Setting Up a Git Server Using Gitosis
Posted on In Linux, TutorialUpdate: Since gitosis is not maintained and supported, please check out gitolite for setting up a new git server. (see the comment from Sitaram Chamarty, the gitolite author, the author of gitolite.)
Gitosis is a piece of software writen by Tommi Virtanen for hosting git repositories. It manages multiple repositories under the same user account. It uses SSH public keys to identify users. Users do not need shell accounts on the git server. The operations are done under the shared account.
One benefit we get from using gitosis is that we can give different users write/read right on different repositories. Another benefit is easier user and repository management. The management is done by a special repository named gitosis-admin.git on the server.
Let’s look at how to set up a git server using gitosis. Here we want to set up a git server on example.org. Please refer to Managing Repositories on Git Server Using Gitosis and Howto for New Git Users for how to manage and use the repositories managed by gitosis.
Table of Contents
Install git and gitosis on the server
First , log in the git server by “ssh username@example.org”. The username is the account name that can sudo or the user who knows root’s password on the git server.
Then install gitosis and git. On the Fedora system, the command is like this:
$ sudo yum install git gitosis
or
$ su -c 'yum install git gitosis'
The command may be different on the other platforms.
Create the server side git user and home
We need to create a Linux account for the shared account. It is usually git. But any account name can be used. The repositories are stored in git’s home directory.
Logon to the git server by ssh username@example.org. username is the account name that can sudo or the one that knows root’s password on the git server.
$ sudo useradd -m -d /home/git -u 1005 git
Here we assume git’s home directory is /home/git.
Setup gitosis administration repository
First create the administrator’s SSH public key if you haven’t got one. On the administrator’s local machine:
$ ssh-keygen -t rsa
Then copy it to the git server’s /tmp/ directory:
$ scp ~/.ssh/id_rsa.pub username@example.org:/tmp/id_rsa.pub
Logon to the git server with account that has privilege to sudo or su. Then:
$ sudo su - git $ cd $ gitosis-init < /tmp/id_rsa.pub
Now we have created the gitosis administration repository on git server. The default repository directory is ~/repositories/ under git’s home directory.
Then the administrator can clone the gitosis-admin repository on its local machine:
$ git clone git@example.org:gitosis-admin.git
There are one configuration file and one directory in gitosis-admin:
gitosis.conf keydir
gitosis.conf is the configuration file for gitosis. keydir is used to store the users’ public SSH keys. These files are used to manage repositories and users by the administrator. A git server has been set up by now. Management work can be done by editing the files in the gitosis-admin repository and pushing it to the git server.
Public access
We may want to give everyone read-only access to a public project without using SSH keys. We can use git-daemon. It is a daemon tool independent of gitosis and it comes with git itself.
First log on the git server as privileged user, and then use this command to export all the repositories to public users.:
$ sudo -u git git-daemon --base-path=/home/git/repositories/ --export-all
Someone can then clone repository example.git like this:
$ git clone git://example.org/example.git
Note the difference of the repository address.
If we only want to export selected repositories, we should remove “–export-all” from the above command. Then if we want to export example.git to the others, we need to log on the git server (privileged account is needed), go to the repository’s directory (/home/git/repositories/example.git for this example), and create a file named git-daemon-export-ok:
$ touch git-daemon-export-ok
This repository is exported to the public now, while the others are keep private (if not set to be public).