Friday, August 24, 2012

CentOS6安装gitosis服务器

ref: http://mcuos.com/thread-8372-1-1.html


1, 新加用户git,该用户将作为所有代码仓库和用户权限管理者:
---------------------------------------
[guowenxue@centos6 ~]$ sudo useradd -m git
[guowenxue@centos6 ~]$ sudo passwd git
Changing password for user git.
New password: 
Retype new password: 
passwd: all authentication tokens updated successfully.


2,切换到git用户,并初始化git帐户信息:
---------------------------------------
[guowenxue@centos6 ~]$ su git
Password: 
[git@centos6 guowenxue]$ cd
[git@centos6 ~]$ 

[git@centos6 ~]$ git config --global user.name "git"
[git@centos6 ~]$ git config --global user.email "git@email.com"

3,修改/etc/sudoers文件,把git用户添加到sudo里去,方便使用sudo管理:
---------------------------------------
[guowenxue@centos6 ~]$ sudo vim /etc/sudoers
****
git   ALL= NOPASSWD: ALL
****


4,安装一下python的setup tool, 这个为了gitosis做准备:
---------------------------------------
Resolving mirrors.ustc.edu.cn... 202.141.160.110, 2001:da8:d800:95::110
Connecting to mirrors.ustc.edu.cn|202.141.160.110|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 343724 (336K) [application/x-redhat-package-manager]
Saving to: “python-setuptools-0.6.10-3.el6.noarch.rpm”

100%[==========================================================================================>] 343,724     1.73M/s   in 0.2s    

2012-07-10 23:49:22 (1.73 MB/s) - “python-setuptools-0.6.10-3.el6.noarch.rpm” saved [343724/343724]

[git@centos6 ~]$ ls
python-setuptools-0.6.10-3.el6.noarch.rpm
[git@centos6 ~]$ sudo rpm -ivh python-setuptools-0.6.10-3.el6.noarch.rpm 
Preparing...                ########################################### [100%]
        package python-setuptools-0.6.10-3.el6.noarch is already installed

5,下载并安装gitosis,官方的代码有问题,我们从github上下载:
---------------------------------------
[git@centos6 ~]$ git clone git://eagain.net/gitosis.git
Initialized empty Git repository in /home/git/gitosis/.git/
eagain.net[0: 208.78.102.120]: errno=Connection refused
fatal: unable to connect a socket (Connection refused)

早期的下载地址git://eagain.net/gitosis已经失效,作者已将其移到github上管理,下面是新的地址:

[git@centos6 ~]$ git clone git://github.com/tv42/gitosis.git
Initialized empty Git repository in /home/git/gitosis/.git/
remote: Counting objects: 630, done.
remote: Compressing objects: 100% (180/180), done.
remote: Total 630 (delta 442), reused 629 (delta 441)
Receiving objects: 100% (630/630), 97.75 KiB | 38 KiB/s, done.
Resolving deltas: 100% (442/442), done.
[git@centos6 ~]$ 

[git@centos6 ~]$ cd gitosis/
[git@centos6 gitosis]$ sudo python setup.py install 
running install
running bdist_egg
running egg_info
... ...
creating dist
creating 'dist/gitosis-0.2-py2.6.egg' and adding 'build/bdist.linux-x86_64/egg' to it
removing 'build/bdist.linux-x86_64/egg' (and everything under it)
Processing gitosis-0.2-py2.6.egg
creating /usr/lib/python2.6/site-packages/gitosis-0.2-py2.6.egg
Extracting gitosis-0.2-py2.6.egg to /usr/lib/python2.6/site-packages
Adding gitosis 0.2 to easy-install.pth file
Installing gitosis-init script to /usr/bin
Installing gitosis-run-hook script to /usr/bin
Installing gitosis-serve script to /usr/bin

Installed /usr/lib/python2.6/site-packages/gitosis-0.2-py2.6.egg
Processing dependencies for gitosis==0.2
Searching for distribute==0.6.10
Best match: distribute 0.6.10
Adding distribute 0.6.10 to easy-install.pth file
Installing easy_install script to /usr/bin
Installing easy_install-2.6 script to /usr/bin

Using /usr/lib/python2.6/site-packages
Finished processing dependencies for gitosis==0.2
[git@centos6 gitosis]$ 


