gitolite is a tool for managing multi-user access to Git
respoitories. Here's how I set them up on a shared server on which I
don't have root access.
I'll presume you've played around a bit with Git repositories on your local machine. My favorite introduction is Git Immersion.
I'll also presume you glance at the commands before copypasting and
replace things like [email protected] with the appropriate
values.
I'm setting up gitolite on a server that I have a user account on,
no root access ecessary, where Git is already installed (although you
could build your own and put it in ~/bin.)
The closest instructions to what I wanted was [http://sitaramc.github.com/gitolite/progit.html]. However, that document presumes I have a special "git" user to host my repositories. If we want lab-wide Git repositories, then setting up gitolite using a special Git user is the way to do it. However, I didn't want to bother my sysadmin about git just yet :), and I wanted to have a space that I controlled in any case.
Along the way I found another howto at [http://dbingham.com/gitoliteTips/gitoliteHttpAndSSH.html] which said mroe about setting up HTTP access.
gitolite is a solution for giving multiple users access and
controlling who gets to read and write from what repositories and
branches. If you don't need all of that there might be some simpler
options:
If you want to give other users write access, but you don't need fine-grained control over who gets to write to what repositories and branches, you can use git-shell instead of gitolite. Much of the SSH key generation and configuration ends up being similar though, so it doesn't save a lot of work to do it that way.
If you don't need to share with another user, but just want a remote
disk to back up your project on, that is simple. Presuming you already
have a local repository in ~/project and want to make an upstream on
server.lab.org:
ssh [email protected]
mkdir repositories
git --bare init ~/repositories/project.git
to make an upstream repository, then on your workstation, do
cd project
git remote add origin [email protected]:/home/username/repositories/project.git
git push origin master
I already have SSH keys set up to get me into my server account from my laptop. If you get tired of entering passwords, go ahead and do that.
If gitolite is what you need, here's how I set it up.
I already have a ${HOME}/bin directory on my path; if you don't you
will have to make one and add it to your .profile. On my server
account,
ssh [email protected]
git clone git://github.com/sitaramc/gitolite
./gitolite/install -ln
This installed the gitolite programs into the gitolite directory.
Now, since I'm setting up under my user account on the server and not
a special git user, the next part differs from the instructions
linked above. The problem is that I already use an SSH key to get into
a shell on the server, and gitolite wants its own key to run the
restricted gitolite-shell. So I need a second SSH key.
On my workstation, I made up a new keypair, and put it in my .ssh directory. This keypair is different from my existing id_rsa (which I use for full shell access.)
~ $ ssh-keygen -f ~/.ssh/git_id_rsa
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /Users/username/.ssh/git_id_rsa.
Your public key has been saved in /Users/username/.ssh/git_id_rsa.pub.
The key fingerprint is:
<hexadecimal> [email protected]
Then, copy the public key to somewhere under your server account.
scp ~/.ssh/git_id_rsa.pub [email protected]/username.pub
Then, on the server machine, tell Gitolite to set itself up using that public key:
ssh [email protected]
username@server:~$ gitolite setup -pk ${HOME}/gitolite-keys/username.pub
Initialized empty Git repository in /home/username/repositories/gitolite-admin.git/
Initialized empty Git repository in /home/username/repositories/testing.git/
The first time you call gitolite setup it creates a Git repository, kept in ~/repositories. It also adds a line to ~/.ssh/authorized_keys that looks like this:
username@server:~$ tail -3 ~/.ssh/authorized_keys
# gitolite start
command="/home/username/gitolite/src/gitolite-shell username",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAwW3WqQuofm+50kgR5CcD6Nz3Y2jNwmGeqL1zyQh+kWDBSkJrvlUaBgVeDB3nUgZyrqtGAvAT40lb9V7l8onC+k7EFtc+xNjAe8EIP5cbG06KeDlzdivmyqTcmLm8lLTAcdUCRrEup0c77Mq+cHTSAd9ceKZYNOwNqfkBCJxP+wl3onk7wOYwMTjnWy+ZSJ4EcOwSZUk+231DlDqQCGASMra27AWs0Aj1el48lxge6A1X6d0RGVwj9u/xMQ370avTJKhpi87m8SpiaeHcUqkpnW38LxbbNuTGL8rOxgqvcRVSCOajqkHmat2fBY+mOaXbU/CIgw2TS8OaXSLfssbalw== [email protected]
# gitolite end
Since the relevant information has been put in .ssh/authorized_keys,
you can go ahead and delete the username.pub file.
As you see, the way gitolite works is to be invoked from sshd, using
keys that have been restricted to using the program gitolite-shell.
