diff options
| -rw-r--r-- | .gitignore | 1 | ||||
| -rw-r--r-- | blog/git_server.html | 197 | ||||
| -rw-r--r-- | blog_src/git_server.md | 219 | ||||
| -rw-r--r-- | index.html | 6 | ||||
| -rw-r--r-- | index.template.html | 4 | ||||
| -rw-r--r-- | style.css | 15 |
6 files changed, 261 insertions, 181 deletions
diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..751553b --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +*.bak diff --git a/blog/git_server.html b/blog/git_server.html index 49a9566..010e6de 100644 --- a/blog/git_server.html +++ b/blog/git_server.html @@ -12,118 +12,139 @@ <div id="page-wrapper"> <!--BLOG--> <h1 id="how-to-make-your-own-git-serverwebsite">How to make your own git server/website</h1> -<h2 id="server-setup">Server setup</h2> -<p>We’re going to create a <code>git</code> user and group, will be used for accessing our git repositories without needing to be root.</p> -<div class="sourceCode" id="cb1"><pre class="sourceCode sh"><code class="sourceCode bash"><span id="cb1-1"><a href="#cb1-1" aria-hidden="true"></a><span class="ex">useradd</span> -m git</span> -<span id="cb1-2"><a href="#cb1-2" aria-hidden="true"></a><span class="fu">mkdir</span> /srv/git</span> -<span id="cb1-3"><a href="#cb1-3" aria-hidden="true"></a><span class="fu">chown</span> git:git /srv/git</span></code></pre></div> -<p>The repositories will be stored as bare, this mean that we will only store the <code>.git</code> folder to save space.</p> +<h2 id="basic-ssh-server">Basic ssh server</h2> +<p>Every repository on the server will be owned by a git user.</p> +<div class="sourceCode" id="cb1"><pre class="sourceCode sh"><code class="sourceCode bash"><span id="cb1-1"><a href="#cb1-1" aria-hidden="true"></a><span class="ex">useradd</span> -m git</span></code></pre></div> +<p>Create a new directory to store the repositories owned by the git user.</p> +<div class="sourceCode" id="cb2"><pre class="sourceCode sh"><code class="sourceCode bash"><span id="cb2-1"><a href="#cb2-1" aria-hidden="true"></a><span class="fu">mkdir</span> /srv/git</span> +<span id="cb2-2"><a href="#cb2-2" aria-hidden="true"></a><span class="fu">chown</span> git:git /srv/git</span></code></pre></div> +<p>Login as the git user so the new repositories will be owned by him.</p> +<div class="sourceCode" id="cb3"><pre class="sourceCode sh"><code class="sourceCode bash"><span id="cb3-1"><a href="#cb3-1" aria-hidden="true"></a><span class="fu">su</span> git</span> +<span id="cb3-2"><a href="#cb3-2" aria-hidden="true"></a><span class="bu">cd</span> /srv/git</span></code></pre></div> +<h3 id="creating-a-repository">Creating a repository</h3> +<p>They will be stored as bare, meaning we will only store the <code>.git</code> folder not the actual files (called the <em>workspace</em>) to save space.<br /> +It’s a convention to to suffix a bare repository with the <code>.git</code> extension.</p> +<div class="sourceCode" id="cb4"><pre class="sourceCode sh"><code class="sourceCode bash"><span id="cb4-1"><a href="#cb4-1" aria-hidden="true"></a><span class="fu">mkdir</span> repo.git</span> +<span id="cb4-2"><a href="#cb4-2" aria-hidden="true"></a><span class="bu">cd</span> repo.git</span> +<span id="cb4-3"><a href="#cb4-3" aria-hidden="true"></a><span class="fu">git</span> init --bare</span></code></pre></div> +<p>Or clone a distant one:</p> +<div class="sourceCode" id="cb5"><pre class="sourceCode sh"><code class="sourceCode bash"><span id="cb5-1"><a href="#cb5-1" aria-hidden="true"></a><span class="fu">git</span> clone --bare <span class="op"><</span>location<span class="op">></span></span></code></pre></div> <blockquote> -<p>To create a bare repo: <code>git init --bare</code></p> +<p>Look at the content of a bare repository and the <code>.git</code> directory in a regular one to convince yourself that they’re the same.</p> </blockquote> -<blockquote> -<p>To clone a repo as bare: <code>git clone bare <location></code></p> -</blockquote> -<p>You can either add a password for the git user or put your ssh public key in <code>/home/git/.ssh/authentication_keys</code> and disable password authentication for ssh.</p> -<p>You can now clone from your server with <code>git clone git@<hostname>:/srv/git/<reponame></code></p> +<h3 id="ssh-authentication">SSH Authentication</h3> +<p>You could add a password for the git user but it’s ultimately safer to user a key pair.</p> +<p>If you don’t know what that is you generate it with <code>ssh-keygen</code>.<br /> +Follow the steps and it will create <code>id_rsa</code> (private key) and <code>id_rsa.pub</code> (public key) in <code>~/.ssh</code>.<br /> +On your server you append your <strong>public</strong> key to <code>/home/git/.ssh/authorized_keys</code></p> +<p>At this point you should be able to login as the git user via ssh</p> +<div class="sourceCode" id="cb6"><pre class="sourceCode sh"><code class="sourceCode bash"><span id="cb6-1"><a href="#cb6-1" aria-hidden="true"></a><span class="fu">ssh</span> git@<span class="op"><</span>host<span class="op">></span></span></code></pre></div> +<p>You can clone from your server.