How-to install gitosis (manual taking into account problems arising during installation) + integration into redmine

gitosis - software for hosting Git repositories

Installation:

An auto install script appeared while testing
sudo apt-get install python-setuptools git-core -y
mkdir ~/src
cd ~/src
git clone git://github.com/sc0rp1us/gitosis-tools.git
cd gitosis-tools/gitautoinstall
sudo bash main

Next, follow the script instructions.

')
But back to the article
First, install the necessary components to run gitosis:

• For debian & ubuntu, run the following commands from the root user

apt-get update
apt-get upgrade
apt-get install python-setuptools git-core -y
cd ~/src
git clone git://eagain.net/gitosis.git
cd gitosis
python setup.py install

Next, let's log into the account through which we will manage gitosis'om (let's call it gitadmin), unload the distribution and install it

Setup:

Now we will need to create a user who will own the repository (the name can be any, but I prefer to use just git), besides, there may be several accounts owning the repositories on the same server, such an account does not need a password, but a valid shell is needed otherwise SSH will refuse to work with him:
PS You can of course use an existing account, but for security reasons, it is not recommended to do this

• For debian & ubuntu, run the following command.

sudo adduser --system --shell /bin/sh --gecos 'git version control' --group \
--disabled-password --home /home/git git

Now we create RSA key for passwordless access.

ssh-keygen -t rsa

Next, we need to execute an initialization command, it will create / home / git / repositories, which will contain the git repositories, and / home / git /. gitosis.conf, which is a symbolic link to the configuration file /home/git/repositories/gitosis-admin.git/gitosis.conf itself, and adds the SSH public key to the .ssh / authorized_keys also adding the option = to it = which will restrict ssh access start gitosis-serve.

sudo -H -u git gitosis-init < /home/gitadmin/.ssh/id_rsa.pub

IT HANDLING SHOULD DO IT ALL, BUT DO NOT ALWAYS DO FAR OTHER, THERE ARE OF THE APPLICANTS OF THE OVEN, TAKE A CLEANING OF THE OVEN, LEFT HAND, AND A LIGHT MOTION OF THE HAND OF THE OTHER ARE THE PRO THE MAUR OF THE PRO THE PRO THE MA THE PRO THE PRO THE MA THE PRO THE MA THE PRO THE MA THE PRO THE MA THE PRO THE MA THE PRO THE MA THE PRO THE MA THE PRO THE MA THE PRO THE MA THE PRO THE AP THE MA THE THE PRODUC THE THE PRO THE THE AP THE MA THE THE PRODUC THE THE PRO THE THE AP THE MA THE THE PRODUC THE THE PRO THE THE AP THE MA THE THE PRODUC THE THE THE PRO THE THE AP THE MA THE THE THE PRO THE THE PRODUC THE THE PRODUC THE THE THE THE THE THE THE THE PRO THE THE THE THE THE THE THE CUR THE THE THE THE THE EFF.

After that, we perform the following action (This crutch is needed not everywhere, let's say in Debian everything works without it, and RedHat users of such systems will most likely come in handy (This is the mysterious consideration of problems encountered during installation, or rather one of them))

su - git
cat .ssh/authorized_keys | sed 's#gitosis-serve#/usr/local/bin/gitosis-serve#g' > 0
cat 0 > .ssh/authorized_keys && rm 0

By the way, some systems may have problems with PATH paths, so in the file below you will need to add the line ". / Etc / profile" after the "set -e" option

/home/git/repositories/gitosis-admin.git/hooks/post-update

Then clone the repository

git clone git@SERVER:gitosis-admin.git

and you will get the SSH keystore / home / gitadmin / gitosis-admin / keydir / (in which you will need to put the clients' public keys), and /home/gitadmin/gitosis-admin/gitosis.conf (in which you will need to write the repository settings)

git clone ssh://git@localhost/gitosis-admin.git
Initialized empty Git repository in /usr/gitosis-admin/.git/
remote: Counting objects: 5, done.
remote: Compressing objects: 100% (4/4), done
remote: Total 5 (delta 0), reused 5 (delta 0)
Receiving objects: 100% (5/5), done

sudo chmod 755 /home/git/repositories/gitosis-admin.git/hooks/post-update

A warning

Now, gitosis uses the HOME environment variable to write files. If you use sudo without the -H option, git will leave the old HOME value in place, and this will cause problems. This can be bypassed in the future, but for now don't forget to use -H.

You should always edit the configuration file via GIT. File symbolic links to ~ /. gitosis.conf on the server will be overwritten when sending changes to the gitosis-admin.git repository.

Change the settings as desired, and commit and push.
After sending to the server, gitosis will immediately make changes and apply them on the server.