I can test the connection by telling SSH to use this special private key:
macbook:~ username$ ssh -i .ssh/git_id_rsa server.lab.org
hello username, this is username@server running gitolite3 v3.04-13-gcc9727c on git 1.7.10.4
R W gitolite-admin
R W testing
Connection to server.lab.org closed.
Now, to make the local git on our workstation talk to the remote
gitolite, we need to tell local git to use our special private key
with this server (instead of the standard SSH id_rsa).
So far the best way I've found is to set up a special alias in my .ssh_config, like so:
Host LabGit
User username
HostName server.lab.org
IdentityFile ~/.ssh/git_id_rsa
You should be able to make this work:
macbook:~ username$ ssh LabGit info
hello username, this is username@server running gitolite3 v3.04-13-gcc9727c on git 1.7.10.4
R W gitolite-admin
R W testing
If all works as planned, you should be able to check out the config repository:
~ $ git clone LabGit:gitolite-admin
Cloning into 'gitolite-admin'...
remote: Counting objects: 6, done.
remote: Compressing objects: 100% (4/4), done.
remote: Total 6 (delta 0), reused 0 (delta 0)
Receiving objects: 100% (6/6), done.
gitolite's detailed configuration is tracked using a Git repository, so to configure it, we pull it to our workstation, edit and push it back. Here's what's in the config repository:
~ $ ls -R gitolite-admin/
gitolite-admin/:
conf keydir
gitolite-admin/conf:
gitolite.conf
gitolite-admin/keydir:
username.pub
To allow other users to access your repository, you'll need them to
generate a keypair, if they haven't and send you their public
key. Then you add it to gitolite-admin/keydir keypair on their
machine, copy it to your own directory, and run gitolite setup -pk <keyfile> Then edit gitolite-admin/conf/ to give that user
permissions and push your changes. Let's make a read-only user:
macbook:~ username$ ssh-keygen -C "Gitolite read only access" -f .ssh/guest_id_rsa
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in .ssh/guest_id_rsa.
Your public key has been saved in .ssh/guest_id_rsa.pub.
The key fingerprint is:
b9:77:b1:20:5e:36:b9:69:2f:b7:ce:8d:38:66:52:06 Gitolite read only access
macbook:~ username$ cp .ssh/guest_id_rsa.pub gitolite-admin/keydir/guest.pub
macbook:~ username$ cd gitolite-admin/
macbook:gitolite-admin username$ emacsclient conf/gitolite.conf
macbook:gitolite-admin username$ cat conf/gitolite.conf
repo gitolite-admin
RW+ = username
repo testing
RW+ = username
R = guest
macbook:gitolite-admin username$ git commit -m "added guest key"
[master ccc5e79] added guest key
2 files changed, 4 insertions(+), 1 deletion(-)
create mode 100644 keydir/guest.pub
macbook:gitolite-admin username$ git push
Counting objects: 10, done.
Delta compression using up to 2 threads.
Compressing objects: 100% (5/5), done.
Writing objects: 100% (6/6), 821 bytes, done.
Total 6 (delta 0), reused 0 (delta 0)
To LabGit:gitolite-admin
67c648c..ccc5e79 master -> master
That should automatically update your ~/.ssh/authorized-keys file.
ssh -i .ssh/
To add a repository, just add its name to
gitolite-admin/conf/gitolite.conf and push the update. Tracking my
dot-files in Git is nifty, so I'll make one called dotfiles that
only I can access:
macbook:gitolite-admin username$ git diff conf/gitolite.conf
diff --git a/conf/gitolite.conf b/conf/gitolite.conf
index bcd812d..986402b 100644
--- a/conf/gitolite.conf
+++ b/conf/gitolite.conf
@@ -5,3 +5,6 @@ repo gitolite-admin
repo testing
RW+ = username
R = guest
+
+repo dotfiles
+ RW+ = username
macbook:gitolite-admin username$ git add conf/gitolite.conf
macbook:gitolite-admin username$ git commit -m 'new repository'
[master 5280135] new repository
1 file changed, 3 insertions(+)
macbook:gitolite-admin username$ git push
Counting objects: 7, done.
Delta compression using up to 2 threads.
Compressing objects: 100% (3/3), done.
Writing objects: 100% (4/4), 373 bytes, done.
Total 4 (delta 1), reused 0 (delta 0)
remote: Initialized empty Git repository in /home/username/repositories/dotfiles.git/
To LabGit:gitolite-admin
ccc5e79..5280135 master -> master
As you can see, it created the repository, an you can clone it or set it as upstream on your own repository.
The scp command in here to copy the public key to somewhere under your server account didn't work for me - scp complained that "my_server/username.pub: No such file or directory". I think there was a forward slash where there should have been a colon. I forked it and fixed it, so now it's this line:
scp ~/.ssh/git_id_rsa.pub [email protected]:username.pub