</p> +<div class="sourceCode" id="cb7"><pre class="sourceCode sh"><code class="sourceCode bash"><span id="cb7-1"><a href="#cb7-1" aria-hidden="true"></a><span class="fu">git</span> clone git@<span class="op"><</span>hostname<span class="op">></span>:/srv/git/<span class="op"><</span>reponame<span class="op">></span>.git</span></code></pre></div> <h2 id="better-server-interaction-with-git-shell">Better server interaction with git-shell</h2> -<p>Permit the git user to have a regular shell can be a security issue, we would like that to restrict him to a few action, like creating/deleting a repository, importing a repository, listing the repo currently stored</p> -<p>Make the git-shell a valid shell <code>echo $(which git-shell) >> /etc/shells</code></p> -<p>Change the shell of the git user <code>chsh -s $(which git-shell) git</code></p> +<p>Permitting the git user to have a regular shell can be too permissive, we would like to restrict him to a few repository actions, like creation/deletion, importing (clone), listing.</p> +<div class="sourceCode" id="cb8"><pre class="sourceCode sh"><code class="sourceCode bash"><span id="cb8-1"><a href="#cb8-1" aria-hidden="true"></a><span class="bu">echo</span> <span class="va">$(</span><span class="fu">which</span> git-shell<span class="va">)</span> <span class="op">>></span> /etc/shells<span class="kw">`</span> # <span class="ex">Register</span> the git-shell as a valid shell</span> +<span id="cb8-2"><a href="#cb8-2" aria-hidden="true"></a><span class="fu">chsh</span> -s <span class="va">$(</span><span class="fu">which</span> git-shell<span class="va">)</span> git # Change the shell of the git user</span></code></pre></div> <p>If you try to ssh as the git user, you will be greeted with something along the line of:</p> <pre><code>fatal: Interactive git shell is not enabled. hint: ~/git-shell-commands should exist and have read and execute access. Connection to <host> closed.</code></pre> -<p>As suggested by the hint we have to create the directory <code>/home/git/git-shell-commands</code> and put the commands (executable) that the git user is allowed to execute in.</p> -<p>Here is a script to create a repo:</p> -<div class="sourceCode" id="cb3"><pre class="sourceCode sh"><code class="sourceCode bash"><span id="cb3-1"><a href="#cb3-1" aria-hidden="true"></a><span class="co">#!/bin/sh</span></span> -<span id="cb3-2"><a href="#cb3-2" aria-hidden="true"></a><span class="bu">[</span> <span class="va">$#</span> <span class="ot">-ne</span> 1<span class="bu"> ]</span> <span class="kw">&&</span> <span class="bu">echo</span> <span class="st">"Usage: </span><span class="va">$0</span><span class="st"> name"</span> <span class="kw">&&</span> <span class="bu">exit</span> 1</span> -<span id="cb3-3"><a href="#cb3-3" aria-hidden="true"></a><span class="va">repo_path=</span><span class="st">"/srv/git/</span><span class="va">$1</span><span class="st">.git"</span></span> -<span id="cb3-4"><a href="#cb3-4" aria-hidden="true"></a><span class="bu">[</span> <span class="ot">-d</span> <span class="st">"</span><span class="va">$repo_path</span><span class="st">"</span><span class="bu"> ]</span> <span class="kw">&&</span> <span class="bu">echo</span> <span class="st">"</span><span class="va">$0</span><span class="st">: Error: </span><span class="va">$repo_path</span><span class="st"> already exist"</span> <span class="kw">&&</span> <span class="bu">exit</span> 2</span> -<span id="cb3-5"><a href="#cb3-5" aria-hidden="true"></a><span class="fu">mkdir</span> <span class="st">"</span><span class="va">$repo_path</span><span class="st">"</span></span> -<span id="cb3-6"><a href="#cb3-6" aria-hidden="true"></a><span class="fu">git</span> -C <span class="st">"</span><span class="va">$repo_path</span><span class="st">"</span> init --bare</span></code></pre></div> -<p>Put it under <code>git-shell-commands/create</code> and make it executable then try to ssh as the git user once again.</p> -<p>You should have a prompt like <code>git></code>, you can call the <code>create</code> command with a repo name as the first argument and it should create a new repository for you.</p> +<p>As suggested by the hint we have to create the directory <code>/home/git/git-shell-commands</code> and put the commands (executable) available to the git user.</p> +<div class="sourceCode" id="cb10"><pre class="sourceCode sh"><code class="sourceCode bash"><span id="cb10-1"><a href="#cb10-1" aria-hidden="true"></a><span class="co">#!