GIT Server toàn tập - Kết nối SSH

I. Tao 1 SSH Key tren CLient:
Để kiểm tra máy tính đã cài ssh chưa bạn mở terminal và sử dụng lệnh:
thehai@thehai-Vostro-3550:~/.ssh$ ssh -v
OpenSSH_5.9p1 Debian-5ubuntu1.4, OpenSSL 1.0.1 14 Mar 2012
usage: ssh [-1246AaCfgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]
           [-D [bind_address:]port] [-e escape_char] [-F configfile]
           [-I pkcs11] [-i identity_file]
           [-L [bind_address:]port:host:hostport]
           [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]
           [-R [bind_address:]port:host:hostport] [-S ctl_path]
           [-W host:port] [-w local_tun[:remote_tun]]
           [user@]hostname [command]
Tiếp theo, chúng ta sẽ kiểm tra máy đã có ssh key chưa:
thehai@thehai-Vostro-3550:~/.ssh$ ls -a ~/.ssh/
Trong trường hợp này là ssh key chưa được tạo. Nếu máy bạn đã có ssh key thì sẽ tồn tại 2 file id_* trong máy như trường hợp dưới đây:
thehai@thehai-Vostro-3550:~/.ssh$ ls -a ~/.ssh/
.  ..  id_rsa  id_rsa.pub  known_hosts  known_hosts.old
Nếu chưa có ssh key ta sẽ tạo ssh key bằng lệnh:
#ssh-keygen -t rsa -C "your-email-here"
Hoac:
#ssh-keygen
Chấp nhận thư mục mặt định để đặt ssh key.
Sau đó nếu nó hỏi password thì bạn có thể bỏ trống và hoặc password mà bạn muốn.
III. Cai dat git: git, gitweb, git-core...
II. Trên Server tạo 1 user git:
#useradd git
#passwd git
IV: Ta sẽ chuyển file id_rsa.pub tu CLient lên server:
DAng nhap bang tai khoan git vua tao
su -s /bin/bash - git (Ap dung cho Server)
hoac:
thehai@thehai-Vostro-3550:~$ ssh git@192.168.1.100 (AP dung cho CLient)
Tao thu muc luu tru va phan quyen:
git@serverwise:~$ mkdir ~/.ssh
git@serverwise:~$ touch ~/.ssh/authorized_keys
git@serverwise:~$ chmod 700 ~/.ssh/
git@serverwise:~$ chmod 600 ~/.ssh/authorized_keys
Tren CLient bat dau sao chep key:
thehai@thehai-Vostro-3550:~$ cat .ssh//id_rsa.pub | ssh git@192.168.1.100 "cat >> /home/git/.ssh/authorized_keys"
git@192.168.1.100's password:
Kiem tra lai:
root@serverwise:~# cat /home/git/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDhhIw8HiEqYUmwouIQc+2gv02g2KuzV+i+plgvuFZ4ihCHL3NNyOYGbIIoFe2KcEQ1PE+B9g+3R6x9zvddYh22LkfR1QlpAXQIRT8OFAmQNrOokMb+j4IAGsBY+vbarEUD10Z/Rnb+LurlvMHkOY4qSIXTjeitLWKQyeqhtIrNIF6eawfKTOaO9pWUwykVDAXdSOpHYndizEDzcRmPop1mdduZAIwaHZ+b1e9xQjjsYdws6yY7ME8mo1KATkpnsBbLUgpIT00hvy0+H8INncKVdeLxCgf+iq1Yh+mVatfyGRbt2fLuv/4jlIUfxsK00aI2QcBql9w/9A/tKt8SXM7P thehai@thehai-Vostro-3550
IV. Tao 1 project:
root@serverwise:~# mkdir /var/cache/git/project001
root@serverwise:~# cd /var/cache/git/project001
root@serverwise:/var/cache/git/project001# git --bare init
Initialized empty Git repository in /var/cache/git/project001/
Set quyen truy cap:
root@serverwise:~# chown git /var/cache/git/ -R
VII: WORKING:
1. Bat dau moi:
thehai@thehai-Vostro-3550:~/Desktop$ mkdir my-project001
thehai@thehai-Vostro-3550:~/Desktop$ cd my-project001/
thehai@thehai-Vostro-3550:~/Desktop/my-project001$ git init
Initialized empty Git repository in /home/thehai/Desktop/my-project001/.git/
thehai@thehai-Vostro-3550:~/Desktop/my-project001$ git remote add origin ssh://git@192.168.1.100/var/cache/git/project001
Co the su dung lenh:
thehai@thehai-Vostro-3550:~/Desktop/my-project001$ git remote add origin ssh://git@git.wiserobot.loc/var/cache/git/project001
thehai@thehai-Vostro-3550:~/Desktop/my-project001$ git remote add origin ssh://git.wiserobot.loc/var/cache/git/project001
thehai@thehai-Vostro-3550:~/Desktop/my-project001$ echo "the hai truong" >> file-test.txt
thehai@thehai-Vostro-3550:~/Desktop/my-project001$ git add file-test.txt
thehai@thehai-Vostro-3550:~/Desktop/my-project001$ git commit -m "Test ssh"
[master (root-commit) 0d55d0f] Test ssh
 1 file changed, 1 insertion(+)
 create mode 100644 file-test.txt
thehai@thehai-Vostro-3550:~/Desktop/my-project001$ git push origin master
Counting objects: 3, done.
Writing objects: 100% (3/3), 229 bytes, done.
Total 3 (delta 0), reused 0 (delta 0)
To ssh://git@192.168.1.100/var/cache/git/project001
 * [new branch]      master -> master
 THay doi noi dung va test:
 thehai@thehai-Vostro-3550:~/Desktop/my-project001$ nano file-test.txt
thehai@thehai-Vostro-3550:~/Desktop/my-project001$ git add -A
thehai@thehai-Vostro-3550:~/Desktop/my-project001$ git commit -a -m "Commit lan 2"
[master 00128dd] Commit lan 2
 1 file changed, 1 insertion(+)
thehai@thehai-Vostro-3550:~/Desktop/my-project001$ git push origin
Counting objects: 5, done.
Writing objects: 100% (3/3), 264 bytes, done.
Total 3 (delta 0), reused 0 (delta 0)
To ssh://git@192.168.1.100/var/cache/git/project001
   0d55d0f..00128dd  master -> master
thehai@thehai-Vostro-3550:~/Desktop/my-project001$
2. Neu da ton tai san 1 project:
Da ton tai 1 repo tren local, va muon day no len:

