Set up git and gitosis on Ubuntu

Posted by Paul on 2nd August 2012

Introduction

Gitosis is used to help centrally manage git repositories. Gitosis will allow:

SSH access to repositories (with the help of openssh-server).
User management without the need to add server shell accounts for each person accessing repositories.
While gitosis manages user repository access, gitosis is accessed through a single shell account (its use is limited to a specific gitosis command in ssh config).

Central Repository Server

Install gitosis (apt-get should install all dependencies):

paul@server$ sudo apt-get install gitosis

As the first administrator of the gitosis installation, grant access to gitosys for yourself by passing in your SSH public key (the one you currently use to securely access the server via ssh can be used, but better practice is to use one specially created for gitosis access – see section below on creating and managing ssh keys) to the gitosis-init command:

paul@server$ sudo -H -u gitosis gitosis-init < ~/.ssh/id_rsa.pub

After executing the above command you should notice that the gitosis authorized_keys file (~gitosis/.ssh/authorized_keys) has been populated with your public key. gitosis will add new entries to this file when new users are granted access to the gitosis system.

Cloning the gitosis-admin Project

You should now be able to clone the gitosis admin repository to your workstation:

paul@workstation$ git clone gitosis@server:gitosis-admin.git

Be sure that your workstation is correctly configured to use the ssh private key counterpart to the public key that you used when initialising gitosis (see above).

As the admin you can now manage gitosis system access by adding and removing user public keys in the keydir directory of the gitosis admin project directory (shown cloned above as gitosis-admin). Projects and user access to those projects is managed by editing the gitosis.conf file found in the gitosis admin project directory.

SSH Key Management

This isn’t a tutorial on ssh; just a little assistance with commonly required ssh config when adding access to new gitosis users on your system.

Each user should should create a public/private key pair for exclusive use in accessing your gitosis service. The key pair can be created using ssh-keygen as follows:

$ ssh-keygen -t rsa

When ssh-keygen requests a filename, provide something that will help you, the workstation user, associate the key file names with their intended use, e.g. gitosis@server-name.id_rsa

In your workstation’s ~/.ssh/config you should instruct ssh to use those keys against your server for the gitosis user:

Host gitosis.server-name.com
User gitosis
Hostname server-name.com
PreferredAuthentications publickey
IdentityFile ~/.ssh/gitosis@server-name.id_rsa

The ssh public key file (the one ending .pub) can then be added to the keydir directory of the gitosis admin project. You may wish to rename the public key files to something like paul@workstation when copying them into the keydir directory.

Adding New Projects

As an administrator of a gitosis system, it is possible to add new projects. Within the gitosis-admin project, add a new project entry, adding the names of the public key files (less the .pub extension) for the members you wish to grant access:

[group project-team]
writable = new_project
members = paul@workstation fred@anotherworkstation
 
[group gitosis-admin]
...

Commit and push the changes to the gitosis server:

 $ git commit -a -m "Added new_project as a new project."
 $ git push

It should now be possible to push the project files up to your gitosis server:

$ mkdir myproject
$ cd myproject
$ :> hello.py
$ git init
$ git add .
$ git commit -a -m "Initial commit."
$ remote add origin gitosis@server.com:new_project.git
$ git push origin master

Gitosis Username and Project Directory

Warning: you probably shouldn’t do this… The Apt scripts will assume the original username and home directory, so the following changes may break future Apt updates.

The Ubuntu Apt system creates the user gitosis to access the server. If a different username and/or home directory are required then it’s necessary to apply changes to the gitosis user account. To change the home directory (from the default /srv/gitosis to /home/git):

 paul@server$ sudo usermod --home /home/git gitosis

To change the username used to access gitosis (from gitosis to git):

paul@server$ sudo usermod --login git gitosis

Tags: git, version control