- Timestamp:
- 01/06/2021 03:41:15 AM (3 years ago)
- Branches:
- 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, lazarus, lxqt, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal
- Children:
- bbeb20f
- Parents:
- 6cbbb2d
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
general/prog/gitserver.xml
r6cbbb2d r78f55b5 8 8 ]> 9 9 10 <sect1 id="gitserver" xreflabel="Running a git Server">10 <sect1 id="gitserver" xreflabel="Running a Git Server"> 11 11 <?dbhtml filename="gitserver.html"?> 12 12 … … 16 16 </sect1info> 17 17 18 <title>Running a git Server</title>18 <title>Running a Git Server</title> 19 19 20 20 <sect2 role="package"> 21 <title> Running a git Server</title>21 <title>Introduction</title> 22 22 23 23 <para> 24 This section will describe how to set up, administer and secure 25 a <application>git</application> server. It is recommended to26 ha ve a look to the <ulink url="https://git-scm.com/book/en/v2">git-scm documentation</ulink>27 as <application>git</application> has many options to set.24 This section will describe how to set up, administer and secure a 25 <application>git</application> server. <application>Git</application> 26 has many options available. For more detailed documentation see 27 <ulink url="https://git-scm.com/book/en/v2"/>. 28 28 </para> 29 29 30 <bridgehead renderas="sect3"> gitServer Dependencies</bridgehead>30 <bridgehead renderas="sect3">Server Dependencies</bridgehead> 31 31 32 32 <bridgehead renderas="sect4">Required</bridgehead> … … 39 39 40 40 <sect2 role="configuration"> 41 <title>Setting up a git Server.</title>41 <title>Setting up a Git Server.</title> 42 42 43 43 <para> 44 44 The following instructions will install a 45 <application>git</application> server , whichwill be set45 <application>git</application> server. It will be set 46 46 up to use <application>OpenSSH</application> as the secure 47 47 remote access method. … … 49 49 50 50 <para> 51 Configuration of the <application>git</application> server 52 consists of the following steps: 51 Configuration of the server consists of the following steps: 53 52 </para> 54 53 … … 57 56 58 57 <para> 59 You'll need to be user 60 <systemitem class='username'>root</systemitem> for the 61 initial portion of configuration. Create the <systemitem 62 class="username">git</systemitem> user and group with the 63 following commands: 58 You will need to be user <systemitem class='username'>root</systemitem> 59 for the initial portion of configuration. Create the <systemitem 60 class="username">git</systemitem> user and group with the following 61 commands: 64 62 </para> 65 63 … … 68 66 69 67 <para> 70 Create some files and directories in the home directory 71 of the git user. The current approach is to allow access 72 to the git repository using ssh keys. 68 Create some files and directories in the home directory of the git user 69 allowing access to the git repository using ssh keys. 73 70 </para> 74 71 … … 79 76 <para> 80 77 For any developer who should have access to the repository 81 add his/her spublic ssh key to <filename>/home/git/.ssh/authorized_keys</filename>.82 Prependingsome options to prevent users to use the78 add his/her public ssh key to <filename>/home/git/.ssh/authorized_keys</filename>. 79 First, prepend some options to prevent users to use the 83 80 connection to git for port forwarding to other machines 84 81 the git server might reach. … … 86 83 87 84 <screen role="nodump"><userinput>echo -n "no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty " >> /home/git/.ssh/authorized_keys && 88 cat users-ssh-key >>/home/git/.ssh/authorized_keys</userinput></screen>85 cat <user-ssh-key> >> /home/git/.ssh/authorized_keys</userinput></screen> 89 86 90 87 </sect3> … … 94 91 95 92 <para> 96 The repository can be but has not to be in git users home 97 directory - it can be anywhere on the filesystem. It is 93 The repository can be anywhere on the filesystem. It is 98 94 important that the git user has read/write access to that 99 95 location. We use <filename class="directory">/srv/git</filename> … … 103 99 </para> 104 100 105 <screen role="root"><userinput>install -o git -g git -m 0755 -d /srv/git/project1.git &&106 cd /srv/git/project1.git &&107 git init --bare &&101 <screen role="root"><userinput>install -o git -g git -m755 -d /srv/git/project1.git && 102 cd /srv/git/project1.git && 103 git init --bare && 108 104 chown -R git:git .