2016-03-02
We address the question how to have git running on a server. One step
requires that all the previous steps have been set into action. Within
the guide we note variables that shall be replaced by strings by shell
variables with curly braces: ${VARIABLE}.
The variable ${SERVER} refers
to one linux server address.
Generate an ssh key, if you do not already have one. Insure that you can access the server with your SSH key issuing the command:
$ ssh-copy-id -i ~/.ssh/id_ed25519.pub "${USER}@${SERVER}"This will append your local public key
~/.ssh/id_ed25519.pub to the file
~/.ssh/authorized_keys on the server.
~/myrepo.git with $ git init --bare --share ~/myrepo.git.
The flag --bare implies that there will be no working tree,
i.e. no files will be checked out on the server; the flag
--shared makes possible for users of the same group to push
to the repository. By convention bare repositories end in
.git.$ git clone "ssh://${USER}@${SERVER}:~/myrepo.git"The remote repository can be set as origin (or any other name), for a local git repository. Navigate to a local git repository and add the remote repository as the origin:
$ git remote add origin "ssh://${USER}@${SERVER}:~/myrepo.git"When you run $ git push origin
in the local repository this will merge with the repository on the
server.
To work together with another person using the repository on the
server as a main repository you need the persons public SSH key. Place
the key ssh-rsa AAAAB3N… in the file
~/.ssh/authorized_keys on the server, but prepend the
command restriction.
command="/usr/bin/env git-shell -c \"$SSH_ORIGINAL_COMMAND\"" ssh-rsa AAAAB3N…The previous line restricts the person to only use git commands (via
git-shell) on any repository known to them. That means that
any repository can be checked out in a similar manner.
The collaborator can perform the very same checkout as you (where
$USER is your username):
$ git clone "ssh://${USER}@${SERVER}:~/myrepo.git"Independently if or not we restrict the access for the repository, we want to track the activity in the repository and get notified by email about any changes. All the following steps happen on the server.
We add a script as a post-receive hook so it will be executed after receiving changes. Download the script to the appropriate location within the repositiory (assuming it is a bare repository).
$ wget -O ~/myrepo.git/hooks/post-receive 'https://people.kth.se/~arveg/post-receive'After you have understood what this script does and that you can
trust this script make it executable:
$ chmod +x ~/myrepo.git/hooks/post-receive and add a brief
description to the repository:
echo "My Project." > ~/myrepo.git/descriptionIt will be used in the email notifications.
As a last step we have to define the recipients as well as the
sender, manually in the configuration file of the git repository in
question. Add the follwing lines to the file
~/myrepo.git/config. Separate several recipients with
spaces like in the example below.
[hooks]
mailinglist = "email1@example.com email2@example.com"
senderemail = "owner@example.com"This will send emails using the program xmail whenever
changes are pushed to the remote repository.
To prevent the previous security by obscurity one wants to restrict the access for a user (authenticated by its SSH key) to only access certain repositories. There are tools for git, like gitolite to manage fine-granulated access control.