source: general/prog/gitserver.xml@ bbeb20f

10.1 11.0 ken/refactor-virt lazarus qt5new trunk xry111/git-date xry111/git-date-for-trunk xry111/git-date-test
Last change on this file since bbeb20f was bbeb20f, checked in by Bruce Dubbs <bdubbs@…>, 10 months ago

More tweaks ot git server page

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@24075 af4574ff-66df-0310-9fd7-8a98e5e911e0

  • Property mode set to 100644
File size: 10.7 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6 <!ENTITY gitgid "58">
7 <!ENTITY gituid "58">
8]>
9
10<sect1 id="gitserver" xreflabel="Running a Git Server">
11 <?dbhtml filename="gitserver.html"?>
12
13 <sect1info>
14 <othername>$LastChangedBy$</othername>
15 <date>$Date$</date>
16 </sect1info>
17
18 <title>Running a Git Server</title>
19
20 <sect2 role="package">
21 <title>Introduction</title>
22
23 <para>
24 This section will describe how to set up, administer and secure a
25 <application>git</application> server. <application>Git</application>
26 has many options available. For more detailed documentation see
27 <ulink url="https://git-scm.com/book/en/v2"/>.
28 </para>
29
30 <bridgehead renderas="sect3">Server Dependencies</bridgehead>
31
32 <bridgehead renderas="sect4">Required</bridgehead>
33 <para role="required">
34 <xref linkend="git"/> and
35 <xref linkend="openssh"/>
36 </para>
37
38 </sect2>
39
40 <sect2 role="configuration">
41 <title>Setting up a Git Server.</title>
42
43 <para>
44 The following instructions will install a
45 <application>git</application> server. It will be set
46 up to use <application>OpenSSH</application> as the secure
47 remote access method.
48 </para>
49
50 <para>
51 Configuration of the server consists of the following steps:
52 </para>
53
54 <sect3>
55 <title>1. Setup Users, Groups, and Permissions</title>
56
57 <para>
58 You will need to be user <systemitem class='username'>root</systemitem>
59 for the initial portion of configuration. Create the <systemitem
60 class="username">git</systemitem> user and group with the following
61 commands:
62 </para>
63
64<screen role="root"><userinput>groupadd -g &gitgid; git &amp;&amp;
65useradd -c "git Owner" -d /home/git -m -g git -s /usr/bin/git-shell -u &gituid; git</userinput></screen>
66
67 <para>
68 Create some files and directories in the home directory of the git user
69 allowing access to the git repository using ssh keys.
70 </para>
71
72<screen role="root"><userinput>install -o git -g git -dm0700 /home/git/.ssh &amp;&amp;
73install -o git -g git -m0600 /dev/null /home/git/.ssh/authorized_keys
74</userinput></screen>
75
76 <para>
77 For any developer who should have access to the repository
78 add his/her public ssh key to <filename>/home/git/.ssh/authorized_keys</filename>.
79 First, prepend some options to prevent users to use the
80 connection to git for port forwarding to other machines
81 the git server might reach.
82 </para>
83
84<screen role="nodump"><userinput>echo -n "no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty " >> /home/git/.ssh/authorized_keys &amp;&amp;
85cat &lt;user-ssh-key&gt; &gt;&gt; /home/git/.ssh/authorized_keys</userinput></screen>
86
87 <para>
88 It is also useful to set the default name of the initial branch
89 of new repositories by modifying the git configuration. As the
90 <systemitem class='username'>root</systemitem> user, run:
91 </para>
92
93<screen role="nodump"><userinput>git config --global init.defaultBranch trunk</userinput></screen>
94
95 </sect3>
96
97 <sect3>
98 <title>2. Create a git repository.</title>
99
100 <para>
101 The repository can be anywhere on the filesystem. It is
102 important that the git user has read/write access to that
103 location. We use <filename class="directory">/srv/git</filename>
104 as base directory. Create a new <application>git</application>
105 repository with the following commands (as the
106 <systemitem class="username">root</systemitem> user):
107 </para>
108
109<screen role="root"><userinput>install -o git -g git -m755 -d /srv/git/project1.git &amp;&amp;
110cd /srv/git/project1.git &amp;&amp;
111git init --bare &amp;&amp;
112chown -R git:git .</userinput></screen>
113
114 <para>
115 Now that the repository is created, it can be used by the
116 developers to put some files into it. Once the ssh key of
117 the user is imported to git's <filename>authorized_keys</filename>
118 file, the user can interact with the repository.
