原文地址:http://lisongze.com/2018/09/01/gitolite-gitserver/ or http://lisongze.cn/2018/09/01/gitolite-gitserver/
基於gitolite搭建輕量級git服務器
git服務器管理工具方案常見有gitosis,gitolito,repo+gerrit。
- Gitosis - 輕量級, 開源項目,使用SSH公鑰認證,只能做到庫級的權限控制。目前項目已經停止開發,不再維護。
- Gitolite - 輕量級,開源項目,使用SSH公鑰認證,能做到分支級的權限控制。
- Git + Repo + Gerrit - 超級重量級,集版本控制,庫管理和代碼審覈爲一身。可管理大型及超大型項目。
Git + Repo + Gerrit 在android中大量使用,方便管理大型工程,可在各個子目錄下建立單獨git倉庫,repo統一管理,gitolite 在小型項目方便做到很好的權限管理。
1. gitolite 搭建 git 服務器
1.1 創建git管理員與使用者
sudo adduser git
sudo useradd -g 用戶組 -m 用戶名
這裏建立git用戶來管理項目。
1.2 安裝ssh服務器與客戶端
sudo apt-get install openssh-server openssh-client
1.3 安裝git工具
sudo apt-get install git git-core
1.4 安裝gitolite
1.4.1 下載 gitolite
git@lisongze-virtual-machine:~$ git clone http://github.com/sitaramc/gitolite
正克隆到 'gitolite'...
warning: 重定向到 https://github.com/sitaramc/gitolite/
remote: Counting objects: 9560, done.
remote: Total 9560 (delta 0), reused 0 (delta 0), pack-reused 9560
接收對象中: 100% (9560/9560), 3.01 MiB | 280.00 KiB/s, 完成.
處理 delta 中: 100% (5924/5924), 完成.
git@lisongze-virtual-machine:~$ ls
examples.desktop gitolite
1.4.2 安裝 gitolite
git@lisongze-virtual-machine:~$ mkdir bin
git@lisongze-virtual-machine:~$ ./gitolite/install -to ~/bin
1.5 生成安全密鑰及配置gitolite
ssh-keygen -t rsa -C "[email protected]"
lisongze@lisongze-virtual-machine:~$ ssh-keygen -t rsa -C "[email protected]"
lisongze@lisongze-virtual-machine:~$ cp .ssh/id_rsa.pub /tmp/ssh_key/admin.pub
git@lisongze-virtual-machine:~$ ./bin/gitolite setup -pk /tmp/ssh_key/admin.pub
已初始化空的 Git 倉庫於 /home/git/repositories/gitolite-admin.git/
已初始化空的 Git 倉庫於 /home/git/repositories/testing.git/
WARNING: /home/git/.ssh missing; creating a new one
(this is normal on a brand new install)
WARNING: /home/git/.ssh/authorized_keys missing; creating a new one
(this is normal on a brand new install)
lisongze@lisongze-virtual-machine:~$ git clone [email protected]:gitolite-admin.git
正克隆到 'gitolite-admin'...
The authenticity of host '192.168.3.4 (192.168.3.4)' can't be established.
ECDSA key fingerprint is SHA256:1JFM6/UW0m4Jupx7awfV/laAI7qtOGvlyPcKSI1op+M.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.3.4' (ECDSA) to the list of known hosts.
remote: 對象計數中: 6, 完成.
remote: 壓縮對象中: 100% (4/4), 完成.
remote: Total 6 (delta 0), reused 0 (delta 0)
接收對象中: 100% (6/6), 完成.
