您尚未登录。

楼主 #1 2018-07-08 17:33:27

Morgan
会员
注册时间: 2018-07-03
已发帖子: 28
积分: 23

gitosis搭建本地git服务器

Git是非常著名的分布式版本控制系统。很多情况下只会搭建内部的git服务器,然后在协同开发。那么在搭建内部git服务器,我们可以使用gitosis来辅助我们去完成。Gitosis 是一套用来管理 authorized_keys文件和实现简单连接限制的脚本,它是Python开发的,所以要保证Python和Python setuptools提前安装好。
参考:

http://scie.nti.st/2007/11/14/hosting-git-repositories-the-easy-and-secure-way/

一、替换ubuntu更新源为国内更新源
1.在这里使用清华大学开源软件镜像站,直接参考:

https://mirrors.tuna.tsinghua.edu.cn/help/ubuntu/

2.配置更新源列表,配置之前先保存之前的源列表

root@book-virtual-machine:~# cp /etc/apt/sources.list /etc/apt/sources.list.back
root@book-virtual-machine:~# vim /etc/apt/sources.list
    # 默认注释了源码镜像以提高apt update速度,如有需要可自行取消注释
    deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ precise main restricted universe multiverse
    # deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ precise main restricted universe multiverse
    deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ precise-updates main restricted universe multiverse
    # deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ precise-updates main restricted universe multiverse
    deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ precise-backports main restricted universe multiverse
    # deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ precise-backports main restricted universe multiverse
    deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ precise-security main restricted universe multiverse
    # deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ precise-security main restricted universe multiverse

    # 预发布软件源,不建议启用
    # deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ precise-proposed main restricted universe multiverse
    # deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ precise-proposed main restricted universe multiverse

root@book-virtual-machine:~# vim /etc/resolv.conf
nameserver 127.0.0.1
nameserver 101.6.6.6 #清华大学开源软件镜像站 DNS地址
root@book-virtual-machine:~# apt-get clean
root@book-virtual-machine:~# apt-get update

3.在搭建本地GIT服务器,除了git服务器相关的软件,还需要用到用户访问认证。在搭建服务器的过程中由于更新源库的问题。

book@book-virtual-machine:~$ sudo apt-get install git-core python-setuptools

4.下载并安装gitosis

cd ~/src
git clone https://github.com/tv42/gitosis.git
cd gitosis
python setup.py install

5.添加用户git

root@book-virtual-machine:/home/book# adduser git
Adding user `git' ...
Adding new group `git' (1001) ...
Adding new user `git' (1001) with group `git' ...
Creating home directory `/home/git' ...
Copying files from `/etc/skel' ...
Enter new UNIX password: 
Retype new UNIX password: 
Sorry, passwords do not match
passwd: Authentication token manipulation error
passwd: password unchanged
Try again? [y/N] y
Enter new UNIX password: 
Retype new UNIX password: 
passwd: password updated successfully
Changing the user information for git
Enter the new value, or press ENTER for the default
    Full Name []: 
    Room Number []: 
    Work Phone []: 
    Home Phone []: 
    Other []: 
Is the information correct? [Y/n]

二、配置SSH和生成密钥
1.安装openssh

book@book-virtual-machine:~$ sudo apt-get install openssh-server openssh-client

2.修改sshd配置文件

book@book-virtual-machine:/$ sudo vim /etc/ssh/sshd_config
/***加大key的位数***/
ServerKeyBits 768    --->  ServerKeyBits 1024
/***禁止root用户登录***/
PermitRootLogin yes  ---> PermitRootLogin no
/***打开AuthorizedKeysFile ***/
AuthorizedKeysFile      %h/.ssh/authorized_keys

3.生成git用户的密钥(切换到git用户)

git@book-virtual-machine:~$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/git/.ssh/id_rsa): 
Created directory '/home/git/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/git/.ssh/id_rsa.
Your public key has been saved in /home/git/.ssh/id_rsa.pub.
The key fingerprint is:
c5:36:b1:87:04:ff:97:6a:de:08:f6:5f:05:20:a8:0b git@book-virtual-machine
The key's randomart image is:
+--[ RSA 2048]----+
|        .o+ .    |
|        .+ = .   |
|       .  O . .  |
|    E .  o +   o |
|     . .S   . o .|
|      .      o  .|
|          o o   .|
|         . = o . |
|            +.o  |
+-----------------+

三、初始化gitosis
1.配置git全局参数

git config --global user.name "git"
git config --global user.email "xxx@xxx.com"

2.使用git管理员的公钥来初始化gitosis

git@book-virtual-machine:~$ gitosis-init < ~/.ssh/id_rsa.pub 
Initialized empty Git repository in /home/git/repositories/gitosis-admin.git/
Reinitialized existing Git repository in /home/git/repositories/gitosis-admin.git/

初始化成功后生成下面两个目录

git@book-virtual-machine:~$ ls
gitosis  repositories

3.修改post-update权限

git@book-virtual-machine:~$ chmod 755 ~/repositories/gitosis-admin.git/hooks/post-update

4.测试ssh是否能通过公钥访问:

git@book-virtual-machine:~$ ssh git@192.168.1.123
The authenticity of host '192.168.1.123 (192.168.1.123)' can't be established.
ECDSA key fingerprint is df:20:21:5c:73:76:b8:32:13:31:47:19:1f:ef:fc:fb.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.123' (ECDSA) to the list of known hosts.
PTY allocation request failed on channel 0
ERROR:gitosis.serve.main:Need SSH_ORIGINAL_COMMAND in environment.
Connection to 192.168.1.123 closed.

