Git是非常著名的分布式版本控制系统。很多情况下只会搭建内部的git服务器,然后在协同开发。那么在搭建内部git服务器,我们可以使用gitosis来辅助我们去完成。Gitosis 是一套用来管理 authorized_keys文件和实现简单连接限制的脚本,它是Python开发的,所以要保证Python和Python setuptools提前安装好。
参考:
http://scie.nti.st/2007/11/14/hosting-git-repositories-the-easy-and-secure-way/
一、替换ubuntu更新源为国内更新源
1.在这里使用清华大学开源软件镜像站,直接参考:
https://mirrors.tuna.tsinghua.edu.cn/help/ubuntu/
2.配置更新源列表,配置之前先保存之前的源列表
root@book-virtual-machine:~# cp /etc/apt/sources.list /etc/apt/sources.list.back
root@book-virtual-machine:~# vim /etc/apt/sources.list
# 默认注释了源码镜像以提高apt update速度,如有需要可自行取消注释
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ precise main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ precise main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ precise-updates main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ precise-updates main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ precise-backports main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ precise-backports main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ precise-security main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ precise-security main restricted universe multiverse
# 预发布软件源,不建议启用
# deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ precise-proposed main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ precise-proposed main restricted universe multiverse
root@book-virtual-machine:~# vim /etc/resolv.conf
nameserver 127.0.0.1
nameserver 101.6.6.6 #清华大学开源软件镜像站 DNS地址
root@book-virtual-machine:~# apt-get clean
root@book-virtual-machine:~# apt-get update
3.在搭建本地GIT服务器,除了git服务器相关的软件,还需要用到用户访问认证。在搭建服务器的过程中由于更新源库的问题。
book@book-virtual-machine:~$ sudo apt-get install git-core python-setuptools
4.下载并安装gitosis
cd ~/src
git clone https://github.com/tv42/gitosis.git
cd gitosis
python setup.py install
5.添加用户git
root@book-virtual-machine:/home/book# adduser git
Adding user `git' ...
Adding new group `git' (1001) ...
Adding new user `git' (1001) with group `git' ...
Creating home directory `/home/git' ...
Copying files from `/etc/skel' ...
Enter new UNIX password:
Retype new UNIX password:
Sorry, passwords do not match
passwd: Authentication token manipulation error
passwd: password unchanged
Try again? [y/N] y
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Changing the user information for git
Enter the new value, or press ENTER for the default
Full Name []:
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n]
二、配置SSH和生成密钥
1.安装openssh
book@book-virtual-machine:~$ sudo apt-get install openssh-server openssh-client
2.修改sshd配置文件
book@book-virtual-machine:/$ sudo vim /etc/ssh/sshd_config
/***加大key的位数***/
ServerKeyBits 768 ---> ServerKeyBits 1024
/***禁止root用户登录***/
PermitRootLogin yes ---> PermitRootLogin no
/***打开AuthorizedKeysFile ***/
AuthorizedKeysFile %h/.ssh/authorized_keys
3.生成git用户的密钥(切换到git用户)
git@book-virtual-machine:~$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/git/.ssh/id_rsa):
Created directory '/home/git/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/git/.ssh/id_rsa.
Your public key has been saved in /home/git/.ssh/id_rsa.pub.
The key fingerprint is:
c5:36:b1:87:04:ff:97:6a:de:08:f6:5f:05:20:a8:0b git@book-virtual-machine
The key's randomart image is:
+--[ RSA 2048]----+
| .o+ . |
| .+ = . |
| . O . . |
| E . o + o |
| . .S . o .|
| . o .|
| o o .|
| . = o . |
| +.o |
+-----------------+
三、初始化gitosis
1.配置git全局参数
git config --global user.name "git"
git config --global user.email "[email protected]"
2.使用git管理员的公钥来初始化gitosis
git@book-virtual-machine:~$ gitosis-init < ~/.ssh/id_rsa.pub
Initialized empty Git repository in /home/git/repositories/gitosis-admin.git/
Reinitialized existing Git repository in /home/git/repositories/gitosis-admin.git/
初始化成功后生成下面两个目录
git@book-virtual-machine:~$ ls
gitosis repositories
3.修改post-update权限
git@book-virtual-machine:~$ chmod 755 ~/repositories/gitosis-admin.git/hooks/post-update
4.测试ssh是否能通过公钥访问:
git@book-virtual-machine:~$ ssh git@192.168.1.123
The authenticity of host '192.168.1.123 (192.168.1.123)' can't be established.
