Context Navigation

gitserver.xml@ aacba80f

Visit:

10.1 11.0 11.1 11.2 11.3 12.0 12.1 kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts lazarus lxqt plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition trunk upgradedb xry111/intltool xry111/llvm18 xry111/soup3 xry111/test-20220226 xry111/xf86-video-removal

Last change on this file since aacba80f was aacba80f, checked in by Bruce Dubbs <bdubbs@…>, 3 years ago

More git server tweaks

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@24077 af4574ff-66df-0310-9fd7-8a98e5e911e0

Property mode set to 100644

File size: 10.8 KB

Line
1	<?xml version="1.0" encoding="ISO-8859-1"?>
2	<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4	<!ENTITY % general-entities SYSTEM "../../general.ent">
5	%general-entities;
6	<!ENTITY gitgid "58">
7	<!ENTITY gituid "58">
8	]>
9
10	<sect1 id="gitserver" xreflabel="Running a Git Server">
11	<?dbhtml filename="gitserver.html"?>
12
13	<sect1info>
14	<othername>$LastChangedBy$</othername>
15	<date>$Date$</date>
16	</sect1info>
17
18	<title>Running a Git Server</title>
19
20	<sect2 role="package">
21	<title>Introduction</title>
22
23	<para>
24	This section will describe how to set up, administer and secure a
25	<application>git</application> server. <application>Git</application>
26	has many options available. For more detailed documentation see
27	<ulink url="https://git-scm.com/book/en/v2"/>.
28	</para>
29
30	<bridgehead renderas="sect3">Server Dependencies</bridgehead>
31
32	<bridgehead renderas="sect4">Required</bridgehead>
33	<para role="required">
34	<xref linkend="git"/> and
35	<xref linkend="openssh"/>
36	</para>
37
38	</sect2>
39
40	<sect2 role="configuration">
41	<title>Setting up a Git Server</title>
42
43	<para>
44	The following instructions will install a
45	<application>git</application> server. It will be set
46	up to use <application>OpenSSH</application> as the secure
47	remote access method.
48	</para>
49
50	<para>
51	Configuration of the server consists of the following steps:
52	</para>
53
54	<sect3>
55	<title>1. Setup Users, Groups, and Permissions</title>
56
57	<para>
58	You will need to be user <systemitem class='username'>root</systemitem>
59	for the initial portion of configuration. Create the <systemitem
60	class="username">git</systemitem> user and group with the following
61	commands:
62	</para>
63
64	<screen role="root"><userinput>groupadd -g &gitgid; git &&
65	useradd -c "git Owner" -d /home/git -m -g git -s /usr/bin/git-shell -u &gituid; git</userinput></screen>
66
67	<para>
68	Create some files and directories in the home directory of the git user
69	allowing access to the git repository using ssh keys.
70	</para>
71
72	<screen role="root"><userinput>install -o git -g git -dm0700 /home/git/.ssh &&
73	install -o git -g git -m0600 /dev/null /home/git/.ssh/authorized_keys
74	</userinput></screen>
75
76	<para>
77	For any developer who should have access to the repository
78	add his/her public ssh key to <filename>/home/git/.ssh/authorized_keys</filename>.
79	First, prepend some options to prevent users to use the
80	connection to git for port forwarding to other machines
81	the git server might reach.
82	</para>
83
84	<screen role="nodump"><userinput>echo -n "no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty " >> /home/git/.ssh/authorized_keys &&
85	cat <user-ssh-key> >> /home/git/.ssh/authorized_keys</userinput></screen>
86
87	<para>
88	It is also useful to set the default name of the initial branch
89	of new repositories by modifying the git configuration. As the
90	<systemitem class='username'>root</systemitem> user, run:
91	</para>
92
93	<screen role="nodump"><userinput>git config --global init.defaultBranch trunk</userinput></screen>
94
95	</sect3>
96
97	<sect3>
98	<title>2. Create a git repository</title>
99
100	<para>
