Gitolite is a Git repository management software. It can be used to easily setup Git repositories on a server. It allows authentication with SSH keys and provides fine-grained access control.
Gitolite doesn't have a graphical user interface. Nor it needs a database. It's simple to install and use.
Once the software is installed and set up properly, a new Git repository called "gitolite-admin" is automatically created. The admin user can clone this repository to his/her local computer, make changes to a configuration file found in it to manage the repositories and user permissions. SSH keys of users are also added to the gitolite-admin repository. The updated configuration file possibly with user SSH keys are pushed to the repository and that makes the changes live.
As of writing this article, version 3 of Gitolite is available. To install it on a Debian based server which has the ssh-server already installed and running properly, run the following command as the root user:
apt -y install gitolite3
Now, create a new user account whose home directory will house all the Git repositories. Let's assume the username of the new account is 'git'. It's possible to user a different name if you wish.
adduser --disabled-password --shell /bin/bash --gecos "GIT Repository" git
We need the admin user's public SSH key now. Let's assume that I am going to manage the Git repositories from my personal laptop. I am already logged in to it as the user 'kamal'. I already have SSH keys generated. But if needed to create a pair of SSH keys, run the 'ssh-keygen' command and by default the public key is found in the .ssh/id_rsa.pub file inside the home directory of the user.
Let's assume that the Debian based server where we installed gitolite3 is accessible via its hostname git.software.lk. We need to copy the admin user's public SSH key to it. One may use scp to do it like this:
scp /home/kamal/.ssh/id_rsa.pub root@git.software.lk:/tmp/kamal.pub
On the server, switch to the newly created 'git' user:
su - git
Now, initialize Gitolite with the admin user's public key:
gitolite setup -pk /tmp/kamal.pub
That's all to be done on the server.
On the local machine, as the user 'kamal', let me create a new directory into which gitolite-admin repository will be cloned. You can choose a different place.
mkdir -p ~/git/admin/git-git.software.lk
Let me switch to that directory:
cd ~/git/admin/git-git.software.lk
Clone the gitolite-admin repository:
git clone git@git.software.lk:gitolite-admin
If you check the gitolite-admin directory, the content will be like this:
.
├── conf
│ └── gitolite.conf
└── keydir
└── kamal.pub
The 'keydir' can be added with the SSH public keys of other users. For example, to add a user 'nimal', get the SSH public key of that user and put it inside the keydir with the filename nimal.pub.
Use a text editor to open the conf/gitolite.conf file. Let's say a new Git repository called 'testing' is to be created, kamal should be given full read-write access but nimal should be given read-only access. Change the file to look like this:
repo gitolite-admin
RW+ = kamal
repo testing
RW+ = kamal
R = nimal
Gitolite has many features. To learn more about how to use them and update the gitolite.conf file accordingly, visit the Gitolite website.
Make sure access to the gitolite-admin repository is retained. Also, make sure the file syntax is correct. Otherwise, you could end up in messy situations.
Let's make the changes permanent and send to the remote Git server:
cd ~/git/admin/git-git.software.lk/gitolite-admin
git add .
git commit -m 'Created testing repo and added user nimal'
git push
That will make a new repository called 'testing' and user nimal will have read access. So nimal can clone the new repository as follows to use it:
git clone git@git.software.lk:testing
How does Gitolite controls access? The above 'git push' command triggers Gitolite to update the ~/.ssh/authorized_keys file in the server. It is via that file Gitolite gets executed when SSH connections are established to the server and hence gets a chance to apply permissions as defined in the gitolite.conf file. It's best that the ~/.ssh/authorized_keys file is not changed directly but left for Gitolite to automatically adjust it as needed.
- Log in to post comments