Personal tools
You are here: Home / Internal / How To / Git server at RISC: Manage git repositories
 

Git server at RISC: Manage git repositories

How to create, delete, and share git repositories.

Introduction

The service described below helps to share git repositories with other people.

Features included

  • create and delete repositories
  • allow private (hidden) repositories and public (published for read access via http on the web) repositories
  • allow read and/or write permission to the repository
  • enable/disable email notification after push command
  • public repositories can be accessed via gitweb
  • allow external users access to your git repository

Features excluded

backup
There is no backup of the repositories on the server. The server is for collaboration, your backup happens to the clone in your HOME directory.
flexibility in content of email notification
If you need more fine-grained access control to your repository, install gitolite yourself. See "How to serve a private repository with gitolite".
access via passwords
All authentication is done via ssh public keys.
gitweb for private repositories
See previous item. Authentication of the users who have read access to a private repository requires a non-ssh-pubkey based method. If you really really need it, suggest and implement a simple solution.
anonymous clones via http
You might want to consider external services, such as github, bitbucket, or gitlab.

Setup

Generate a private/public keypair

Issue the following command.

ssh-keygen -t rsa -f $HOME/.ssh/gitolite -C YOURNAME@gitolite

You should enter a passphrase, because otherwise people who capture your private key (for example, when your computer is unattended for some reason), can do a lot of mischief with it. And everyone will claim that it was you, because it was done with your key. Therefore, protect your private key with a (long and hard to guess) passphrase.

Be fair to other RISC members! if your unprotected private ssh key (which you use to login to a RISC computer from your laptop) gets stolen, it opens an easy door to the whole RISC network. And note that it is easy to find out that it is your key, so you will be held responsible for such an attack.

It's too easy to find out about unprotected keys: grep -l 'PRIVATE KEY' .ssh/*|while read f; do grep -L ENCRYPTED $f; done

This will generate two files inside $HOME/.ssh, namely  gitolite (private key) and gitolite.pub (public key).

(Checkout ssh-add and ssh-agent to avoid typing your passphrase every time you use your key.)

Send the public key (from your RISC email account!) as an attachment to the maintainer of the gitserver (hemmecke@risc.jku.at). Until the maintainer has put your key into the system, you will not be able to do anything reasonable with the gitserver.

Note: If you intend to work from different computers, i.e.. a RISC desktop and your laptop, then you should simply copy gitolite and gitolite.pub into the $HOME/.ssh directory of the second computer. Make sure the permissions are set such that no other can read those files.

Make the gitserver known to ssh

Enter the following host alias to the file $HOME/.ssh/config on your local computer. (If the file does not yet exist, create it.)

host gitserver
  User git
  HostName git.risc.jku.at
  port 22
  IdentityFile ~/.ssh/gitolite
  HostbasedAuthentication no

General note

Every RISC member gets space for his/her private and public repositories. Repositories live under private/ and pub/ followed by the RISC account name of the member.

Each member has full control over his/her repositories. He/she can give read and/or write access to other members or take it away (see perms command below).

Create a repository

Private repository

You can clone a repository foo via

git clone gitserver:private/hemmecke/foo

In case this command is issued by hemmecke and the repository foo does not yet exist, then it is created on the server and an empty repository is cloned.

Public repository

You can clone a repository foo via

git clone gitserver:pub/hemmecke/foo

Public repositories behave, in fact, identical to private ones. The only difference is that public repositories will also be served via gitweb and thus be made world viewable.

Upload an existing repository

If you already have a git repository that is not yet on the server, simply say

git remote add gitrisc gitserver:private/hemmecke/foo
git push gitrisc master

and the repository will automatically be created on the server. Of course, instead of gitrisc you can also choose other names like, for example, origin or gitserver.

Delete a repository

ssh gitserver D unlock private/hemmecke/foo
ssh gitserver D rm     private/hemmecke/foo

In case you want to learn more, simply type.

ssh gitserver D

Share a repository

Give read access to your repository to mkauers.

ssh gitserver perms private/hemmecke/foo + READERS mkauers

Give write access to your repository to mkauers.

ssh gitserver perms private/hemmecke/foo + WRITERS mkauers

For more read the output of

ssh gitserver perms

Manage external collaborators

If you get a public key from your external collaborator, you can add it yourself to the system. Note that the user name of your collaborator must be his/her email address.

Let's say you want to collaborate with john.doe@example.com and give him read access to your repository. You have already got his public key file and stored it as ~/keys/john.doe.pub/.

cat ~/keys/john.doe.pub | ssh gitserver ukm add john.doe@example.com

To give John read access to private/hemmecke/foo, simply follow Section Share a repository and replace mkauers by john.doe@example.com.

You can list all the users that you manage.

ssh gitserver ukm

And, of course, also delete them from your list of managed users.

ssh gitserver ukm del john.doe@example.com

More detail you find at the documentation of the ukm command.

Enable/disable email notification

Give read access to the special name "@email". (Yes, no replacement here. "@email" is used as a special tag.)

ssh gitserver perms private/hemmecke/foo + READERS @email

Disable access by removing read access for "@email".

ssh gitserver perms private/hemmecke/foo - READERS @email

If enabled, email will be sent to YOURACCOUNT@risc.jku.at on every push command to the server repository. In case you want to also notify your collaborators, you would have to create/modify your ~/.procmailrc file in your RISC account and put a stanza like the following into it.

:0
* ^From:.*git@([a-z]*.)?risc\.(uni-linz\.ac|jku)\.at
* ^X-Git-Refname:
* ^X-Git-Reftype:
* ^X-Git-Oldrev:
* ^X-Git-Newrev:
{
  # Distribute for repository private/hemmecke/foo.
  :0 c
  * ^Subject: \[git private/hemmecke/foo\]
  {
    :0
    ! user1@example.com user2@example.org user3@example.net
  }

  # Distribute for repository public/hemmecke/bar.
  :0 c
  * ^Subject: \[git public/hemmecke/bar\]
  {
    :0
    ! mkauers@risc.jku.at vpillwei@risc.jku.at
  }

  # Put the mail into your own mailbox
  :0
  $DEFAULT
}

List repositories

Simply call

ssh gitserver info

in order to find out to which repositories on the server you have read (R), write (W) or create (C) access. You will see something like this.

    C    private/CREATOR/..*
    C    pub/CREATOR/..*
R W      private/hemmecke/foo
R W      testing

You have full control over all repositories that match the regular expression in the lines containing C (just replace CREATOR by your account name).

Gitweb

Public repositories are available under http://git.risc.jku.at/gitweb.

Change the gitweb description field of a repository

ssh gitserver desc pub/hemmecke/baz The next generation computer algebra system

 
« April 2024 »
April
MoTuWeThFrSaSu
1234567
891011121314
15161718192021
22232425262728
2930
Upcoming Events
RISC Forum Apr 29, 2024 01:30 PM - 01:45 PM
RISC Forum May 06, 2024 01:30 PM - 01:45 PM
RISC Forum May 13, 2024 01:30 PM - 01:45 PM
NO RISC Forum May 20, 2024 01:30 PM - 01:45 PM
RISC Forum May 27, 2024 01:30 PM - 01:45 PM
Previous events…
Upcoming events…