About git-server configuration based on gitolite

Create the repository:

1.On the local machine we should generate a key using the command:

$ ssh-keygen -t rsa

Then the key (~/.ssh/id_rsa.pub) forward to the server where the git will be installed (for example here /tmp/user.pub)

2. connect to the server using ssh and install git and gitolite on the server.

sudo apt-get install git gitolite

3. Create a gitolite user

$ sudo useradd -m gitolite

and change to user gitolite

$ sudo su gitolite

4. Configurate gitolite using the command:

$ gl-setup /tmp/user.pub

This will open the editor. We just need to get out of it by typing :x to save and exit the editor. Logout the user gitolite.

The server configuration is completed.

5. On the local machine we receive the repository gitolite-admin (no authorization and no password while performing this operation are not required). If the authorization is required then the key was transferred into gitolite

git clone gitolite@198.191.236.199:gitolite-admin.git
Cloning into 'gitolite-admin'... 
remote: Counting objects: 6, done. 
remote: Compressing objects: 100% (4/4), done. 
Receiving objects: 100% (6/6), done. 
remote: Total 6 (delta 0), reused 0 (delta 0) 

gitolite-admin contains two folders:
The directory keys — are files with user keys of the repository.
The directory conf contains configuration files for gitolite.

We are interested in conf/gitolite.conf:

repo    gitolite-admin
        RW+     =   admin

repo    testing
        RW+     =   @all

The content of this file means that two repositories are created on the git-server: gitolite-admin and testing.

The user with the key saved in the file keys/user.pub has read and write permissions for the repository gitolite-admin.
All users have the read and write permissions for the repository testing.

6. Add a new repository by modifying the file conf/gitolite.conf as follows:

repo    gitolite-admin 
        RW+     =   user 

repo    testing 
        RW+     =   @all 

repo    boot_ctrl 
        RW+     =   @all 

Then we should save changes (commit) and run the command (push) to send changes to the server:

$ git commit -am 'Add new project'
$ git push origin master

We can then check ourrself by running the command that will show the list of repositories in the git server:

ssh gitolite@198.191.236.199 info 
hello user, this is gitolite 2.2-1 (Debian) running on git 1.7.9.5 
the gitolite config gives you the following access: 
    @R_ @W_	boot_ctrl 
     R   W 	gitolite-admin 
    @R_ @W_	testing 

We can also connect to the server via ssh and view a list of repository using the ls command

$ ssh gore_user@198.191.236.199
sudo ls -l /home/gitolite/repositories/ 
итого 12 
drwx------ 7 gitolite gitolite 4096 июля   7 15:38 boot_ctrl.git 
drwx------ 8 gitolite gitolite 4096 июля   7 15:38 gitolite-admin.git 
drwx------ 7 gitolite gitolite 4096 июля   7 15:38 testing.git 

7. The new project is created but it is empty.

 

How to add data to the created repository gitolite:

On the local machine, we initialize a git repository by a standard command in the folder with the source code of the project:

$ git init

Add the remote repository to the server:

$ git remote add origin gitolite@198.191.236.199:boot_ctrl.git

or clone the empty repository and then add the project into the repository:

$ git clone gitolite@198.191.236.199:boot_ctrl.git

Next steps are adding the files (add), saving the data of (commit) and sending the changes to the server (push)

$ git add .
$ git commit -am "Initial commit"
$ git push origin master

To synchronize the local copy with the server gitolite, we use the command:

git pull origin master
 

Removing the repository from gitolite:

1. remove the repository from the file conf/gitolite.conf.

2. run the commands commit and push.

3. connect to the server using ssh and remove the directory in /home/gitolite/repositories/ manually.

 

Admin reset in gitolite.

If we lost our admin key or the administration is realized from another place we should reset the admin key as follows:
1. generate a new key

$ ssh-keygen -t rsa

and upload it using ssh to the server into the folder /tmp. And the name of the new key have to match the name of the admin file gitolite.conf.

For example in the file gitolite.conf:

repo    gitolite-admin 
        RW+     =   super_admin

and the file name have to be /tmp/super_admin.pub
2. run

gl-setup /tmp/super_admin.pub

3. if while cloning we get such an error:

$ git clone gitolite@193.191.236.199:gitolite-admin.git 
Cloning into 'gitolite-admin'... 
Agent admitted failure to sign using the key. 

we should run:

$ ssh-add

and then to clone again. It should be ok.

 

For public access through gitweb to the server gitolite

Gitweb allows to access the gitolite server using browser. While there might be a problem when we go to the gitweb page and see the list of repositories, therefore we should correct some settings.

1. The file /etc/gitweb.conf. The following fields must contain the correct path to the corresponding files/directories

$projectroot = "/home/gitolite/repositories";
$projects_list = '/home/gitolite/projects.list';

2. Modify the field REPO_UMASK in the file /home/gitolite/.gitolite.rc

$REPO_UMASK = 0022;

3. change permissions for:

sudo chmod a+r /home/gitolite/projects.list
chmod a+rx /home/gitolite/repositories

4. add an user gitweb in the file gitolite-admin/conf/gitolite.conf as follows:

repo    testing
        RW+     =   @all
        R       =   gitweb daemon        
        
repo    testing_2
        RW+     =   @all        
        R       =   gitweb daemon   

Create a new repository and check that it will be visible via gitweb. To do this, open the server address in the browser or by using locally it will look like this:

http://127.0.0.1/gitweb

At the same time the repositories that have been created before applying these settings will not be visible through gitweb, therefore we should set the permissions for them as follows:

chmod -R a+rX /home/gitolite/repositories/testing_1.git
 

Changing the address line for access via gitweb.

