Git/Gitosis

Gitosis is a tool to secure centralized Git repositories, permitting multiple maintainers to manage the same project at once, by restricting the access to only over a secure network protocol.

Checkout the Gitosis Repository
To install Gitosis, you first must have the Git client installed. Once installed, checkout a copy of Gitosis from its repository:

git clone git://eagain.net/gitosis.git

Install:

cd gitosis python setup.py install

Create a User to Manage the Repositories
Create a user to manage the repositories:

sudo adduser \ --system \ --shell /bin/sh \ --gecos 'git version control' \ --group \ --disabled-password \ --home /home/git \ git

If you don't already have a public RSA key, create one on your local computer:

ssh-keygen -t rsa

Copying Your Public Key to the Gitosis Server
Copy this key to the Gitosis server. Assuming you are in your home directory:

scp .ssh/id_rsa.pub user@example.com:/tmp

Initializing Gitosis
Initialize Gitosis:

sudo -H -u git gitosis-init < /tmp/id_rsa.pub

Upon success, you will see:

Initialized empty Git repository in ./ Initialized empty Git repository in ./

Ensure the Git post-update hook has the correct permissions:

sudo chmod 755 /home/git/repositories/gitosis-admin.git/hooks/post-update

Clone the Gitosis Repository
Gitosis creates its own Git repository. To configure Gitosis, you will clone this repository, set your configuration options, then push your configuration back to the Gitosis server.

Cloning the Gitosis repository:

git clone git@example.com:gitosis-admin.git cd gitosis-admin

Creating a Repository
Edit

An example of a default gitosis.conf:

[gitosis]

[group gitosis-admin] writable = gitosis-admin members = jdoe

Defining Groups, Members, Permissions, and Repositories
You can define groups of members and what permissions they will have to repositories like so:

[group blue_team] members = john martin stephen writable = tea_timer coffee_maker

In this example, anyone in the group, in this case john, martin, and stephen, will be able to write to the Git repositories   and

Save, commit, and push this file.

git commit -am "Give john, martin, and stephen access to the repositories tea_timer and coffee_maker." git push

Creating a Repository
Next, create one of the repositories. You'll want to change to the directory where you you want to store your local copy of the Git repository first.

Create the repository:

mkdir tea_timer cd tea_timer git init git remote add origin git@example.com:tea_timer.git # Add some files and commit. git push origin master:refs/heads/master # The previous line links your local branch master to the remote branch master so you can automatically fetch and merge with git pull.

Adding Users to a Repository
Users are identified by their public RSA keys. Gitosis keeps these keys inside the directory  within the gitosis-admin repository. Users are linked to their Git username by the name of the key file. For example, adding an RSA key to  will link the user john to the machine defined by the RSA within. Keys must end in .pub!

Add a user:

cd gitosis-admin cp /path/to/rsa/key/john.pub keydir/ git add keydir/* git commit -am "Adding the john account." git push

John can now clone the git repositories he has access to as defined by. In this case, he can both read and write to the repository as he has  permissions.