No, not halitosis !

There are many wonderful public git repositories out there – like github, of course, and gitorious (pity they didn’t seem to be able to find a sexual pun in that name!). But they don’t offer you a free private repository where you can store the code that you’re not particularly proud of or don’t wish to release into the public domain, etc. However, if you have a public facing internet host, or just about any ssh accessible box you can easily setup gitosis to create a private repository that is world accessible.

When I first looked at setting up my own private git repository, I looked at running git as a daemon, and in fact there is an Ubuntu/Debian package called git-daemon-run for that purpose. But it’s overkill for a private repo only going to be used by yourself, or yourself and your development team. Also, it seems from my limited research that git-daemon is most useful for providing read-only access in much the same way that github provides public clone URLs. If you do decide you need git-daemon, this article looks like it may be helpful, especially when it comes to integrating git-daemon with gitosis.

Gitosis steps neatly around the need to have yet another permanently running daemon (so there is one less permanently available server process that may be compromised by an attacker). What it does is create its own gitosis user (also called ‘gitosis’ on Debian) with access to the git repository being through ssh private/public key transfers as that user. It is not possible to ssh to a shell prompt as that user, it is all automatically controlled. And another neat gitosis feature is that configuration is all done through git itself. One clones the gitosis configuration repository from the server, alters the configuration files on one’s own workstation, and then simply git pushes the configuration back to the server. Really neat!

I found a really good tutorial covering gitosis at scie.nti.st. However, it really isn’t Debian Lenny specific so that’s why I’m going to add a few extra notes here. From my usage on Lenny, the Debian supplied gitosis package is stable. So, my recommendation is to rather use the Debian supplied version, and skip the git-clone/compiling/dependancy parts of the scie.nti.st tutorial. The next big difference by doing things the Debian-way is that the user created for gitosis is called ‘gitosis’ and not ‘git’. So, after installing the gitosis package, the next thing you’ll need to do is become root and then su to the gitosis user which would have been automatically created for you. Then, as gitois issue a:

gitosis-init < /path_to/id_rsa.pub

where id_rsa.pub is the public SSH key from your workstation user that you’ve previously copied to the server. Make sure that the path to the public key file is accessible by the gitosis user.

And then, because you’ve initialized the gitosis configurarion with your public key, from your regular workstation, all you’ll need to do is issue a:

git clone gitosis@YOUR_SERVER_HOSTNAME:gitosis-admin.git

and git will pull all the configuration files for gitosis to your local workstation! Obviously choose which workstation you’re going to be using wisely – for instance don’t choose your workstation at work, thinking you can complete the rest of the configuration after hours – until you’ve added other administrators to the gitosis-admin repository you’ll need access to the initial workstation and user account.

The rest of the scie.nti.st tutorial is straight forward, because after that you’ll need to create new repositories and add users to those repositories.

One gotcha: for the users that I was adding to the repositories, I initially transferred the public keys of all of these users to the server, and not to the initial workstation. You don’t add new users on the server (DO NOT append to the public keys in the gitosis ~/.ssh/known_keys file on the server). In fact you’re NOT meant to configure gitosis further on the server. You do it on the first workstation that has got the cloned gitosis-admin repository by ‘git add’ing the users public keys and configuration there and then ‘git push’ing to the server. It’s really simple, just slightly different to the way most of us are used to working.

Oh and another gotcha!: I use a non-standard port for ssh to my server. So, instead of using port 22 to ssh into that host I use port 443. I couldn’t find an obvious way to tell git to use a different port, but it is no problem really as you can tell ssh to use port 443 by putting the following in ~/.ssh/config:

host  YOUR_SERVER_HOSTNAME
        Port 443

All in all though, gitosis is a really neat idea, and it works well for the creation of private git repositories.