6,配置gitosis的SSH管理帐号:
---------------------------------------
大多数 Git 服务器都会选择使用 SSH 公钥来进行授权。系统中的每个用户都必须提供
一个公钥用于授权,没有的话就要生成一个。生成公钥的过程在所有操作系统上都差不多。
首先先确认一下是否已经有一个公钥了。SSH 公钥默认储存在账户的主目录下的 ~/.ssh 
目录。关键是看有没有用 something 和 something.pub 来命名的一对文件,这个 something 
通常就是 id_dsa 或 id_rsa。有 .pub 后缀的文件就是公钥,另一个文件则是密钥。假如没有这些文件,或者干脆连 .ssh 目录都没有,可以用 ssh-keygen 来创建。该程序
Linux/Mac 系统上由 SSH 包提供,而在Windows 上则包含在 MSysGit 包里。
[git@centos6 ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/git/.ssh/id_rsa):  它先要求你确认保存公钥的位置 
Created directory '/home/git/.ssh'.
Enter passphrase (empty for no passphrase):  它会让你重复一个密码两次,如果不想在使用公钥的时候输入密码,可以留空
Enter same passphrase again: 
Your identification has been saved in /home/git/.ssh/id_rsa.
Your public key has been saved in /home/git/.ssh/id_rsa.pub.
The key fingerprint is:
d0:f9:5a:2a:ec:a0:69:1c:0e:aa:33:fe:1e:51:30:ca git@centos6.localdomain
The key's randomart image is:
+--[ RSA 2048]----+
|   o             |
|. . o  . .       |
| E   .. o        |
|    .  . .       |
|   .    S o      |
|. . ..   +       |
|.+ o. o o        |
|+ +o.o .         |
|+==o  .          |
+-----------------+
[git@centos6 ~]$ 

7,创建git存放代码的仓库:
---------------------------------------
默认gitosis-init会将git仓库放在git用户的home的repositories目录下,而我们想把仓库
放在/opt/git/repositories,这时我们可以做个符号链接:

[git@centos6 ~]$ sudo mkdir -p /opt/git/repositories
[git@centos6 ~]$ sudo chown -R git.git /opt/git/
[git@centos6 ~]$ sudo chmod -R 700 /opt/git/
[git@centos6 ~]$ ln -s /opt/git/repositories/
[git@centos6 ~]$ gitosis-init < .ssh/id_rsa.pub  (execute as root)
Initialized empty Git repository in /opt/git/repositories/gitosis-admin.git/
Reinitialized existing Git repository in /opt/git/repositories/gitosis-admin.git/
[git@centos6 ~]$ ll
total 340
drwxr-xr-x 8 git git   4096 Jul 11 00:25 gitosis
-rw-rw-r-- 1 git git 343724 Jul  3  2011 python-setuptools-0.6.10-3.el6.noarch.rpm
lrwxrwxrwx 1 git git     22 Jul 11 00:25 repositories -> /opt/git/repositories/
[git@centos6 ~]$ ls repositories/
gitosis-admin.git



8,把现成的git仓库embededproject-code放到新建的服务器仓库中去,并重命名为embededproject.git:
---------------------------------------
[guowenxue@centos6 ~]$ git clone --bare embededproject-code embededproject.git
Initialized empty Git repository in /home/guowenxue/embededproject.git/
[guowenxue@centos6 ~]$ sudo mv embededproject.git/ /home/git/repositories
[guowenxue@centos6 ~]$ sudo chown -R git.git /home/git/repositories/embededproject.git
[guowenxue@centos6 ~]$ sudo ls -ld /home/git/repositories/embededproject.git
drwxr-xr-x 7 git git 4096 Jul 11 00:52 /home/git/repositories/embededproject.git


9,把guowenxue这个帐户添加到embededproject项目开发中去,对整个项目可读写
---------------------------------------
9.1 使用guowenxue帐户生成SSH的公钥和私钥文件:
----------
[guowenxue@centos6 ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/guowenxue/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/guowenxue/.ssh/id_rsa.
Your public key has been saved in /home/guowenxue/.ssh/id_rsa.pub.
The key fingerprint is:
46:0b:cc:41:7c:d1:fe:18:b0:03:d6:0b:03:fa:b6:99 guowenxue@centos6.localdomain
The key's randomart image is:
+--[ RSA 2048]----+
|    .+o..o       |
|   . o*.+ .      |
|  .  .+=.=       |
|   .   o+.o      |
|    o   S. +     |
|   . + .  . .    |
|    E            |
|                 |
|                 |
+-----------------+
[guowenxue@centos6 ~]$ ls .ssh/id_rsa*
.ssh/id_rsa  .ssh/id_rsa.pub

