Index: general/prog/gitserver.xml
===================================================================
--- general/prog/gitserver.xml (revision 7a8cc527dbcf0d72c5ba216f1638671cb89fae55)
+++ general/prog/gitserver.xml (revision 7a8cc527dbcf0d72c5ba216f1638671cb89fae55)
@@ -0,0 +1,332 @@
+
+
+ %general-entities;
+
+
+]>
+
+
+
+
+
+ $LastChangedBy$
+ $Date$
+
+
+ Running a git Server
+
+
+ Running a git Server
+
+
+ This section will describe how to set up, administer and secure
+ a git server. It is recommended to
+ have a look to the git-scm documentation
+ as git has many options to set.
+
+
+ git Server Dependencies
+
+ Required
+
+ and
+
+
+
+
+
+
+ Setting up a git Server.
+
+
+ The following instructions will install a
+ git server, which will be set
+ up to use OpenSSH as the secure
+ remote access method.
+
+
+
+ Configuration of the git server
+ consists of the following steps:
+
+
+
+ 1. Setup Users, Groups, and Permissions
+
+
+ You'll need to be user
+ root for the
+ initial portion of configuration. Create the git user and group with the
+ following commands:
+
+
+groupadd -g &gitgid; git &&
+useradd -c "git Owner" -d /home/git -m -g git -s /usr/bin/git-shell -u &gituid; git
+
+
+ Create some files and directories in the home directory
+ of the git user. The current approach is to allow access
+ to the git repository using ssh keys.
+
+
+install -o git -g git -dm0700 /home/git/.ssh &&
+install -o git -g git -m0600 /dev/null /home/git/.ssh/authorized_keys
+
+
+
+ For any developer who should have access to the repository
+ add his/hers public ssh key to /home/git/.ssh/authorized_keys.
+ Prepending some options to prevent users to use the
+ connection to git for port forwarding to other machines
+ the git server might reach.
+
+
+echo -n "no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty " >> /home/git/.ssh/authorized_keys &&
+cat users-ssh-key >> /home/git/.ssh/authorized_keys
+
+
+
+
+ 2. Create a git repository.
+
+
+ The repository can be but has not to be in git users home
+ directory - it can be anywhere on the filesystem. It is
+ important that the git user has read/write access to that
+ location. We use /srv/git
+ as base directory. Create a new git
+ repository with the following commands (as the
+ root user):
+
+
+install -o git -g git -m0755 -d /srv/git/project1.git &&
+cd /srv/git/project1.git &&
+git init --bare &&
+chown -R git:git .
+
+
+ Now that the repository is created, it can be used by the
+ developers to put some files into it. Once the ssh key of
+ the user is imported to git's authorized_keys
+ file, the user can interact with the repository.
+
+
+
+ A minimal configuration should be available on developers
+ machine specifying its user name and the email address.
+ Create this minimal config file on client side:
+
+
+cat > ~/.gitconfig <<EOF
+[user]
+ name = <users-name>
+ email = <users-email-address>
+EOF
+
+ On the developers machine, setup some files to be pushed
+ to the repository as the initial content:
+
+
+mkdir myproject
+cd myproject
+git init
+git remote add origin git@gitserver:/srv/git/project1.git
+cat >README <<EOF
+This is the README file
+EOF
+git add README
+git commit -m 'Initial creation of README'
+git push --set-upstream origin master
+
+ The initial content is now pushed to the server and
+ is available for other users. On the current machine, the
+ argument --set-upstream origin master is
+ now no longer required as the local repository is now
+ connected to the remote repository. Subsequent pushes
+ can be performed as
+
+
+git push
+
+
+ Other developers can now clone the repository and do
+ modifications to the content (as long as their ssh keys
+ has been installed):
+
+
+git clone git@gitserver:/srv/git/project1.git
+cd project1
+vi README
+git commit -am 'Fix for README file'
+git push
+
+
+
+ This is a very basic server setup based on OpenSSH
+ access. All developers are using the git user to perform actions
+ on the repository and the changes users are commiting can
+ be distiguished as the local user name (see
+ ~/.gitconfig) is recorded in the
+ changesets.
+
+
+ Access is restricted by the public keys added to git's
+ authorized_keys file and there is no
+ option for the public to export/clone the repository. To
+ enable this, continue with step 3 to setup the git server.
