Git Workshop : Git On The Server

5,245 views

Published on

Published in: Technology

Git Workshop : Git On The Server

  1. 1. #4 Git Workshop Git on the Server Wildan Maulana wildan.m@openthinklabs.com http://workshop.openthinklabs.com
  2. 2. Refresh Your Mind : http://blogs.mikeci.com/2010/09/17/getting-started-subversion-git/
  3. 3. The Protocols● Git can use four major network protocols to transfer data ● Local ● Secure Shell (SSH) ● Git ● HTTP
  4. 4. Local Protocol$ git clone /opt/git/project.git How to Clone a local repository.... Or ...$ git clone file:///opt/git/project.git $ git remote add local_proj /opt/git/project.git How to add a local repository to an existing Git project
  5. 5. Local Protocol● Simple ● Shared access is generally more difficult● Use existing file permissions to set up and reach from multiple● Network access locations than basic network access● …..
  6. 6. The SSH Protocol$ git clone ssh://user@server:project.git How to clone a Git repository over SSH$ git clone user@server:project.git Not specify a user, and Git assumes the user you’re currently logged in as.
  7. 7. The SSH Protocol● You basically have to use it ifyou want authenticated ● You can’t serve anonymouswrite access to your access of your repository over itrepository over a network● SSH is relatively easy to set up● Access over SSH is secure● Like the Git and Local protocols,SSH is efficient, making the dataas compact as possiblebefore transferring it.
  8. 8. The Git Protocol● This is a special daemon that comes packaged with Git; it listens on a dedicated port (9418) that provides a service similar to the SSH protocol, but with absolutely no authentication.● In order for a repository to be served over the Git protocol, you must create the git-export-daemon-ok file — the daemon won’t serve a repository without that file in it — but other than that there is no security.● Pull only, if you enable Push anyone on the internet who finds your project’s URL could push to your project
  9. 9. The Git Protocol● The Git protocol is the fastest ● The downside of the Git protocol istransfer protocol available the lack of authentication ● It’s also probably the most difficult protocol to set up
  10. 10. The HTTP/S Protocol$ cd /var/www/htdocs/$ git clone --bare /path/to/git_project gitproject.git$ cd gitproject.git$ mv hooks/post-update.sample hooks/post-update$ chmod a+x hooks/post-update$ git clone http://example.com/gitproject.git
  11. 11. The Git Protocol● It’s easy to set up ● It’s relatively inefficient for the client● The HTTP protocol also isn’tvery resource intensive on your server● You can also serve your repositoriesread-only over HTTPS;or you can go so far asto make the clients use specificsigned SSL certificates● HTTP is such a commonly used protocol thatcorporate firewalls are often set up to allow traffic through this port
  12. 12. Git push over HTTP http://bit.ly/iA4T20
  13. 13. Getting Git on a Server$ git clone --bare my_project my_project.gitInitialized empty Git repository in /opt/projects/my_project.git/ Clone your repository to create a new bare repository, Roughly equivalent to something like $ cp -Rf my_project/.git my_project.git
  14. 14. Putting the Bare Repository on a Server$ scp -r my_project.git user@git.example.com:/opt/git$ git clone user@git.example.com:/opt/git/my_project.gitIf a user SSHs into a server and has write access to the/opt/git/my_project.git directory, they will also automatically have push access. Git will automatically add group write permissions to a repository properlyif you run the git init command with the --shared option. $ ssh user@git.example.com $ cd /opt/git/my_project.git $ git init --bare --shared
  15. 15. Small Setups One of the most complicated aspects of setting up a Git server is user management. If you want some repositories to be read-only to certain users and read/write to others, access and permissions can be a bit difficult to arrange.Have your SSH server authenticate from an LDAP serveror some other centralized authentication source SSH AccessSet up accounts for everybody,which is straightforward but can be cumbersome Create a single ‘git’ user on the machine, ask every user who is to have write access to send you an SSH public key, and add that key to the ~/.ssh/authorized_keys file of your new ‘git’ user.
  16. 16. Generating Your SSH Public Key$ cd ~/.ssh$ lsauthorized_keys2 id_dsa known_hostsconfig id_dsa.pub$ ssh-keygenGenerating public/private rsa key pair.Enter file in which to save the key (/Users/schacon/.ssh/id_rsa):Enter passphrase (empty for no passphrase):Enter same passphrase again:Your identification has been saved in /Users/schacon/.ssh/id_rsa.Your public key has been saved in /Users/schacon/.ssh/id_rsa.pub.The key fingerprint is:43:c5:5b:5f:b1:f1:50:43:ad:20:a6:92:6a:1f:9a:3a schacon@agadorlaptop.local