</userinput></screen> 109 105 … … 116 112 117 113 <para> 118 A minimal configuration should be available on developers119 machinespecifying its user name and the email address.114 A minimal configuration should be available on the developer's 115 dudyrm specifying its user name and the email address. 120 116 Create this minimal config file on client side: 121 117 </para> … … 127 123 EOF</userinput></screen> 128 124 129 <para>On the developers machine, setup some files to be pushed 125 <para> 126 On the developer's machine, setup some files to be pushed 130 127 to the repository as the initial content: 131 128 </para> … … 133 130 <screen role="nodump"><userinput>mkdir myproject 134 131 cd myproject 135 git init 132 git init --initial-branch=main 136 133 git remote add origin git@gitserver:/srv/git/project1.git 137 134 cat >README <<EOF … … 140 137 git add README 141 138 git commit -m 'Initial creation of README' 142 git push --set-upstream origin ma ster</userinput></screen>139 git push --set-upstream origin main</userinput></screen> 143 140 144 141 <para>The initial content is now pushed to the server and 145 142 is available for other users. On the current machine, the 146 argument <literal>--set-upstream origin ma ster</literal> is143 argument <literal>--set-upstream origin main</literal> is 147 144 now no longer required as the local repository is now 148 145 connected to the remote repository. Subsequent pushes … … 166 163 <note> 167 164 <para> 168 This is a very basic server setup based on <application>OpenSSH</application>169 access. All developers are using the <systemitem170 class="username">git</systemitem> user to perform actions171 on the repository and the changes users are commiting can172 bedistiguished as the local user name (see165 This is a very basic server setup based on 166 <application>OpenSSH</application> access. All developers are using 167 the <systemitem class="username">git</systemitem> user to perform 168 actions on the repository and the changes users are commiting can be 169 distiguished as the local user name (see 173 170 <filename>~/.gitconfig</filename>) is recorded in the 174 171 changesets.</para> 175 172 </note> 176 173 177 <para>Access is restricted by the public keys added to git's 174 <para> 175 Access is restricted by the public keys added to git's 178 176 <filename>authorized_keys</filename> file and there is no 179 177 option for the public to export/clone the repository. To … … 189 187 The setup described above makes a repository available for 190 188 authenticated users (via providing the ssh public key file). 191 There is also a quite simple serverto publish the189 There is also a quite simple way to publish the 192 190 repository to unauthenticated users - of course without write 193 191 access. 194 192 </para> 195 193 <para> 196 The com bination of access via ssh (for authenticated users) and194 The compination of access via ssh (for authenticated users) and 197 195 the export of repositories to unauthenticated users via the 198 196 daemon is in most cases enough for a development site. … … 207 205 </note> 208 206 209 </sect3> 210 211 <sect3 id="gitserver-init"> 212 <title>4. Starting the Server</title> 213 207 <para> 208 As user <systemitem class='username'>root</systemitem> do: 209 </para> 210 211 <screen role="root" revision="sysv"><userinput>cat > /etc/rc.d/init.d/git-daemon <<"EOF" 212 #!