Gitosis配置手记

Git是目前世界上最先进的分布式版本控制系统。大名鼎鼎的GitHub就是一个免费托管开源代码的远程仓库。但既不想公开源代码，又舍不得给GitHub交保护费，那需要我们自己搭建一台Git服务器作为私有仓库使用。下面我们使用gitosis（https://github.com/res0nat0r/gitosis）这个服务器来配置这个私有仓库。简单地说，Gitosis 就是一套用来管理 authorized_keys文件和实现简单连接限制的脚本，它是Python开发的，所以要保证Python和Python setuptools提前安装好。
apt-get install python-setuptools

1. gitosis安装

(1). 首先要保证openssh的服务器和客户端已经被安装，并安装git
apt-get install openssh-server openssh-client
apt-get install git-core
(2). git配置准备

# 创建git仓库存储目录
sudo mkdir -p /app/git/repositories
# 设置git仓库权限
sudo chown -R git:git /app/git/repositories
sudo chmod -R 755 /app/git/repositories
sudo useradd -d /app/git -m git
sudo passwd git

# 创建git仓库存储目录

sudo mkdir -p /app/git/repositories

# 设置git仓库权限

sudo chown -R git:git /app/git/repositories

sudo chmod -R 755 /app/git/repositories

sudo useradd -d /app/git -m git

sudo passwd git

创建gitosis管理员的个人公钥和私钥。首先su到git用户下面
su - git
默认生成2048位，可以提高到4096位来提高安全级别，通过下面的命令创建公钥和私钥
ssh-keygen -t rsa -b 4096
默认情况下，公钥和私钥会保存在~/.ssh目录下，如下所示：

id_rsa  id_rsa.pub  known_hosts

1	id_rsa id_rsa.pub known_hosts

初始化全局设置

git config --global user.name "git"
git config --global user.email "git@test.com"

1 2	git config --global user.name "git" git config --global user.email "git@test.com"

(3)、获取并安装gitosis

cd /tmp
git clone https://github.com/res0nat0r/gitosis.gitcd gitosis
sudo python setup.py install

cd /tmp

git clone https://github.com/res0nat0r/gitosis.gitcd gitosis

sudo python setup.py install

2、管理gitosis

首先要用之前创建的管理员公钥初始化gitosis。

su - git
$ gitosis-init < ~/.ssh/id_rsa.pub 
Reinitialized existing Git repository in /app/git/repositories/gitosis-admin.git/
Reinitialized existing Git repository in /app/git/repositories/gitosis-admin.git/
chmod 755 /app/git/repositories/gitosis-admin.git/hooks/post-update

su - git

$ gitosis-init < ~/.ssh/id_rsa.pub

Reinitialized existing Git repository in /app/git/repositories/gitosis-admin.git/

chmod 755 /app/git/repositories/gitosis-admin.git/hooks/post-update

下面用用初始化 Gitosis 的公钥的拥有者身份 SSH 登录服务器，会显示下面的报错信息。

$ ssh -p 9999 git@localhost
PTY allocation request failed on channel 0
ERROR:gitosis.serve.main:Need SSH_ORIGINAL_COMMAND in environment.
Connection to localhost closed.

$ ssh -p 9999 git@localhost

PTY allocation request failed on channel 0

ERROR:gitosis.serve.main:Need SSH_ORIGINAL_COMMAND in environment.

Connection to localhost closed.

Gitosis 认出了该用户的身份，但由于没有运行任何 Git 命令，所以它断开了连接。下面通过git clone命令来连接并克隆gitosis的控制仓库。首先创建一个目录来
mkdir myrepo
这里我把服务器默认的ssh端口修改了，所以要在客户端中创建~/.ssh/config，并添加Port 12345这一行。然后执行下面语句克隆

git clone git@localhost:gitosis-admin.git
Cloning into 'gitosis-admin'...
remote: Counting objects: 5, done.
remote: Compressing objects: 100% (4/4), done.
remote: Total 5 (delta 0), reused 5 (delta 0)
Receiving objects: 100% (5/5), done.
Checking connectivity... done.

git clone git@localhost:gitosis-admin.git

Cloning into 'gitosis-admin'...

remote: Counting objects: 5, done.

remote: Compressing objects: 100% (4/4), done.

remote: Total 5 (delta 0), reused 5 (delta 0)

Receiving objects: 100% (5/5), done.