101	The repository can be anywhere on the filesystem. It is
102	important that the git user has read/write access to that
103	location. We use <filename class="directory">/srv/git</filename>
104	as base directory. Create a new <application>git</application>
105	repository with the following commands (as the
106	<systemitem class="username">root</systemitem> user):
107	</para>
108
109	<screen role="root"><userinput>install -o git -g git -m755 -d /srv/git/project1.git &&
110	cd /srv/git/project1.git &&
111	git init --bare &&
112	chown -R git:git .</userinput></screen>
113
114	</sect3>
115
116	<sect3>
117	<title>3. Populate the repository from a client system</title>
118
119	<para>
120	Now that the repository is created, it can be used by the
121	developers to put some files into it. Once the ssh key of
122	the user is imported to git's <filename>authorized_keys</filename>
123	file, the user can interact with the repository.
124	</para>
125
126	<para>
127	A minimal configuration should be available on the developer's
128	system specifying its user name and the email address.
129	Create this minimal config file on client side:
130	</para>
131
132	<screen role="nodump"><userinput>cat > ~/.gitconfig <<EOF
133	[user]
134	name = <users-name>
135	email = <users-email-address>
136	EOF</userinput></screen>
137
138	<para>
139	On the developer's machine, setup some files to be pushed
140	to the repository as the initial content:
141	</para>
142
143	<screen role="nodump"><userinput>mkdir myproject
144	cd myproject
145	git init --initial-branch=trunk
146	git remote add origin git@gitserver:/srv/git/project1.git
147	cat >README <<EOF
148	This is the README file
149	EOF
150	git add README
151	git commit -m 'Initial creation of README'
152	git push --set-upstream origin trunk</userinput></screen>
153
154	<para>The initial content is now pushed to the server and
155	is available for other users. On the current machine, the
156	argument <literal>--set-upstream origin trunk</literal> is
157	now no longer required as the local repository is now
158	connected to the remote repository. Subsequent pushes
159	can be performed as
160	</para>
161
162	<screen role="nodump"><userinput>git push</userinput></screen>
163
164	<para>
165	Other developers can now clone the repository and do
166	modifications to the content (as long as their ssh keys
167	has been installed):
168	</para>
169
170	<screen role="nodump"><userinput>git clone git@gitserver:/srv/git/project1.git
171	cd project1
172	vi README
173	git commit -am 'Fix for README file'
174	git push</userinput></screen>
175
176	<note>
177	<para>
178	This is a very basic server setup based on
179	<application>OpenSSH</application> access. All developers are using
180	the <systemitem class="username">git</systemitem> user to perform
181	actions on the repository and the changes users are commiting can be
182	distiguished as the local user name (see
183	<filename>~/.gitconfig</filename>) is recorded in the
184	changesets.</para>
185	</note>
186
187	<para>
188	Access is restricted by the public keys added to git's
189	<filename>authorized_keys</filename> file and there is no
190	option for the public to export/clone the repository. To
191	enable this, continue with step 4 to setup the git server.
192	</para>
193
194	</sect3>
195
196	<sect3>
197	<title>4. Configure the Server</title>
198
199	<para>
200	The setup described above makes a repository available for
201	authenticated users (via providing the ssh public key file).
202	There is also a quite simple way to publish the
203	repository to unauthenticated users - of course without write
204	access.
205	</para>
206
207	<para>
208	The combination of access via ssh (for authenticated users) and
209	the export of repositories to unauthenticated users via the
210	daemon is in most cases enough for a development site.
