Gitosis setup

How to set up gitosis on Debian.

Index

Install (server-side)

apt-get install gitosis

This creates a user ‘gitosis’ in the ‘gitosis’ group, with empty home directory /src/gitosis (the installation generated a warning about missing home dir /srv/gitosis and said it wasn’t creating it, but it did!).

Local (server-side) admin setup

  1. Initialise gitosis with repository admin ssh key (for whichever local user you want to use for admin - ‘whoever’ in this example).

    sudo -H -u gitosis gitosis-init < /home/whoever/.ssh/id_rsa.pub

  2. Log in as local admin user.

    su - whoever

  3. Tell ssh which port to use.

    touch .ssh/config
chmod o-r .ssh/config
vim .ssh/config

    Add the following to .ssh/config:

    Host localhost
Port 22

  4. Clone the gitosis-admin repos.

    git clone gitosis@localhost:gitosis-admin.git

  5. Add repos and user config.

    vim gitosis-admin/gitosis.conf

    Add the following:

    [gitosis]

[group gitosis-admin]
writable = gitosis-admin
members = whoever@wherever.com

    Where ‘wherever.com’ is your domain name.

Remote (client-side) admin setup

  1. In gitosis.conf, as local (server-side) admin user, grant remote user access to gitosis-admin.

    First grab the latest from the server:

    cd gitosis-admin
git pull

    Edit gitosis.conf to grant ‘stephan’ user permission to write (note the addition of ‘stephan’ to gitosis.conf):

    [gitosis]

[group gitosis-admin]
writable = gitosis-admin
members = whoever@wherever.com stephan

    Commit and push the changes to the server:

    git commit -am"Granted stephan access to gitosis-admin from his remote machine"
git push

    The gitosis user names (whoever@wherever.com and stephan in this example) should match the name of the public keys in keydir (e.g. whoever@wherever.com.pub and stephan.pub). The gitosis user names don’t have to match system user names.

  2. Transfer user keys from remote (client) machine to the server.

    scp .ssh/id_rsa.pub whoever@wherever.com:~/gitosis-admin/keydir/stephan.pub

    Note: keyname on server must match the name in the gitosis.conf members line (with .pub extension).

  3. Clone the gitosis-admin repos on remote (client) machine.

    git clone gitosis@localhost:gitosis-admin.git

  4. Update gitosis.conf on remote (client) machine when appropriate.

    git pull
vim gitosis.conf

    Add whatever config (not shown), then commit and push:

    git commit -am"Added whatever config"
git push

Adding repositories remotely

  1. As admin user on remote (client) machine, add new repository info to gitosis.conf:

    git pull
vim gitosis.conf

    Configure a new repository ‘foobar’ and its users (aka members):

    [gitosis]
...
[group ]
writable = foobar
members = whoever@wherever.com stephan richard

    Commit the changes and push:

    git commit -am"Added config for foobar repository"
git push

  2. EITHER: Make a new repos.

    Initialise new repository:

    mkdir foobar
cd foobar
git init

    Create new file and commit into repos:

    touch helloworld.txt
git add helloworld.txt
git commit -m 'first test commit'

    Push to server:

    git remote add origin gitosis@wherever.com:foobar.git
git push origin master:refs/heads/master

    Note: The push will create a bare repository /srv/gitosis/repositories/foobar.git.

  3. OR: Migrate an existing repos.

    cd foobar
git remote add origin gitosis@wherever.com:foobar.git
git push origin master:refs/heads/master

Gotchas

Repository read access denied

whoever@localhost ~ $ git push origin master:refs/heads/master
ERROR:gitosis.serve.main:Repository read access denied
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

Check the following:

  • That you edited gitosis.conf propertly and pushed to the server.
  • That gitosis user has permission to read the remote directories (/srv/gitosis/repositories/…).
  • That /srv/gitosis/repositories/gitosis-admin.git/hooks/post-update is executable and if it’s a link that it points to the correct place.

On that last point, I got this error because post-update linked to a missing file - /usr/share/python-support/gitosis/gitosis-0.2-py2.5.egg/gitosis/templates/admin/hooks/post-update. It could be due to a Debian update to Squeeze (gitosis: admin is broken after upgrade to Squeeze). I got it working by changing it to point to /usr/share/pyshared/gitosis/templates/admin/hooks/post-update.

If this is your problem, then you’ll need to make a change to gitosis.conf and push it to the server before running ‘git push origin master:refs/heads/master’.

Permission denied (publickey)

Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

The Permission denied (publickey) message comes from ssh, which is likely because your user’s public key changed.

I got this after I started using a different user account for my work. Even though the name in gitosis.conf had not changed because I used my own name not the account name, the public key had changed because a different account was being used.

  1. Log in to the server and add your public key to the end of /srv/gitosis/.ssh/authorized_keys preceeded by whatever preceeds the other keys. On my system this was command="gitosis-serve stephan",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty followed by the key. This will allow us to push any changes to our gitosis config from the client to the server.
  2. On the client, copy your public key into the gitosis admin keydir (e.g. ~/gitosis-admin/keydir/stephan.pub).
  3. Make sure its name is referenced in the gitosis.conf (e.g. stephan).
  4. Push the config to the server.

You don’t have to worry about removing your edits from /srv/gitosis/.ssh/authorized_keys because gitosis should have done this for you (though best check!).

Does not appear to be a git repository

fatal: 'gitosis-admin.git' does not appear to be a git repository
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

If you get this error then it could be that you added your key to /srv/gitosis/.ssh/authorized_keys but not in the correct format. Here is an example from my server:

command="gitosis-serve stephan",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCjqN0wEF3QCKKoKqZ87KKiGv7J23BLQMH52UHOeK2CgMpG558j+FSCh0/v4WKraMaLpCtsm6nIxG6U67LiK0pzB5KStYVUbWAVdFRI1RvU8F5ju21WxQ5rSJzfCcmCwI7WVeg7zNacYQoRyjolzLrz12S9oK5/HU2wucraz+Fkz3fJoT8iF3LewjUYNOl9808m6lOj09Ph/uX/UJjSxlwwWLOMq7PpiMIx05HwnDQAiAGi1ver3gj2DWwwTgweLcscp3FBEMhWolJRznBckYaYJF9H16RRACta8PWnX3c8yikB7/EDEIlM+TtRk4ZFyQmgBs6+t/mHAbDSebLMaLR7 stephan@mypc

Cloning

Don’t use the file protocol to clone a local gitosis repos, like this:

whoever@wherever ~ $ git clone file:///srv/gitosis/repositories/foobar.git/ foobar
Initialized empty Git repository in /home/whoever/foobar/.git/
fatal: '/srv/gitosis/repositories/foobar.git': unable to chdir or not a git archive
fatal: The remote end hung up unexpectedly

Instead use:

git clone gitosis@wherever.com:foobar.git foobar

Redmine

Redmine requires read permission on the repository directory else you receive the following error message:

The entry or revision was not found in the repository.

chgrp redmine /srv/gitosis/repositories/foobar.git

Where ‘redmine’ is group that Redmine runs as.

Last modified: 15/04/2015 Tags: ,

Related Pages

Other pages possibly of interest:

This website is a personal resource. Nothing here is guaranteed correct or complete, so use at your own risk and try not to delete the Internet. -Stephan

Site Info

mindspill.net © Stephan Dale.

Privacy policy

Go to top