+
+
+
+
+
+ 3. Configure the Server
+
+
+ The setup described above makes a repository available for
+ authenticated users (via providing the ssh public key file).
+ There is also a quite simple server to publish the
+ repository to unauthenticated users - of course without write
+ access.
+
+
+ The compination of access via ssh (for authenticated users) and
+ the export of repositories to unauthenticated users via the
+ daemon is in most cases enough for a development site.
+
+
+
+
+ The daemon will be reachable at port 9418
+ by default. Make sure that your firewall setup allows
+ access to that port.
+
+
+
+
+ As user root do:
+
+
+cat > /etc/rc.d/init.d/git-daemon <<"EOF"
+#!/bin/sh
+########################################################################
+# Begin /etc/rc.d/init.d/git-daemon
+#
+# Description : Start/Stop git as a daemon
+#
+# Authors :
+#
+# Version : LFS x.x
+#
+# Notes :
+#
+########################################################################
+
+### BEGIN INIT INFO
+# Provides: git-daemon
+# Required-Start: network
+# Should-Start:
+# Required-Stop:
+# Should-Stop:
+# Default-Start:
+# Default-Stop:
+# Short-Description: git as daemon
+# Description:
+# X-LFS-Provided-By:
+### END INIT INFO
+
+. /lib/lsb/init-functions
+
+GIT_BIN="/usr/bin/git"
+DFT_REPO_DIR="/srv/git/"
+PID_FILE="/run/git-daemon.pid"
+
+case "${1}" in
+ start)
+ log_info_msg "Starting git-daemon ..."
+ $GIT_BIN daemon \
+ --detach --pid-file=$PID_FILE \
+ --user=git --group=git \
+ --reuseaddr --base-path=$DFT_REPO_DIR $DFT_REPO_DIR
+ evaluate_retval
+ ;;
+
+ stop)
+ log_info_msg "Stopping git-daemon ..."
+ killproc -p $PID_FILE $GIT_BIN
+ evaluate_retval
+ ;;
+
+ restart)
+ ${0} stop
+ sleep 1
+ ${0} start
+ ;;
+
+ *)
+ echo "Usage: ${0} {start|stop|restart}"
+ exit 1
+ ;;
+esac
+
+exit 0
+
+# End /etc/rc.d/init.d/git-daemon
+EOF
+chmod 755 /etc/rc.d/init.d/git-daemon
+ln -v -sf ../init.d/git-daemon /etc/rc.d/rc0.d/K29git-daemon
+ln -v -sf ../init.d/git-daemon /etc/rc.d/rc1.d/K29git-daemon
+ln -v -sf ../init.d/git-daemon /etc/rc.d/rc2.d/K29git-daemon
+ln -v -sf ../init.d/git-daemon /etc/rc.d/rc3.d/S50git-daemon
+ln -v -sf ../init.d/git-daemon /etc/rc.d/rc4.d/S50git-daemon
+ln -v -sf ../init.d/git-daemon /etc/rc.d/rc5.d/S50git-daemon
+ln -v -sf ../init.d/git-daemon /etc/rc.d/rc6.d/K29git-daemon
+
+cat > /etc/systemd/system/git-daemon.service <<EOF
+[Unit]
+Description=Start Git Daemon
+
+[Service]
+ExecStart=/usr/bin/git daemon --reuseaddr --base-path=/srv/git/ /srv/git/
+
+Restart=always
+RestartSec=500ms
+
+StandardOutput=syslog
+StandardError=syslog
+SyslogIdentifier=git-daemon
+
+User=git
+Group=git
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+ Enable and start the daemon be executing
+
+systemctl enable git-daemon &&
+systemctl start git-daemon
+
+ Start the daemon be executing
+
+/etc/rc.d/init.d/git-daemon start
+
+
+ In order to make git exporting a
+ repository, a file named git-daemon-export-ok
+ is required in each repository directory on the server. The
+ file needs no content, just its existance enables, its absence
+ disables the export of that repository.
+
+
+touch /srv/git/project1.git/git-daemon-export-ok
+
+
+
+
+
+
Index: general/prog/prog.xml
===================================================================
--- general/prog/prog.xml (revision d67acd4f5d69484a178fc47043ace7a1f08121cb)
+++ general/prog/prog.xml (revision 7a8cc527dbcf0d72c5ba216f1638671cb89fae55)
@@ -38,4 +38,5 @@
+