Gitolite is a Git repository management software. It can be used to easily setup Git repositories on a server. It allows authentication with SSH keys and provides fine-grained access control.
Gitolite doesn't have a graphical user interface. Nor it needs a database. It's simple to install and use.
Once the software is installed and set up properly, a new Git repository called "gitolite-admin" is automatically created. The admin user can clone this repository to his/her local computer, make changes to a configuration file found in it to manage the repositories and user permissions. SSH keys of users are also added to the gitolite-admin repository. The updated configuration file possibly with user SSH keys are pushed to the repository and that makes the changes live.
As of writing this article, version 3 of Gitolite is available. To install it on a Debian based server which has the ssh-server already installed and running properly, run the following command as the root user:
apt -y install gitolite3Now, create a new user account whose home directory will house all the Git repositories. Let's assume the username of the new account is 'git'. It's possible to user a different name if you wish.
adduser --disabled-password --shell /bin/bash --gecos "GIT Repository" gitWe need the admin user's public SSH key now. Let's assume that I am going to manage the Git repositories from my personal laptop. I am already logged in to it as the user 'kamal'. I already have SSH keys generated. But if needed to create a pair of SSH keys, run the 'ssh-keygen' command and by default the public key is found in the .ssh/id_rsa.pub file inside the home directory of the user.
Let's assume that the Debian based server where we installed gitolite3 is accessible via its hostname git.software.lk. We need to copy the admin user's public SSH key to it. One may use scp to do it like this:
scp /home/kamal/.ssh/id_rsa.pub root@git.software.lk:/tmp/kamal.pubOn the server, switch to the newly created 'git' user:
su - gitNow, initialize Gitolite with the admin user's public key:
gitolite setup -pk /tmp/kamal.pubThat's all to be done on the server.
On the local machine, as the user 'kamal', let me create a new directory into which gitolite-admin repository will be cloned. You can choose a different place.
mkdir -p ~/git/admin/git-git.software.lkLet me switch to that directory:
cd ~/git/admin/git-git.software.lkClone the gitolite-admin repository:
git clone git@git.software.lk:gitolite-adminIf you check the gitolite-admin directory, the content will be like this:
.
├── conf
│ └── gitolite.conf
└── keydir
└── kamal.pubThe 'keydir' can be added with the SSH public keys of other users. For example, to add a user 'nimal', get the SSH public key of that user and put it inside the keydir with the filename nimal.pub.
Use a text editor to open the conf/gitolite.conf file. Let's say a new Git repository called 'testing' is to be created, kamal should be given full read-write access but nimal should be given read-only access. Change the file to look like this:
repo gitolite-admin
RW+ = kamal
repo testing
RW+ = kamal
R = nimalGitolite has many features. To learn more about how to use them and update the gitolite.conf file accordingly, visit the Gitolite website.
Make sure access to the gitolite-admin repository is retained. Also, make sure the file syntax is correct. Otherwise, you could end up in messy situations.
Let's make the changes permanent and send to the remote Git server:
cd ~/git/admin/git-git.software.lk/gitolite-admin
git add .
git commit -m 'Created testing repo and added user nimal'
git pushThat will make a new repository called 'testing' and user nimal will have read access. So nimal can clone the new repository as follows to use it:
git clone git@git.software.lk:testingHow does Gitolite controls access? The above 'git push' command triggers Gitolite to update the ~/.ssh/authorized_keys file in the server. It is via that file Gitolite gets executed when SSH connections are established to the server and hence gets a chance to apply permissions as defined in the gitolite.conf file. It's best that the ~/.ssh/authorized_keys file is not changed directly but left for Gitolite to automatically adjust it as needed.
- ප්රතිචාර දැක්වීමට ඇතුල් වන්න