source: general/prog/gitserver.xml@ 78f55b5

10.1 11.0 ken/refactor-virt lazarus qt5new trunk xry111/git-date xry111/git-date-for-trunk xry111/git-date-test
Last change on this file since 78f55b5 was 78f55b5, checked in by Bruce Dubbs <bdubbs@…>, 10 months ago

Tweaks and wording for git server

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@24074 af4574ff-66df-0310-9fd7-8a98e5e911e0

  • Property mode set to 100644
File size: 10.4 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6 <!ENTITY gitgid "58">
7 <!ENTITY gituid "58">
8]>
9
10<sect1 id="gitserver" xreflabel="Running a Git Server">
11 <?dbhtml filename="gitserver.html"?>
12
13 <sect1info>
14 <othername>$LastChangedBy$</othername>
15 <date>$Date$</date>
16 </sect1info>
17
18 <title>Running a Git Server</title>
19
20 <sect2 role="package">
21 <title>Introduction</title>
22
23 <para>
24 This section will describe how to set up, administer and secure a
25 <application>git</application> server. <application>Git</application>
26 has many options available. For more detailed documentation see
27 <ulink url="https://git-scm.com/book/en/v2"/>.
28 </para>
29
30 <bridgehead renderas="sect3">Server Dependencies</bridgehead>
31
32 <bridgehead renderas="sect4">Required</bridgehead>
33 <para role="required">
34 <xref linkend="git"/> and
35 <xref linkend="openssh"/>
36 </para>
37
38 </sect2>
39
40 <sect2 role="configuration">
41 <title>Setting up a Git Server.</title>
42
43 <para>
44 The following instructions will install a
45 <application>git</application> server. It will be set
46 up to use <application>OpenSSH</application> as the secure
47 remote access method.
48 </para>
49
50 <para>
51 Configuration of the server consists of the following steps:
52 </para>
53
54 <sect3>
55 <title>1. Setup Users, Groups, and Permissions</title>
56
57 <para>
58 You will need to be user <systemitem class='username'>root</systemitem>
59 for the initial portion of configuration. Create the <systemitem
60 class="username">git</systemitem> user and group with the following
61 commands:
62 </para>
63
64<screen role="root"><userinput>groupadd -g &gitgid; git &amp;&amp;
65useradd -c "git Owner" -d /home/git -m -g git -s /usr/bin/git-shell -u &gituid; git</userinput></screen>
66
67 <para>
68 Create some files and directories in the home directory of the git user
69 allowing access to the git repository using ssh keys.
70 </para>
71
72<screen role="root"><userinput>install -o git -g git -dm0700 /home/git/.ssh &amp;&amp;
73install -o git -g git -m0600 /dev/null /home/git/.ssh/authorized_keys
74</userinput></screen>
75
76 <para>
77 For any developer who should have access to the repository
78 add his/her public ssh key to <filename>/home/git/.ssh/authorized_keys</filename>.
79 First, prepend some options to prevent users to use the
80 connection to git for port forwarding to other machines
81 the git server might reach.
82 </para>
83
84<screen role="nodump"><userinput>echo -n "no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty " >> /home/git/.ssh/authorized_keys &amp;&amp;
85cat &lt;user-ssh-key&gt; &gt;&gt; /home/git/.ssh/authorized_keys</userinput></screen>
86
87 </sect3>
88
89 <sect3>
90 <title>2. Create a git repository.</title>
91
92 <para>
93 The repository can be anywhere on the filesystem. It is
94 important that the git user has read/write access to that
95 location. We use <filename class="directory">/srv/git</filename>
96 as base directory. Create a new <application>git</application>
97 repository with the following commands (as the
98 <systemitem class="username">root</systemitem> user):
99 </para>
100
101<screen role="root"><userinput>install -o git -g git -m755 -d /srv/git/project1.git &amp;&amp;
102cd /srv/git/project1.git &amp;&amp;
103git init --bare &amp;&amp;
104chown -R git:git .</userinput></screen>
105
106 <para>
107 Now that the repository is created, it can be used by the
108 developers to put some files into it. Once the ssh key of
109 the user is imported to git's <filename>authorized_keys</filename>
110 file, the user can interact with the repository.
111 </para>
112
113 <para>
114 A minimal configuration should be available on the developer's
115 dudyrm specifying its user name and the email address.
116 Create this minimal config file on client side:
117 </para>
118
119<screen role="nodump"><userinput>cat &gt; ~/.gitconfig &lt;&lt;EOF
120[user]
121 name = &lt;users-name&gt;
122 email = &lt;users-email-address&gt;
123EOF</userinput></screen>
124
125 <para>
126 On the developer's machine, setup some files to be pushed
127 to the repository as the initial content:
128 </para>
129
130<screen role="nodump"><userinput>mkdir myproject
131cd myproject
132git init --initial-branch=main
133git remote add origin git@gitserver:/srv/git/project1.git
134cat &gt;README &lt;&lt;EOF
135This is the README file
136EOF
137git add README
138git commit -m 'Initial creation of README'
139git push --set-upstream origin main</userinput></screen>
140
141 <para>The initial content is now pushed to the server and
142 is available for other users. On the current machine, the
143 argument <literal>--set-upstream origin main</literal> is
144 now no longer required as the local repository is now
145 connected to the remote repository. Subsequent pushes
146 can be performed as
147 </para>
148
