Context Navigation

gitserver.xml@ bbeb20f

Visit:

10.1 11.0 11.1 11.2 11.3 12.0 12.1 kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts lazarus lxqt plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition trunk upgradedb xry111/intltool xry111/llvm18 xry111/soup3 xry111/test-20220226 xry111/xf86-video-removal

Last change on this file since bbeb20f was bbeb20f, checked in by Bruce Dubbs <bdubbs@…>, 3 years ago

More tweaks ot git server page

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@24075 af4574ff-66df-0310-9fd7-8a98e5e911e0

Property mode set to 100644

File size: 10.7 KB

Line
1	<?xml version="1.0" encoding="ISO-8859-1"?>
2	<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4	<!ENTITY % general-entities SYSTEM "../../general.ent">
5	%general-entities;
6	<!ENTITY gitgid "58">
7	<!ENTITY gituid "58">
8	]>
9
10	<sect1 id="gitserver" xreflabel="Running a Git Server">
11	<?dbhtml filename="gitserver.html"?>
12
13	<sect1info>
14	<othername>$LastChangedBy$</othername>
15	<date>$Date$</date>
16	</sect1info>
17
18	<title>Running a Git Server</title>
19
20	<sect2 role="package">
21	<title>Introduction</title>
22
23	<para>
24	This section will describe how to set up, administer and secure a
25	<application>git</application> server. <application>Git</application>
26	has many options available. For more detailed documentation see
27	<ulink url="https://git-scm.com/book/en/v2"/>.
28	</para>
29
30	<bridgehead renderas="sect3">Server Dependencies</bridgehead>
31
32	<bridgehead renderas="sect4">Required</bridgehead>
33	<para role="required">
34	<xref linkend="git"/> and
35	<xref linkend="openssh"/>
36	</para>
37
38	</sect2>
39
40	<sect2 role="configuration">
41	<title>Setting up a Git Server.</title>
42
43	<para>
44	The following instructions will install a
45	<application>git</application> server. It will be set
46	up to use <application>OpenSSH</application> as the secure
47	remote access method.
48	</para>
49
50	<para>
51	Configuration of the server consists of the following steps:
52	</para>
53
54	<sect3>
55	<title>1. Setup Users, Groups, and Permissions</title>
56
57	<para>
58	You will need to be user <systemitem class='username'>root</systemitem>
59	for the initial portion of configuration. Create the <systemitem
60	class="username">git</systemitem> user and group with the following
61	commands:
62	</para>
63
64	<screen role="root"><userinput>groupadd -g &gitgid; git &&
65	useradd -c "git Owner" -d /home/git -m -g git -s /usr/bin/git-shell -u &gituid; git</userinput></screen>
66
67	<para>
68	Create some files and directories in the home directory of the git user
69	allowing access to the git repository using ssh keys.
70	</para>
71
72	<screen role="root"><userinput>install -o git -g git -dm0700 /home/git/.ssh &&
73	install -o git -g git -m0600 /dev/null /home/git/.ssh/authorized_keys
74	</userinput></screen>
75
76	<para>
77	For any developer who should have access to the repository
78	add his/her public ssh key to <filename>/home/git/.ssh/authorized_keys</filename>.
79	First, prepend some options to prevent users to use the
80	connection to git for port forwarding to other machines
81	the git server might reach.
82	</para>
83
84	<screen role="nodump"><userinput>echo -n "no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty " >> /home/git/.ssh/authorized_keys &&
85	cat <user-ssh-key> >> /home/git/.ssh/authorized_keys</userinput></screen>
86
87	<para>
88	It is also useful to set the default name of the initial branch
89	of new repositories by modifying the git configuration. As the
90	<systemitem class='username'>root</systemitem> user, run:
91	</para>
92
93	<screen role="nodump"><userinput>git config --global init.defaultBranch trunk</userinput></screen>
94
95	</sect3>
96
97	<sect3>