119 </para>
120
121 <para>
122 A minimal configuration should be available on the developer's
123 dudyrm specifying its user name and the email address.
124 Create this minimal config file on client side:
125 </para>
126
127<screen role="nodump"><userinput>cat &gt; ~/.gitconfig &lt;&lt;EOF
128[user]
129 name = &lt;users-name&gt;
130 email = &lt;users-email-address&gt;
131EOF</userinput></screen>
132
133 <para>
134 On the developer's machine, setup some files to be pushed
135 to the repository as the initial content:
136 </para>
137
138<screen role="nodump"><userinput>mkdir myproject
139cd myproject
140git init --initial-branch=trunk
141git remote add origin git@gitserver:/srv/git/project1.git
142cat &gt;README &lt;&lt;EOF
143This is the README file
144EOF
145git add README
146git commit -m 'Initial creation of README'
147git push --set-upstream origin trunk</userinput></screen>
148
149 <para>The initial content is now pushed to the server and
150 is available for other users. On the current machine, the
151 argument <literal>--set-upstream origin trunk</literal> is
152 now no longer required as the local repository is now
153 connected to the remote repository. Subsequent pushes
154 can be performed as
155 </para>
156
157<screen role="nodump"><userinput>git push</userinput></screen>
158
159 <para>
160 Other developers can now clone the repository and do
161 modifications to the content (as long as their ssh keys
162 has been installed):
163 </para>
164
165<screen role="nodump"><userinput>git clone git@gitserver:/srv/git/project1.git
166cd project1
167vi README
168git commit -am 'Fix for README file'
169git push</userinput></screen>
170
171 <note>
172 <para>
173 This is a very basic server setup based on
174 <application>OpenSSH</application> access. All developers are using
175 the <systemitem class="username">git</systemitem> user to perform
176 actions on the repository and the changes users are commiting can be
177 distiguished as the local user name (see
178 <filename>~/.gitconfig</filename>) is recorded in the
179 changesets.</para>
180 </note>
181
182 <para>
183 Access is restricted by the public keys added to git's
184 <filename>authorized_keys</filename> file and there is no
185 option for the public to export/clone the repository. To
186 enable this, continue with step 3 to setup the git server.
187 </para>
188
189 </sect3>
190
191 <sect3>
192 <title>3. Configure the Server</title>
193
194 <para>
195 The setup described above makes a repository available for
196 authenticated users (via providing the ssh public key file).
197 There is also a quite simple way to publish the
198 repository to unauthenticated users - of course without write
199 access.
200 </para>
201 <para>
202 The compination of access via ssh (for authenticated users) and
203 the export of repositories to unauthenticated users via the
204 daemon is in most cases enough for a development site.
205 </para>
206
207 <note>
208 <para>
209 The daemon will be reachable at port <literal>9418</literal>
210 by default. Make sure that your firewall setup allows
211 access to that port.