/bin/sh 213 ######################################################################## 214 # Begin /etc/rc.d/init.d/git-daemon 215 # 216 # Description : Start/Stop git as a daemon 217 # 218 # Authors : 219 # 220 # Version : LFS 10.0 221 # 222 # Notes : 223 # 224 ######################################################################## 225 226 ### BEGIN INIT INFO 227 # Provides: git-daemon 228 # Required-Start: network 229 # Should-Start: 230 # Required-Stop: 231 # Should-Stop: 232 # Default-Start: 233 # Default-Stop: 234 # Short-Description: git as daemon 235 # Description: 236 # X-LFS-Provided-By: 237 ### END INIT INFO 238 239 . /lib/lsb/init-functions 240 241 GIT_BIN="/usr/bin/git" 242 DFT_REPO_DIR="/srv/git/" 243 PID_FILE="/run/git-daemon.pid" 244 245 case "${1}" in 246 start) 247 log_info_msg "Starting git-daemon ..." 248 $GIT_BIN daemon \ 249 --detach \ 250 --pid-file=$PID_FILE \ 251 --user=git \ 252 --group=git \ 253 --reuseaddr \ 254 --base-path=$DFT_REPO_DIR $DFT_REPO_DIR 255 evaluate_retval 256 ;; 257 258 stop) 259 log_info_msg "Stopping git-daemon ..." 260 killproc -p $PID_FILE $GIT_BIN 261 evaluate_retval 262 ;; 263 264 restart) 265 ${0} stop 266 sleep 1 267 ${0} start 268 ;; 269 270 *) 271 echo "Usage: ${0} {start|stop|restart}" 272 exit 1 273 ;; 274 esac 275 276 exit 0 277 278 # End /etc/rc.d/init.d/git-daemon 279 EOF 280 281 chmod 755 /etc/rc.d/init.d/git-daemon 282 ln -v -sf ../init.d/git-daemon /etc/rc.d/rc0.d/K29git-daemon 283 ln -v -sf ../init.d/git-daemon /etc/rc.d/rc1.d/K29git-daemon 284 ln -v -sf ../init.d/git-daemon /etc/rc.d/rc2.d/K29git-daemon 285 ln -v -sf ../init.d/git-daemon /etc/rc.d/rc3.d/S50git-daemon 286 ln -v -sf ../init.d/git-daemon /etc/rc.d/rc4.d/S50git-daemon 287 ln -v -sf ../init.d/git-daemon /etc/rc.d/rc5.d/S50git-daemon 288 ln -v -sf ../init.d/git-daemon /etc/rc.d/rc6.d/K29git-daemon</userinput></screen> 289 290 <screen role="root" revision="systemd"><userinput>cat > /etc/systemd/system/git-daemon.service <<EOF 291 [Unit] 292 Description=Start Git Daemon 293 294 [Service] 295 ExecStart=/usr/bin/git daemon --reuseaddr --base-path=/srv/git/ /srv/git/ 296 297 Restart=always 298 RestartSec=500ms 299 300 StandardOutput=syslog 301 StandardError=syslog 302 SyslogIdentifier=git-daemon 303 304 User=git 305 Group=git 306 307 [Install] 308 WantedBy=multi-user.target 309 EOF</userinput></screen> 310 311 <para revision="systemd"> 312 Enable and start the daemon by executing: 313 </para> 314 315 <screen role="root" revision="systemd"><userinput>systemctl enable git-daemon && 316 systemctl start git-daemon</userinput></screen> 317 214 318 <para revision="sysv"> 215 To start the server at boot time, install the git-daemon 216 bootscript included in the <xref linkend="bootscripts"/> package: 217 </para> 218 219 <para revision="systemd"> 220 To start the server at boot time, install the 221 <filename>git-daemon.service</filename> unit from the 222 <xref linkend="systemd-units"/> package: 223 </para> 224 225 <indexterm zone="gitserver gitserver-init" revision="sysv"> 226 <primary sortas="f-git">git</primary> 227 </indexterm> 228 229 <screen role="root" revision="sysv"><userinput>make install-git-daemon</userinput></screen> 230 231 <indexterm zone="gitserver gitserver-init" revision="systemd"> 232 <primary sortas="f-gitserve">gitserve</primary> 233 </indexterm> 234 235 <screen role="root" revision="systemd"><userinput>make install-git-daemon</userinput></screen> 236 237 <para> 238 In order to make <application>git</application> exporting a 319 Start the daemon be executing 320 </para> 321 <screen role="root" revision="sysv"><userinput>/etc/rc.d/init.d/git-daemon start</userinput></screen> 322 323 <para> 324 In order to allow <application>git</application> to export a 239 325 repository, a file named <filename>git-daemon-export-ok</filename> 240 326 is required in each repository directory on the server. The … … 245 331 <screen role="root"><userinput>touch /srv/git/project1.git/git-daemon-export-ok</userinput></screen> 246 332 247 <para>248 Also review the configuration file249 <filename revision="sysv">/etc/sysconfig/git-daemon</filename>250 <filename revision="systemd">/etc/default/git-daemon</filename>251 for valid repository paths.252 </para>253 254 333 </sect3> 255 334
Note:
See TracChangeset
for help on using the changeset viewer.