149<screen role="nodump"><userinput>git push</userinput></screen>
150
151 <para>
152 Other developers can now clone the repository and do
153 modifications to the content (as long as their ssh keys
154 has been installed):
155 </para>
156
157<screen role="nodump"><userinput>git clone git@gitserver:/srv/git/project1.git
158cd project1
159vi README
160git commit -am 'Fix for README file'
161git push</userinput></screen>
162
163 <note>
164 <para>
165 This is a very basic server setup based on
166 <application>OpenSSH</application> access. All developers are using
167 the <systemitem class="username">git</systemitem> user to perform
168 actions on the repository and the changes users are commiting can be
169 distiguished as the local user name (see
170 <filename>~/.gitconfig</filename>) is recorded in the
171 changesets.</para>
172 </note>
173
174 <para>
175 Access is restricted by the public keys added to git's
176 <filename>authorized_keys</filename> file and there is no
177 option for the public to export/clone the repository. To
178 enable this, continue with step 3 to setup the git server.
179 </para>
180
181 </sect3>
182
183 <sect3>
184 <title>3. Configure the Server</title>
185
186 <para>
187 The setup described above makes a repository available for
188 authenticated users (via providing the ssh public key file).
189 There is also a quite simple way to publish the
190 repository to unauthenticated users - of course without write
191 access.
192 </para>
193 <para>
194 The compination of access via ssh (for authenticated users) and
195 the export of repositories to unauthenticated users via the
196 daemon is in most cases enough for a development site.
197 </para>
198
199 <note>
200 <para>
201 The daemon will be reachable at port <literal>9418</literal>
202 by default. Make sure that your firewall setup allows
203 access to that port.
204 </para>
205 </note>
206
207 <para>
208 As user <systemitem class='username'>root</systemitem> do:
209 </para>
210
211<screen role="root" revision="sysv"><userinput>cat &gt; /etc/rc.d/init.d/git-daemon &lt;&lt;"EOF"
212#!/bin/sh
213########################################################################
214# Begin /etc/rc.d/init.d/git-daemon
215#
216# Description : Start/Stop git as a daemon
217#
218# Authors :
219#
220# Version : LFS 10.0
221#
222# Notes :
223#
224########################################################################
225
226### BEGIN INIT INFO
227# Provides: git-daemon
228# Required-Start: network
229# Should-Start:
230# Required-Stop:
231# Should-Stop:
232# Default-Start:
233# Default-Stop:
234# Short-Description: git as daemon
235# Description:
236# X-LFS-Provided-By:
237### END INIT INFO
238
239. /lib/lsb/init-functions
240
241GIT_BIN="/usr/bin/git"
242DFT_REPO_DIR="/srv/git/"
243PID_FILE="/run/git-daemon.pid"
244
245case "${1}" in
246 start)
247 log_info_msg "Starting git-daemon ..."
248 $GIT_BIN daemon \
249 --detach \
250 --pid-file=$PID_FILE \
251 --user=git \
252 --group=git \
253 --reuseaddr \
254 --base-path=$DFT_REPO_DIR $DFT_REPO_DIR
255 evaluate_retval
256 ;;
257
258 stop)
259 log_info_msg "Stopping git-daemon ..."
260 killproc -p $PID_FILE $GIT_BIN
261 evaluate_retval
262 ;;
263
264 restart)
265 ${0} stop
266 sleep 1
267 ${0} start
268 ;;
269
270 *)
271 echo "Usage: ${0} {start|stop|restart}"
272 exit 1
273 ;;
274esac
275
276exit 0
277
278# End /etc/rc.d/init.d/git-daemon
279EOF
280
281chmod 755 /etc/rc.d/init.d/git-daemon
282ln -v -sf ../init.d/git-daemon /etc/rc.d/rc0.d/K29git-daemon
283ln -v -sf ../init.d/git-daemon /etc/rc.d/rc1.d/K29git-daemon
284ln -v -sf ../init.d/git-daemon /etc/rc.d/rc2.d/K29git-daemon
285ln -v -sf ../init.d/git-daemon /etc/rc.d/rc3.d/S50git-daemon
286ln -v -sf ../init.d/git-daemon /etc/rc.d/rc4.d/S50git-daemon
287ln -v -sf ../init.d/git-daemon /etc/rc.d/rc5.d/S50git-daemon
288ln -v -sf ../init.d/git-daemon /etc/rc.d/rc6.d/K29git-daemon</userinput></screen>
289
290<screen role="root" revision="systemd"><userinput>cat &gt; /etc/systemd/system/git-daemon.service &lt;&lt;EOF
291[Unit]
292Description=Start Git Daemon
293
294[Service]
295ExecStart=/usr/bin/git daemon --reuseaddr --base-path=/srv/git/ /srv/git/
296
297Restart=always
298RestartSec=500ms
299
300StandardOutput=syslog
301StandardError=syslog
302SyslogIdentifier=git-daemon
303
304User=git
305Group=git
306
307[Install]
308WantedBy=multi-user.target
309EOF</userinput></screen>
310
311 <para revision="systemd">
312 Enable and start the daemon by executing:
313 </para>
314
315<screen role="root" revision="systemd"><userinput>systemctl enable git-daemon &amp;&amp;
316systemctl start git-daemon</userinput></screen>
317
318 <para revision="sysv">
319 Start the daemon be executing
320 </para>
321<screen role="root" revision="sysv"><userinput>/etc/rc.d/init.d/git-daemon start</userinput></screen>
322
323 <para>
324 In order to allow <application>git</application> to export a
325 repository, a file named <filename>git-daemon-export-ok</filename>
326 is required in each repository directory on the server. The
327 file needs no content, just its existance enables, its absence
328 disables the export of that repository.
329 </para>
330
331<screen role="root"><userinput>touch /srv/git/project1.git/git-daemon-export-ok</userinput></screen>
332
333 </sect3>
334
335 </sect2>
336
337</sect1>
Note: See TracBrowser for help on using the repository browser.