1.6 配置用戶權限
gitolite-admin/conf/gitolite.conf 配置文件用來管理各個工程的用戶權限,修改配置文件需要git add,git commit及git push提交後生效。
repo gitolite-admin
RW+ = id_rsa_admin
repo testing
RW+ = @all
查看某個用戶的ssh權限
lisongze@lisongze-virtual-machine:~/gitolite-admin/conf$ ssh [email protected] info
hello id_rsa_admin, this is git@lisongze-virtual-machine running gitolite3 v3.6.8-3-g29d5bb7 on git 2.17.1
R W gitolite-admin
R W testing
1.7 測試 demo
這裏我們舉例來實驗
- lisongze: admin管理員
- linux: 開發者有讀寫權限
- zhangsan: 客戶只給讀權限
1.7.1 創建用戶並生成ssh key
lisongze@lisongze-virtual-machine:~$ sudo adduser linux
lisongze@lisongze-virtual-machine:~$ sudo adduser zhangsan
lisongze@lisongze-virtual-machine:~$ su linux
linux@lisongze-virtual-machine:~$ ssh-keygen -t rsa -C "[email protected]"
lisongze@lisongze-virtual-machine:~$ su zhangsan
zhangsan@lisongze-virtual-machine:~$ ssh-keygen -t rsa -C "[email protected]"
1.7.2 admin管理員配置用戶權限
增加用戶的ssh key公鑰文件
lisongze@lisongze-virtual-machine:~/gitolite-admin/keydir$ sudo cp /home/linux/.ssh/id_rsa.pub linux.pub
lisongze@lisongze-virtual-machine:~/gitolite-admin/keydir$ sudo cp /home/zhangsan/.ssh/id_rsa.pub zhangsan.pub
lisongze@lisongze-virtual-machine:~/gitolite-admin$ git diff
diff --git a/conf/gitolite.conf b/conf/gitolite.conf
index 670f351..03c71c9 100644
--- a/conf/gitolite.conf
+++ b/conf/gitolite.conf
@@ -2,4 +2,6 @@ repo gitolite-admin
RW+ = admin
repo testing
- RW+ = @all
+ RW+ = admin
+ RW = linux
+ R = zhangsan
lisongze@lisongze-virtual-machine:~/gitolite-admin$ git status
位於分支 master
您的分支與上游分支 'origin/master' 一致。
尚未暫存以備提交的變更:
(使用 "git add <文件>..." 更新要提交的內容)
(使用 "git checkout -- <文件>..." 丟棄工作區的改動)
修改: conf/gitolite.conf
未跟蹤的文件:
(使用 "git add <文件>..." 以包含要提交的內容)
keydir/linux.pub
keydir/zhangsan.pub
修改尚未加入提交(使用 "git add" 和/或 "git commit -a")
lisongze@lisongze-virtual-machine:~/gitolite-admin$ git add conf/gitolite.conf keydir/linux.pub keydir/zhangsan.pub
lisongze@lisongze-virtual-machine:~/gitolite-admin$ git commit -m "add user linux,zhangsan"
[master eee4636] add user linux,zhangsan
3 files changed, 5 insertions(+), 1 deletion(-)
create mode 100644 keydir/linux.pub
create mode 100644 keydir/zhangsan.pub
lisongze@lisongze-virtual-machine:~/gitolite-admin$ git push
對象計數中: 7, 完成.
Delta compression using up to 4 threads.
壓縮對象中: 100% (6/6), 完成.
寫入對象中: 100% (7/7), 1.16 KiB | 1.16 MiB/s, 完成.
Total 7 (delta 0), reused 0 (delta 0)
To 192.168.3.4:gitolite-admin.git
22d14ad..eee4636 master -> master
1.7.3 項目成員 git clone代碼修改提交
zhangsan@lisongze-virtual-machine:~$ git clone [email protected]:testing.git
正克隆到 'testing'...
The authenticity of host '192.168.3.4 (192.168.3.4)' can't be established.
ECDSA key fingerprint is SHA256:1JFM6/UW0m4Jupx7awfV/laAI7qtOGvlyPcKSI1op+M.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.3.4' (ECDSA) to the list of known hosts.
remote: 對象計數中: 6, 完成.
remote: 壓縮對象中: 100% (2/2), 完成.
remote: Total 6 (delta 0), reused 0 (delta 0)
接收對象中: 100% (6/6), 完成.