Checking connectivity... done.

这样gitosis的控制目录gitosis-admin就被clone下了。里面结构如下：

cd gitosis-admin/
$ ls -R
.:
gitosis.conf  keydir

./keydir:
git@my-server.pub

cd gitosis-admin/

$ ls -R

gitosis.conf keydir

./keydir:

git@my-server.pub

其中：
gitosis.conf 文件是用来设置用户、仓库和权限的配置文件。
keydir 目录则是保存所有具有访问权限用户公钥的地方，允许访问gitosis的用户的公钥都保存在这里。

$ cat gitosis.conf 
[gitosis]

[group gitosis-admin]
members = git@my-server
writable = gitosis-admin

$ cat gitosis.conf

[gitosis]

[group gitosis-admin]

members = git@my-server

writable = gitosis-admin

这表明了用户git（初始化 Gitosis 公钥的拥有者）是拥有唯一管理 gitosis-admin这个仓库的权限。
下面我们可以新增一个项目。为此我们要建立一个名为dev的组(group)，以及他们拥有写权限的项目。并允许’debugo’这个用户有权利读写’proj1’这个新项目：

[group dev]
members = debugo@my-server
writable = proj1

[group dev]

members = debugo@my-server

writable = proj1

debugo虽然已经添加到了配置文件中，但它的公钥还没有被gitosis获知。所以我们要将debugo的公钥改名为debugo.pub，拷贝到keydir中。

cp /tmp/id_rsa.pub keydir/debugo@my-server.pub
git add keydir/debugo@my-server.pub

1 2	cp /tmp/id_rsa.pub keydir/debugo@my-server.pub git add keydir/debugo@my-server.pub

修改完之后，提交 gitosis-admin 里的改动，并push到服务器使其生效。

$ git commit -am 'add new group'
[master 36fc5a9] add new group
 2 file changed, 3 insertions(+)
$ git push origin master
Counting objects: 5, done.
......
   9bc77eb..36fc5a9  master -> master

$ git commit -am 'add new group'

[master 36fc5a9] add new group

2 file changed, 3 insertions(+)

$ git push origin master

Counting objects: 5, done.

......

9bc77eb..36fc5a9 master -> master

3. git项目管理

在debugo用户目录下，首先先初始化用户信息。

$ git commit -am 'add new group'
[master 36fc5a9] add new group
 2 file changed, 3 insertions(+)
$ git push origin master
Counting objects: 5, done.
......
   9bc77eb..36fc5a9  master -> master

$ git commit -am 'add new group'

[master 36fc5a9] add new group

2 file changed, 3 insertions(+)

$ git push origin master

Counting objects: 5, done.

......

9bc77eb..36fc5a9 master -> master

debugo用户已经有对proj1这个项目有读写权限了，但是proj1这个项目并没有任何内容。下面我们首先初始化一个本地项目。

$ mkdir proj1
$ cd proj1/
$ git init
Initialized empty Git repository in /home/debugo/proj1/.git/
# 添加几个新文件,并将所有文件列入索引中。
$ touch main.py hello.py
$ git add .
# 添加文件内容并进行一次提交
$ echo 'print "hello world"' > hello.py 

$ git commit -a -m "origin"
[master (root-commit) b9ecf8e] origin
 2 files changed, 1 insertion(+)
 create mode 100644 hello.py
 create mode 100644 main.py
# 检查该git仓库状态，保证它是最新的。
$ git status
On branch master
nothing to commit, working directory clean
# 下面push到远程的server上。
$ git remote add origin git@localhost:proj1.git
$ git push origin master
Initialized empty Git repository in /app/git/repositories/proj1.git/
Counting objects: 4, done.
Delta compression using up to 2 threads.
Compressing objects: 100% (2/2), done.
Writing objects: 100% (4/4), 261 bytes | 0 bytes/s, done.
Total 4 (delta 0), reused 0 (delta 0)
To git@localhost:proj1.git
 * [new branch]      master -> master

$ mkdir proj1

$ cd proj1/

$ git init

Initialized empty Git repository in /home/debugo/proj1/.git/

# 添加几个新文件,并将所有文件列入索引中。

$ touch main.py hello.py

$ git add .