98	<title>2. Create a git repository.</title>
99
100	<para>
101	The repository can be anywhere on the filesystem. It is
102	important that the git user has read/write access to that
103	location. We use <filename class="directory">/srv/git</filename>
104	as base directory. Create a new <application>git</application>
105	repository with the following commands (as the
106	<systemitem class="username">root</systemitem> user):
107	</para>
108
109	<screen role="root"><userinput>install -o git -g git -m755 -d /srv/git/project1.git &&
110	cd /srv/git/project1.git &&
111	git init --bare &&
112	chown -R git:git .</userinput></screen>
113
114	<para>
115	Now that the repository is created, it can be used by the
116	developers to put some files into it. Once the ssh key of
117	the user is imported to git's <filename>authorized_keys</filename>
118	file, the user can interact with the repository.
119	</para>
120
121	<para>
122	A minimal configuration should be available on the developer's
123	dudyrm specifying its user name and the email address.
124	Create this minimal config file on client side:
125	</para>
126
127	<screen role="nodump"><userinput>cat > ~/.gitconfig <<EOF
128	[user]
129	name = <users-name>
130	email = <users-email-address>
131	EOF</userinput></screen>
132
133	<para>
134	On the developer's machine, setup some files to be pushed
135	to the repository as the initial content:
136	</para>
137
138	<screen role="nodump"><userinput>mkdir myproject
139	cd myproject
140	git init --initial-branch=trunk
141	git remote add origin git@gitserver:/srv/git/project1.git
142	cat >README <<EOF
143	This is the README file
144	EOF
145	git add README
146	git commit -m 'Initial creation of README'
147	git push --set-upstream origin trunk</userinput></screen>
148
149	<para>The initial content is now pushed to the server and
150	is available for other users. On the current machine, the
151	argument <literal>--set-upstream origin trunk</literal> is
152	now no longer required as the local repository is now
153	connected to the remote repository. Subsequent pushes
154	can be performed as
155	</para>
156
157	<screen role="nodump"><userinput>git push</userinput></screen>
158
159	<para>
160	Other developers can now clone the repository and do
161	modifications to the content (as long as their ssh keys
162	has been installed):
163	</para>
164
165	<screen role="nodump"><userinput>git clone git@gitserver:/srv/git/project1.git
166	cd project1
167	vi README
168	git commit -am 'Fix for README file'
169	git push</userinput></screen>
170
171	<note>
172	<para>
173	This is a very basic server setup based on
174	<application>OpenSSH</application> access. All developers are using
175	the <systemitem class="username">git</systemitem> user to perform
176	actions on the repository and the changes users are commiting can be
177	distiguished as the local user name (see
178	<filename>~/.gitconfig</filename>) is recorded in the
179	changesets.</para>
180	</note>
181
182	<para>
183	Access is restricted by the public keys added to git's
184	<filename>authorized_keys</filename> file and there is no
185	option for the public to export/clone the repository. To
186	enable this, continue with step 3 to setup the git server.
187	</para>
188
189	</sect3>
190
191	<sect3>
192	<title>3. Configure the Server</title>
193
194	<para>
195	The setup described above makes a repository available for
196	authenticated users (via providing the ssh public key file).
197	There is also a quite simple way to publish the
198	repository to unauthenticated users - of course without write
199	access.
200	</para>
201	<para>
202	The compination of access via ssh (for authenticated users) and
203	the export of repositories to unauthenticated users via the
204	daemon is in most cases enough for a development site.