9.2 使用git管理帐户把gitosis的管理仓库克隆出来便于管理
----------
[git@centos6 ~]$ git clone git@127.0.0.1:gitosis-admin.git
Initialized empty Git repository in /home/git/gitosis-admin/.git/
The authenticity of host '127.0.0.1 (127.0.0.1)' can't be established.
RSA key fingerprint is b6:17:e1:4f:d7:89:b7:ec:f5:7c:35:65:4f:fd:1a:db.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '127.0.0.1' (RSA) to the list of known hosts.
remote: Counting objects: 5, done.
remote: Compressing objects: 100% (5/5), done.
remote: Total 5 (delta 0), reused 5 (delta 0)
Receiving objects: 100% (5/5), done.
[git@centos6 ~]$ ls gitosis-admin/
gitosis.conf  keydir

9.3 将guowenxue这个开发者的公钥文件拷贝到gitosis-admin/keydir目录下并重命名
----------
[git@centos6 ~]$ cd gitosis-admin/
[git@centos6 gitosis-admin]$ sudo cp /home/guowenxue/.ssh/id_rsa.pub keydir/guowenxue.pub

9.4  修改gitosis.conf配置文件
----------
创建组embededproject_rw,设置该组的成员guowenxue,让他对embededproject项目有读写的权限:
[git@centos6 gitosis-admin]$ vim gitosis.conf 
[gitosis]

[group gitosis-admin]
writable = gitosis-admin
members = git@centos6.localdomain guowenxue

[group embededproject_rw]
writable = embededproject
members = guowenxue

9.5 更新最新的配置和公钥文件到管理库中去:
----------
[git@centos6 gitosis-admin]$ git add .
[git@centos6 gitosis-admin]$ git commit -m"update gitosis.conf file and add guowenxue account to access embededproject embededproject"
[master f8722ce] update gitosis.conf file and add guowenxue account to access embededproject embededproject
2 files changed, 2 insertions(+), 2 deletions(-)
rewrite keydir/guowenxue.pub (93%)
[git@centos6 gitosis-admin]$ git push
Counting objects: 9, done.
Delta compression using up to 8 threads.
Compressing objects: 100% (5/5), done.
Writing objects: 100% (5/5), 758 bytes, done.
Total 5 (delta 2), reused 0 (delta 0)
To git@127.0.0.1:gitosis-admin.git
   43a0ffe..f8722ce  master -> master


9.6 测试使用guowenxue这个账户从服务器上下载代码,并修改提交了:
----------
[guowenxue@centos6 ~]$ git clone git@192.168.1.78:embededproject.git
Initialized empty Git repository in /home/guowenxue/embededproject/.git/
remote: Counting objects: 961, done.
remote: Compressing objects: 100% (885/885), done.
remote: Total 961 (delta 354), reused 0 (delta 0)
Receiving objects: 100% (961/961), 59.91 MiB | 22.87 MiB/s, done.
Resolving deltas: 100% (354/354), done.
[guowenxue@centos6 ~]$ cd embededproject
[guowenxue@centos6 embededproject]$ ls
doc  platform  program  README  rootfs  systools
[guowenxue@centos6 embededproject]$ vim README
[guowenxue@centos6 embededproject]$ git add README 
[guowenxue@centos6 embededproject]$ git commit -m"update README file for test"
[master 8527f03] update README file for test
1 files changed, 0 insertions(+), 3 deletions(-)
[guowenxue@centos6 embededproject]$ git push
Counting objects: 5, done.
Delta compression using up to 8 threads.
Compressing objects: 100% (3/3), done.
Writing objects: 100% (3/3), 306 bytes, done.
Total 3 (delta 2), reused 0 (delta 0)
To git@192.168.1.78:embededproject.git
   12ceafa..8527f03  master -> master
[guowenxue@centos6 embededproject]$ git log
commit 8527f0382f23a3c9b5c9f2b8d5c122f5bc3b810d
Author: guowenxue <guowenxue@gmail.com>
Date:   Wed Jul 11 01:39:06 2012 +0800

    update README file for test



10. 把dglwx这个帐户添加到embededproject项目中去,对整个项目只读:
---------------------------------------
10.1 生产dglwx帐户的SSH公钥和私钥文件
----------
[dglwx@centos6 ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/dglwx/.ssh/id_rsa): 
Created directory '/home/dglwx/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/dglwx/.ssh/id_rsa.
Your public key has been saved in /home/dglwx/.ssh/id_rsa.pub.
The key fingerprint is:
0e:9f:0d:7d:2e:e2:e0:aa:a7:64:3f:47:ca:d2:44:e5 dglwx@centos6.localdomain
The key's randomart image is:
+--[ RSA 2048]----+
|                 |
|      .          |
|     o           |
|    . E  .       |
|   .  . S . .    |
|    . .+ + o     |
|  o+ o. = o .    |
| o..*..o . .     |
|  o=o+. .        |
+-----------------+
[dglwx@centos6 ~]$ 