/bin/sh</span></span> +<span id="cb10-2"><a href="#cb10-2" aria-hidden="true"></a><span class="bu">[</span> <span class="va">$#</span> <span class="ot">-ne</span> 1<span class="bu"> ]</span> <span class="kw">&&</span></span> +<span id="cb10-3"><a href="#cb10-3" aria-hidden="true"></a> <span class="bu">echo</span> <span class="st">"Usage: </span><span class="va">$0</span><span class="st"> repository"</span> <span class="kw">&&</span> <span class="bu">exit</span> 1</span> +<span id="cb10-4"><a href="#cb10-4" aria-hidden="true"></a><span class="va">repo_path=</span><span class="st">"/srv/git/</span><span class="va">$1</span><span class="st">.git"</span></span> +<span id="cb10-5"><a href="#cb10-5" aria-hidden="true"></a><span class="bu">[</span> <span class="ot">-d</span> <span class="st">"</span><span class="va">$repo_path</span><span class="st">"</span><span class="bu"> ]</span> <span class="kw">&&</span></span> +<span id="cb10-6"><a href="#cb10-6" aria-hidden="true"></a> <span class="bu">echo</span> <span class="st">"</span><span class="va">$0</span><span class="st">: Error: </span><span class="va">$repo_path</span><span class="st"> already exist"</span> <span class="kw">&&</span> <span class="bu">exit</span> 2</span> +<span id="cb10-7"><a href="#cb10-7" aria-hidden="true"></a><span class="fu">mkdir</span> <span class="st">"</span><span class="va">$repo_path</span><span class="st">"</span></span> +<span id="cb10-8"><a href="#cb10-8" aria-hidden="true"></a><span class="fu">git</span> -C <span class="st">"</span><span class="va">$repo_path</span><span class="st">"</span> init --bare</span></code></pre></div> +<p>This script create a new repository in <code>/srv/git</code>.<br /> +Put it under <code>git-shell-commands/create</code> and make it executable then try to ssh as the git user once again.<br /> +You will be prompted with <code>git></code>, you can only execute the <code>create <repository></code> and <code>exit</code> command.</p> +<blockquote> +<p>You can probably create the <code>delete</code>, <code>import</code> and <code>list</code> scripts yourself.<br /> +If you add a <code>help</code> script, it will be ran at the beginning of the connection. It can be used to add a greeting message.</p> +</blockquote> <h2 id="allow-anyone-to-clone-with-git-daemon">Allow anyone to clone with git-daemon</h2> -<p>The git daemon will allow annone to clone your repos with something like <code>git clone git://<host>/<repo></code></p> -<p><code>git daemon --reuseaddr --base-path=/srv/git/ /srv/git/</code> and that’s it</p> -<p>You should make it a service in your service supervisor, example with systemctl:</p> -<pre><code>[Unit] -Description=Start Git Daemon -[Service] -ExecStart=/usr/bin/git daemon --reuseaddr --base-path=/srv/git/ /srv/git/ -Restart=always -RestartSec=500ms -StandardOutput=syslog -StandardError=syslog -SyslogIdentifier=git-daemon -User=git -Group=git -[Install] -WantedBy=multi-user.target</code></pre> -<p>Put it in <code>/etc/systemctl/system/git-daemon.service</code> and run <code>systemctl enable git-daemon</code> then <code>systemctl start git-daemon</code>.</p> -<h3 id="publicprivate-repo">Public/private repo</h3> -<p>You may want to introduce a distiction of which repo is public and which is private</p> -<p>A simple way to do this is by creating a <code>public</code> directory in <code>/srv/git</code> which will contain symbolic link to the repo in <code>/srv/git</code></p> -<pre><code>/srv/git -|- foo.git -|- bar.git -|- qux.git -|- public - |- foo.git -> /srv/git/foo.git - |- bar.git -> /srv/git/bar.git</code></pre> -<p>You can change the git daemon to only serve the public repositories <code>git daemon --reuseaddr --base-path=/srv/git/public /srv/git/public</code></p> +<p>Cloning with ssh is fine but only the people with ssh access can do it, we would like anyone to clone.<br /> +git-daemon does precisely that, after running it you will be able to run <code>git clone git://<host>/<repository></code></p> +<div class="sourceCode" id="cb11"><pre class="sourceCode sh"><code class="sourceCode bash"><span id="cb11-1"><a href="#cb11-1" aria-hidden="true"></a><span class="fu">git</span> daemon --reuseaddr --base-path=/srv/git/ /srv/git/</span></code></pre></div> +<p>Follow the instruction of <a href="https://git-scm.com/book/en/v2/Git-on-the-Server-Git-Daemon">this</a> tutorial if you want to know how to make it a service</p> +<h3 id="publicprivate-repository">Public/private repository</h3> +<p>You may want to introduce a public/private distinction for your repositories.<br /> +A simple way to do this is by creating a <code>public</code> directory in <code>/srv/git</code> which will contain symbolic link to the repository in <code>/srv/git</code>.</p> +<pre><code>/srv/git/ + |- foo.git/ + |- bar.git/ + |- qux.git/ + |- public/ + |- foo.git -> /srv/git/foo.git + |- bar.git -> /srv/git/bar.git</code></pre> +<blockquote> +<p>Change the git daemon to only serve the public repositories <code>git daemon --reuseaddr --base-path=/srv/git/public /srv/git/public</code>.</p> +</blockquote> +<blockquote> +<p>Add a <code>publish</code> and <code>unpublish</code> script in <code>git-shell-commands/</code>.</p> +</blockquote> <h2 id="generate-a-static-website">Generate a static website</h2> -<p>Here we will create a site that look’s like <a href="https://git.suckless.org">this</a> with <a href="https://nginx.org">nginx</a>, <a href="https://git.codemadness.org/stagit/">stagit</a> and a few scripts.</p> -<p>If you don’t like the minimalistic appearence of the site, <a href="https://git.wiki.kernel.org/index.php/Interfaces,_frontends,_and_tools#Web_Interfaces">here</a> is a list of alternative.</p> -<p>Install nginx (on Debian based distro): <code>apt install nginx</code></p> -<p>Create a basic configuration file for your site:</p> +<p>Here we will create a site that look’s like <a href="https://git.suckless.org">this</a> with <a href="https://nginx.org">nginx</a>, <a href="https://git.codemadness.org/stagit/">stagit</a> and a few scripts.<br /> +If you don’t like the minimalist appearance of the site, <a href="https://git.wiki.kernel.org/index.php/Interfaces,_frontends,_and_tools#Web_Interfaces">here</a> is a list of alternatives.</p> +<h3 id="nginx">nginx</h3> <pre><code>server { - root /var/www/git; - index index.html index.htm; - + root /var/www/git; # where our website's files will be located + index index.html; + # It's a convention to put it in a git. subdomain. server_name git.<hostname> www.git.<hostname>; - location / { try_files $uri $uri/ =404; } }</code></pre> -<p>It’s a convention to put it in a <code>git.</code> subdomain. <code>systemctl enable nginx && systemctl start nginx</code></p> -<p>Install stagit:</p> +<p>Put this configuration file in <code>/etc/nginx/sites-available</code>.<br /> +Enable the site <code>ln -s /etc/nginx/sites-available /etc/nginx/sites-enable</code></p> +<h3 id="stagit">stagit</h3> +<p>Stagit is pretty small tool so it won’t take long to install it from sources.</p> <pre><code>git clone git://git.codemadness.org/stagit cd stagit make make install</code></pre> -<p>To generate a static page for a repo <code>stagit /path/to/repo</code>. To generate an index for multiple repositories <code>stagit-index repo1 repo2 repo3 > index.html</code></p> -<p>Here is a script to generate a site for all repo in <code>/srv/git/public</code></p> -<div class="sourceCode" id="cb8"><pre class="sourceCode sh"><code class="sourceCode bash"><span id="cb8-1"><a href="#cb8-1" aria-hidden="true"></a><span class="co">#!/bin/sh</span></span> -<span id="cb8-2"><a href="#cb8-2" aria-hidden="true"></a></span> -<span id="cb8-3"><a href="#cb8-3" aria-hidden="true"></a><span class="va">repos=$(</span><span class="fu">find</span> /srv/git/public/ -type l<span class="va">)</span></span> -<span id="cb8-4"><a href="#cb8-4" aria-hidden="true"></a><span class="va">current=$(</span><span class="bu">pwd</span><span class="va">)</span></span> -<span id="cb8-5"><a href="#cb8-5" aria-hidden="true"></a></span> -<span id="cb8-6"><a href="#cb8-6" aria-hidden="true"></a><span class="kw">for</span> <span class="ex">repo</span> in <span class="va">$repos</span><span class="kw">;</span> <span class="kw">do</span></span> -<span id="cb8-7"><a href="#cb8-7" aria-hidden="true"></a> <span class="va">repo_name=$(</span><span class="fu">basename</span> <span class="st">"</span><span class="va">$repo</span><span class="st">"</span> <span class="kw">|</span> <span class="fu">sed</span> <span class="st">'s/\.git//'</span><span class="va">)</span></span> -<span id="cb8-8"><a href="#cb8-8" aria-hidden="true"></a> <span class="va">repo_static_path=</span><span class="st">"/var/www/git/</span><span class="va">$repo_name</span><span class="st">"</span></span> -<span id="cb8-9"><a href="#cb8-9" aria-hidden="true"></a> <span class="fu">mkdir</span> -p <span class="st">"</span><span class="va">$repo_static_path</span><span class="st">"</span></span> -<span id="cb8-10"><a href="#cb8-10" aria-hidden="true"></a> <span class="bu">cd</span> <span class="st">"</span><span class="va">$repo_static_path</span><span class="st">"</span> <span class="kw">||</span> <span class="bu">exit</span> 1</span> -<span id="cb8-11"><a href="#cb8-11" aria-hidden="true"></a> <span class="bu">echo</span> <span class="st">"git://cacharle.xyz/</span><span class="va">$repo_name</span><span class="st">"</span> <span class="op">></span> <span class="st">"</span><span class="va">$repo</span><span class="st">/url"</span></span> -<span id="cb8-12"><a href="#cb8-12" aria-hidden="true"></a> <span class="ex">stagit</span> <span class="st">"</span><span class="va">$repo</span><span class="st">"</span></span> -<span id="cb8-13"><a href="#cb8-13" aria-hidden="true"></a> <span class="fu">ln</span> -sf <span class="st">"</span><span class="va">$repo_static_path</span><span class="st">/log.html"</span> <span class="st">"</span><span class="va">$repo_static_path</span><span class="st">/index.html"</span></span> -<span id="cb8-14"><a href="#cb8-14" aria-hidden="true"></a> <span class="bu">echo</span> <span class="st">"Generated </span><span class="va">$repo_static_path</span><span class="st">"</span></span> -<span id="cb8-15"><a href="#cb8-15" aria-hidden="true"></a><span class="kw">done</span></span> -<span id="cb8-16"><a href="#cb8-16" aria-hidden="true"></a></span> -<span id="cb8-17"><a href="#cb8-17" aria-hidden="true"></a><span class="bu">echo</span> <span class="st">"Creating index"</span></span> -<span id="cb8-18"><a href="#cb8-18" aria-hidden="true"></a><span class="ex">stagit-index</span> <span class="va">$repos</span> <span class="op">></span> /var/www/git/index.html</span> -<span id="cb8-19"><a href="#cb8-19" aria-hidden="true"></a></span> -<span id="cb8-20"><a href="#cb8-20" aria-hidden="true"></a><span class="bu">cd</span> <span class="st">"</span><span class="va">$current</span><span class="st">"</span> <span class="kw">||</span> <span class="bu">exit</span> 1</span> -<span id="cb8-21"><a href="#cb8-21" aria-hidden="true"></a><span class="fu">chown</span> -R git:git /srv/git</span></code></pre></div> -<p>There is more smart ways to handle this to rebuild the webpages each time someone pushes to the repo with <a href="https://git.codemadness.org/stagit/file/README.html#l92">git hooks</a>.</p> +<ul> +<li><code>stagit /path/to/repository</code>. - generate a static pages for a repository in the current directory.</li> +<li><code>stagit-index repo1 repo2 repo3 > index.html</code> - generate an index for multiple repositories.</li> +</ul> +<blockquote> +<p>Read the man page of both of these commands for more information</p> +</blockquote> +<h4 id="git-hooks">git hooks</h4> +<p>Git hooks are scripts located in <code><repository>/.git/hooks</code> that will be run on a certain action.<br /> +The hook we’re interested in is <code>post-receive</code>, it will be ran after someone pushes to the repository.<br /> +We can use it to regenerate the repository’s pages and the website’s index.</p> +<div class="sourceCode" id="cb15"><pre class="sourceCode sh"><code class="sourceCode bash"><span id="cb15-1"><a href="#cb15-1" aria-hidden="true"></a><span class="co">#!/bin/sh</span></span> +<span id="cb15-2"><a href="#cb15-2" aria-hidden="true"></a></span> +<span id="cb15-3"><a href="#cb15-3" aria-hidden="true"></a><span class="co"># Insert repo_name variable here</span></span> +<span id="cb15-4"><a href="#cb15-4" aria-hidden="true"></a><span class="co"># <REPO_NAME> -- replace with repo_name=name</span></span> +<span id="cb15-5"><a href="#cb15-5" aria-hidden="true"></a></span> +<span id="cb15-6"><a href="#cb15-6" aria-hidden="true"></a><span class="bu">[</span> <span class="ot">-z</span> <span class="st">"</span><span class="va">$repo_name</span><span class="st">"</span><span class="bu"> ]</span> <span class="kw">&&</span> <span class="bu">exit</span> 1</span> +<span id="cb15-7"><a href="#cb15-7" aria-hidden="true"></a><span class="bu">[</span> <span class="ot">!</span> <span class="ot">-d</span> <span class="st">"/srv/git/public/</span><span class="va">$repo_name</span><span class="st">.git"</span><span class="bu"> ]</span> <span class="kw">&&</span> <span class="bu">exit</span></span> +<span id="cb15-8"><a href="#cb15-8" aria-hidden="true"></a></span> +<span id="cb15-9"><a href="#cb15-9" aria-hidden="true"></a><span class="va">repo_web_path=</span><span class="st">"/var/www/git/</span><span class="va">$repo_name</span><span class="st">"</span></span> +<span id="cb15-10"><a href="#cb15-10" aria-hidden="true"></a><span class="fu">mkdir</span> -p <span class="st">"</span><span class="va">$repo_web_path</span><span class="st">"</span></span> +<span id="cb15-11"><a href="#cb15-11" aria-hidden="true"></a><span class="bu">cd</span> <span class="st">"</span><span class="va">$repo_web_path</span><span class="st">"</span> <span class="kw">||</span> <span class="bu">exit</span> 1</span> +<span id="cb15-12"><a href="#cb15-12" aria-hidden="true"></a><span class="ex">stagit</span> <span class="st">"/srv/git/</span><span class="va">$repo_name</span><span class="st">.git"</span></span> +<span id="cb15-13"><a href="#cb15-13" aria-hidden="true"></a><span class="ex">stagit-index</span> /srv/git/public/* <span class="op">></span> /var/www/git/index.html</span></code></pre></div> +<p>This is a template for the <code>post-receive</code> hook. Every time you publish a repository you can change his <code>post-receive</code> hook.