zhangsan@lisongze-virtual-machine:~$ git status
fatal: 不是一個 git 倉庫(或者直至掛載點 / 的任何父目錄)
停止在文件系統邊界(未設置 GIT_DISCOVERY_ACROSS_FILESYSTEM)。
zhangsan@lisongze-virtual-machine:~$ cd testing/
zhangsan@lisongze-virtual-machine:~/testing$ ls
test.md
zhangsan@lisongze-virtual-machine:~/testing$ git log
commit f36b7982c074860c22361e38edf01acf9656e84f (HEAD -> master, origin/master, origin/HEAD)
Author: linux <[email protected]>
Date: Mon Aug 27 23:42:49 2018 +0800
fix test.md by linux
commit 790d7297cb34d4f355494efea513bb34d13821d4
Author: Songze Lee <[email protected]>
Date: Mon Aug 27 23:39:09 2018 +0800
add test.md
zhangsan@lisongze-virtual-machine:~/testing$ vim test.md
zhangsan@lisongze-virtual-machine:~/testing$ git diff
diff --git a/test.md b/test.md
index 4ce1936..1857ce1 100644
--- a/test.md
+++ b/test.md
@@ -1,2 +1,3 @@
admin write here
linux write here
+zhangsan write here
zhangsan@lisongze-virtual-machine:~/testing$ git add test.md
zhangsan@lisongze-virtual-machine:~$ cd testing/
zhangsan@lisongze-virtual-machine:~/testing$ ls
test.md
zhangsan@lisongze-virtual-machine:~/testing$ git log
commit f36b7982c074860c22361e38edf01acf9656e84f (HEAD -> master, origin/master, origin/HEAD)
Author: linux <[email protected]>
Date: Mon Aug 27 23:42:49 2018 +0800
fix test.md by linux
commit 790d7297cb34d4f355494efea513bb34d13821d4
Author: Songze Lee <[email protected]>
Date: Mon Aug 27 23:39:09 2018 +0800
add test.md
zhangsan@lisongze-virtual-machine:~/testing$ vim test.md
zhangsan@lisongze-virtual-machine:~/testing$ git diff
diff --git a/test.md b/test.md
index 4ce1936..1857ce1 100644
--- a/test.md
+++ b/test.md
@@ -1,2 +1,3 @@
admin write here
linux write here
+zhangsan write here
zhangsan@lisongze-virtual-machine:~/testing$ git add test.md
zhangsan@lisongze-virtual-machine:~/testing$ git commit -m "fix test.md,by zhangsan"
*** 請告訴我你是誰。
運行
git config --global user.email "[email protected]"
git config --global user.name "Your Name"
來設置您賬號的缺省身份標識。
如果僅在本倉庫設置身份標識,則省略 --global 參數。
fatal: 無法自動探測郵件地址(得到 'zhangsan@lisongze-virtual-machine.(none)')
zhangsan@lisongze-virtual-machine:~/testing$ git push
FATAL: W any testing zhangsan DENIED by fallthru
(or you mis-spelled the reponame)
fatal: 無法讀取遠程倉庫。
請確認您有正確的訪問權限並且倉庫存在。
zhangsan@lisongze-virtual-machine:~/testing$ git config --global user.email "[email protected]"
zhangsan@lisongze-virtual-machine:~/testing$ git config --global user.name "zhangsan"
zhangsan@lisongze-virtual-machine:~/testing$ git push
FATAL: W any testing zhangsan DENIED by fallthru
(or you mis-spelled the reponame)
fatal: 無法讀取遠程倉庫。
請確認您有正確的訪問權限並且倉庫存在。
從上面我們可以看到linux用戶有讀寫權限可以push提交成功,zhangsan用戶只要讀取權限不可以提交,和配置文件一致。
1.8 新建項目git倉庫
如需創建新的git倉庫,只需要管理員修改conf/gitolite.conf ,git 提交即可自動創建好git倉庫,項目組成員可通過命令 git clone git@ip_addr:xxx.git拉取代碼,如下示例。
lisongze@lisongze-virtual-machine:~/gitolite-admin/conf$ git diff
diff --git a/conf/gitolite.conf b/conf/gitolite.conf
index 03c71c9..0cab5ac 100644
--- a/conf/gitolite.conf
+++ b/conf/gitolite.conf
@@ -5,3 +5,6 @@ repo testing
RW+ = admin
RW = linux
R = zhangsan
+
+repo s5p4418_kernel
+ RW+ = admin
lisongze@lisongze-virtual-machine:~/gitolite-admin/conf$ vim gitolite.conf
lisongze@lisongze-virtual-machine:~/gitolite-admin/conf$ git add gitolite.conf
lisongze@lisongze-virtual-machine:~/gitolite-admin/conf$ git commit -m "add s5p4418_kernel.git"
[master e170b57] add s5p4418_kernel.git
1 file changed, 3 insertions(+)
lisongze@lisongze-virtual-machine:~/gitolite-admin/conf$ git push
對象計數中: 4, 完成.
Delta compression using up to 4 threads.
壓縮對象中: 100% (3/3), 完成.
寫入對象中: 100% (4/4), 390 bytes | 390.00 KiB/s, 完成.