10.2 使用git帐户添加dglwx到项目中去,并给只读权限:
----------
[git@centos6 ~]$ cd gitosis-admin/
[git@centos6 gitosis-admin]$ ls
gitosis.conf  keydir
[git@centos6 gitosis-admin]$ sudo cp /home/dglwx/.ssh/id_rsa.pub keydir/dglwx.pub
[git@centos6 gitosis-admin]$ vim gitosis.conf 

[gitosis]

[group gitosis-admin]
writable = gitosis-admin
members = git@centos6.localdomain guowenxue

[group embededproject_rw]
writable = embededproject
members = guowenxue

[group embededproject_ro]
readonly = embededproject
members = dglwx

[git@centos6 gitosis-admin]$ git add .
[git@centos6 gitosis-admin]$ git commit -m"Add dglwx account to access embededproject by readonly"
[master 967be92] Add dglwx account to access embededproject by readonly
2 files changed, 5 insertions(+), 0 deletions(-)
create mode 100644 keydir/dglwx.pub
[git@centos6 gitosis-admin]$ git push
Counting objects: 8, done.
Delta compression using up to 8 threads.
Compressing objects: 100% (5/5), done.
Writing objects: 100% (5/5), 840 bytes, done.
Total 5 (delta 1), reused 0 (delta 0)
To git@127.0.0.1:gitosis-admin.git
   f8722ce..967be92  master -> master
[git@centos6 gitosis-admin]$ 
[git@centos6 gitosis-admin]$


10.3 测试下载代码,修改并提交
----------
[dglwx@centos6 embededproject]$ git config --global user.name "dglwx"
[dglwx@centos6 embededproject]$ git config --global user.email "dugulengwuxue@gmail.com"
[dglwx@centos6 ~]$ git clone git@192.168.1.78:embededproject.git
Initialized empty Git repository in /home/dglwx/embededproject/.git/
The authenticity of host '192.168.1.78 (192.168.1.78)' can't be established.
RSA key fingerprint is b6:17:e1:4f:d7:89:b7:ec:f5:7c:35:65:4f:fd:1a:db.
Are you sure you want to continue connecting (yes/no)? yes
Initialized empty Git repository in /home/dglwx/embededproject/.git/
remote: Counting objects: 964, done.
remote: Compressing objects: 100% (888/888), done.
remote: Total 964 (delta 356), reused 0 (delta 0)
Receiving objects: 100% (964/964), 59.91 MiB | 22.96 MiB/s, done.
Resolving deltas: 100% (356/356), done.
[dglwx@centos6 ~]$ cd embededproject/
[dglwx@centos6 embededproject]$ ls
doc  platform  program  README  rootfs  systools
[dglwx@centos6 embededproject]$ vim README 
[dglwx@centos6 embededproject]$ git diff
diff --git a/README b/README
index 71c8795..ab90846 100644
--- a/README
+++ b/README
@@ -160,6 +160,4 @@ rm -f zImage
build.sh  linux-3.0  linux-3.0.tar.bz2  patch
[guowenxue@centos6 kernel]$ ls linux-3.0/uImage.gz 
linux-3.0/uImage.gz
-
-
-
+Modify for test
[dglwx@centos6 embededproject]$ vim README ^C
[dglwx@centos6 embededproject]$ git add README 
[dglwx@centos6 embededproject]$ git commit -m"update README for test"
[master 0cc5ef0] update README for test
1 files changed, 1 insertions(+), 3 deletions(-)
[dglwx@centos6 embededproject]$ git push
ERROR:gitosis.serve.main:Repository write access denied
fatal: The remote end hung up unexpectedly
[dglwx@centos6 embededproject]$

Posted by Mr. Bright at 2:54 AM

1 comment:

  1. BloggerOctober 4, 2016 at 11:07 AM

    Are you trying to earn cash from your visitors via popup ads?
    If so, did you take a look at Clicksor?

    ReplyDelete

Subscribe to: Post Comments (Atom)