==================================================
V. Ket noi:
thehai@thehai-Vostro-3550:~/Desktop$ git clone ssh://git.haiquynh.com/var/cache/git/ssh-project
Cloning into 'ssh-project'...
thehai@git.haiquynh.com's password:
Permission denied, please try again.
BI loi cmnr
Thu dung lenh nay xem sao: - thanh cong nha
git clone ssh://root@git.haiquynh.com/var/cache/git/ssh-project
thehai@thehai-Vostro-3550:~/Desktop$ git clone ssh://root@git.haiquynh.com/var/cache/git/ssh-project
Cloning into 'ssh-project'...
warning: You appear to have cloned an empty repository.
thehai@thehai-Vostro-3550:~/Desktop$ ls
Data~  haiquynh.co  ssh-project  test000003  vemaybay  wptheme
thehai@thehai-Vostro-3550:~/Desktop$ cd ssh-project/
thehai@thehai-Vostro-3550:~/Desktop/ssh-project$ ls -a
.  ..  .git
thehai@thehai-Vostro-3550:~/Desktop/ssh-project$ touch readme.txt
thehai@thehai-Vostro-3550:~/Desktop/ssh-project$ git add readme.txt
thehai@thehai-Vostro-3550:~/Desktop/ssh-project$ git commit -m "Xem di" readme.txt
[master (root-commit) 16f4502] Xem di
 0 files changed
 create mode 100644 readme.txt
thehai@thehai-Vostro-3550:~/Desktop/ssh-project$ git push origin master
Counting objects: 3, done.
Writing objects: 100% (3/3), 211 bytes, done.
Total 3 (delta 0), reused 0 (delta 0)
To ssh://root@git.haiquynh.com/var/cache/git/ssh-project
 * [new branch]      master -> master
VI. 

