tv42/gitosis tv42/gitosis

  • Stars
    star
    412
  • Rank 105,024 (Top 3 %)
  • Language
    Python
  • License
    GNU General Publi...
  • Created about 14 years ago
  • Updated about 3 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
tv42/gitosis
github

tv42

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

software for hosting git repositories

gitosis -- software for hosting git repositories

Manage git repositories, provide access to them over SSH, with tight access control and not needing shell accounts.

Note

Documentation is still lacking, and non-default configurations (e.g. config file, repositories, installing in a location that is not in PATH) basically have not been tested at all. Basic usage should be very reliable -- the project has been hosting itself for a long time. Any help is welcome.

gitosis aims to make hosting git repos easier and safer. It manages multiple repositories under one user account, using SSH keys to identify users. End users do not need shell accounts on the server, they will talk to one shared account that will not let them run arbitrary commands.

gitosis is licensed under the GPL, see the file COPYING for more information.

You can get gitosis via git by saying:

git clone https://github.com/tv42/gitosis.git

And install it via:

python setup.py install

Though you may want to use e.g. --prefix=.

Setting up

First, we will create the user that will own the repositories. This is usually called git, but any name will work, and you can have more than one per system if you really want to. The user does not need a password, but does need a valid shell (otherwise, SSH will refuse to work). Don't use an existing account unless you know what you're doing.

I usually store git repositories in the subtree /srv/example.com/git (replace example.com with your own domain). You may choose another location. Adjust to suit and run:

sudo adduser \
    --system \
    --shell /bin/sh \
    --gecos 'git version control' \
    --group \
    --disabled-password \
    --home /srv/example.com/git \
    git

This command is known to work in Debian and Ubuntu. Your mileage may vary.

You will need an SSH public key to continue. If you don't have one, you need to generate one. See the man page for ssh-keygen, and you may also be interested in ssh-agent. Create it on your personal computer, and protect the private key well -- that includes not transferring it over the network.

Next, we need to set things up for this newly-created user. The following command will create a ~/repositories that will hold the git repositories, a ~/.gitosis.conf that will be a symlink to the actual configuration file, and it will add the SSH public key to ~/.ssh/authorized_keys with a command= option that restricts it to running gitosis-serve. Run:

sudo -H -u git gitosis-init <FILENAME.pub
# (or just copy-paste the public key when prompted)

then just git clone git@SERVER:gitosis-admin.git, and you get a repository with SSH keys as keys/USER.pub and a gitosis.conf where you can configure who has access to what.

Warning

For now, gitosis uses the HOME environment variable to locate where to write its files. If you use sudo -u without -H, sudo will leave the old value of HOME in place, and this will cause trouble. There will be a workaround for that later on, but for now, always remember to use -H if you're sudoing to the account.

You should always edit the configuration file via git. The file symlinked to ~/.gitosis.conf on the server will be overwritten when pushing changes to the gitosis-admin.git repository.

Edit the settings as you wish, commit and push. That's pretty much it! Once you push, gitosis will immediately make your changes take effect on the server.

Managing it

To add new users:

  • add a keys/USER.pub file
  • authorize them to read/write repositories as needed (or just authorize the group @all)

To create new repositories, just authorize writing to them and push. It's that simple! For example: let's assume your username is jdoe and you want to create a repository myproject. In your clone of gitosis-admin, edit gitosis.conf and add:

[group myteam]
members = jdoe
writable = myproject

Commit that change and push. Then create the initial commit and push it:

mkdir myproject
cd mypyroject
git init
git remote add myserver git@MYSERVER:myproject.git
# do some work, git add and commit files
git push myserver master:refs/heads/master

That's it. If you now add others to members, they can use that repository too.

Example configuration

Using git daemon

Anonymous read-only access to git repositories is provided by git daemon, which is distributed as part of git. But gitosis will still help you manage it: setting daemon = yes in your gitosis.conf, either globally in [gitosis] or per-repository under [repo REPOSITORYNAME], makes gitosis create the git-daemon-export-ok files in those repository, thus telling git daemon that publishing those repositories is ok.

To actually run git daemon in Ubuntu, put this in /etc/event.d/local-git-daemon:

For other operating systems, use a similar invocation in an init.d script, /etc/inittab, inetd.conf, runit, or something like that (good luck).

Note that this short snippet is not a substitute for reading and understanding the relevant documentation.

Using gitweb

gitweb is a CGI script that lets one browse git repositories on the web. It is most commonly used anonymously, but you could also require authentication in your web server, before letting people use it. gitosis can help here by generating a list of projects that are publicly visible. Simply add a section [repo REPOSITORYNAME] to your gitosis.conf, and allow publishing with gitweb = yes (or globally under [gitosis]). You should also set description and owner for each repository.

Here's a LightTPD config file snippet showing how to run gitweb as a CGI:

And a simple gitweb.conf file:

Note that this short snippet is not a substitute for reading and understanding the relevant documentation.

Contact

You can email the author at [email protected], or hop on irc.freenode.net channel #git and hope for the best.

There will be more, keep an eye on http://eagain.net/ and/or the git mailing list.