ECDSA key fingerprint is df:20:21:5c:73:76:b8:32:13:31:47:19:1f:ef:fc:fb.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.123' (ECDSA) to the list of known hosts.
PTY allocation request failed on channel 0
ERROR:gitosis.serve.main:Need SSH_ORIGINAL_COMMAND in environment.
Connection to 192.168.1.123 closed.
从上面来看,SSH登录git用户已经成功了。
5.使用git clone把gitosis-admin clone下来进行管理
git@book-virtual-machine:/work/management$ git clone git@192.168.1.123:gitosis-admin.git
Cloning into 'gitosis-admin'...
remote: Counting objects: 5, done.
remote: Compressing objects: 100% (5/5), done.
remote: Total 5 (delta 0), reused 5 (delta 0)
Receiving objects: 100% (5/5), done.
git@book-virtual-machine:/work/management$ ls
gitosis-admin
6.安装完成
四、gitosis管理功能测试
1.使用之前的book用户去访问git用户下的test.git
1.1 在git用户下创建test.git
git@book-virtual-machine:~/repositories$ mkdir test.git
git@book-virtual-machine:~/repositories$ ls
gitosis-admin.git test.git
1.2 初始化test.git空仓库
git@book-virtual-machine:~/repositories$ cd test.git/
git@book-virtual-machine:~/repositories/test.git$ git init --bare
Initialized empty Git repository in /home/git/repositories/test.git/
2.添加book用户到gitosis上
git@book-virtual-machine:/work/management/gitosis-admin$ ls
gitosis.conf keydir
git@book-virtual-machine:/work/management/gitosis-admin$ vim gitosis.conf
[gitosis]
[group gitosis-admin]
members = git@book-virtual-machine
writable = gitosis-admin
/*- 添加test仓库和book用户,格式仿上面即可,更溜玩法请百度 -*/
[group test]
members = book@book-virtual-machine
writable = test
3.book用户生成密钥并且把公钥给到git用户
3.1 生成book的密钥
book@book-virtual-machine:~$ cd ~
book@book-virtual-machine:~$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/book/.ssh/id_rsa):
Created directory '/home/book/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/book/.ssh/id_rsa.
Your public key has been saved in /home/book/.ssh/id_rsa.pub.
The key fingerprint is:
86:a8:42:1e:a2:77:4f:92:7f:00:eb:c4:7f:5a:9d:8c book@book-virtual-machine
The key's randomart image is:
+--[ RSA 2048]----+
| |
| |
| |
| .. . |
|.o ..o. S |
|= ..+... + . |
|o.oo+...E + |
| o ..=..o |
| ++ |
+-----------------+
3.2 book用户的公钥给git,公钥的名字一定要和上面gitosis.conf设置的用户名一样
book@book-virtual-machine:~$ sudo cp .ssh/id_rsa.pub /work/management/gitosis-admin/keydir/book@book-virtual-machine.pub
3.3 上传修改到gitosis上(上面的修改都是在clone下来的本地code操作的,因此修改的东西需要上传上去)
git@book-virtual-machine:/work/management/gitosis-admin$ git status
# On branch master
# Changes not staged for commit:
# (use "git add ..." to update what will be committed)
# (use "git checkout -- ..." to discard changes in working directory)
#
# modified: gitosis.conf
#
# Untracked files:
# (use "git add ..." to include in what will be committed)
#
# keydir/book@book-virtual-machine.pub
no changes added to commit (use "git add" and/or "git commit -a")
git@book-virtual-machine:/work/management/gitosis-admin$ git add .
git@book-virtual-machine:/work/management/gitosis-admin$ git commit -m "add test"
git@book-virtual-machine:/work/management/gitosis-admin$ git pushCounting objects: 8, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (5/5), done.
Writing objects: 100% (5/5), 796 bytes, done.
Total 5 (delta 0), reused 0 (delta 0)
To git@192.168.1.123:gitosis-admin.git
756407b..0a43978 master -> master
五、最终测试book用户是否能访问到test
book@book-virtual-machine:/work$ git clone git@192.168.1.123:test.git
Cloning into 'test'...
The authenticity of host '192.168.1.123 (192.168.1.123)' can't be established.
ECDSA key fingerprint is df:20:21:5c:73:76:b8:32:13:31:47:19:1f:ef:fc:fb.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.123' (ECDSA) to the list of known hosts.
warning: You appear to have cloned an empty repository.
book@book-virtual-machine:/work$ ls
management test
至此,成功。