These are my notes regarding setting up GitWeb and gitolite to host public and private git repos on my Funtoo.org hosted instance.

My requirements for a git server include:

  • Both public and private repositories
  • User groups, and whitelist access to repos based on them
  • Restrict write access to master
  • Restrict write access to other branches to owner/group

I am migrating from an older system which used gitosis for the same purpose. gitolite has for the most part superceded gitosis, and is the only one of the two available in portage.

Install Gitolite

kenneth@kennethd:~$ sudo emerge dev-vcs/gitolite

Copy bare repositories into place

Having already used rsync to copy the repositories directory from the old gitosis server to the new gitolite user, move it to the git user’s $HOME directory & verify ownership

Note this bit is being run as root:

kennethd ~ # rsync -r ~kenneth/tmp/repositories ~git/
kennethd ~ # chown -R git:git ~git/repositories 
kennethd ~ # ls -l ~git
total 12
drwxr-xr-x 75 git git 76 Sep 18 21:13 repositories

Gitolite’s docs warn:

Warning!

Gitolite will clobber any existing update hook in your repos when you do this. Please see either the cookbook or the non-core page for information on how to make your existing update hook work with gitolite.

Gitolite may clobber any existing “git-daemon-export-ok” file in your repo; see the page on allowing access to gitweb and git-daemon for how to enable that via gitolite.

Run setup

kenneth@kennethd:~$ sudo cp ./.ssh/id_rsa.pub ~git/kenneth.pub
kenneth@kennethd:~$ sudo su - git
git@kennethd ~ $ mkdir -p .gitolite/logs
git@kennethd ~ $ gitolite setup -pk kenneth.pub

Setup will create bare repository ~git/repositories/testing.git and add it to ~git/projects.list

Daemonize git-daemon

git-daemon is used to provide anonymous read access to public archives.

There are a lot of options available for creating a service for git-daemon, a partial list:

  • supervisord which is what I plan to use on this server, and will set up below
  • runit my old gitosis server’s runit config is documented here
  • sysvinit – link goes to debian’s packaged config
  • systemd config from official git docs
  • Ubuntu’s upstart config from official git docs
  • xinetd there’s an old HOWTO here

Install supervisord

kenneth@kennethd:~$ sudo emerge app-admin/supervisor

If you want your regular user to be able to run supervisorctl, it needs to be added to the group supervisor:

kenneth@kennethd:~$ sudo gpasswd -a kenneth supervisor

sudo su - $LOGNAME to obtain a shell with the newly added group activated

Create gitdaemon user for read-only access to the repositories

This user will own the git-daemon process

kenneth@kennethd:~$ sudo useradd --system --no-user-group --home-dir /nonexistent --no-create-home --shell /bin/false gitdaemon 
kenneth@kennethd:~$ grep git /etc/passwd
git:x:105:103:added by portage for gitolite:/var/lib/gitolite:/bin/sh
gitdaemon:x:999:100::/nonexistent:/bin/false

Create git-daemon supervisor config

Configure repositories