Git server
Table of Contents
Introduction
Git server is a versioning system. It is used to store source files (binary is also accepted) version after version. All the history for every files are memorized. Thus it is possible to go back to a previous version to work with it even if new modifications are commited on the server.
Full documentation can be find [here (english)](/assets/computer_science/linux/gitserver/progit.pdf) and [here (french)](/assets/computer_science/linux/gitserver/progit_v2.1.47.pdf).
Installation
Git server is installed on a Debian 10 server. It is installed into a VM on Proxmox hyperviser. The Debian OS is supposed to be fully functional.
Note
it is possible to install it on a stand-alone server.
On Debian like OS, the minimal installation is made with:
sudo apt-get install git-core
Otherwise, the full installation is made with (this the one I made):
sudo apt-get install git-all
Server configuration
A SSH access and authorized_keys mehod for authenticating the users will be used to access to the git server. Thus, a ssh server should be installed:
sudo apt-get install ssh
Client side
Generate the key that should be send to the git server:
> ssh-keygen
Note
the process to generate a key request a password. This one could be let empty.
Send the public key to th:
scp ~/.ssh/git.pub user@gitserver:/home/user/
Server side
The configuration will be made with the user git. All users that have access to the git repository will be in the group git. A git user account is create :
sudo adduser git
Note
also add users that should be have access to the git server.
Switch to git user:
su git
Note
the git user will have a limited access at the end of this topics. It will be allow to push/pull/…, be its shell will become git-shell.
Note
the /home/git/ is used for the repository.
A .ssh directory is created to store the authorized_keys:
mkdir .ssh && chmod 700 .ssh
Create an emty file where authorized keys will be store:
touch /home/git/.ssh/authorized_keys
Copy/add the key previously received into the file authorized_keys:
cat /home/user/git.pub >> /home/git/.ssh/authorized_keys
Change read/wrie access:
chmod 600 /home/git/.ssh/authorized_keys
Create the repository and a git project (for test if any):
mkdir -p /home/git/repos/testgit.git && cd /home/git/repos/testgit.git
Initialize the git project inside the project directory:
git init --bare --shared
1. git init: mandatory command line to initialize the project directory. Could be used alone on client side but mus be used with following command on server side. 2. –bare: mandatory command to initialize the git repository on server side (creation of config file and other directory (branches, …) 3. –shared: option to set right access on files and directories to the group
Once the git projet is created, add a brief description into the file /home/git/repos/testgit.git/description:
sudo nano /home/git/repos/testgit.git/description
Limited access to git user
For safety reason on server side, either the ssh access of the user git is disable or the shell of the user git can be change to git-shell. This shell provides limited actions to user git.
Check if git-shell is available on the server:
cat /etc/shells
Then, search git-shell on the server:
which git-shell
Add the path of git-shell to the list of available shell:
nano /etc/shells
Finally, change the shell of the user git to disable shell and ssh connection:
sudo chsh git -s /usr/bin/git-shell
Note
the shell could be change for every users registered on the server.
Web server interface
[Cgit](https://git.zx2c4.com/cgit/about/ “A hyperfast web frontend for git repositories written in C.”) is a Web interface that browse git repositories. It is written in C. It could be installed with:
sudo apt-get install cgit
Update the config file to add the path where the repositories are stored:
sudo nano /etc/cgitrc
Add the line:
scan-path=/home/git/repos
The git repository is now accessible with the server IP address:
http://gitserver/cgit/