Total 4 (delta 1), reused 0 (delta 0)
remote: 已初始化空的 Git 倉庫於 /home/git/repositories/s5p4418_kernel.git/
To 192.168.3.4:gitolite-admin.git
eee4636..e170b57 master -> master
2. gitweb的搭建
如果你對項目有讀寫權限或只讀權限,你可能需要建立起一個基於網頁的簡易查看器。 Git 提供了一個叫做 GitWeb 的 CGI 腳本來做這項工作。
2.1 gitweb安裝
lisongze@lisongze-virtual-machine:~$ sudo apt-get install gitweb apache2 highlight
2.2 gitweb配置
修改/etc/gitweb.conf,指定git倉庫路徑,及項目列表。
# path to git projects (<project>.git)
$projectroot = "/home/git/repositories";
$projects_list = "/home/git/projects.list";
注意這裏的/home/git/projects.list需要手動增加repositories下的git倉庫名,如下
git@lisongze-virtual-machine:~$ cat projects.list
testing.git
s5p4418_kernel.git
2.3 http服務器配置
建立超鏈接,使訪問192.168.92.128/gitweb ,由gitweb.cgi響應
sudo ln -s /usr/share/gitweb /var/www/html/gitweb
修改apache的80端口網頁配置文件/etc/apache2/sites-available/000-default.conf,使訪問192.168.3.13/gitweb 並啓用gitweb.cgi 進入編輯頁面後在最後面追加以下內容,保存退出。然後重啓apache就OK了
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
<Directory /var/www/html/gitweb>
Options +ExecCGI +FollowSymLinks +SymLinksIfOwnerMatch
AllowOverride All
Order allow,deny
Allow from all
AddHandler cgi-script cgi
DirectoryIndex gitweb.cgi
</Directory>
ScriptAlias /awstats/ /usr/lib/cgi-bin/
CustomLog /var/log/apache2/git-access.log combined
</VirtualHost>
重啓apache
sudo a2enmod cgid
sudo /etc/init.d/apache2 restart
注意
如登錄訪問 http://192.168.3.4/gitweb/ 訪問不到項目列表,需要修改權限,執行以下操作。
sudo usermod -a -G git www-data
git@lisongze-virtual-machine:~$ vim .gitolite.rc
UMASK => 0002,
sudo chmod 750 -R /home/git
sudo /etc/init.d/apache2 restart
2.4 gitweb 上顯示描述信息和所有者
更改描述信息
git@lisongze-virtual-machine:~/repositories/testing.git$ vim description
git@lisongze-virtual-machine:~/repositories/testing.git$ cat description
just for test
修改config增加gitweb配置
git@lisongze-virtual-machine:~/repositories/testing.git$ cat config
[core]
repositoryformatversion = 0
filemode = true
bare = true
[gitweb]
owner = "[email protected]"
2.5 配置網頁顯示makedown功能
lisongze@lisongze-virtual-machine:~$ sudo apt-get install libtext-markdown-perl
修改/usr/share/gitweb/gitweb.cgi 增加# add support markdown 到結尾的內容。
# If XSS prevention is on, we don't include README.html.
# TODO: Allow a readme in some safe format.
if (!$prevent_xss && -s "$projectroot/$project/README.html") {
print "<div class=\"title\">readme</div>\n" .
"<div class=\"readme\">\n";
insert_file("$projectroot/$project/README.html");
print "\n</div>\n"; # class="readme"
}
# add support markdown
if (!$prevent_xss) {
$file_name = "README.md";
my $proj_head_hash = git_get_head_hash($project);
my $readme_blob_hash = git_get_hash_by_path($proj_head_hash, "README.md", "blob");
if ($readme_blob_hash) { # if README.md exists
print "<div class=\"header\">readme</div>\n";
print "<div class=\"readme page_body\">"; # TODO find/create a better CSS class than page_body
my $cmd_markdownify = $GIT . " " . git_cmd() . " cat-file blob " . $readme_blob_hash . " | markdown |";
open FOO, $cmd_markdownify or die_error(500, "Open git-cat-file blob '$hash' failed");
while (<FOO>) {
print $_;
}
close(FOO);
print "</div>";
}
}
以上支持的markdown功能經測試比較單一,如中文字符、table表不支持,代碼片段支持不好,簡單文本內容可以。
2.6 文件管理服務器
lisongze@lisongze-virtual-machine:~/kernel.org/linux-stable$ sudo ln -s /home/lisongze/kernel.org/linux-stable/ /var/www/html/linux-stable