# 添加文件内容并进行一次提交

$ echo 'print "hello world"' > hello.py

$ git commit -a -m "origin"

[master (root-commit) b9ecf8e] origin

2 files changed, 1 insertion(+)

create mode 100644 hello.py

create mode 100644 main.py

# 检查该git仓库状态，保证它是最新的。

$ git status

On branch master

nothing to commit, working directory clean

# 下面push到远程的server上。

$ git remote add origin git@localhost:proj1.git

$ git push origin master

Initialized empty Git repository in /app/git/repositories/proj1.git/

Counting objects: 4, done.

Delta compression using up to 2 threads.

Compressing objects: 100% (2/2), done.

Writing objects: 100% (4/4), 261 bytes | 0 bytes/s, done.

Total 4 (delta 0), reused 0 (delta 0)

To git@localhost:proj1.git

* [new branch] master -> master

OK！下面添加一个新的只读账户qa。在控制仓库中编辑一个新的组qa

$ cp /tmp/qa@my-server.pub keydir/

$ vim gitosis.conf
[group qa]
members = qa@my-server
readonly = proj1

$ git commit  -am 'add new group and key'
[master 6da3ce2] add new group and key
 1 file changed, 4 insertions(+)

$ git push origin master
Counting objects: 5, done.
......

$ cp /tmp/qa@my-server.pub keydir/

$ vim gitosis.conf

[group qa]

members = qa@my-server

readonly = proj1

$ git commit -am 'add new group and key'

[master 6da3ce2] add new group and key

1 file changed, 4 insertions(+)

$ git push origin master

Counting objects: 5, done.

......

下面在qa用户中，可以checkout这个项目了。

#初始化客户端
$ echo "port 12345" > .ssh/config
$ git config --global user.name "qa"
$ git config --global user.email "qa@test.com"

#初始化客户端

$ echo "port 12345" > .ssh/config

$ git config --global user.name "qa"

$ git config --global user.email "qa@test.com"

下面成功从server上clone下项目，并检查是否能进行提交。

$ git clone git@localhost:proj1.git
Cloning into 'proj1'...
remote: Counting objects: 4, done.
remote: Compressing objects: 100% (2/2), done.
remote: Total 4 (delta 0), reused 0 (delta 0)
Receiving objects: 100% (4/4), done.
Checking connectivity... done.
$ git push origin master
.......
Please make sure you have the correct access rights
and the repository exists.

$ git clone git@localhost:proj1.git

Cloning into 'proj1'...

remote: Counting objects: 4, done.

remote: Compressing objects: 100% (2/2), done.

remote: Total 4 (delta 0), reused 0 (delta 0)

Receiving objects: 100% (4/4), done.

Checking connectivity... done.

$ git push origin master

.......

Please make sure you have the correct access rights

and the repository exists.

参考:

https://github.com/res0nat0r/gitosis

http://wiki.ubuntu.org.cn/Git%E6%9C%8D%E5%8A%A1%E5%99%A8Gitosis%E5%AE%89%E8%A3%85%E8%AE%BE%E7%BD%AE

http://git-scm.com/book/zh/v1/%E6%9C%8D%E5%8A%A1%E5%99%A8%E4%B8%8A%E7%9A%84-Git-Gitosis

Gitosis配置手记

1. gitosis安装

2、管理gitosis

3. git项目管理

近期文章

热评文章

文章归档

分类目录

友链

功能