211	</para>
212
213	<note>
214	<para>
215	The daemon will be reachable at port <literal>9418</literal>
216	by default. Make sure that your firewall setup allows
217	access to that port.
218	</para>
219	</note>
220
221	<para>
222	As user <systemitem class='username'>root</systemitem> do:
223	</para>
224
225	<screen role="root" revision="sysv"><userinput>cat > /etc/rc.d/init.d/git-daemon <<"EOF"
226	#!/bin/sh
227	########################################################################
228	# Begin /etc/rc.d/init.d/git-daemon
229	#
230	# Description : Start/Stop git as a daemon
231	#
232	# Authors :
233	#
234	# Version : LFS 10.0
235	#
236	# Notes :
237	#
238	########################################################################
239
240	### BEGIN INIT INFO
241	# Provides: git-daemon
242	# Required-Start: network
243	# Should-Start:
244	# Required-Stop:
245	# Should-Stop:
246	# Default-Start:
247	# Default-Stop:
248	# Short-Description: git as daemon
249	# Description:
250	# X-LFS-Provided-By:
251	### END INIT INFO
252
253	. /lib/lsb/init-functions
254
255	GIT_BIN="/usr/bin/git"
256	DFT_REPO_DIR="/srv/git/"
257	PID_FILE="/run/git-daemon.pid"
258
259	case "${1}" in
260	start)
261	log_info_msg "Starting git-daemon ..."
262	$GIT_BIN daemon \
263	--detach \
264	--pid-file=$PID_FILE \
265	--user=git \
266	--group=git \
267	--reuseaddr \
268	--base-path=$DFT_REPO_DIR $DFT_REPO_DIR
269	evaluate_retval
270	;;
271
272	stop)
273	log_info_msg "Stopping git-daemon ..."
274	killproc -p $PID_FILE $GIT_BIN
275	evaluate_retval
276	;;
277
278	restart)
279	${0} stop
280	sleep 1
281	${0} start
282	;;
283
284	*)
285	echo "Usage: ${0} {start\|stop\|restart}"
286	exit 1
287	;;
288	esac
289
290	exit 0
291
292	# End /etc/rc.d/init.d/git-daemon
293	EOF
294
295	chmod 755 /etc/rc.d/init.d/git-daemon
296	ln -v -sf ../init.d/git-daemon /etc/rc.d/rc0.d/K29git-daemon
297	ln -v -sf ../init.d/git-daemon /etc/rc.d/rc1.d/K29git-daemon
298	ln -v -sf ../init.d/git-daemon /etc/rc.d/rc2.d/K29git-daemon
299	ln -v -sf ../init.d/git-daemon /etc/rc.d/rc3.d/S50git-daemon
300	ln -v -sf ../init.d/git-daemon /etc/rc.d/rc4.d/S50git-daemon
301	ln -v -sf ../init.d/git-daemon /etc/rc.d/rc5.d/S50git-daemon
302	ln -v -sf ../init.d/git-daemon /etc/rc.d/rc6.d/K29git-daemon</userinput></screen>
303
304	<screen role="root" revision="systemd"><userinput>cat > /etc/systemd/system/git-daemon.service <<EOF
305	[Unit]
306	Description=Start Git Daemon
307
308	[Service]
309	ExecStart=/usr/bin/git daemon --reuseaddr --base-path=/srv/git/ /srv/git/
310
311	Restart=always
312	RestartSec=500ms
313
314	StandardOutput=syslog
315	StandardError=syslog
316	SyslogIdentifier=git-daemon
317
318	User=git
319	Group=git
320
321	[Install]
322	WantedBy=multi-user.target
323	EOF</userinput></screen>
324
325	<para revision="systemd">
326	Enable and start the daemon by executing:
327	</para>
328
329	<screen role="root" revision="systemd"><userinput>systemctl enable git-daemon &&
330	systemctl start git-daemon</userinput></screen>
331
332	<para revision="sysv">
333	Start the daemon be executing
334	</para>
335	<screen role="root" revision="sysv"><userinput>/etc/rc.d/init.d/git-daemon start</userinput></screen>
336
337	<para>
338	In order to allow <application>git</application> to export a
339	repository, a file named <filename>git-daemon-export-ok</filename>
340	is required in each repository directory on the server. The
341	file needs no content, just its existance enables, its absence
342	disables the export of that repository.
343	</para>
344
345	<screen role="root"><userinput>touch /srv/git/project1.git/git-daemon-export-ok</userinput></screen>
346
347	</sect3>
348
349	</sect2>
350
351	</sect1>

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: general/prog/gitserver.xml@ aacba80f

Download in other formats: