Set up git and gitosis on Ubuntu
Posted by Paul on 2nd August 2012
Introduction
Gitosis is used to help centrally manage git repositories. Gitosis will allow:
- SSH access to repositories (with the help of openssh-server).
- User management without the need to add server shell accounts for each person accessing repositories.
- While gitosis manages user repository access, gitosis is accessed through a single shell account (its use is limited to a specific gitosis command in ssh config).
Central Repository Server
Install gitosis (apt-get should install all dependencies):
paul@server$ sudo apt-get install gitosis
As the first administrator of the gitosis installation, grant access to gitosys for yourself by passing in your SSH public key (the one you currently use to securely access the server via ssh can be used, but better practice is to use one specially created for gitosis access – see section below on creating and managing ssh keys) to the gitosis-init command:
paul@server$ sudo -H -u gitosis gitosis-init < ~/.ssh/id_rsa.pub
After executing the above command you should notice that the gitosis authorized_keys file (~gitosis/.ssh/authorized_keys) has been populated with your public key. gitosis will add new entries to this file when new users are granted access to the gitosis system.
Cloning the gitosis-admin Project
You should now be able to clone the gitosis admin repository to your workstation:
paul@workstation$ git clone gitosis@server:gitosis-admin.git
Be sure that your workstation is correctly configured to use the ssh private key counterpart to the public key that you used when initialising gitosis (see above).
As the admin you can now manage gitosis system access by adding and removing user public keys in the keydir directory of the gitosis admin project directory (shown cloned above as gitosis-admin). Projects and user access to those projects is managed by editing the gitosis.conf file found in the gitosis admin project directory.
SSH Key Management
This isn’t a tutorial on ssh; just a little assistance with commonly required ssh config when adding access to new gitosis users on your system.
Each user should should create a public/private key pair for exclusive use in accessing your gitosis service. The key pair can be created using ssh-keygen as follows:
$ ssh-keygen -t rsa
When ssh-keygen requests a filename, provide something that will help you, the workstation user, associate the key file names with their intended use, e.g. gitosis@server-name.id_rsa
In your workstation’s ~/.ssh/config you should instruct ssh to use those keys against your server for the gitosis user:
Host gitosis.server-name.com User gitosis Hostname server-name.com PreferredAuthentications publickey IdentityFile ~/.ssh/gitosis@server-name.id_rsa
The ssh public key file (the one ending .pub) can then be added to the keydir directory of the gitosis admin project. You may wish to rename the public key files to something like paul@workstation when copying them into the keydir directory.
Adding New Projects
As an administrator of a gitosis system, it is possible to add new projects. Within the gitosis-admin project, add a new project entry, adding the names of the public key files (less the .pub extension) for the members you wish to grant access:
[group project-team] writable = new_project members = paul@workstation fred@anotherworkstation [group gitosis-admin] ...
Commit and push the changes to the gitosis server:
$ git commit -a -m "Added new_project as a new project." $ git push
It should now be possible to push the project files up to your gitosis server:
$ mkdir myproject $ cd myproject $ :> hello.py $ git init $ git add . $ git commit -a -m "Initial commit." $ remote add origin gitosis@server.com:new_project.git $ git push origin master
Gitosis Username and Project Directory
Warning: you probably shouldn’t do this… The Apt scripts will assume the original username and home directory, so the following changes may break future Apt updates.
The Ubuntu Apt system creates the user gitosis to access the server. If a different username and/or home directory are required then it’s necessary to apply changes to the gitosis user account. To change the home directory (from the default /srv/gitosis to /home/git):
paul@server$ sudo usermod --home /home/git gitosis
To change the username used to access gitosis (from gitosis to git):
paul@server$ sudo usermod --login git gitosis