Changeset 78f55b5


Ignore:
Timestamp:
01/06/2021 03:41:15 AM (10 months ago)
Author:
Bruce Dubbs <bdubbs@…>
Branches:
10.1, 11.0, ken/refactor-virt, lazarus, qt5new, trunk, xry111/git-date, xry111/git-date-for-trunk, xry111/git-date-test
Children:
bbeb20f
Parents:
6cbbb2d
Message:

Tweaks and wording for git server

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@24074 af4574ff-66df-0310-9fd7-8a98e5e911e0

Files:
2 edited

Legend:

Unmodified
Added
Removed
  • general/prog/gitserver.xml

    r6cbbb2d r78f55b5  
    88]>
    99
    10 <sect1 id="gitserver" xreflabel="Running a git Server">
     10<sect1 id="gitserver" xreflabel="Running a Git Server">
    1111  <?dbhtml filename="gitserver.html"?>
    1212
     
    1616  </sect1info>
    1717
    18   <title>Running a git Server</title>
     18  <title>Running a Git Server</title>
    1919
    2020  <sect2 role="package">
    21     <title>Running a git Server</title>
     21    <title>Introduction</title>
    2222
    2323    <para>
    24       This section will describe how to set up, administer and secure
    25       a <application>git</application> server. It is recommended to
    26       have a look to the <ulink url="https://git-scm.com/book/en/v2">git-scm documentation</ulink>
    27       as <application>git</application> has many options to set.
     24      This section will describe how to set up, administer and secure a
     25      <application>git</application> server. <application>Git</application>
     26      has many options available. For more detailed documentation see
     27      <ulink url="https://git-scm.com/book/en/v2"/>.
    2828    </para>
    2929
    30     <bridgehead renderas="sect3">git Server Dependencies</bridgehead>
     30    <bridgehead renderas="sect3">Server Dependencies</bridgehead>
    3131
    3232    <bridgehead renderas="sect4">Required</bridgehead>
     
    3939
    4040  <sect2 role="configuration">
    41     <title>Setting up a git Server.</title>
     41    <title>Setting up a Git Server.</title>
    4242
    4343    <para>
    4444      The following instructions will install a
    45       <application>git</application> server, which will be set
     45      <application>git</application> server. It will be set
    4646      up to use <application>OpenSSH</application> as the secure
    4747      remote access method.
     
    4949
    5050    <para>
    51       Configuration of the <application>git</application> server
    52       consists of the following steps:
     51      Configuration of the server consists of the following steps:
    5352    </para>
    5453
     
    5756
    5857      <para>
    59         You'll need to be user
    60         <systemitem class='username'>root</systemitem> for the
    61         initial portion of configuration. Create the <systemitem
    62         class="username">git</systemitem> user and group with the
    63         following commands:
     58        You will need to be user <systemitem class='username'>root</systemitem>
     59        for the initial portion of configuration. Create the <systemitem
     60        class="username">git</systemitem> user and group with the following
     61        commands:
    6462      </para>
    6563
     
    6866
    6967      <para>
    70         Create some files and directories in the home directory
    71         of the git user. The current approach is to allow access
    72         to the git repository using ssh keys.
     68        Create some files and directories in the home directory of the git user
     69        allowing access to the git repository using ssh keys.
    7370      </para>
    7471     
     
    7976      <para>
    8077        For any developer who should have access to the repository
    81         add his/hers public ssh key to <filename>/home/git/.ssh/authorized_keys</filename>.
    82         Prepending some options to prevent users to use the
     78        add his/her public ssh key to <filename>/home/git/.ssh/authorized_keys</filename>.
     79        First, prepend some options to prevent users to use the
    8380        connection to git for port forwarding to other machines
    8481        the git server might reach.
     
    8683
    8784<screen role="nodump"><userinput>echo -n "no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty " >> /home/git/.ssh/authorized_keys &amp;&amp;
    88 cat users-ssh-key >> /home/git/.ssh/authorized_keys</userinput></screen>
     85cat &lt;user-ssh-key&gt; &gt;&gt; /home/git/.ssh/authorized_keys</userinput></screen>
    8986
    9087    </sect3>
     
    9491
    9592      <para>
    96         The repository can be but has not to be in git users home
    97         directory - it can be anywhere on the filesystem. It is
     93        The repository can be anywhere on the filesystem. It is
    9894        important that the git user has read/write access to that
    9995        location. We use <filename class="directory">/srv/git</filename>
     
    10399      </para>
    104100
    105 <screen role="root"><userinput>install -o git -g git -m0755 -d /srv/git/project1.git &amp;&amp;
    106 cd /srv/git/project1.git &amp;&amp;
    107 git init --bare &amp;&amp;
     101<screen role="root"><userinput>install -o git -g git -m755 -d /srv/git/project1.git &amp;&amp;
     102cd /srv/git/project1.git                             &amp;&amp;
     103git init --bare                                      &amp;&amp;
    108104chown -R git:git .</userinput></screen>
    109105
     