Read More

Ket noi GIT server bang SSH

I. Tao 1 SSH Key tren CLient:
Để kiểm tra máy tính đã cài ssh chưa bạn mở terminal và sử dụng lệnh:
thehai@thehai-Vostro-3550:~/.ssh$ ssh -v
OpenSSH_5.9p1 Debian-5ubuntu1.4, OpenSSL 1.0.1 14 Mar 2012
usage: ssh [-1246AaCfgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]
           [-D [bind_address:]port] [-e escape_char] [-F configfile]
           [-I pkcs11] [-i identity_file]
           [-L [bind_address:]port:host:hostport]
           [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]
           [-R [bind_address:]port:host:hostport] [-S ctl_path]
           [-W host:port] [-w local_tun[:remote_tun]]
           [user@]hostname [command]
Tiếp theo, chúng ta sẽ kiểm tra máy đã có ssh key chưa:
thehai@thehai-Vostro-3550:~/.ssh$ ls -a ~/.ssh/
Trong trường hợp này là ssh key chưa được tạo. Nếu máy bạn đã có ssh key thì sẽ tồn tại 2 file id_* trong máy như trường hợp dưới đây:
thehai@thehai-Vostro-3550:~/.ssh$ ls -a ~/.ssh/
.  ..  id_rsa  id_rsa.pub  known_hosts  known_hosts.old
Nếu chưa có ssh key ta sẽ tạo ssh key bằng lệnh:
#ssh-keygen -t rsa -C "your-email-here"
Hoac:
#ssh-keygen
Chấp nhận thư mục mặt định để đặt ssh key.
Sau đó nếu nó hỏi password thì bạn có thể bỏ trống và hoặc password mà bạn muốn.
II. Tao SSH Key tren Server:
Dung lenh sau de kiem tra file authorized_keys co trong folder ssh ko
root@gitserver:/var/cache/git/ssh-project# ls -al ~/.ssh/
total 8
drwx------ 2 root root 4096 Jun  9 09:27 .
drwx------ 5 root root 4096 Jun 10 09:10 ..
-rw-r--r-- 1 root root    0 Jun  9 09:27 authorized_keys
Neu chua co ta phai tạo thư mục .ssh và 1 file authorized_keys bên trong
# mkdir ~/.ssh
# touch ~/.ssh/authorized_keys
Sau khi tao xong ta phan quyen cho folder va file nay:
root@gitserver:/var/cache/git/ssh-project# chmod 700 ~/.ssh/
root@gitserver:/var/cache/git/ssh-project# chmod 600 ~/.ssh/authorized_keys
HOac dung 1 lenh:
chmod 700 ~/.ssh && chmod 600 ~/.ssh/authorized_keys
III. Copy public_key cua CLient cho Server:
thehai@thehai-Vostro-3550:~/.ssh$ cat ~/.ssh/id_rsa.pub | ssh root@haiquynh.com "cat >> .ssh/authorized_keys"
Chu y: ta dang su dung acc root, rat nguy hiem, trong truong hop nay ta co the tao 1 user khac:
Trên Server tạo 1 user git:
useradd git
passwd git
Trên server, đăng nhập bằng tài khoản git
su -s /bin/bash - git
Thu kiem tra lai tren Server:
root@gitserver:/var/cache/git/ssh-project# cat ~/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDVmT9ubCMgUjJRJfdlbbdudYQWUcnmi4+a43z/TSwu27MlgOnyrYksc1E1hkI2TrXUj6TezGJS9LMNlqtKSrTjCQH7P6MzH3XFvPIdxvs4CC+vn278aEbBeT6A4usU2fDyLmn4qFli3zpSwjmBB+f5vtasfv3S/82dgO54waDslvEEuiCFvv9h7zo3QX6We00n24lBJ70fosQTCEVgIfPe94P3OH+7H2DeiYrb+34WyA1+I7/O2q+loJ64IoLDDLCdieLRB8B284MhzVzx+yICZTUvUSNXLJ67zSbG59ZfhVg+jbiU7+XiWphlkMQvHY4jM2VJUMG5k2mii5F0gAa5 hai991dk
IV. Tao 1 project:
root@gitserver:~# mkdir /var/cache/git/ssh-project
root@gitserver:~# cd /var/cache/git/ssh-project
root@gitserver:/var/cache/git/ssh-project# git --bare init
Initialized empty Git repository in /var/cache/git/ssh-project/
V. Ket noi:
thehai@thehai-Vostro-3550:~/Desktop$ git clone ssh://git.haiquynh.com/var/cache/git/ssh-project
Cloning into 'ssh-project'...
thehai@git.haiquynh.com's password:
Permission denied, please try again.
BI loi cmnr
Thu dung lenh nay xem sao: - thanh cong nha
git clone ssh://root@git.haiquynh.com/var/cache/git/ssh-project
thehai@thehai-Vostro-3550:~/Desktop$ git clone ssh://root@git.haiquynh.com/var/cache/git/ssh-project
Cloning into 'ssh-project'...
warning: You appear to have cloned an empty repository.
thehai@thehai-Vostro-3550:~/Desktop$ ls
Data~  haiquynh.co  ssh-project  test000003  vemaybay  wptheme
thehai@thehai-Vostro-3550:~/Desktop$ cd ssh-project/
thehai@thehai-Vostro-3550:~/Desktop/ssh-project$ ls -a
.  ..  .git
thehai@thehai-Vostro-3550:~/Desktop/ssh-project$ touch readme.txt
thehai@thehai-Vostro-3550:~/Desktop/ssh-project$ git add readme.txt
thehai@thehai-Vostro-3550:~/Desktop/ssh-project$ git commit -m "Xem di" readme.txt
[master (root-commit) 16f4502] Xem di
 0 files changed
 create mode 100644 readme.txt
thehai@thehai-Vostro-3550:~/Desktop/ssh-project$ git push origin master
Counting objects: 3, done.
Writing objects: 100% (3/3), 211 bytes, done.
Total 3 (delta 0), reused 0 (delta 0)
To ssh://root@git.haiquynh.com/var/cache/git/ssh-project
 * [new branch]      master -> master
VI. 

Read More

Upload public_html to repo on server & clone repo from client (not local)

Dong bo public_html vao repo
-----------------TAo 1 repo----------------------
thehai@thehai-Vostro-3550:~$ cd /var/cache/git/
thehai@thehai-Vostro-3550:/var/cache/git$ sudo mkdir wptheme
thehai@thehai-Vostro-3550:/var/cache/git$ cd wptheme/
thehai@thehai-Vostro-3550:/var/cache/git/wptheme$ sudo git --bare init
Initialized empty Git repository in /var/cache/git/wptheme/
thehai@thehai-Vostro-3550:/var/cache/git/wptheme$ ls
branches  config  description  HEAD  hooks  info  objects  refs
thehai@thehai-Vostro-3550:~/wptheme.com/public_html$ sudo chown -R root:www-data /var/cache/git/wptheme/
thehai@thehai-Vostro-3550:~/wptheme.com/public_html$ sudo chmod -R g+w /var/cache/git/wptheme/
thehai@thehai-Vostro-3550:~/wptheme.com/public_html$ sudo useradd -m hai
thehai@thehai-Vostro-3550:~/wptheme.com/public_html$ sudo passwd hai
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
thehai@thehai-Vostro-3550:~/wptheme.com/public_html$ sudo apt-get install gitweb
thehai@thehai-Vostro-3550:~/wptheme.com/public_html$ ls /usr/share/gitweb/
gitweb.cgi  index.cgi  static
thehai@thehai-Vostro-3550:~/wptheme.com/public_html$ sudo nano /etc/apache2/conf.d/gitweb
thehai@thehai-Vostro-3550:~/wptheme.com/public_html$ sudo a2enmod rewrite
Module rewrite already enabled
thehai@thehai-Vostro-3550:~/wptheme.com/public_html$ sudo chown -R root:www-data /var/cache/git/wptheme/
thehai@thehai-Vostro-3550:~/wptheme.com/public_html$ sudo chmod -R g+w /var/cache/git/wptheme/
thehai@thehai-Vostro-3550:~/wptheme.com/public_html$ sudo nano /etc/apache2/sites-available/git
thehai@thehai-Vostro-3550:~/wptheme.com/public_html$ sudo a2ensite git
thehai@thehai-Vostro-3550:~/wptheme.com/public_html$ sudo service apache2 restart
thehai@thehai-Vostro-3550:~/wptheme.com/public_html$ sudo htpasswd -c /var/cache/git/htpasswd.git hai
New password:
Re-type new password:
Adding password for user hai
thehai@thehai-Vostro-3550:~/wptheme.com/public_html$ sudo nano /var/cache/git/htpasswd.git
thehai@thehai-Vostro-3550:~/wptheme.com/public_html$ sudo nano /var/cache/git/htgroup.git
thehai@thehai-Vostro-3550:~/wptheme.com/public_html$ sudo htpasswd /var/cache/git/htpasswd.git tuyet
New password:
Re-type new password:
Adding password for user tuyet
thehai@thehai-Vostro-3550:~/wptheme.com/public_html$ sudo useradd -m tuyet
thehai@thehai-Vostro-3550:~/wptheme.com/public_html$ sudo passwd tuyet
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
thehai@thehai-Vostro-3550:~/wptheme.com/public_html$ sudo chown -R tuyet:www-data /var/cache/git/wptheme/
thehai@thehai-Vostro-3550:~/wptheme.com/public_html$ sudo chmod -R 770 /var/cache/git/wptheme/
thehai@thehai-Vostro-3550:~/wptheme.com/public_html$ sudo chown -R hai:www-data /var/cache/git/wptheme/
thehai@thehai-Vostro-3550:~/wptheme.com/public_html$ more /var/cache/git/htpasswd.git
hai:$apr1$ya0Jf1xm$6FfcMpoVxuFLLPW/oeZRv1
tuyet:$apr1$t3Uw3s7j$3Iief3T4WmXDAi97sgXne/
thehai@thehai-Vostro-3550:~/wptheme.com/public_html$ ls
index.html
--------------------Bat dau clone---------------
thehai@thehai-Vostro-3550:/var/cache/git/wptheme$ cd ~/wptheme.com/public_html/
thehai@thehai-Vostro-3550:~/wptheme.com/public_html$ git init
Initialized empty Git repository in /home/thehai/wptheme.com/public_html/.git/
thehai@thehai-Vostro-3550:~/wptheme.com/public_html$ git remote add origin http://tuyet@git.localhost/wptheme.git/
thehai@thehai-Vostro-3550:~/wptheme.com/public_html$ git status
# On branch master
#
# Initial commit
#
# Untracked files:
#   (use "git add <file>..." to include in what will be committed)
#
# index.html
nothing added to commit but untracked files present (use "git add" to track)
thehai@thehai-Vostro-3550:~/wptheme.com/public_html$ git add index.html
thehai@thehai-Vostro-3550:~/wptheme.com/public_html$ git status
# On branch master
#
# Initial commit
#
# Changes to be committed:
#   (use "git rm --cached <file>..." to unstage)
#
# new file:   index.html
#
thehai@thehai-Vostro-3550:~/wptheme.com/public_html$ git commit -a -m "trang chu first"
[master (root-commit) 63f290c] trang chu first
 1 file changed, 13 insertions(+)
 create mode 100644 index.html
thehai@thehai-Vostro-3550:~/wptheme.com/public_html$ git push origin master
Password for 'http://tuyet@git.localhost':
To http://tuyet@git.localhost/wptheme.git/
 * [new branch]      master -> master
thehai@thehai-Vostro-3550:~/wptheme.com/public_html$
==============================
Client - nonlocal
thehai@thehai-Vostro-3550:~/wptheme.com/public_html$ cd ~/Desktop/
thehai@thehai-Vostro-3550:~/Desktop$ ls
Data~  haiquynh.co  test000003
thehai@thehai-Vostro-3550:~/Desktop$ git clone http://hai@git.localhost/wptheme.git/
Cloning into 'wptheme'...
Password for 'http://hai@git.localhost':
remote: Counting objects: 3, done.
remote: Compressing objects: 100% (2/2), done.
remote: Total 3 (delta 0), reused 0 (delta 0)
Unpacking objects: 100% (3/3), done.
thehai@thehai-Vostro-3550:~/Desktop$ ls
Data~  haiquynh.co  test000003  wptheme
thehai@thehai-Vostro-3550:~/Desktop$ 

Read More

(Source)Install GIT as public repository on Debian

In this tutorial, we want to install GIT on a debian server, once installed coworkers must be allowed to access our GIT repositories via Apache or SSH. The Coworkers can be on Mac OS X, Linux or Windows.

I tested every written lines of this page with:

• Debian 6 (Squeeze) as a Server and a Client
• Mac OS 10.6 (Snow Leopard) as a Client
• Windows 7 as a Client

Contents  [hide] 1 Install locally, on the Server 1.1 GIT itself 1.2 A first project 2 Share it with Apache (HTTP) 2.1 Install of the Web Interface 2.2 Activate Read/Write Access 2.3 HTTP Access from clients on Linux or Mac OS X 2.4 HTTP Access from clients on Windows 3 Share it with SSH 3.1 SSH clients on Mac OS X or Linux 3.2 SSH Access from clients on Windows 4 Security 4.1 HTTP 4.2 SSH 4.2.1 Simple access control 4.2.2 Complex access control 5 Transfert of my existing work 6 Issues 6.1 Name of folder 6.2 HTTP clone & push 6.3 HTTPS and self-signed SSL Certificate 7 References

Install locally, on the Server

Git cannot create the remote repository, it only operates on existing ones, so we need to create an empty repository locally on the server.

GIT itself

As you certainly guessed, we start by installing Git with Aptitude

apt-get install git

For each commit we make while using GIT, a name and email are necessary, let's introduce ourself

git config --global user.name "chris"
git config --global user.email chris@youremail.com

To check if the user as been recorded

git config -l

It will show

user.name=chris
user.email=chris@youremail.com

A first project

Let's create a first project (test001)

cd /var/cache/git
mkdir test001
cd test001

NB: you must not name your folder test001.git, otherwise the apache config won't work. Name it test001 only For the moment it's a normal directory, let's make it a GIT directory :

git --bare init

---

NB: if we didn't want to use it remotely we could have created a simple local repository with the following command

cd /path/myfolder
git init

And later we could still create a copy, ready for a remote copy into the server folder /var/cache/git

git --bare clone /path/myfolder /path/newfolder

The new folder would be usable only as remote repository in order to clone from it, and then pull and push, not as a working repository dedicated to the commit.

---

Now let's create a working folder in my home folder

mkdir ~/projects/
cd ~/projects
git clone /var/cache/git/test001 test001.git

Let's change the project description in this file : ~/projects/test001.git/.git/description

My first GIT project - Hello World

Let's exclude some annoying files from the commits, add in this file: ~/projects/test001.git/.gitignore

cd ~/projects/test001.git
echo .DS_Store >> .gitignore
echo Thumb.db >>.gitignore
git add .gitignore
git commit -a -m "gitignore configured"

---

NB: it's annoying, but .git/info/exclude and description can be changed only locally and will never be sent to or recovered from the server.

NB2: .DS_Store on Mac, Thumb.db on Windows, keep thumbnails of your photos folders and should never be backed up.

---

Now the working folder is ready, let's create the first file ~/projects/test001.git/test001.php

<?php
echo "hello world!";
?>

For now, GIT still does not recognize the file test001.php. We need to explicitly add the file to tell GIT to start tracking it

cd ~/projects/test001.git
git add test001.php

Status will show you that the file is still not commited

git status
git commit -a -m "My very first commit"

(-a is for ALL FILES, -m for Message associated to this commit)

To see history

git log

NB: when we cloned the repository, git stored its location in the repository configuration, and that location is used for pulls. But you can change it in ~/projects/test001/.git/config

To push your commit to the server this simple command will do it

git push origin master

NB: if you are not doing this test with root, you won't be allowed to push yet, the security is setup later on this page

And if you want to download the changes made by somebody else

git pull

In conclusion for this section, the folder ~/projects/test001 allowed us to verify that everything works perfectly locally, without SSH or HTTP connexion. If your PUSH and PULL works properly here, you can continue to the next section.

Share it with Apache (HTTP)

While we will allow the GIT clients to access our repository via HTTP(S), we will also install GITWEB to get a Web Interface directly browsable.

• Git Repository : http://git.company.com/test001.git/
• Web Interface : http://git.company.com/test001/
• Web interface for all the repositories : http://git.company.com/

Install of the Web Interface

if Apache is not installed yet

apt-get install apache2

we need to install some basic files which will enable us to publish our repositories on Apache

apt-get install gitweb

It creates the following folder

cd /usr/share/gitweb

The location for publishable repository is defined by the variable $projectroot from /etc/gitweb.conf, which happens to be

/var/cache/git

With a standard Apache install, because of the file /etc/apache2/conf.d/gitweb my repository is now viewable at

http://server.domaine.com/gitweb/

On an existant Apache, this config is an issue, so I edit this file and comment the first line

#Alias /gitweb /usr/share/gitweb

<Directory /usr/share/gitweb>
 Options FollowSymLinks +ExecCGI
 AddHandler cgi-script .cgi
</Directory>

Let's reload apache

/etc/init.d/apache2 reload

Activate Read/Write Access

Before early 2010, WebDAV was the only solution in order to commit to the server via HTTP. It was a very slow process. Now WebDAV is useless, the SMART HTTP method allows the use of POST, with only one file containing everything (much faster)

We will use the rewriting capabilities of Apache

a2enmod rewrite

But if you want to allow your client to PUSH (their COMMIT) into your repositories, you will have to change the folder access in order to allow www-data to write

chown -R root.www-data /var/cache/git/test001
chmod -R g+w /var/cache/git/test001

Create /etc/apache2/sites-available/git for http://git.company.com

#The following commented lines are for a HTTPS server instead of unsecured HTTP
#<IfModule mod_ssl.c>
#<VirtualHost _default_:443>
   #SSLEngine on
   #SSLCertificateFile    /etc/ssl/private/server.crt
   #SSLCertificateKeyFile /etc/ssl/private/server.key
   #SSLCertificateChainFile /etc/ssl/private/bundle.crt
   #if you uncomment the previous lines, also uncomment the last line of the file and comment the following one:
<VirtualHost _default_:80>
   SetEnv GITWEB_CONFIG /etc/gitweb.conf
   SetEnv GIT_PROJECT_ROOT /var/cache/git
   SetEnv GIT_HTTP_EXPORT_ALL
   ServerName git.company.com
   DocumentRoot /usr/share/gitweb
   AliasMatch ^/(.*/objects/[0-9a-f]{2}/[0-9a-f]{38})$          /var/cache/git/$1
   AliasMatch ^/(.*/objects/pack/pack-[0-9a-f]{40}.(pack|idx))$ /var/cache/git/$1
   ScriptAliasMatch \
   		"(?x)^/(.*?)\.git/(HEAD | \
   						info/refs | \
   						objects/info/[^/]+ | \
   						git-(upload|receive)-pack)$" \
   		/usr/lib/git-core/git-http-backend/$1/$2
   #ScriptAlias / /usr/share/gitweb/

   <LocationMatch "^/.*?\.git/.*?$">
      AuthType Basic
      AuthName "git repository"
      AuthUserFile /var/cache/git/htpasswd.git
      AuthGroupFile /var/cache/git/htgroup.git
      Require group cloners
   </LocationMatch>

   <LocationMatch "^/.*?\.git/git-receive-pack$">
      AuthType Basic
      AuthName "git repository"
      AuthUserFile /var/cache/git/htpasswd.git
      AuthGroupFile /var/cache/git/htgroup.git
      Require group commiters
   </LocationMatch>

   <LocationMatch "^/test001\.git/.*?$">
      AuthType Basic
      AuthName "git repository"
      AuthUserFile /var/cache/git/htpasswd.git
      AuthGroupFile /var/cache/git/htgroup.git
      Require group test001-read
   </LocationMatch>

   <LocationMatch "^/test001\.git/git-receive-pack$">
      AuthType Basic
      AuthName "git repository"
      AuthUserFile /var/cache/git/htpasswd.git
      AuthGroupFile /var/cache/git/htgroup.git
      Require group test001-write
   </LocationMatch>

  <Directory /usr/share/gitweb/>
       Options ExecCGI FollowSymLinks Indexes
       Allow from all
       Order allow,deny
       AddHandler cgi-script cgi
       DirectoryIndex index.cgi
       RewriteEngine on
       RewriteCond %{REQUEST_FILENAME} !-f
       RewriteRule ^.* /index.cgi/$0 [L,PT]
  </Directory>

</VirtualHost>
#</IfModule>

And enable this site

cd /etc/apache2/sites-enabled/
ln -s ../sites-available/git 99-git

Restart apache

/etc/init.d/apache2 restart

Create the password file with a first user (chris) and choose a password for him

htpasswd -c /var/cache/git/htpasswd.git chris

If you want to add a second user

htpasswd /var/cache/git/htpasswd.git user2

Then create the following groups by creating the file /var/cache/git/htgroup.git

vi /var/cache/git/htgroup.git

test001-read:chris user2 user3
test001-write:chris user2
commiters:chris
cloners:chris user2 user5

NB: cloners/commiters will have access to every repository except test001 which have its own groups test001-read/test001-write

NB2: each write access must be allowed in couple with a read access (Write access does not work without read access)

The folder must be writable by apache. An easy way to keep writing rights for CHRIS and Apache is:

chown -R chris.www-data /var/cache/git/test001
chmod -R 770 /var/cache/git/test001

It should work, from now you have:

• Git Repository : http://git.company.com/test001.git/
• Web Interface : http://git.company.com/test001/
• Web interface for all the repositories : http://git.company.com/

HTTP Access from clients on Linux or Mac OS X

If you need to commit, define username and email

git config --global user.name "chris"
git config --global user.email chris@youremail.com

To clone the Repository on your computer

git clone http://git.company.com/test001.git/

Or you can avoid to type your login each time

git clone http://chris@git.company.com/test001.git/

Even your password if you really want, during your tests

git clone http://chris:mypasswd@git.company.com/test001.git/

NB: the login used in HTTP is not linked to the one used by "git config --global user.name "chris""

Each user should locally create the file ~/.gitconfig with the following content

[user]
    name = chris
    email = chris@youremail.com

[core]
    excludesfile = /Users/chris/.gitignore

[http]
    #sslCAInfo=/Users/chris/.git.company.com.cer
    #sslVerify=no

And add .DS_Store and Thumb.db to the ignore list

echo ".DS_Store" >> ~/.gitignore
echo "Thumb.db" >> ~/.gitignore

NB: for using HTTPS with a self-signed certificate, uncomment sslCAInfo which lets you target a PEM certificate. I exported it from Firefox

1. Accept the certificat in firefox
2. Export in PEM format in “Preferences”->”Advanced”->”View Certificates”
3. name the file ~/.git.company.com.cer

Or you can uncomment sslVeriry which will avoid to check the certificate

HTTP Access from clients on Windows

If you like the command line, you can install only GIT for Windows and follow the Linux/Mac previous bloc, but I doubt that most Windows user would enjoy, TortoiseGit seems the best graphical choice for them.

TortoiseGit works with HTTP and SSH. So we must consider a proper installation of SSH in the same time, even if you are not sure to use it one day.

Install Git for Windows (msysgit) and then TortoiseGit

• http://code.google.com/p/msysgit (Git-1.7.4-preview20110204.exe )
• http://code.google.com/p/tortoisegit/

If you don't have Putty, download its suite first to enable the Use of SSH

• http://the.earth.li/~sgtatham/putty/latest/x86/putty-0.60-installer.exe

Their install is very easy, when installing msysgit, I chose:

• Run Git from the Windows Command Prompt
• Use (Tortoise)Plink (not OpenSSH)
• my Plink was in c:\program files\putty\plink.exe (I installed Putty and all its tools months ago)
• Checkout Windows-style

After that, idem for tortoisegit: I didn't chose OpenSSH either

Now TortoiseGit is as easy as TortoiseSVN

Anyway, I could not make it work with SSH, while for HTTP is worked fine :)

Share it with SSH

HTTP seems easier, but SSH can be a good choice in some case. Personnaly I would use SSH for me and HTTP for external contractor since I can avoid to create a user account on linux.

I assume that things are set up so that you can ssh to your server without having to type a password, which means most of the time that :

• your public key is on the server in ~/.ssh/authorized_keys
• you are running ssh-agent locally (already started on Mac OS X)
• you use locally ~/.ssh/config as following if you have a special port (22222) and a different login (chris)

an example of ~/.ssh/config could be the following

Host *.company.com
  port 22222
  protocol 2
  PubKeyAuthentication yes
  PasswordAuthentication no
  User chris

Lets remember that the location of the repository is:

/var/cache/git/test001/

And the Server name is

git.company.com

This user (here Chris) must have read access on this folder, but it's certainly already like that. Otherwise the next section is about Security.

SSH clients on Mac OS X or Linux

NB: git is automatically installed by XCode on Mac OS X

just use the following command on Mac or Linux

git clone ssh://git.company.com/var/cache/git/test001

Then, after some

git commit -a -m "blablabla"

you can push the update to the server with

git push

or the first time with

git push origin master

It's as easy as that with ssh on Linux/Mac OS X.

SSH Access from clients on Windows

The tools used for SSH are the same than HTTP, look at this previous paragraph:

• HTTP Access from clients on Windows

Anyway, I could not make it work with SSH, meanwhile with HTTP is worked fine.

Security

HTTP

We already configured Apache to take care of the security

the users must be added in /var/cache/git/htpasswd.git

htpasswd /var/cache/git/htpasswd.git user4

the groups are managed in /var/cache/git/htgroup.git

essai001-read:user1 user4 user2
essai001-write:user1 user4
project002-read:user3 user4 user1 user2
project003-write:user3 user4

NB: adding a user or a group can be done without restarting Apache

Every new repository will be shared via HTTP to the groups commiters and cloners, if you want to replace this groups you must add in /etc/apache2/sites-available/git

   <LocationMatch "^/project002\.git/.*?$">
      AuthType Basic
      AuthName "git repository"
      AuthUserFile /var/cache/git/htpasswd.git
      AuthGroupFile /var/cache/git/htgroup.git
      Require group project002-read
   </LocationMatch>

   <LocationMatch "^/project002\.git/git-receive-pack$">
      AuthType Basic
      AuthName "git repository"
      AuthUserFile /var/cache/git/htpasswd.git
      AuthGroupFile /var/cache/git/htgroup.git
      Require group project002-write
   </LocationMatch>

And reload apache

/etc/init.d/apache2 reload

www-data must be allowed to access to this repository

chown -R chris.www-data /var/cache/git/project002
chmod -R 770 /var/cache/git/project002

If you don't allow www-data to access to the repository, it won't be listed in gitweb either.

SSH

One of the nice design decisions made by the Git developers is that access control should not be the responsibility of the SCM tool. This means that the tool is free to concentrate on doing its job (tracking content), while leaving questions of authentication and authorization in the hands of other tools which are much more flexible and better suited to the job: tools like SSH, filesystem permissions, ACLs, and a host of other mechanisms.

Let's see 2 possibilities

Simple access control

We can define 2 kinds of users :

• public: read only on open source project
• developer: read/write on every project

In this case we can control the access with SSH Let's create a user GIT

adduser git

And give him all the ownership of the repositories

chmod -R git /var/cache/git

Or for staying apache capable

chmod -R git.www-data /var/cache/git

Add each developer's public key in /home/git/.ssh/authorized_keys

I didn't test this method, but its simplicity seems very interesting. If all your team must access to all the projects.

Each user would have to connect as GIT

git clone ssh://git@server/var/cache/git/essai001

And have their SSH private key working

Complex access control

For maximum control you can use ACLs and apply them selectively to specific repos

If your filesystem is ext2 or ext3, the filesystem will needto be mounted with the "acl" option. This can be done by editing /etc/fstab and changing something like:

/dev/md1 / ext3 defaults 1 1

to:

/dev/md1 / ext3 rw,acl 1 1

in my case

/dev/xvda2 / ext3 noatime,nodiratime,errors=remount-ro 0 1

became

/dev/xvda2 / ext3 noatime,nodiratime,errors=remount-ro,acl 0 1

Install acl on Debian

apt-get install acl

you need to remount the filesystem

mount -v -o remount /

We create a group of users allowed to read/write our repository Chris will be member of this group

groupadd git_test001_write
addgroup chris git_test001_write
groupadd git_test001_read
addgroup user2 git_test001_read

Give access only to these groups

chmod -R 700 /var/cache/git/test001
setfacl -R -m g:git_test001_write:rwX /var/cache/git/test001
find /var/cache/git/test001 -type d | xargs setfacl -R -m d:g:git_test001_write:rwX
setfacl -R -m g:git_test001_read:rX /var/cache/git/test001
find /var/cache/git/test001 -type d | xargs setfacl -R -m d:g:git_test001_read:rX

The first line close t The third line sets up the same permissions as a default ACL to be applied to any new files created in those directories. This access control is at the OS-level. Consequently there is no need to use git init --shared or otherwise set the core.sharedRepository config variable.

Explanation.