Control

Adding new users:

- Add keys / USER.pub file
- Allow the group to read / write to the repository (or simply allow the All group)

To create a new repository, simply grant the write access to the group and push.
For example: suppose your username is jdoe and you want to create a repository MyProject.
In your gitosis-admin clone, edit gitosis.conf and add:

[group myteam]
members = jdoe
writable = myproject

Now we need to send changes to gitosis

git add .
git commit -am 'add new project Michael Queally-1 and users'
git push

Now we need to re-initialize gitosis

sudo -H -u git gitosis-init < /home/gitadmin/.ssh/id_rsa.pub
su - git
cat .ssh/authorized_keys | sed 's#gitosis-serve#/usr/local/bin/gitosis-serve#g' > 0 && \
cat 0 > .ssh/authorized_keys && rm 0


Create a repository on the local machine in the account where the PUBLIC key was taken from

mkdir myproject
cd mypyroject
git init
git remote add MYSERVER git@MYSERVER:myproject.git
touch testfile
git add .
git commit -am 'add test file'
git push MYSERVER master:refs/heads/master


That's all. Now, if you add other members to members, they will also be able to use this repository.

Integration into redmine:

Create a directory for bare repositories, and set the owner

mkdir -p /srv/redmine/git_repositories/
chown wwwrun:wwwrun /srv/redmine/git_repositories/


We generate the ssh key for the user under which the web server works (in my case it is apache)

sudo -H -u wwwrun ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/var/lib/wwwrun/.ssh/id_rsa):
Created directory '/var/lib/wwwrun/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /var/lib/wwwrun/.ssh/id_rsa.
Your public key has been saved in /var/lib/wwwrun/.ssh/id_rsa.pub.
The key fingerprint is:
86:58:61:7b:56:5e:55:85:74:4f:12:33:ad:dc:1f:90 wwwrun@vzserv
The key's randomart image is:
+--[ RSA 2048]----+
| o . o**+* |
| oo ..Eo+. |
| .. o. . |
| o .. |
| .. |
| . |
| |
| |
| |
+----------------------+


Add a key to keydir and assign rights to it.

cp /var/lib/wwwrun/.ssh/id_rsa.pub /home/gitadmin/gitosis-admin/keydir/wwwrun@vzserv.pub
chown gitadmin:gitadmin /home/gitadmin/gitosis-admin/keydir/wwwrun@vzserv.pub


Add user to repository

su - gitadmin
cd gitosis-admin/
vim gitosis.conf #
git add .
git commit -am 'add redmine'
Created commit 7f94aac: add redmine
2 files changed, 2 insertions(+), 1 deletions(-)
create mode 100644 keydir/wwwrun@vzserv.pub

git push
Counting objects: 8, done.
Compressing objects: 100% (5/5), done.
Writing objects: 100% (5/5), 745 bytes, done.
Total 5 (delta 2), reused 0 (delta 0)
To git@127.0.0.1:gitosis-admin.git
608aa58..7f94aac master -> master

We re-initiate gitosis (after which it will recreate .ssh / authorized_keys, but sometimes it does it crookedly)

sudo -H -u git gitosis-init < /home/gitadmin/.ssh/id_rsa.pub
gitadmin's password:
Reinitialized existing Git repository in /home/git/repositories/gitosis-admin.git/
Reinitialized existing Git repository in /home/git/repositories/gitosis-admin.git/


We do a couple of shaman actions replace in .ssh / authorized_keys gitosis-serve with / usr / local / bin / gitosis-serve

su - git
cat .ssh/authorized_keys | sed 's#gitosis-serve#/usr/local/bin/gitosis-serve#g' > 0 && cat 0 > .ssh/authorized_keys && rm 0


Create a directory for the bare repository and make the correct git clone

cd /srv/redmine/git_repositories

sudo -H -u wwwrun git clone --bare git@127.0.0.1:PROJECTNAME.git
cd PROJECTNAME
sudo -H -u wwwrun git --bare remote add origin git@127.0.0.1:PROJECTNAME.git
ls
HEAD branches config description hooks info objects packed-refs refs

Now we are writing a script for self-updating the local redmine repository, I called it gir (gitosis-in-redmine) and save it, say in / root / scripts

#!/bin/sh
#The script for pull in bare gitosis repository

#set var
uname=wwwrun # httpd( apache2)
rdir=/srv/redmine/git_repositories # bare
tmpls=/tmp/tmpls # temp !!! !!!
#end var

#start check
if [ `whoami` == $uname ]
then

#start exec
touch $tmpls
ls -1 $rdir > $tmpls
while read LINE; do
cd $rdir/$LINE
git --bare fetch origin :master
echo "update git repository $LINE"
done < $tmpls
rm $tmpls
#end exec

else
echo "Start me from the user $uname"
fi
#end check


And add it to cron.

echo "10 * * * * wwwrun /root/scripts/gir" >> /etc/crontab
/etc/init.d/cron restart
Shutting down CRON daemon done
Starting CRON daemon


Now the relevance of this repository for resmine will be 10 minutes
Next, open the browser and go to the Redmine ( Do not forget that this bare repository should be on the same server together with Redmine'om )
Click the following sequence

Projects> projectname> Settings> Repository>

Next, in the SCM field, select GIT , and in the Path to .git directory field
prescribe the path we got /srv/redmine/git_repositories/PROJECTNAME.git

And actually everything!