3: /etc/gitolite/example.conf

   4: ..

   5: /usr/bin/gl-setup

   6: /usr/share/gitolite

   7: /usr/share/gitolite/hooks

   8: /usr/share/gitolite/hooks/common

   9: ..

Install gitolite

   1: [Vista msysgit git Client]

   2: $ ssh-keygen

   3: (rdccaiy,gitolite)

   4: $ scp id_rsa.pub user@192.168.56.151:/tmp/rdccaiy.pub

   5: [Ubunut git Server 192.168.56.191]

   6: user@ubuntu:~$ sudo su - git

   7: git@ubuntu:~$ gl-setup /tmp/rdccaiy.pub

   8: ..

   9: creating gitolite-admin...

  10: Initialized empty Git repository in /home/git/repositories/gitolite-admin.git/

  11: ..

  12: [Vista]

  13: $ git clone git@192.168.56.151:repositories/gitolite-admin

(question 1:, do I need to set the git-daemon for this? , seems not)

(question 2: I have to use git clone git@192.168.56.151:repositories/gitolite-admin, in document, repositories should not be included)

(question 3: rdccaiy is not used in current step ?)

configure gitolite

I cloned out the code and try to modify sth. and push it back, unfortunately I got error below

   1: user@ubuntu:~/gitolite-admin$ git push origin master

   2: Counting objects: 12, done.

   3: Compressing objects: 100% (7/7), done.

   4: Writing objects: 100% (8/8), 989 bytes, done.

   5: Total 8 (delta 1), reused 0 (delta 0)

   6: remote: Use of uninitialized value in do "file" at hooks/update line 36.

   7: remote: Null filename used at hooks/update line 36.

   8: remote: error: hook declined to update refs/heads/master

   9: To git@192.168.56.151:repositories/gitolite-admin

  10:  ! [remote rejected] master -> master (hook declined)

  11: error: failed to push some refs to 'git@192.168.56.151:repositories/gitolite-admin'

Not easily figured out, need lucky again.

There are less documents on gitolite, though from document, it is more secure compare to gitosis.

Tags: , ,
Posted in tool | 3 Comments »