Running Git on the UNIX Servers

2016-03-02

We address the question how to have git running on a server. One step requires that all the previous steps have been set into action. Within the guide we note variables that shall be replaced by strings by shell variables with curly braces: ${VARIABLE}.

Preparation

The variable ${SERVER} refers to one linux server address.

Generate an ssh key, if you do not already have one. Insure that you can access the server with your SSH key issuing the command:

$ ssh-copy-id -i ~/.ssh/id_ed25519.pub "${USER}@${SERVER}"

This will append your local public key ~/.ssh/id_ed25519.pub to the file ~/.ssh/authorized_keys on the server.

Creating a Repository on the Server

  1. On the server initialize an empty git repository at a ~/myrepo.git with $ git init --bare ~/myrepo.git. The flag --bare implies that there will be no working tree, i.e. no files will be checked out on the server. By convention bare repositories end in .git.
  2. On your machine you can now clone the created repository with:
$ git clone "ssh://${USER}@${SERVER}:~/myrepo.git"

The remote repository can be set as origin (or any other name), for a local git repository. Navigate to a local git repository and add the remote repository as the origin:

$ git remote add origin "ssh://${USER}@${SERVER}:~/myrepo.git"

When you run $ git push origin in the local repository this will merge with the repository on the server.

Adding Other Collaborators

To work together with another person using the repository on the server as a main repository you need the persons public SSH key. Place the key ssh-rsa AAAAB3N… in the file ~/.ssh/authorized_keys on the server, but prepend the command restriction.

command="/usr/bin/env git-shell -c \"$SSH_ORIGINAL_COMMAND\"" ssh-rsa AAAAB3N…

The previous line restricts the person to only use git commands (via git-shell) on any repository known to them. That means that any repository can be checked out in a similar manner.

The collaborator can perform the very same checkout as you (where $USER is your username):

$ git clone "ssh://${USER}@${SERVER}:~/myrepo.git"

Add an Email Notification for New Commits

Independently if or not we restrict the access for the repository, we want to track the activity in the repository and get notified by email about any changes. All the following steps happen on the server.

We add a script as a post-receive hook so it will be executed after receiving changes. Download the script to the appropriate location within the repositiory (assuming it is a bare repository).

$ wget -O ~/myrepo.git/hooks/post-receive 'https://people.kth.se/~arveg/post-receive'

After you have understood what this script does and that you can trust this script make it executable: $ chmod +x ~/myrepo.git/hooks/post-receive and add a brief description to the repository:

echo "My Project." > ~/myrepo.git/description

It will be used in the email notifications.

As a last step we have to define the recipients as well as the sender, manually in the configuration file of the git repository in question. Add the follwing lines to the file ~/myrepo.git/config. Separate several recipients with spaces like in the example below.

[hooks]
  mailinglist = "email1@example.com email2@example.com"
  senderemail = "owner@example.com"

This will send emails using the program xmail whenever changes are pushed to the remote repository.

Deny Access to Repositories

To prevent the previous security by obscurity one wants to restrict the access for a user (authenticated by its SSH key) to only access certain repositories. There are tools for git, like gitolite to manage fine-granulated access control.