More Repositories

1

becky

[OBSOLETE] Go asset embedding for use with `go generate`
Go
109
star
2

alone

Go Alone is an experiment into running Go as an appliance-oriented operating system
Go
77
star
3

httpunix

Go library to talk HTTP over Unix domain sockets
Go
47
star
4

zbase32

Human-oriented encoding for binary data
Go
41
star
5

benchmark-ordered-map

Ordered map Go data structure benchmarks
Go
40
star
6

base58

Base58 encoding for Go
Go
38
star
7

jsonarray

Streaming decoder for JSON arrays
Go
37
star
8

bella

Bella renders text to graphics and prints it on a label maker using IPP/CUPS.
Go
37
star
9

birpc

Bi-directional RPC library for Go, including JSON-over-WebSocket
Go
31
star
10

topic

Go library for in-process single-topic pub-sub
Go
30
star
11

troops

A software deployment tool (THIS PROJECT IS IN DEEP HIBERNATION FOR NOW. MOVE ALONG.)
Python
29
star
12

yubage

`age-plugin-yubikey` implementation, encrypt things with a Yubikey/any PIV card
Go
25
star
13

mockhttp

Mock object for Go http.ResponseWriter
Go
23
star
14

securityblanket

DIY home security project using Honeywell 5800 series RF sensors
Go
13
star
15

sparkbar

Draw a sparkline in a terminal with UTF-8 block characters
Go
13
star
16

demand

Download, build, cache and run a Go app easily.
Go
12
star
17

adhoc-httpd

Quick & dirty HTTP static file server
Go
11
star
18

slug

Create slugs of text or URLs, for use in e.g. URL path segments
Go
10
star
19

jog

Structured logging library for Go
Go
10
star
20

humanize-bytes

Command-line utilities to convert "MiB" etc to raw numbers, and back
Go
10
star
21

msgpack-json

Command-line utilities to convert between msgpack and json
Go
7
star
22

ldaptor

LDAP server, client and utilities, using Twisted Python. Historical interest only, see link for ongoing community project.
Python
7
star
23

representative

Static slideshow generator for Go slides
JavaScript
6
star
24

quobar

X11 status bar
Go
6
star
25

oppositus

mirror CoreOS releases
Go
6
star
26

sinus

Command-line remote control for Sonos/UPnP audio devices
Go
6
star
27

x11-clipboard

Interacting with the X11 clipboard/selection from Go
Go
5
star
28

darwini

Go web programming with strong types & strong opinions
Go
5
star
29

spindown-idle-disks

Spin down idle SATA disks. Because hdparm -S 120 just won't work.
Go
5
star
30

staged

Run a command with the Git staged files
Go
5
star
31

compound

Go library for making order-preserving keys from structured data, with support for prefix iteration
Go
5
star
32

audibly

Audibly report command status
Go
5
star
33

listen-like-systemd

Command to emulate systemd socket activation fd passing
Go
4
star
34

toursst

TouRSSt fetches RSS feeds into Maildirs. Mostly of historical interest.
Python
4
star
35

downburst

Fast Ubuntu Cloud Image creation on libvirt
Python
3
star
36

cheesy2

Provide Amazon EC2-style user data to libvirt virtual machine -- Abandoned in favor of Downburst, https://github.com/ceph/downburst
Python
3
star
37

where

Find where a Go identifier is defined
Go
3
star
38

ntlmv2hash

Compute Windows NTLMv2 password hashes
Go
3
star
39

bugit

A prototype of bug tracking with Git
Python
3
star
40

mobiledoc-to-markdown

Convert Mobiledoc (Ghost blog) articles to Markdown
Go
3
star
41

cliutil

Go library to make subcommand-style command line interfaces easier to program
Go
3
star
42

twackup

Backs up your tweets, a flimsy excuse to write more Go code
Go
2
star
43

seed

Go library to easily seed PRNGs with some entropy
Go
2
star
44

varint

Variable integer encoding/decoding tools
Go
2
star
45

read-file-to-env

Read files into environment variables and execute command
Go
2
star
46

eunuchs

Missing manly parts of UNIX API for Python
C
2
star
47

oatmail

synchronizing Maildir mail with git
Python
2
star
48

json-point

Command-line tool to extract parts of JSON documents, with JSON Pointer syntax
Go
2
star
49

s3-url-sign

Sign a URL for use with S3
Python
2
star
50

scalemail

Scalable virtual mail domain system built on Postfix and LDAP. Mostly of historical interest.
Python
2
star
51

wait-for-pid

Wait for processes to exit
Rust
2
star
52

scram-password

Command-line utility for Postgres-compatible SCRAM-SHA-256 passwords
Go
2
star
53

big

[DEPRECATED] Large file storage with Git; see instead https://github.com/bazil/plop
Python
1
star
54

didyouseethis

Retweet anything with certain keywords
Go
1
star
55

dia_for_sphinx

Dia directive plugin for Sphinx
Python
1
star
56

childrpc

Use Go's rpc package to talk to subprocesses
Go
1
star
57

sekrit

[DEPRECATED] manage multi-user GPG-protected secrets; see instead https://github.com/tv42/yubage
Python
1
star
58

phrase-encoder

Encode binary data as words
Go
1
star
59

old-go

Git mirror of the Go Mercurial repository, with my modifications
Go
1
star
60

fs

Common Pythonic Filesystem API. Historical interest only.
Python
1
star
61

choosy

experimental & minimal web-based user interface to select a file from a list and play with mpv
Rust
1
star
62

dnscvsutil

Maintain DNS zone files under CVS control (ancient, historical interest mostly)
1
star
63

bearproxy

A very simple HTTP reverse proxy that checks that requests contain a valid secret as a bearer token
Go
1
star
64

intrusive

Intrusive container data types for Go
Go
1
star
65

snakepit

HiveDB partitioned database schema Python client. Abandoned in favor of using Cassandra. Mostly of historical interest.
Python
1
star
66

maildir-fix

Fix maildirs after git has pruned empty dirs
Go
1
star
67

botosh

Start a Python shell with Boto connections open
Python
1
star
68

x11-media-keys

Adjust volume and screen brightness based on keypresses
Go
1
star
69

melange-discovery

Draft blueprint for Openstack Melange instance address discovery component
1
star