</p> +<div class="sourceCode" id="cb16"><pre class="sourceCode sh"><code class="sourceCode bash"><span id="cb16-1"><a href="#cb16-1" aria-hidden="true"></a><span class="va">post_receive_path=</span><span class="st">"<repository>/hooks/post-receive"</span></span> +<span id="cb16-2"><a href="#cb16-2" aria-hidden="true"></a><span class="fu">sed</span> <span class="st">'/REPO_NAME/ c repo_name='"</span><span class="va">$repo</span><span class="st">"</span> <span class="op"><</span> post-receive.template <span class="op">></span> <span class="st">"</span><span class="va">$post_receive_path</span><span class="st">"</span></span> +<span id="cb16-3"><a href="#cb16-3" aria-hidden="true"></a><span class="fu">chmod</span> +x <span class="st">"</span><span class="va">$post_receive_path</span><span class="st">"</span></span> +<span id="cb16-4"><a href="#cb16-4" aria-hidden="true"></a><span class="st">"</span><span class="va">$post_receive_path</span><span class="st">"</span></span></code></pre></div> +<blockquote> +<p>Add this code to your <code>publish</code> script</p> +</blockquote> <h2 id="sources">Sources</h2> <ul> <li><a href="https://www.youtube.com/watch?v=ju9loeXNVW0">Setting up *Your Own* Git Server</a></li> <li><a href="https://git-scm.com/book/en/v2/Git-on-the-Server-Setting-Up-the-Server">Git book - setting up the server</a></li> <li><a href="https://git-scm.com/book/en/v2/Git-on-the-Server-Git-Daemon">Git book - git daemon</a></li> -<li><a href="https://git.codemadness.org/stagit/">stagit - Static website generator for git repository</a></li> +<li><a href="https://git.codemadness.org/stagit/file/README.html">stagit README</a></li> <li><a href="https://git-scm.com/docs/git-shell.html">git-shell man</a></li> </ul> </div> diff --git a/blog_src/git_server.md b/blog_src/git_server.md index 4fc5505..67191c6 100644 --- a/blog_src/git_server.md +++ b/blog_src/git_server.md @@ -1,34 +1,77 @@ -# How to make your own git server/website +# How to make your own git server/website -## Server setup +## Basic ssh server -We're going to create a `git` user and group, will be used for accessing our git repositories without needing to be root. +Every repository on the server will be owned by a git user. ```sh useradd -m git +``` + +Create a new directory to store the repositories owned by the git user. + +```sh mkdir /srv/git chown git:git /srv/git ``` -The repositories will be stored as bare, this mean that we will only store the `.git` folder to save space. +Login as the git user so the new repositories will be owned by him. ->To create a bare repo: `git init --bare` +```sh +su git +cd /srv/git +``` ->To clone a repo as bare: `git clone bare <location>` +### Creating a repository -You can either add a password for the git user or put your ssh public key in `/home/git/.ssh/authentication_keys` and disable password authentication for ssh. +They will be stored as bare, meaning we will only store the `.git` +folder not the actual files (called the *workspace*) to save space. +It's a convention to to suffix a bare repository with the `.git` extension. -You can now clone from your server with `git clone git@<hostname>:/srv/git/<reponame>` +```sh +mkdir repo.git +cd repo.git +git init --bare +``` -## Better server interaction with git-shell +Or clone a distant one: + +```sh +git clone --bare <location> +``` + +> Look at the content of a bare repository and the `.git` directory in a regular one +> to convince yourself that they're the same. + +### SSH Authentication -Permit the git user to have a regular shell can be a security issue, -we would like that to restrict him to a few action, -like creating/deleting a repository, importing a repository, listing the repo currently stored +You could add a password for the git user but it's ultimately safer to user a key pair. -Make the git-shell a valid shell `echo $(which git-shell) >> /etc/shells` +If you don't know what that is you generate it with `ssh-keygen`. +Follow the steps and it will create `id_rsa` (private key) and `id_rsa.pub` (public key) in `~/.ssh`. +On your server you append your **public** key to `/home/git/.ssh/authorized_keys` -Change the shell of the git user `chsh -s $(which git-shell) git` +At this point you should be able to login as the git user via ssh + +```sh +ssh git@<host> +``` + +You can clone from your server. + +```sh +git clone git@<hostname>:/srv/git/<reponame>.git +``` + +## Better server interaction with git-shell + +Permitting the git user to have a regular shell can be too permissive, +we would like to restrict him to a few repository actions, like creation/deletion, importing (clone), listing. + +``` sh +echo $(which git-shell) >> /etc/shells` # Register the git-shell as a valid shell +chsh -s $(which git-shell) git # Change the shell of the git user +``` If you try to ssh as the git user, you will be greeted with something along the line of: @@ -38,94 +81,88 @@ hint: ~/git-shell-commands should exist and have read and execute access. Connection to <host> closed. ``` -As suggested by the hint we have to create the directory `/home/git/git-shell-commands` and put the commands (executable) that the git user is allowed to execute in. - -Here is a script to create a repo: +As suggested by the hint we have to create the directory `/home/git/git-shell-commands` +and put the commands (executable) available to the git user. ```sh #!