Root/
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 | # Plugin SyncGit by Céondo Ltd The SyncGit plugin allow the direct creation and synchronisation of git repositories with the InDefero database. This requires giving access to the repositories using a dedicated SSH account, usually the `git` account. ## Prerequisites A good understanding of: * the security issues related to using a SSH account on a server; * the principle of public/private SSH keys; * the rights/ownership of files on a Linux/BSD/nix system; Yes, what you are going to do has security implications. ## Git user configuration On your system, you will need to create a new `git` account. This account will only be used to access the git repositories and at the moment cannot be shared for other use. First create a new git account: $ sudo adduser \ --system \ --shell /bin/sh \ --gecos 'git version control' \ --group \ --disabled-password \ --home /home/git \ git Then, we need to create the base SSH files with the right permissions: $ sudo su git $ mkdir /home/git/.ssh $ touch /home/git/.ssh/authorized_keys $ chmod 0700 /home/git/.ssh $ chmod 0600 /home/git/.ssh/authorized_keys $ exit We add the `www-data` user to the `git` group so it can access the repositories to read the content: $ sudo usermod -a -G git www-data Do not forget to restart Apache or your fastcgi process to take the group addition into account. ## Creation of the repositories base For each project using git in InDefero a corresponding bare repository will be created in `/home/git/repositories`. For example, if the shortname of your project is `wonder`, it will be created in `/home/git/repositories/wonder.git` $ sudo -H -u git mkdir /home/git/repositories ## InDefero Configuration First, you need to have python installed on your system to be able to run the very small python script `gitserve.py` in the `scripts` folder. Here is a configuration example: $cfg['git_repositories'] = '/home/git/repositories/%s.git'; $cfg['git_remote_url'] = 'git://yourdomain.com/%s.git'; $cfg['idf_plugin_syncgit_path_gitserve'] = '/home/www/indefero/scripts/gitserve.py'; # yes .py $cfg['idf_plugin_syncgit_path_authorized_keys'] = '/home/git/.ssh/authorized_keys'; $cfg['idf_plugin_syncgit_sync_file'] = '/tmp/SYNC-GIT'; # Remove the git repositories which do not have a corresponding project # This is run at cron time $cfg['idf_plugin_syncgit_remove_orphans'] = false; # git account home dir $cfg['idf_plugin_syncgit_git_home_dir'] = '/home/git'; # where are going to be the git repositories $cfg['idf_plugin_syncgit_base_repositories'] = '/home/git/repositories'; When someone will change his SSH key or add a new one, the `/tmp/SYNC-GIT` file will be created. The cron job `/home/www/indefero/scripts/gitcron.php` will see the file and update the content of the `authorized_keys` file. ## Cron Job Configuration You need to run a cron job every now and then to synchronize the SSH keys. The command to run in the cron job is: php /home/www/indefero/scripts/gitcron.php The user of the cron job must be `git`. ## Git daemon configuration Put in `/etc/event.d/local-git-daemon` the following: start on startup stop on shutdown exec /usr/bin/git-daemon \ --user=git --group=git \ --verbose \ --reuseaddr \ --base-path=/home/git/repositories/ \ /home/git/repositories/ respawn Then run: $ sudo start local-git-daemon |