205	</para>
206
207	<note>
208	<para>
209	The daemon will be reachable at port <literal>9418</literal>
210	by default. Make sure that your firewall setup allows
211	access to that port.
212	</para>
213	</note>
214
215	<para>
216	As user <systemitem class='username'>root</systemitem> do:
217	</para>
218
219	<screen role="root" revision="sysv"><userinput>cat > /etc/rc.d/init.d/git-daemon <<"EOF"
220	#!/bin/sh
221	########################################################################
222	# Begin /etc/rc.d/init.d/git-daemon
223	#
224	# Description : Start/Stop git as a daemon
225	#
226	# Authors :
227	#
228	# Version : LFS 10.0
229	#
230	# Notes :
231	#
232	########################################################################
233
234	### BEGIN INIT INFO
235	# Provides: git-daemon
236	# Required-Start: network
237	# Should-Start:
238	# Required-Stop:
239	# Should-Stop:
240	# Default-Start:
241	# Default-Stop:
242	# Short-Description: git as daemon
243	# Description:
244	# X-LFS-Provided-By:
245	### END INIT INFO
246
247	. /lib/lsb/init-functions
248
249	GIT_BIN="/usr/bin/git"
250	DFT_REPO_DIR="/srv/git/"
251	PID_FILE="/run/git-daemon.pid"
252
253	case "${1}" in
254	start)
255	log_info_msg "Starting git-daemon ..."
256	$GIT_BIN daemon \
257	--detach \
258	--pid-file=$PID_FILE \
259	--user=git \
260	--group=git \
261	--reuseaddr \
262	--base-path=$DFT_REPO_DIR $DFT_REPO_DIR
263	evaluate_retval
264	;;
265
266	stop)
267	log_info_msg "Stopping git-daemon ..."
268	killproc -p $PID_FILE $GIT_BIN
269	evaluate_retval
270	;;
271
272	restart)
273	${0} stop
274	sleep 1
275	${0} start
276	;;
277
278	*)
279	echo "Usage: ${0} {start\|stop\|restart}"
280	exit 1
281	;;
282	esac
283
284	exit 0
285
286	# End /etc/rc.d/init.d/git-daemon
287	EOF
288
289	chmod 755 /etc/rc.d/init.d/git-daemon
290	ln -v -sf ../init.d/git-daemon /etc/rc.d/rc0.d/K29git-daemon
291	ln -v -sf ../init.d/git-daemon /etc/rc.d/rc1.d/K29git-daemon
292	ln -v -sf ../init.d/git-daemon /etc/rc.d/rc2.d/K29git-daemon
293	ln -v -sf ../init.d/git-daemon /etc/rc.d/rc3.d/S50git-daemon
294	ln -v -sf ../init.d/git-daemon /etc/rc.d/rc4.d/S50git-daemon
295	ln -v -sf ../init.d/git-daemon /etc/rc.d/rc5.d/S50git-daemon
296	ln -v -sf ../init.d/git-daemon /etc/rc.d/rc6.d/K29git-daemon</userinput></screen>
297
298	<screen role="root" revision="systemd"><userinput>cat > /etc/systemd/system/git-daemon.service <<EOF
299	[Unit]
300	Description=Start Git Daemon
301
302	[Service]
303	ExecStart=/usr/bin/git daemon --reuseaddr --base-path=/srv/git/ /srv/git/
304
305	Restart=always
306	RestartSec=500ms
307
308	StandardOutput=syslog
309	StandardError=syslog
310	SyslogIdentifier=git-daemon
311
312	User=git
313	Group=git
314
315	[Install]
316	WantedBy=multi-user.target
317	EOF</userinput></screen>
318
319	<para revision="systemd">
320	Enable and start the daemon by executing:
321	</para>
322
323	<screen role="root" revision="systemd"><userinput>systemctl enable git-daemon &&
324	systemctl start git-daemon</userinput></screen>
325
326	<para revision="sysv">
327	Start the daemon be executing
328	</para>
329	<screen role="root" revision="sysv"><userinput>/etc/rc.d/init.d/git-daemon start</userinput></screen>
330
331	<para>
332	In order to allow <application>git</application> to export a
333	repository, a file named <filename>git-daemon-export-ok</filename>
334	is required in each repository directory on the server. The
335	file needs no content, just its existance enables, its absence
336	disables the export of that repository.
337	</para>
338
339	<screen role="root"><userinput>touch /srv/git/project1.git/git-daemon-export-ok</userinput></screen>
340
341	</sect3>
342
343	</sect2>
344
345	</sect1>

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: general/prog/gitserver.xml@ bbeb20f

Download in other formats: