Indefero

Indefero Git Source Tree

Root/doc/syncgit.mdtext

1# Plugin SyncGit by CĂ©ondo Ltd
2
3The SyncGit plugin allow the direct creation and synchronisation of
4git repositories with the InDefero database. This requires giving
5access to the repositories using a dedicated SSH account, usually the
6`git` account.
7
8## Prerequisites
9
10A good understanding of:
11
12* the security issues related to using a SSH account on a server;
13* the principle of public/private SSH keys;
14* the rights/ownership of files on a Linux/BSD/nix system;
15
16Yes, what you are going to do has security implications.
17
18## Git user configuration
19
20On your system, you will need to create a new `git` account. This
21account will only be used to access the git repositories and at the
22moment cannot be shared for other use.
23
24First create a new git account:
25
26 $ sudo adduser \
27 --system \
28 --shell /bin/sh \
29 --gecos 'git version control' \
30 --group \
31 --disabled-password \
32 --home /home/git \
33 git
34
35Then, we need to create the base SSH files with the right permissions:
36
37 $ sudo su git
38 $ mkdir /home/git/.ssh
39 $ touch /home/git/.ssh/authorized_keys
40 $ chmod 0700 /home/git/.ssh
41 $ chmod 0600 /home/git/.ssh/authorized_keys
42 $ exit
43
44We add the `www-data` user to the `git` group so it can access the
45repositories to read the content:
46
47 $ sudo usermod -a -G git www-data
48
49Do not forget to restart Apache or your fastcgi process to take the
50group addition into account.
51
52## Creation of the repositories base
53
54For each project using git in InDefero a corresponding bare repository
55will be created in `/home/git/repositories`. For example, if the
56shortname of your project is `wonder`, it will be created in
57`/home/git/repositories/wonder.git`
58
59 $ sudo -H -u git mkdir /home/git/repositories
60
61## InDefero Configuration
62
63First, you need to have python installed on your system to be able to
64run the very small python script `gitserve.py` in the `scripts`
65folder. Here is a configuration example:
66
67
68 $cfg['git_repositories'] = '/home/git/repositories/%s.git';
69 $cfg['git_remote_url'] = 'git://yourdomain.com/%s.git';
70 $cfg['idf_plugin_syncgit_path_gitserve'] = '/home/www/indefero/scripts/gitserve.py'; # yes .py
71 $cfg['idf_plugin_syncgit_path_authorized_keys'] = '/home/git/.ssh/authorized_keys';
72 $cfg['idf_plugin_syncgit_sync_file'] = '/tmp/SYNC-GIT';
73 # Remove the git repositories which do not have a corresponding project
74 # This is run at cron time
75 $cfg['idf_plugin_syncgit_remove_orphans'] = false;
76 # git account home dir
77 $cfg['idf_plugin_syncgit_git_home_dir'] = '/home/git';
78 # where are going to be the git repositories
79 $cfg['idf_plugin_syncgit_base_repositories'] = '/home/git/repositories';
80
81When someone will change his SSH key or add a new one, the
82`/tmp/SYNC-GIT` file will be created. The cron job
83`/home/www/indefero/scripts/gitcron.php` will see the file and update
84the content of the `authorized_keys` file.
85
86## Cron Job Configuration
87
88You need to run a cron job every now and then to synchronize the SSH
89keys. The command to run in the cron job is:
90
91 php /home/www/indefero/scripts/gitcron.php
92
93The user of the cron job must be `git`.
94
95## Git daemon configuration
96
97Put in `/etc/event.d/local-git-daemon` the following:
98
99 start on startup
100 stop on shutdown
101
102 exec /usr/bin/git-daemon \
103 --user=git --group=git \
104 --verbose \
105 --reuseaddr \
106 --base-path=/home/git/repositories/ \
107 /home/git/repositories/
108 respawn
109
110Then run:
111
112 $ sudo start local-git-daemon
113
114

Archive Download this file