/bin/sh -[ $# -ne 1 ] && echo "Usage: $0 name" && exit 1 +[ $# -ne 1 ] && + echo "Usage: $0 repository" && exit 1 repo_path="/srv/git/$1.git" -[ -d "$repo_path" ] && echo "$0: Error: $repo_path already exist" && exit 2 +[ -d "$repo_path" ] && + echo "$0: Error: $repo_path already exist" && exit 2 mkdir "$repo_path" git -C "$repo_path" init --bare ``` -Put it under `git-shell-commands/create` and make it executable then try to ssh as the git user once again. +This script create a new repository in `/srv/git`. +Put it under `git-shell-commands/create` and make it executable then try to ssh as the git user once again. +You will be prompted with `git> `, you can only execute the `create <repository>` and `exit` command. -You should have a prompt like `git> `, you can call the `create` command with a repo name as the first argument and it should create a new repository for you. +> You can probably create the `delete`, `import` and `list` scripts yourself. +> If you add a `help` script, it will be ran at the beginning of the connection. +> It can be used to add a greeting message. ## Allow anyone to clone with git-daemon -The git daemon will allow annone to clone your repos with something like `git clone git://<host>/<repo>` - -`git daemon --reuseaddr --base-path=/srv/git/ /srv/git/` and that's it +Cloning with ssh is fine but only the people with ssh access can do it, we would like anyone to clone. +git-daemon does precisely that, after running it you will be able to run `git clone git://<host>/<repository>` -You should make it a service in your service supervisor, example with systemctl: - -``` -[Unit] -Description=Start Git Daemon -[Service] -ExecStart=/usr/bin/git daemon --reuseaddr --base-path=/srv/git/ /srv/git/ -Restart=always -RestartSec=500ms -StandardOutput=syslog -StandardError=syslog -SyslogIdentifier=git-daemon -User=git -Group=git -[Install] -WantedBy=multi-user.target +```sh +git daemon --reuseaddr --base-path=/srv/git/ /srv/git/ ``` -Put it in `/etc/systemctl/system/git-daemon.service` and run `systemctl enable git-daemon` then `systemctl start git-daemon`. +Follow the instruction of [this](https://git-scm.com/book/en/v2/Git-on-the-Server-Git-Daemon) tutorial if you want to know how to make it a service -### Public/private repo +### Public/private repository -You may want to introduce a distiction of which repo is public and which is private - -A simple way to do this is by creating a `public` directory in `/srv/git` which will contain symbolic link to the repo in `/srv/git` +You may want to introduce a public/private distinction for your repositories. +A simple way to do this is by creating a `public` directory in `/srv/git` +which will contain symbolic link to the repository in `/srv/git`. ``` -/srv/git -|- foo.git -|- bar.git -|- qux.git -|- public - |- foo.git -> /srv/git/foo.git - |- bar.git -> /srv/git/bar.git +/srv/git/ + |- foo.git/ + |- bar.git/ + |- qux.git/ + |- public/ + |- foo.git -> /srv/git/foo.git + |- bar.git -> /srv/git/bar.git ``` -You can change the git daemon to only serve the public repositories `git daemon --reuseaddr --base-path=/srv/git/public /srv/git/public` +> Change the git daemon to only serve the public repositories +> `git daemon --reuseaddr --base-path=/srv/git/public /srv/git/public`. -## Generate a static website +> Add a `publish` and `unpublish` script in `git-shell-commands/`. -Here we will create a site that look's like [this](https://git.suckless.org) with [nginx](https://nginx.org), [stagit](https://git.codemadness.org/stagit/) and a few scripts. - -If you don't like the minimalistic appearence of the site, [here](https://git.wiki.kernel.org/index.php/Interfaces,_frontends,_and_tools#Web_Interfaces) is a list of alternative. +## Generate a static website -Install nginx (on Debian based distro): `apt install nginx` +Here we will create a site that look's like [this](https://git.suckless.org) +with [nginx](https://nginx.org), [stagit](https://git.codemadness.org/stagit/) and a few scripts. +If you don't like the minimalist appearance of the site, +[here](https://git.wiki.kernel.org/index.php/Interfaces,_frontends,_and_tools#Web_Interfaces) +is a list of alternatives. -Create a basic configuration file for your site: +### nginx ``` server { - root /var/www/git; - index index.html index.htm; - + root /var/www/git; # where our website's files will be located + index index.html; + # It's a convention to put it in a git. subdomain. server_name git.<hostname> www.git.<hostname>; - location / { try_files $uri $uri/ =404; } } ``` -It's a convention to put it in a `git.