• -R: apply recursively
• -m: modify the ACL
• g:<group>: permissions for group <group>
• r: read access
• w: write access
• X: execute permissions, but only if the object is a directory, or already has execute permissions for some user
• d:<spec>: set a default ACL (defined by <spec>) to be applied to any new files or directories added to the directory in the future

If you need to check what the current rights are, use getfacl

getfacl /var/cache/git/test001

Apache need it's own ACL if you still want to share your project via HTTPS Read only:

addgroup www-data git_test001_read

Read and Write:

addgroup www-data git_test001_write

NB: Apache need to be restarted or reloaded for each group change, a unix user (like Windows) record its groups at the login and keep them until next login.

/etc/init.d/apache2 reload

Personnally I also use ALL ACCESS groups:

groupadd git_all_write
groupadd git_all_read

Then give access to main folder (read only anyway)

setfacl -R -m g:git_all_write:rX /var/cache/git
setfacl -R -m g:git_all_read:rX /var/cache/git

and give access to all current and futur repositories

find /var/cache/git -type d | xargs setfacl -R -m d:g:git_all_write:rwX
find /var/cache/git -type d | xargs setfacl -R -m d:g:git_all_read:rX

Transfert of my existing work

Here is how I transfer my existing local XCode repositories: Git and XCode

Issues

Name of folder

if you name the folder /var/cache/git/project001.git instead of /var/cache/git/project001 the apache config won't work without changing the regular expressions and most of the apache configuration file

HTTP clone & push

I had the following message when I use "git clone" and I was still using WebDAV (useless nowaday) instead of the Smart Http mode

$git clone http://chris@git.company.com/test001.git/
Cloning into test001...
Password: 
warning: You appear to have cloned an empty repository.

The solution was to remember to do that

cd /var/cache/git/test001
git update-server-info
cd hooks
mv post-update.sample post-update

HTTPS and self-signed SSL Certificate

$ git clone https://chris@git.company.com/essai001.git/
Cloning into essai001...
Password: 
error: SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed while accessing https://chris@git.company.com/essai001.git/info/refs

fatal: HTTP request failed

I use self-signed certificate with Apache-SSL.

The solution is either:

• cancelling the certificate validation from GIT (Not really an option)
• indicating the certificate

---

---

Cancelling the validation is easy, add into ~/.gitconfig

[http]
    sslVerify=no

---

---

Indicating the certificate is almost as easy, add into ~/.gitconfig

[http]
    sslCAInfo=/Users/chris/.git.company.cer

NB: the certificate can be exported into PEM format if you use Firefox in “Preferences”->”Advanced”->”View Certificates”

Read More

GIT Remote Add origin - Success

Server:

Server
root@gitserver:/var/cache/git# pwd
/var/cache/git
root@gitserver:/var/cache/git# ls
haiquynhweb  htgroup.git  htpasswd.git test001  test002
root@gitserver:/var/cache/git# mkdir test003
root@gitserver:/var/cache/git# cd test003
root@gitserver:/var/cache/git/test003# git --bare init
Initialized empty Git repository in /var/cache/git/test003/
root@gitserver:/var/cache/git/test003# cd ..
root@gitserver:/var/cache/git# chown -R root:www-data /var/cache/git/test003/
root@gitserver:/var/cache/git# chmod -R g+w /var/cache/git/test003/
root@gitserver:/var/cache/git# nano /etc/apache2/sites-available/git
root@gitserver:/var/cache/git# service apache2 restart
[....] Restarting web server: apache2apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName
 ... waiting apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName
. ok
 
root@gitserver:/var/cache/git# more /var/cache/git/htpasswd.git
hai:$apr1$xMq21oOa$qvdydTYM5yzfhULqIsY8r1
quynh:$apr1$pFwJrpwR$ix6I0XdqAT4hWLYMN3ige/
root@gitserver:/var/cache/git# nano /var/cache/git/htgroup.git
root@gitserver:/var/cache/git# useradd -m hai
root@gitserver:/var/cache/git# passwd hai
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
root@gitserver:/var/cache/git# chown -R hai:www-data /var/cache/git/test003/
root@gitserver:/var/cache/git# chown -R 770 /var/cache/git/test003/

CLient:

Client
thehai@thehai-Vostro-3550:~$ cd ~/Desktop/
thehai@thehai-Vostro-3550:~/Desktop$ ls
Data~  haiquynh.co
thehai@thehai-Vostro-3550:~/Desktop$ mkdir test000003
thehai@thehai-Vostro-3550:~/Desktop$ cd test000003/
thehai@thehai-Vostro-3550:~/Desktop/test000003$ git init
Initialized empty Git repository in /home/thehai/Desktop/test000003/.git/
thehai@thehai-Vostro-3550:~/Desktop/test000003$ git remote add origin http://hai@git.haiquynh.com/test003.git/
thehai@thehai-Vostro-3550:~/Desktop/test000003$ echo "the hai truong" >> xemngay.txt
thehai@thehai-Vostro-3550:~/Desktop/test000003$ git add xemngay.txt
thehai@thehai-Vostro-3550:~/Desktop/test000003$ git commit -a -m "1 ngay tot lanh"
[master (root-commit) fdecaef] 1 ngay tot lanh
 1 file changed, 1 insertion(+)
 create mode 100644 xemngay.txt
thehai@thehai-Vostro-3550:~/Desktop/test000003$ git push origin master
Password for 'http://hai@git.haiquynh.com':
To http://hai@git.haiquynh.com/test003.git/
 * [new branch]      master -> master

Read More