Gitosis + Git setup

Gitosis is a handy tool, allowing to control Git repositories with just one user account and to grant common users access to the repositories with SSH keys.

Gitosis aims at making Git repository hosting easier and safer. It controls several repositories with a single user account, using SSH keys for user authentication. Final users do no need accounts on the server, as they will log in through one common account: this will not let them execute random commands.

Installing gitosis

If the package is masked, unmask it.

emerge gitosis

Once gitosis is installed, the git user will be created (no password, /var/spool/gitosis/ set as the home directory).

Configuring gitosis

Creating a key for root

su
ssh-keygen -t rsa

Two files will be created,

/root/.ssh/id_rsa.pub 
/root/.ssh/id_rsa

which are a public and a private rsa keys.

Creating a repository with settings

Copy the public key:

cp /root/.ssh/id_rsa.pub /tmp/id_rsa.pub

Create the repository:

sudo -H -u git gitosis-init <  /tmp/id_rsa.pub

Delete the public key from /tmp:

rm /tmp/id_rsa.pub

If you intend to use git-web, you will have to modify the access rights for the directory, for the settings repository not to be seen on the web.

chmod 700 /var/spool/gitosis/repositories/gitosis-admin.git

Configuring the repository for users

Go to the /tmp directory:

cd /tmp

Clone the directory with settings:

git clone git@server_name:gitosis-admin.git

Go to the settings directory:

cd gitosis-admin

Copy the user's public key in the directory /tmp/gitosis-admin/keydir:

scp root@client_name:/home/user_name/.ssh/id_rsa.pub ./keydir/user_name@client_name.pub

Configure the new repository for the user username:

vi gitosis.conf

file before change

[gitosis]

[group gitosis-admin]
writable = gitosis-admin
members = root@server_name

file after change

[gitosis]

[group gitosis-admin]
writable = gitosis-admin
members = root@server_name

[group group1]
writable = project1
members = root@server_name user_name@client_name

Make a commit for changes:

git commit -am "Granted access for developer@remotehost to project1" 

Record the repository with settings:

git push origin master

Creating a new repository

cd /var/spool/gitosis/repositories
mkdir project1.git
cd project1.git
git --bare init

Users will be able to access this repository on their computers, via ssh,

git clone ssh://git@server_name/project1.git

without being prompted for a password (with the public key).

Checking sshd

The sshd daemon must be running.

The user must be granted SSH access to git in /etc/ssh/sshd_config

Configuring git-daemon

vi /etc/conf.d/git-daemon

GITDAEMON_OPTS="--syslog --port=9418 --base-path=/var/spool/gitosis/repositories/ --export-all" 
GIT_USER="apache" 

If there are any problems, change the port number (specified as --port=9418) to another value and restart the git daemon, then change it back and restart the daemon again.

/etc/init.d/git-daemon restart

Problems with restarting the git daemon

When you restart the daemon, there may be problems reopening the port; the error will be logged in /var/log/message as:

git-daemon[pid]: unable to allocate any listen sockets on host (null) port 9418

To avoid this, you should add the --reuseaddr option to GITDAEMON_OPTS.

Creating a user key

The user must execute the following on their computer:

ssh-keygen -t rsa

Two keys will be generated in the user .ssh directory,

id_rsa
id_rsa.pub

the private and the public (.pub) keys.

If the public key is stored in the keys directory of the gitosis settings repository on the server and if the access rights are specified accordingly in gitosis.conf, the user will be granted access to the repositories on the server.

Thank you!