从上面来看,SSH登录git用户已经成功了。

5.使用git clone把gitosis-admin clone下来进行管理

git@book-virtual-machine:/work/management$ git clone git@192.168.1.123:gitosis-admin.git
Cloning into 'gitosis-admin'...
remote: Counting objects: 5, done.
remote: Compressing objects: 100% (5/5), done.
remote: Total 5 (delta 0), reused 5 (delta 0)
Receiving objects: 100% (5/5), done.
git@book-virtual-machine:/work/management$ ls
gitosis-admin

6.安装完成

四、gitosis管理功能测试
1.使用之前的book用户去访问git用户下的test.git
1.1 在git用户下创建test.git

git@book-virtual-machine:~/repositories$ mkdir test.git
git@book-virtual-machine:~/repositories$ ls
gitosis-admin.git  test.git

1.2 初始化test.git空仓库

git@book-virtual-machine:~/repositories$ cd test.git/
git@book-virtual-machine:~/repositories/test.git$ git init --bare
Initialized empty Git repository in /home/git/repositories/test.git/

2.添加book用户到gitosis上

git@book-virtual-machine:/work/management/gitosis-admin$ ls
gitosis.conf  keydir
git@book-virtual-machine:/work/management/gitosis-admin$ vim gitosis.conf
[gitosis]

[group gitosis-admin]
members = git@book-virtual-machine
writable = gitosis-admin
/*- 添加test仓库和book用户,格式仿上面即可,更溜玩法请百度 -*/
[group test]
members = book@book-virtual-machine
writable = test

12
3.book用户生成密钥并且把公钥给到git用户
3.1 生成book的密钥

book@book-virtual-machine:~$ cd ~
book@book-virtual-machine:~$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/book/.ssh/id_rsa): 
Created directory '/home/book/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/book/.ssh/id_rsa.
Your public key has been saved in /home/book/.ssh/id_rsa.pub.
The key fingerprint is:
86:a8:42:1e:a2:77:4f:92:7f:00:eb:c4:7f:5a:9d:8c book@book-virtual-machine
The key's randomart image is:
+--[ RSA 2048]----+
|                 |
|                 |
|                 |
|    .. .         |
|.o ..o. S        |
|= ..+... + .     |
|o.oo+...E +      |
| o ..=..o        |
|      ++         |
+-----------------+

3.2 book用户的公钥给git,公钥的名字一定要和上面gitosis.conf设置的用户名一样

book@book-virtual-machine:~$ sudo cp .ssh/id_rsa.pub /work/management/gitosis-admin/keydir/book@book-virtual-machine.pub

3.3 上传修改到gitosis上(上面的修改都是在clone下来的本地code操作的,因此修改的东西需要上传上去)

git@book-virtual-machine:/work/management/gitosis-admin$ git status
# On branch master
# Changes not staged for commit:
#   (use "git add <file>..." to update what will be committed)
#   (use "git checkout -- <file>..." to discard changes in working directory)
#
#   modified:   gitosis.conf
#
# Untracked files:
#   (use "git add <file>..." to include in what will be committed)
#
#   keydir/book@book-virtual-machine.pub
no changes added to commit (use "git add" and/or "git commit -a")
git@book-virtual-machine:/work/management/gitosis-admin$ git add .
git@book-virtual-machine:/work/management/gitosis-admin$ git commit -m "add test"
git@book-virtual-machine:/work/management/gitosis-admin$ git pushCounting objects: 8, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (5/5), done.
Writing objects: 100% (5/5), 796 bytes, done.
Total 5 (delta 0), reused 0 (delta 0)
To git@192.168.1.123:gitosis-admin.git
   756407b..0a43978  master -> master

五、最终测试book用户是否能访问到test

book@book-virtual-machine:/work$ git clone git@192.168.1.123:test.git
Cloning into 'test'...
The authenticity of host '192.168.1.123 (192.168.1.123)' can't be established.
ECDSA key fingerprint is df:20:21:5c:73:76:b8:32:13:31:47:19:1f:ef:fc:fb.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.123' (ECDSA) to the list of known hosts.
warning: You appear to have cloned an empty repository.
book@book-virtual-machine:/work$ ls
management  test

至此,成功。

离线

#2 2018-07-08 17:47:41

晕哥
管理员
所在地: 微信 whycan_cn
注册时间: 2017-09-06
已发帖子: 9,223
积分: 9197

Re: gitosis搭建本地git服务器

天天用git客户端,还没搭过服务器,有空试一试,感谢分享!





离线

页脚

工信部备案:粤ICP备20025096号 Powered by FluxBB

感谢为中文互联网持续输出优质内容的各位老铁们。 QQ: 516333132, 微信(wechat): whycan_cn (哇酷网/挖坑网/填坑网) service@whycan.cn