  17. 17. Generating Your SSH Public Key$ cat ~/.ssh/id_rsa.pubssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAklOUpkDHrfHY17SbrmTIpNLTGK9Tjom/BWDSUGPl+nafzlHDTYW7hdI4yZ5ew18JH4JW9jbhUFrviQzM7xlELEVf4h9lFX5QVkbPppSwg0cda3Pbv7kOdJ/MTyBlWXFCR+HAo3FXRitBqxiX1nKhXpHAZsMciLq8V6RjsNAQwdsdMFvSlVK/7XAt3FaoJoAsncM1Q9x5+3V0Ww68/eIFmb1zuUFljQJKprrX88XypNDvjYNby6vw/Pb0rwert/EnmZ+AW4OZPnTPI89ZPmVMLuayrD2cE86Z/il8b+gw3r3+1nKatmIkjn2so1d01QraTlMqVSsbxNrRFi9wrf+M7Q== schacon@agadorlaptop.local Now, each user that does this has to send their public key to you or whoever is administrating the Git server (assuming you’re using an SSH server setup that requires public keys). All they have to do is copy the contents of the .pub file and e-mail it More Info : http://github.com/guides/providing-your-ssh-key
  18. 18. Setting Up the Server$ sudo adduser git$ su git$ cd$ mkdir .ssh You just append them to your authorized_keys file: $ cat /tmp/id_rsa.john.pub >> ~/.ssh/authorized_keys $ cat /tmp/id_rsa.josie.pub >> ~/.ssh/authorized_keys $ cat /tmp/id_rsa.jessica.pub >> ~/.ssh/authorized_keys $ cd /opt/git $ mkdir project.git $ cd project.git $ git --bare init
  19. 19. Setting Up the Server# on Johns computer$ cd myproject$ git init$ git add .$ git commit -m initial commit$ git remote add origin git@gitserver:/opt/git/project.git$ git push origin master At this point, the others can clone it down and push changes back up just as easily: $ git clone git@gitserver:/opt/git/project.git $ vim README $ git commit -am fix for the README file $ git push origin master
  20. 20. Setting Up the Server As an extra precaution, you can easily restrict the ‘git’ user to only doing Git activities with a limited shell tool called git-shell that comes with Git. If you set this as your ‘git’ user’s login shell, then the ‘git’ user can’t have normal shell access to your server.$ sudo vim /etc/passwdAt the bottom, you should find a line that looks something like this:git:x:1000:1000::/home/git:/bin/sh git:x:1000:1000::/home/git:/usr/bin/git-shell $ ssh git@gitserver fatal: What do you think I am? A shell? Connection to gitserver closed.
  21. 21. Public AccessEnable the hook:$ cd project.git$ mv hooks/post-update.sample hooks/post-update$ chmod a+x hooks/post-update<VirtualHost *:80> ServerName git.gitserver DocumentRoot /opt/git $ chgrp -R www-data /opt/git <Directory /opt/git/> Order allow, deny allow from all </Directory></VirtualHost> $ git clone http://git.gitserver/project.git
  22. 22. GitWeb$ git instaweb --httpd=webrick[2009-02-21 10:02:21] INFO WEBrick 1.3.1[2009-02-21 10:02:21] INFO ruby 1.8.6 (2008-03-03) [universal-darwin9.0] $ git instaweb --httpd=webrick --stop
  23. 23. GitWeb Installation from Source Code $ git clone git://git.kernel.org/pub/scm/git/git.git $ cd git/ $ make GITWEB_PROJECTROOT="/opt/git" prefix=/usr gitweb/gitweb.cgi $ sudo cp -Rf gitweb /var/www/<VirtualHost *:80> ServerName gitserver DocumentRoot /var/www/gitweb <Directory /var/www/gitweb> Options ExecCGI +FollowSymLinks +SymLinksIfOwnerMatch AllowOverride All order allow,deny Allow from all AddHandler cgi-script cgi DirectoryIndex gitweb.cgi </Directory></VirtualHost>
  24. 24. GitWebBinary (Ubuntu/RHEL)Howto : http://bit.ly/OyTH8
  25. 25. Gitosis On Ubuntu apt-get install python-setuptools $ git clone git://eagain.net/gitosis.git $ cd gitosis $ sudo python setup.py install $ ln -s /opt/git /home/git/repositories$ mv /home/git/.ssh/authorized_keys /home/git/.ssh/ak.bak
  26. 26. Gitosisgit:x:1000:1000::/home/git:/usr/bin/git-shell git:x:1000:1000::/home/git:/bin/sh$ sudo -H -u git gitosis-init < /tmp/id_dsa.pubInitialized empty Git repository in /opt/git/gitosis-admin.git/Reinitialized existing Git repository in /opt/git/gitosis-admin.git/ $ sudo chmod 755 /opt/git/gitosis-admin.git/hooks/post-update
  27. 27. Gitosis$ ssh git@gitserverPTY allocation request failed on channel 0fatal: unrecognized command gitosis-serve schacon@quaternion Connection to gitserver closed. # on your local computer $ git clone git@gitserver:gitosis-admin.git $ cd gitosis-admin $ cat gitosis.conf $ find . [gitosis] ./gitosis.conf ./keydir [group gitosis-admin] ./keydir/scott.pub writable = gitosis-admin members = scott
  28. 28. GitosisCreate a new project called iphone_project to start on: [group mobile] writable = iphone_project members = scott Whenever you make changes to the gitosis-admin project, you have to commit the changes and push them back up to the server in order for them to take effect: $ git commit -am add iphone_project and mobile group [master]: created 8962da8: "changed name" 1 files changed, 4 insertions(+), 0 deletions(-) $ git push Counting objects: 5, done. Compressing objects: 100% (2/2), done. Writing objects: 100% (3/3), 272 bytes, done. Total 3 (delta 1), reused 0 (delta 0) To git@gitserver:/opt/git/gitosis-admin.git fb27aec..8962da8 master -> master
  29. 29. GitosisMore ….
  30. 30. Reference● ProGit, Scott Chacon, Apress● Just Enough Developed Infrastructure

×