` subdomain. -`systemctl enable nginx && systemctl start nginx` +Put this configuration file in `/etc/nginx/sites-available`. +Enable the site `ln -s /etc/nginx/sites-available /etc/nginx/sites-enable` + +### stagit -Install stagit: +Stagit is pretty small tool so it won't take long to install it from sources. ``` git clone git://git.codemadness.org/stagit @@ -134,41 +171,49 @@ make make install ``` -To generate a static page for a repo `stagit /path/to/repo`. -To generate an index for multiple repositories `stagit-index repo1 repo2 repo3 > index.html` +* `stagit /path/to/repository`. - generate a static pages for a repository in the current directory. +* `stagit-index repo1 repo2 repo3 > index.html` - generate an index for multiple repositories. -Here is a script to generate a site for all repo in `/srv/git/public` +> Read the man page of both of these commands for more information + +#### git hooks + +Git hooks are scripts located in `<repository>/.git/hooks` that will be run on a certain action. +The hook we're interested in is `post-receive`, it will be ran after someone pushes to the repository. +We can use it to regenerate the repository's pages and the website's index. ```sh #!/bin/sh -repos=$(find /srv/git/public/ -type l) -current=$(pwd) +# Insert repo_name variable here +# <REPO_NAME> -- replace with repo_name=name -for repo in $repos; do - repo_name=$(basename "$repo" | sed 's/\.git//') - repo_static_path="/var/www/git/$repo_name" - mkdir -p "$repo_static_path" - cd "$repo_static_path" || exit 1 - echo "git://cacharle.xyz/$repo_name" > "$repo/url" - stagit "$repo" - ln -sf "$repo_static_path/log.html" "$repo_static_path/index.html" - echo "Generated $repo_static_path" -done +[ -z "$repo_name" ] && exit 1 +[ ! -d "/srv/git/public/$repo_name.git" ] && exit -echo "Creating index" -stagit-index $repos > /var/www/git/index.html +repo_web_path="/var/www/git/$repo_name" +mkdir -p "$repo_web_path" +cd "$repo_web_path" || exit 1 +stagit "/srv/git/$repo_name.git" +stagit-index /srv/git/public/* > /var/www/git/index.html +``` -cd "$current" || exit 1 -chown -R git:git /srv/git +This is a template for the `post-receive` hook. +Every time you publish a repository you can change his `post-receive` hook. + +```sh +post_receive_path="<repository>/hooks/post-receive" +sed '/REPO_NAME/ c repo_name='"$repo" < post-receive.template > "$post_receive_path" +chmod +x "$post_receive_path" +"$post_receive_path" ``` -There is more smart ways to handle this to rebuild the webpages each time someone pushes to the repo with [git hooks](https://git.codemadness.org/stagit/file/README.html#l92). +> Add this code to your `publish` script ## Sources * [Setting up \*Your Own\* Git Server](https://www.youtube.com/watch?v=ju9loeXNVW0) * [Git book - setting up the server](https://git-scm.com/book/en/v2/Git-on-the-Server-Setting-Up-the-Server) * [Git book - git daemon](https://git-scm.com/book/en/v2/Git-on-the-Server-Git-Daemon) -* [stagit - Static website generator for git repository](https://git.codemadness.org/stagit/) +* [stagit README](https://git.codemadness.org/stagit/file/README.html) * [git-shell man](https://git-scm.com/docs/git-shell.html) @@ -19,13 +19,13 @@ <h2>Blog articles</h2> <ul> <!--BLOGINDEX--> -<li><a href="blog/git_server.html"> How to make your own git server/website</a></li> +<li><a href="blog/git_server.html"> How to make your own git server/website </a></li> </ul> <h2>Links</h2> <li><a href="https://github.com/cacharle">github</a></li> - <li><a href="https://git.cacharle.xyz">my git server</a></li> + <li><a href="https://git.cacharle.xyz">git server</a></li> - <p>The style sheet of this site can be found <a href="https://github.com/markdowncss/retro">here</a></p> + <p>The style sheet used for this site can be found <a href="https://github.com/markdowncss/retro">here</a></p> </div></body> </html> diff --git a/index.template.html b/index.template.html index ff851c3..940bc6f 100644 --- a/index.template.html +++ b/index.template.html @@ -23,8 +23,8 @@ <h2>Links</h2> <li><a href="https://github.com/cacharle">github</a></li> - <li><a href="https://git.cacharle.xyz">my git server</a></li> + <li><a href="https://git.cacharle.xyz">git server</a></li> - <p>The style sheet of this site can be found <a href="https://github.com/markdowncss/retro">here</a></p> + <p>The style sheet used for this site can be found <a href="https://github.com/markdowncss/retro">here</a></p> </div></body> </html> @@ -6,10 +6,23 @@ pre, code { font-family: Menlo, Monaco, "Courier New", monospace; } +code { + background-color: #333; + padding: .1rem; + border: 1px solid #FFFFFF2F; + border-radius: 3px; + font-size: 85%; +} + pre { padding: .5rem; line-height: 1.25; - overflow-x: scroll; + overflow-x: auto; +} + +pre > code { + border: none; + font-size: 100%; } @media print { |