    116112
    117113      <para>
    118         A minimal configuration should be available on developers
    119         machine specifying its user name and the email address.
     114        A minimal configuration should be available on the developer's
     115        dudyrm specifying its user name and the email address.
    120116        Create this minimal config file on client side:
    121117      </para>
     
    127123EOF</userinput></screen>
    128124
    129       <para>On the developers machine, setup some files to be pushed
     125      <para>
     126        On the developer's machine, setup some files to be pushed
    130127        to the repository as the initial content:
    131128      </para>
     
    133130<screen role="nodump"><userinput>mkdir myproject
    134131cd myproject
    135 git init
     132git init --initial-branch=main
    136133git remote add origin git@gitserver:/srv/git/project1.git
    137134cat &gt;README &lt;&lt;EOF
     
    140137git add README
    141138git commit -m 'Initial creation of README'
    142 git push --set-upstream origin master</userinput></screen>
     139git push --set-upstream origin main</userinput></screen>
    143140
    144141      <para>The initial content is now pushed to the server and
    145142        is available for other users. On the current machine, the
    146         argument <literal>--set-upstream origin master</literal> is
     143        argument <literal>--set-upstream origin main</literal> is
    147144        now no longer required as the local repository is now
    148145        connected to the remote repository. Subsequent pushes
     
    166163      <note>
    167164        <para>
    168           This is a very basic server setup based on <application>OpenSSH</application>
    169           access. All developers are using the <systemitem
    170           class="username">git</systemitem> user to perform actions
    171           on the repository and the changes users are commiting can
    172           be distiguished as the local user name (see
     165          This is a very basic server setup based on
     166          <application>OpenSSH</application> access. All developers are using
     167          the <systemitem class="username">git</systemitem> user to perform
     168          actions on the repository and the changes users are commiting can be
     169          distiguished as the local user name (see
    173170          <filename>~/.gitconfig</filename>) is recorded in the
    174171          changesets.</para>
    175172      </note>
    176173
    177       <para>Access is restricted by the public keys added to git's
     174      <para>
     175        Access is restricted by the public keys added to git's
    178176        <filename>authorized_keys</filename> file and there is no
    179177        option for the public to export/clone the repository. To
     
    189187        The setup described above makes a repository available for
    190188        authenticated users (via providing the ssh public key file).
    191         There is also a quite simple server to publish the
     189        There is also a quite simple way to publish the
    192190        repository to unauthenticated users - of course without write
    193191        access.
    194192      </para>
    195193      <para>
    196         The combination of access via ssh (for authenticated users) and
     194        The compination of access via ssh (for authenticated users) and
    197195        the export of repositories to unauthenticated users via the
    198196        daemon is in most cases enough for a development site.
     
