Indefero

Indefero Git Source Tree


Root/doc/syncgit.mdtext

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
# Plugin SyncGit by Céondo Ltd
 
The SyncGit plugin allow the direct creation and synchronisation of
git repositories with the InDefero database. This requires giving
access to the repositories using a dedicated SSH account, usually the
`git` account.
 
## Prerequisites
 
A good understanding of:
 
* the security issues related to using a SSH account on a server;
* the principle of public/private SSH keys;
* the rights/ownership of files on a Linux/BSD/nix system;
 
Yes, what you are going to do has security implications.
 
## Git user configuration
 
On your system, you will need to create a new `git` account. This
account will only be used to access the git repositories and at the
moment cannot be shared for other use.
 
First create a new git account:
 
    $ sudo adduser \
          --system \
          --shell /bin/sh \
          --gecos 'git version control' \
          --group \
          --disabled-password \
          --home /home/git \
          git
 
Then, we need to create the base SSH files with the right permissions:
 
    $ sudo su git
    $ mkdir /home/git/.ssh
    $ touch /home/git/.ssh/authorized_keys
    $ chmod 0700 /home/git/.ssh
    $ chmod 0600 /home/git/.ssh/authorized_keys
    $ exit
 
We add the `www-data` user to the `git` group so it can access the
repositories to read the content:
 
    $ sudo usermod -a -G git www-data
 
Do not forget to restart Apache or your fastcgi process to take the
group addition into account.
 
## Creation of the repositories base
 
For each project using git in InDefero a corresponding bare repository
will be created in `/home/git/repositories`. For example, if the
shortname of your project is `wonder`, it will be created in
`/home/git/repositories/wonder.git`
 
    $ sudo -H -u git mkdir /home/git/repositories
 
## InDefero Configuration
 
First, you need to have python installed on your system to be able to
run the very small python script `gitserve.py` in the `scripts`
folder. Here is a configuration example:
 
 
    $cfg['git_repositories'] = '/home/git/repositories/%s.git';
    $cfg['git_remote_url'] = 'git://yourdomain.com/%s.git';
    $cfg['idf_plugin_syncgit_path_gitserve'] = '/home/www/indefero/scripts/gitserve.py'; # yes .py
    $cfg['idf_plugin_syncgit_path_authorized_keys'] = '/home/git/.ssh/authorized_keys';
    $cfg['idf_plugin_syncgit_sync_file'] = '/tmp/SYNC-GIT';
    # Remove the git repositories which do not have a corresponding project
    # This is run at cron time
    $cfg['idf_plugin_syncgit_remove_orphans'] = false;
    # git account home dir
    $cfg['idf_plugin_syncgit_git_home_dir'] = '/home/git';
    # where are going to be the git repositories
    $cfg['idf_plugin_syncgit_base_repositories'] = '/home/git/repositories';
 
When someone will change his SSH key or add a new one, the
`/tmp/SYNC-GIT` file will be created. The cron job
`/home/www/indefero/scripts/gitcron.php` will see the file and update
the content of the `authorized_keys` file.
 
## Cron Job Configuration
 
You need to run a cron job every now and then to synchronize the SSH
keys. The command to run in the cron job is:
 
    php /home/www/indefero/scripts/gitcron.php
 
The user of the cron job must be `git`.
 
## Git daemon configuration
 
Put in `/etc/event.d/local-git-daemon` the following:
 
    start on startup
    stop on shutdown
     
    exec /usr/bin/git-daemon \
        --user=git --group=git \
        --verbose \
        --reuseaddr \
        --base-path=/home/git/repositories/ \
        /home/git/repositories/
    respawn
 
Then run:
 
    $ sudo start local-git-daemon

Archive Download this file

Page rendered in 0.12602s using 11 queries.