Tutorials

Gitosis HowTo

Git is a distributed source control system.
Git by itself does not provide means to restrict the access to a source repository.
Gitosis adds fine-grained access control to the git system.

New Git User

You can add a git user on a “Gitosis server” by

  • cloning the admin git repository
git clone ssh://server:2200/gitosis-admin.git
  • and adding a public ssh key file for a new user in keydir/
    • use “git add” to add a new key file to the repository

A new public ssh key is generated with the ssh-keygen tool on the console. The generated key is stored in ~/.ssh/id_rsa.pub. This key file goes into the keydir under a new file name, for example username.pub (needs to end with .pub). A good choice for the new file name is the user name shown at the end of the public key file. An even better choice for the key file name is the valid email address of the respective git user.

Then the name of the file (with the .pub suffix) is said to be the user key name.

Gitosis Groups

Each Gitosis group can have read & write access rights for a list of specific git repositories.

Adding a new group is done by editing gitosis.conf.

For example the entry

[group gitosis-admin]
writable = gitosis-admin
members = mhopf@g165 roettger@Lilinoe.local

means that the group “gitosis-admin” has write access to the git repository “gitosis-admin.git” and the members of the group are the users identified by the user key names “mhopf@g165” and “roettger@Lilinoe.local”.

Git Access

A git user is given access to a git repository

  • by adding the user key name to the respective group in gitosis.conf
  • and committing and pushing the admin git repo to put the modifications into effect.
    • use “git commit -a” and “git push” for that purpose

Create a new repository

A new repository needs to be created first:

  • login per ssh onto the git server “server”
  • cd ~git/repositories
  • sudo mkdir new-repo-name.git
  • cd new-repo-name.git
  • sudo git init --bare
  • cd ..
  • sudo chown -R git:git new-repo-name.git

Then you can check out the new repo:

git clone ssh://git@server:2200/new-repo-name

CGit

Git repositories to be accessable in the web frontend cgit are listed in

/opt/local/etc/cgitrc

Options: