gitosis搭建本地git服务器

Git是很是著名的分布式版本控制系统。不少状况下只会搭建内部的git服务器,而后在协同开发。那么在搭建内部git服务器,咱们能够使用gitosis来辅助咱们去完成。Gitosis 是一套用来管理 authorized_keys文件和实现简单链接限制的脚本,它是Python开发的,因此要保证Python和Python setuptools提早安装好。
参考:java

http://scie.nti.st/2007/11/14/hosting-git-repositories-the-easy-and-secure-way/python

1、替换ubuntu更新源为国内更新源
1.在这里使用清华大学开源软件镜像站,直接参考:git

https://mirrors.tuna.tsinghua.edu.cn/help/ubuntu/github

2.配置更新源列表,配置以前先保存以前的源列表web

root@book-virtual-machine:~# cp /etc/apt/sources.list /etc/apt/sources.list.back
root@book-virtual-machine:~# vim /etc/apt/sources.list
# 默认注释了源码镜像以提升apt update速度,若有须要可自行取消注释
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ precise main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ precise main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ precise-updates main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ precise-updates main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ precise-backports main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ precise-backports main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ precise-security main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ precise-security main restricted universe multiverse

# 预发布软件源,不建议启用
# deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ precise-proposed main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ precise-proposed main restricted universe multiverse
root@book-virtual-machine:~# vim /etc/resolv.conf
nameserver 127.0.0.1
nameserver 101.6.6.6 #清华大学开源软件镜像站 DNS地址
root@book-virtual-machine:~# apt-get clean
root@book-virtual-machine:~# apt-get update

3.在搭建本地GIT服务器,除了git服务器相关的软件,还须要用到用户访问认证。在搭建服务器的过程当中因为更新源库的问题。ubuntu

book@book-virtual-machine:~$ sudo apt-get install git-core python-setuptools

4.下载并安装gitosisvim

cd ~/src
git clone https://github.com/tv42/gitosis.git
cd gitosis
python setup.py install

5.添加用户gitruby

root@book-virtual-machine:/home/book# adduser git
Adding user `git' ...
Adding new group `git' (1001) ...
Adding new user `git' (1001) with group `git' ...
Creating home directory `/home/git' ...
Copying files from `/etc/skel' ...
Enter new UNIX password: 
Retype new UNIX password: 
Sorry, passwords do not match
passwd: Authentication token manipulation error
passwd: password unchanged
Try again? [y/N] y
Enter new UNIX password: 
Retype new UNIX password: 
passwd: password updated successfully
Changing the user information for git
Enter the new value, or press ENTER for the default
 Full Name []: 
 Room Number []: 
 Work Phone []: 
 Home Phone []: 
 Other []: 
Is the information correct? [Y/n]

2、配置SSH和生成密钥
1.安装openssh服务器

book@book-virtual-machine:~$ sudo apt-get install openssh-server openssh-client

2.修改sshd配置文件app

book@book-virtual-machine:/$ sudo vim /etc/ssh/sshd_config
/***加大key的位数***/
ServerKeyBits 768    --->  ServerKeyBits 1024
/***禁止root用户登陆***/
PermitRootLogin yes  ---> PermitRootLogin no
/***打开AuthorizedKeysFile ***/
AuthorizedKeysFile      %h/.ssh/authorized_keys

3.生成git用户的密钥(切换到git用户)

git@book-virtual-machine:~$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/git/.ssh/id_rsa): 
Created directory '/home/git/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/git/.ssh/id_rsa.
Your public key has been saved in /home/git/.ssh/id_rsa.pub.
The key fingerprint is:
c5:36:b1:87:04:ff:97:6a:de:08:f6:5f:05:20:a8:0b git@book-virtual-machine
The key's randomart image is:
+--[ RSA 2048]----+
|        .o+ .    |
|        .+ = .   |
|       .  O . .  |
|    E .  o +   o |
|     . .S   . o .|
|      .      o  .|
|          o o   .|
|         . = o . |
|            +.o  |
+-----------------+

3、初始化gitosis
1.配置git全局参数

git config --global user.name "git"
git config --global user.email "xxx@xxx.com"

2.使用git管理员的公钥来初始化gitosis

git@book-virtual-machine:~$ gitosis-init < ~/.ssh/id_rsa.pub 
Initialized empty Git repository in /home/git/repositories/gitosis-admin.git/
Reinitialized existing Git repository in /home/git/repositories/gitosis-admin.git/

初始化成功后生成下面两个目录

git@book-virtual-machine:~$ ls
gitosis  repositories

3.修改post-update权限

git@book-virtual-machine:~$ chmod 755 ~/repositories/gitosis-admin.git/hooks/post-update

4.测试ssh是否能经过公钥访问:

git@book-virtual-machine:~$ ssh git@192.168.1.123
The authenticity of host '192.168.1.123 (192.168.1.123)' can't be established.
ECDSA key fingerprint is df:20:21:5c:73:76:b8:32:13:31:47:19:1f:ef:fc:fb.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.123' (ECDSA) to the list of known hosts.
PTY allocation request failed on channel 0
ERROR:gitosis.serve.main:Need SSH_ORIGINAL_COMMAND in environment.
Connection to 192.168.1.123 closed.

从上面来看,SSH登陆git用户已经成功了。

5.使用git clone把gitosis-admin clone下来进行管理

git@book-virtual-machine:/work/management$ git clone git@192.168.1.123:gitosis-admin.git
Cloning into 'gitosis-admin'...
remote: Counting objects: 5, done.
remote: Compressing objects: 100% (5/5), done.
remote: Total 5 (delta 0), reused 5 (delta 0)
Receiving objects: 100% (5/5), done.
git@book-virtual-machine:/work/management$ ls
gitosis-admin

6.安装完成

4、gitosis管理功能测试
1.使用以前的book用户去访问git用户下的test.git
1.1 在git用户下建立test.git

git@book-virtual-machine:~/repositories$ mkdir test.git
git@book-virtual-machine:~/repositories$ ls
gitosis-admin.git  test.git

1.2 初始化test.git空仓库

git@book-virtual-machine:~/repositories$ cd test.git/
git@book-virtual-machine:~/repositories/test.git$ git init --bare
Initialized empty Git repository in /home/git/repositories/test.git/

2.添加book用户到gitosis上

git@book-virtual-machine:/work/management/gitosis-admin$ ls
gitosis.conf  keydir
git@book-virtual-machine:/work/management/gitosis-admin$ vim gitosis.conf
[gitosis] [group gitosis-admin] members = git@book-virtual-machine writable = gitosis-admin /*- 添加test仓库和book用户,格式仿上面便可,更溜玩法请百度 -*/ [group test] members = book@book-virtual-machine writable = test

3.book用户生成密钥而且把公钥给到git用户
3.1 生成book的密钥

book@book-virtual-machine:~$ cd ~
book@book-virtual-machine:~$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/book/.ssh/id_rsa): 
Created directory '/home/book/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/book/.ssh/id_rsa.
Your public key has been saved in /home/book/.ssh/id_rsa.pub.
The key fingerprint is:
86:a8:42:1e:a2:77:4f:92:7f:00:eb:c4:7f:5a:9d:8c book@book-virtual-machine
The key's randomart image is: +--[ RSA 2048]----+ | | | | | | | .. . | |.o ..o. S | |= ..+... + . | |o.oo+...E + | | o ..=..o | | ++ | +-----------------+

3.2 book用户的公钥给git,公钥的名字必定要和上面gitosis.conf设置的用户名同样

book@book-virtual-machine:~$ sudo cp .ssh/id_rsa.pub /work/management/gitosis-admin/keydir/book@book-virtual-machine.pub

3.3 上传修改到gitosis上(上面的修改都是在clone下来的本地code操做的,所以修改的东西须要上传上去)

git@book-virtual-machine:/work/management/gitosis-admin$ git status
# On branch master
# Changes not staged for commit:
# (use "git add <file>..." to update what will be committed)
# (use "git checkout -- <file>..." to discard changes in working directory)
#
# modified: gitosis.conf
#
# Untracked files:
# (use "git add <file>..." to include in what will be committed)
#
# keydir/book@book-virtual-machine.pub
no changes added to commit (use "git add" and/or "git commit -a")
git@book-virtual-machine:/work/management/gitosis-admin$ git add .
git@book-virtual-machine:/work/management/gitosis-admin$ git commit -m "add test"
git@book-virtual-machine:/work/management/gitosis-admin$ git pushCounting objects: 8, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (5/5), done.
Writing objects: 100% (5/5), 796 bytes, done.
Total 5 (delta 0), reused 0 (delta 0)
To git@192.168.1.123:gitosis-admin.git
   756407b..0a43978  master -> master

5、最终测试book用户是否能访问到test

book@book-virtual-machine:/work$ git clone git@192.168.1.123:test.git
Cloning into 'test'...
The authenticity of host '192.168.1.123 (192.168.1.123)' can't be established. ECDSA key fingerprint is df:20:21:5c:73:76:b8:32:13:31:47:19:1f:ef:fc:fb. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.1.123' (ECDSA) to the list of known hosts. warning: You appear to have cloned an empty repository. book@book-virtual-machine:/work$ ls management test

至此,成功。