The access to the repository using gitweb has the following address by default - http://127.0.0.1/gitweb. We can change the address line in the file /etc/apache2/conf.d/gitweb as follows

Alias /new_repo /usr/share/gitweb

 
  Options +FollowSymLinks +ExecCGI 
  AddHandler cgi-script .cgi 
 

And then the access through gitweb to the repository will have the address
http://127.0.0.1/new_repo

 

gitweb and adding categories.

By default, when browsing the repository gitolite via gitweb all projects are presented in one list. If we need to divide the projects into categories then we need to do the following:

1. the line $GL_GITCONFIG_KEYS in the file .gitolite.rc has to look like the following:

$GL_GITCONFIG_KEYS = ".*";

2. add a field to the file /etc/gitweb.conf

$projects_list_group_categories = 1;

3. the file gitolite-admin/conf/gitolite.conf the file should look like:

repo    alpha/testing_6
        RW+     =   @all        
        R       =   gitweb daemon                        
        config gitweb.category = "Репозитории проекта alpha"        
        
repo    beta/testing_7
        RW+     =   @all        
        R       =   gitweb daemon                                
        config gitweb.category = "Репозитории проекта beta"  
 

Access limiting to the server gitolite via gitweb.

By default, all users have the ability to go to the address http://127.0.0.1/gitweb and get the access to the repository via gitweb. To limit the access using gitweb do the following:

1. create file .htpasswd in the home directory /home/gitolite/.htpasswd

2. Modify the file /etc/apache2/conf.d/gitweb as follows

Alias / new_repo /usr/share/gitweb 

 
  Options +FollowSymLinks +ExecCGI 
  AddHandler cgi-script .cgi 
  Options ExecCGI FollowSymLinks Indexes 
  AuthName "git repo" 
  AuthType Basic 
  AuthUserFile /home/gitolite/.htpasswd 
   
    Require valid-user 
   
 

3. create user and password:

sudo htpasswd /home/gitolite/.htpasswd UserName
 

Public access to the gitolite server using git-daemon.

Configuring access to the gitolite server without authorization:

1. create a file named etc/init.d/git-daemon

PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
NAME=git-daemon
PIDFILE=/var/run/$NAME.pid
DESC="the git daemon"
DAEMON=/usr/lib/git-core/git-daemon
DAEMON_OPTS="--base-path=/home/gitolite/repositories --verbose --syslog --detach --pid-file=$PIDFILE --user=gitolite --group=nogroup"

test -x $DAEMON || exit 0

[ -r /etc/default/git-daemon ] && . /etc/default/git-daemon

. /lib/lsb/init-functions

start_git() {
  start-stop-daemon --start --quiet --pidfile $PIDFILE \
    --startas $DAEMON -- $DAEMON_OPTS
}

stop_git() {
  start-stop-daemon --stop --quiet --pidfile $PIDFILE
  rm -f $PIDFILE
}

status_git() {
  start-stop-daemon --stop --test --quiet --pidfile $PIDFILE >/dev/null 2>&1
}

case "$1" in
  start)
  log_begin_msg "Starting $DESC"
  start_git
  log_end_msg 0
  ;;
  stop)
  log_begin_msg "Stopping $DESC"
  stop_git
  log_end_msg 0
  ;;
  status)
  log_begin_msg "Testing $DESC: "
  if status_git
  then
    log_success_msg "Running"
    exit 0
  else
    log_failure_msg "Not running"
    exit 1
  fi
  ;;
  restart|force-reload)
  log_begin_msg "Restarting $DESC"
  stop_git
  sleep 1
  start_git
  log_end_msg 0
  ;;
  *)
  echo "Usage: $0 {start|stop|restart|force-reload|status}" >&2
  exit 1
  ;;
esac

exit 0

Check that the key —base-path,--user has correct values (key value —user=gitolite comes from the key --base-path=/home/gitolite/repositories)

2. run the git-daemon:

chmod a+x /etc/init.d/git-daemon
/etc/init.d/git-daemon start

3. add the user named daemon for accessing the proper repository in the file gitolite-admin/conf/gitolite.conf

repo    alpha/testing_9
        RW+     =   @all        
        R       =   gitweb daemon                        

4. get the repository:

git clone git://127.0.0.1/testing_9

or in this way:

git clone git://127.0.0.1/testing_9 temp_prj_name
 

Adding of a new user to gitolite

1. generate akey using the computer with the access to the repository:

$ ssh-keygen -t rsa

and place it in our local gitolite-admin/keydir. The key name will be the name of the new user. For example: user2.pub

2. To add a new user to the repository to which he should have access by modifying the file gitolite-admin/conf/gitolite.conf

it can be done in this way:

repo    testing_3
        RW+     =   user2

or in this way:

repo    testing_2
        RW+     =   @all        

or in this way for getting the administrative rights:

repo    gitolite-admin
        RW+     =   admin_dima user2

3. run commit of the admin repository:

git commit -am "add new"
git push origin master

4. clone the repository:

git clone git@192.168.0.10:testing_3.git