212 </para>
213 </note>
214
215 <para>
216 As user <systemitem class='username'>root</systemitem> do:
217 </para>
218
219<screen role="root" revision="sysv"><userinput>cat &gt; /etc/rc.d/init.d/git-daemon &lt;&lt;"EOF"
220#!/bin/sh
221########################################################################
222# Begin /etc/rc.d/init.d/git-daemon
223#
224# Description : Start/Stop git as a daemon
225#
226# Authors :
227#
228# Version : LFS 10.0
229#
230# Notes :
231#
232########################################################################
233
234### BEGIN INIT INFO
235# Provides: git-daemon
236# Required-Start: network
237# Should-Start:
238# Required-Stop:
239# Should-Stop:
240# Default-Start:
241# Default-Stop:
242# Short-Description: git as daemon
243# Description:
244# X-LFS-Provided-By:
245### END INIT INFO
246
247. /lib/lsb/init-functions
248
249GIT_BIN="/usr/bin/git"
250DFT_REPO_DIR="/srv/git/"
251PID_FILE="/run/git-daemon.pid"
252
253case "${1}" in
254 start)
255 log_info_msg "Starting git-daemon ..."
256 $GIT_BIN daemon \
257 --detach \
258 --pid-file=$PID_FILE \
259 --user=git \
260 --group=git \
261 --reuseaddr \
262 --base-path=$DFT_REPO_DIR $DFT_REPO_DIR
263 evaluate_retval
264 ;;
265
266 stop)
267 log_info_msg "Stopping git-daemon ..."
268 killproc -p $PID_FILE $GIT_BIN
269 evaluate_retval
270 ;;
271
272 restart)
273 ${0} stop
274 sleep 1
275 ${0} start
276 ;;
277
278 *)
279 echo "Usage: ${0} {start|stop|restart}"
280 exit 1
281 ;;
282esac
283
284exit 0
285
286# End /etc/rc.d/init.d/git-daemon
287EOF
288
289chmod 755 /etc/rc.d/init.d/git-daemon
290ln -v -sf ../init.d/git-daemon /etc/rc.d/rc0.d/K29git-daemon
291ln -v -sf ../init.d/git-daemon /etc/rc.d/rc1.d/K29git-daemon
292ln -v -sf ../init.d/git-daemon /etc/rc.d/rc2.d/K29git-daemon
293ln -v -sf ../init.d/git-daemon /etc/rc.d/rc3.d/S50git-daemon
294ln -v -sf ../init.d/git-daemon /etc/rc.d/rc4.d/S50git-daemon
295ln -v -sf ../init.d/git-daemon /etc/rc.d/rc5.d/S50git-daemon
296ln -v -sf ../init.d/git-daemon /etc/rc.d/rc6.d/K29git-daemon</userinput></screen>
297
298<screen role="root" revision="systemd"><userinput>cat &gt; /etc/systemd/system/git-daemon.service &lt;&lt;EOF
299[Unit]
300Description=Start Git Daemon
301
302[Service]
303ExecStart=/usr/bin/git daemon --reuseaddr --base-path=/srv/git/ /srv/git/
304
305Restart=always
306RestartSec=500ms
307
308StandardOutput=syslog
309StandardError=syslog
310SyslogIdentifier=git-daemon
311
312User=git
313Group=git
314
315[Install]
316WantedBy=multi-user.target
317EOF</userinput></screen>
318
319 <para revision="systemd">
320 Enable and start the daemon by executing:
321 </para>
322
323<screen role="root" revision="systemd"><userinput>systemctl enable git-daemon &amp;&amp;
324systemctl start git-daemon</userinput></screen>
325
326 <para revision="sysv">
327 Start the daemon be executing
328 </para>
329<screen role="root" revision="sysv"><userinput>/etc/rc.d/init.d/git-daemon start</userinput></screen>
330
331 <para>
332 In order to allow <application>git</application> to export a
333 repository, a file named <filename>git-daemon-export-ok</filename>
334 is required in each repository directory on the server. The
335 file needs no content, just its existance enables, its absence
336 disables the export of that repository.
337 </para>
338
339<screen role="root"><userinput>touch /srv/git/project1.git/git-daemon-export-ok</userinput></screen>
340
341 </sect3>
342
343 </sect2>
344
345</sect1>
Note: See TracBrowser for help on using the repository browser.