    207205      </note>
    208206
    209     </sect3>
    210    
    211     <sect3 id="gitserver-init">
    212       <title>4. Starting the Server</title>
    213 
     207      <para>
     208        As user <systemitem class='username'>root</systemitem> do:
     209      </para>
     210
     211<screen role="root" revision="sysv"><userinput>cat &gt; /etc/rc.d/init.d/git-daemon &lt;&lt;"EOF"
     212#!/bin/sh
     213########################################################################
     214# Begin /etc/rc.d/init.d/git-daemon
     215#
     216# Description : Start/Stop git as a daemon
     217#
     218# Authors     :
     219#
     220# Version     : LFS 10.0
     221#
     222# Notes       :
     223#
     224########################################################################
     225
     226### BEGIN INIT INFO
     227# Provides:            git-daemon
     228# Required-Start:      network
     229# Should-Start:
     230# Required-Stop:
     231# Should-Stop:
     232# Default-Start:
     233# Default-Stop:
     234# Short-Description:   git as daemon
     235# Description:
     236# X-LFS-Provided-By:
     237### END INIT INFO
     238
     239. /lib/lsb/init-functions
     240
     241GIT_BIN="/usr/bin/git"
     242DFT_REPO_DIR="/srv/git/"
     243PID_FILE="/run/git-daemon.pid"
     244
     245case "${1}" in
     246   start)
     247      log_info_msg "Starting git-daemon ..."
     248      $GIT_BIN daemon               \
     249               --detach             \
     250               --pid-file=$PID_FILE \
     251               --user=git           \
     252               --group=git          \
     253               --reuseaddr          \
     254               --base-path=$DFT_REPO_DIR $DFT_REPO_DIR
     255      evaluate_retval
     256      ;;
     257
     258   stop)
     259      log_info_msg "Stopping git-daemon ..."
     260      killproc -p $PID_FILE $GIT_BIN
     261      evaluate_retval
     262      ;;
     263
     264   restart)
     265      ${0} stop
     266      sleep 1
     267      ${0} start
     268      ;;
     269
     270   *)
     271      echo "Usage: ${0} {start|stop|restart}"
     272      exit 1
     273      ;;
     274esac
     275
     276exit 0
     277
     278# End /etc/rc.d/init.d/git-daemon
     279EOF
     280
     281chmod 755 /etc/rc.d/init.d/git-daemon
     282ln -v -sf ../init.d/git-daemon /etc/rc.d/rc0.d/K29git-daemon
     283ln -v -sf ../init.d/git-daemon /etc/rc.d/rc1.d/K29git-daemon
     284ln -v -sf ../init.d/git-daemon /etc/rc.d/rc2.d/K29git-daemon
     285ln -v -sf ../init.d/git-daemon /etc/rc.d/rc3.d/S50git-daemon
     286ln -v -sf ../init.d/git-daemon /etc/rc.d/rc4.d/S50git-daemon
     287ln -v -sf ../init.d/git-daemon /etc/rc.d/rc5.d/S50git-daemon
     288ln -v -sf ../init.d/git-daemon /etc/rc.d/rc6.d/K29git-daemon</userinput></screen>
     289
     290<screen role="root" revision="systemd"><userinput>cat &gt; /etc/systemd/system/git-daemon.service &lt;&lt;EOF
     291[Unit]
     292Description=Start Git Daemon
     293
     294[Service]
     295ExecStart=/usr/bin/git daemon --reuseaddr --base-path=/srv/git/ /srv/git/
     296
     297Restart=always
     298RestartSec=500ms
     299
     300StandardOutput=syslog
     301StandardError=syslog
     302SyslogIdentifier=git-daemon
     303
     304User=git
     305Group=git
     306
     307[Install]
     308WantedBy=multi-user.target
     309EOF</userinput></screen>
     310
     311      <para revision="systemd">
     312        Enable and start the daemon by executing:
     313      </para>
     314
     315<screen role="root" revision="systemd"><userinput>systemctl enable git-daemon &amp;&amp;
     316systemctl start git-daemon</userinput></screen>
     317     
    214318      <para revision="sysv">
    215         To start the server at boot time, install the git-daemon
    216         bootscript included in the <xref linkend="bootscripts"/> package:
    217       </para>
    218 
    219       <para revision="systemd">
    220         To start the server at boot time, install the
    221         <filename>git-daemon.service</filename> unit from the
    222         <xref linkend="systemd-units"/> package:
    223       </para>
    224 
    225       <indexterm zone="gitserver gitserver-init" revision="sysv">
    226         <primary sortas="f-git">git</primary>
    227       </indexterm>
    228 
    229 <screen role="root" revision="sysv"><userinput>make install-git-daemon</userinput></screen>
    230 
    231       <indexterm zone="gitserver gitserver-init" revision="systemd">
    232         <primary sortas="f-gitserve">gitserve</primary>
    233       </indexterm>
    234 
    235 <screen role="root" revision="systemd"><userinput>make install-git-daemon</userinput></screen>
    236 
    237       <para>
    238         In order to make <application>git</application> exporting a
     319        Start the daemon be executing
     320      </para>
     321<screen role="root" revision="sysv"><userinput>/etc/rc.d/init.d/git-daemon start</userinput></screen>
     322     
     323      <para>
     324        In order to allow <application>git</application> to export a
    239325        repository, a file named <filename>git-daemon-export-ok</filename>
    240326        is required in each repository directory on the server. The
     
    245331<screen role="root"><userinput>touch /srv/git/project1.git/git-daemon-export-ok</userinput></screen>
    246332
    247       <para>
    248         Also review the configuration file
    249         <filename revision="sysv">/etc/sysconfig/git-daemon</filename>
    250         <filename revision="systemd">/etc/default/git-daemon</filename>
    251         for valid repository paths.
    252       </para>
    253      
    254333    </sect3>
    255334
  • postlfs/security/iptables.xml

    r6cbbb2d r78f55b5  
    8181      <ulink url="https://netfilter.org/projects/libnfnetlink/">libnfnetlink</ulink>
    8282      (required for connlabel support),
    83       <ulink url="https://netfilter.org/projects/libnetfilter_conntrack/">libnetfilter_conntrack"</ulink>, and
    84       (required for connlabel support)
     83      <ulink url="https://netfilter.org/projects/libnetfilter_conntrack/">libnetfilter_conntrack"</ulink>
     84      (required for connlabel support), and
    8585      <ulink url="https://netfilter.org/projects/nftables/">nftables</ulink>
    8686    </para>
Note: See TracChangeset for help on using the changeset viewer.