Linux 使用 Gitosis 架设 Git Server .
单纯使用 SSH 架设可见此篇: Linux 架设使用 SSH 共享存取的 Git Server
想要控管 User / Project 权限的话(限制某些 User 只能存取某些 Project), 则需要靠 Gitosis 或 Gitolite 等套件来协助.
- gitosis - git repository hosting application
- gitolite - SSH-based gatekeeper for git repositories
此篇主要写的是 Gitosis 架设, 若之前已经有依照上述文章架设共享存取的 Git Server, 而 Gitosis 也想用 git 的帐号来管理, 则需做下述动作先改回原始设定.
注: 此文会用 gitosis 的帐号来管理, 不会用 git 帐号, 所以不需要做下述更改的动作
- vim /etc/passwd
git:x:1000:1000::/home/git:/usr/bin/git-shell
改回
git:x:1000:1000::/home/git:/bin/sh - mv /home/git/.ssh/authorized_keys /home/git/.ssh/authorized_keys.bak
相关资料準备
- 系统: Debian / Ubuntu Linux
- Server Domain name: example.com
- Project name: project_name
- Gitosis (Git) Repository 位置: /srv/gitosis/repositories # Debian / Ubuntu Linux 套件预设位置
- Group name: myteam
系统套件安装
- apt-get install gitosis git-core
- 说明文件: /usr/share/doc/gitosis/README.Debian # 依照说明文件, 重点就下述两个步骤即可完成.
- sudo -H -u gitosis gitosis-init < SSH_KEY.pub
- git clone gitosis@localhost:gitosis-admin.git
产生 SSH 公钥
- ssh-keygen -t rsa # 产生 id_rsa, id_rsa.pub
- mv id_rsa ~/.ssh/ # 将 id_rsa 放在 ~/.ssh/ 内.
- scp id_rsa.pub example.com:/tmp/id_rsa_user1.pub # 将 id_rsa.pub 丢到 Server 上, 大家的 public key 都需要传到 Server 上.
- scp id_rsa.pub example.com:/tmp/id_rsa_admin.pub # 管理者的 key 同 user key, 在此设为 id_rsa_admin.pub, 避免下述内容造成混淆.
Gitosis Server 架设
- ssh example.com # Git Server
- sudo -H -u gitosis gitosis-init < /tmp/id_rsa_admin.pub # 会出现下述讯息, 即代表完成
Initialized empty Git repository in /srv/gitosis/repositories/gitosis-admin.git/
Reinitialized existing Git repository in /srv/gitosis/repositories/gitosis-admin.git/ - ls -lh /srv/gitosis/repositories/gitosis-admin.git/hooks/post-update # 确认是否有执行的权限 755 or 777, 没有请自行 chmod 设定
Gitosis Server 设定专案、新增帐号
- Gitosis 的专案权限 / 帐号管理 是使用 Git 来管理, 专案名称: gitosis-admin.git
- git clone gitosis@localhost:gitosis-admin.git # 因为 Gitosis 是用 gitosis-admin.git 来管理, 所以需要抓下来修改、设定(未来所有管理也是如此)
- cd gitosis-admin # 会看到下述
- gitosis.conf # 设定档, 设定谁可以读写哪个专案的 Repository
- keydir # 目录, 放每个帐号的 public key. 放置的档案命名: user1.pub, user2.pub (user1, user2.. 为帐号名称, 请自行修改)
新增帐号
- cp /tmp/id_rsa_user1.pub keydir/user1.pub # 请依照实际帐号命名, 不要取 user1, user2
- cp /tmp/id_rsa_user2.pub keydir/user2.pub
- git add keydir/user1.pub keydir/user2.pub
- git commit -m 'add user1, user2 public key'
- git push
- 注意: gitosis 认定的帐号, 是 id_rsa.pub 最后面 "xxx@example.com", 以 @ 前面的 "xxx" 为帐号(此帐号也是 gitosis 设定的帐号), 若帐号不同, git push 就会出现如下述的错误
ERROR:gitosis.serve.main:Repository read access denied
fatal: The remote end hung up unexpectedly
设定专案权限
- vim gitosis.conf # 会看到下述, 不要动他, 于最下方设定自己的 Group / 专案名称即可.
[group gitosis-admin]
writable = gitosis-admin
members = admin@example.com - 增加下述, myteam 是 group name, 此 group 有 user1, user2 的使用者, 可以写入 project_name.git 的专案
[group myteam]
writable = project_name
member = user1 user2 - git commit -m 'add user1, user2 write access to project_name' -a
- git push
建立专案
- cd ~/
- mkdir project_name
- cd project_name
- git init
- git remote add origin gitosis@example.com:project_name.git # gitosis 会自行于 /srv/gitosis/repositories 新增
- touch readme
- git add .
- git commit -m 'initial'
- git push origin master:refs/heads/master # 或 git push origin master
gitosis.conf 更多设定条件
下述摘录自: Gitosis - ArchWiki
[gitosis]
gitweb = yes[repo foobar]
description = git repository for foobar
owner = user[group devs]
members = user1 user2[group admins]
members = user1[group gitosis-admin]
writable = gitosis-admin
members = @admins[group foobar]
writable = foobar
members = @devs[group myteam]
writable = free_monkey
members = jdoe
下述摘录自: Pro Git 服务器上的 Git 权限管理器 Gitosis
[group mobile]
writable = iphone_project
members = scott josie jessica[group mobile_ro]
readonly = iphone_project
members = john
开放 Gitosis 公开存取
- sudo -u gitosis git-daemon --base-path=/srv/gitosis/repositories/ --export-all
常用命令
下述全部都在 gitosis-admin.git 内操作
新增帐号
- cp /tmp/id_rsa_user1.pub keydir/user1.pub
- vim gitosis.conf # 增加 members
设定专案
- vim gitosis.conf # 增加 group、writeable 的项目
新增专案
- mkdir project_name; cd project_name
- git init
- git remote add origin gitosis@example.com:project_name.git
- git commit
- git push origin master
此文是转载,链接是:
