svasey.org git repositories

Gitosis setup

I use gitosis to manage my git repositories. The official git server address is git.svasey.org. Gitosis is setup as explained in its documentation.

Everything in /home/git is owned by git:git. Almost everything is 700. The exception is /home/git and /home/git/repositories (750). However, only repositories that need to be accessed by a trac instance (none for now) will have their permission set to 750, the rest will stay at 700. Since http is part of the git group (set when trac-config is installed), trac will have the read acces it needs.

The packages to install are gitosis-svasey (gitosis software) and gitosis-config (site-specific configuration). All the administration is made through the gitosis-admin repository.

For obvious reasons, only machines that absolutely need access to the gitosis-admin repository must have a key generated.

For more security, I add a passphrase to each ssh key: this way if one of the machine on which there is a private key is compromised, I will have some time to revoke the access before the key is cracked. This is useful since I want laptops such as neo to have access but they are not very secure machines.

To see who can access what, and why see the gitosis.conf file in the gitosis-admin repository.

New remote repository on git.svasey.org

You must have a ssh key giving you read access to the gitosis-admin repo. Currently, only smith, tank and neo have such keys.

  1. Get the git admin repo:

    git clone ssh://git@git.svasey.org:6002/gitosis-admin.git

  2. Optionnal: add ssh keys of external people going to maintain the repo by copying those to gitosis-admin/keydir

  3. Edit gitosis.conf to reflect the changes (add the repo name to the writable variable and/or create a special group. Examples are in the file)

  4. Commit locally:

    git commit -a

  5. Push your changes:

    git push origin

  6. Create the actual git repository locally:

    cd mygitrepo && git init && git commit -a -m  "initial commit"

  7. Add a remote branch: the mygitrepo.git name must be the same you gave in the gitosis.conf file, minus the git extension:

    git remote add origin ssh://git@git.svasey.org:6002/mygitrepo.git

  8. Push everything onto the remote repository:

    git push --mirror origin

Make private repository public and vice-versa

To make a private repository public, edit gitosis.conf and add a line like this:

[repo myrepo]
daemon = yes

To make a public repository private again, change the lines above like this:

[repo myrepo]
daemon = no

Once this is done, commited and pushed, you may comment or remove the lines as you like.

Warning

It is not enough to just comment out these lines: you need to set daemon to no first. Ticket #24 has been opened to fix this.

Clone svasey private repository

To clone a non-public svasey repository:

git clone ssh://git@git.svasey.org:6002/repository.git

Clone svasey public repository

To clone a public svasey repository:

git clone git://git.svasey.org/repository.git