Gitoliteのソースを表示

[[Category:バージョン管理システム]]
[[en:Gitolite]]
[https://github.com/sitaramc/gitolite/wiki/ Gitolite] を使うことで複数のユーザーが扱う Git リポジトリを簡単に安全にホストすることができます。

== インストール ==
{{Pkg|gitolite}} パッケージを[[インストール]]してください。

== 設定 ==
gitolite をインストールすると自動的に ''gitolite'' ユーザーがシステムに追加され、ホームディレクトリ {{ic|/var/lib/gitolite}} が作られます。

=== SSH によるアクセス ===

管理者アクセスできるように、SSH 公開鍵を {{ic|/var/lib/gitolite/''username''.pub}} に追加してください ({{ic|username}} はあなたのユーザー名に置き換えて下さい):
 # install -o gitolite -g gitolite ~/.ssh/id_rsa.pub /var/lib/gitolite/''username''.pub

そして ''gitolite'' ユーザーを使って Gitolite のセットアップスクリプトを実行します:
 # su - gitolite
 $ gitolite setup -pk ''username''.pub

これで gitolite-admin の keydir に公開鍵が配置され、あなたのユーザー名で gitolite-admin リポジトリに読み書きアクセスできるようになります。

コピーした SSH 公開鍵を削除して ''gitolite'' ユーザーシェルを終了してください:
 $ rm ''username''.pub
 $ exit

あなたのユーザーを使って問題が無いか確認することが可能です:
{{hc|$ ssh gitolite@''hostname'' info|
hello ''username'', this is gitolite@''hostname'' running gitolite3 v3.6.2 on git 2.3.3

 R W    gitolite-admin
 R W    testing
}}

Do NOT add repositories or users directly as ''gitolite'' on the server!
You MUST manage the server by cloning the special ''gitolite-admin'' repository
 $ git clone gitolite@''hostname'':gitolite-admin

詳しくは [https://github.com/sitaramc/gitolite/ Gitolite] を参照してください。

=== Apache による http(s) アクセスの追加 (ベーシック認証) ===

suEXEC ラッパースクリプトを作成する必要があります。suEXEC のセキュリティ要件を満たすために、スクリプトとディレクトリの所有者は {{ic|gitolite:gitolite}} である必要があり、{{ic|/srv/http}} 以下に配置しなくてはなりません。ここでは例として、{{ic|/srv/http/git/cgi-bin}} ディレクトリを作成します:
 # install -o gitolite -g gitolite -d /srv/http/git/cgi-bin

Create an suEXEC wrapper for the gitolite shell with the contents below. For this example, we create it as {{ic|/srv/http/git/cgi-bin/gitolite-suexec-wrapper}}.
{{hc|/srv/http/git/cgi-bin/gitolite-suexec-wrapper|2=
#!/usr/bin/bash
#
# suEXEC wrapper for gitolite-shell
#

export GIT_PROJECT_ROOT=/var/lib/gitolite/repositories
export GITOLITE_HTTP_HOME=/var/lib/gitolite

exec /usr/lib/gitolite/gitolite-shell
}}

Make the wrapper executable and owned by {{ic|gitolite:gitolite}}.
 # chown gitolite:gitolite /srv/http/git/cgi-bin/gitolite-suexec-wrapper
 # chmod 0755 /srv/http/git/cgi-bin/gitolite-suexec-wrapper

Create an empty password database file, owned by {{ic|gitolite:http}}
 # install -o gitolite -g http -m 0640 /dev/null /srv/http/git/htpasswd

Apache's basic authentication mechanism is separate from ssh, and therefore requires a separate set of credentials. Create your web users using {{ic|htpasswd}}.
 # htpasswd /srv/http/git/htpasswd ''username''

Add the following to your Apache vhost configuration:
{{bc|
SuexecUserGroup gitolite gitolite
ScriptAlias /git/ /srv/http/git/cgi-bin/gitolite-suexec-wrapper/

<Directory /srv/http/git/cgi-bin>
    Require all granted
</Directory>

<Location /git>
    AuthType Basic
    AuthName "Git Access"
    AuthBasicProvider file
    AuthUserFile /srv/http/git/htpasswd
    Require valid-user
</Location>
}}

Restart {{ic|httpd.service}}.

Finally, in the gitolite-admin repository you cloned in the previous section, edit {{ic|conf/gitolite.conf}}, add an {{ic|1=R = daemon}} access rule to all repositories you want to make available via http, and push the changes.

== ユーザーの追加 ==

=== ssh ユーザー ===
Ask each user who will get access to send you a public key. On their workstation generate the pair of ssh keys:
 $ ssh-keygen
Rename each public key according to the user's name, with a .pub extension, like sitaram.pub or john-smith.pub. You can also use periods and underscores. Have the users send you the keys.

Copy all these *.pub files to keydir in your gitolite-admin repo clone. You can also organise them into various subdirectories of keydir if you wish, since the entire tree is searched.

Edit the config file (conf/gitolite.conf in your admin repo clone). See the gitolite.conf documentation (http://sitaramc.github.com/gitolite/admin.html#conf) for details on what goes in that file, syntax, etc. Just add new repos as needed, and add new users and give them permissions as required. The users names should be exactly the same as their keyfile names, but without the .pub extension
 $ nano conf/gitolite.conf

Commit and push the changes them:
 $ git commit -a
 $ git push

=== http(s) ユーザー ===

User management for http(s) is more suitable for single-user setups. To add a new user or to change an existing user's password:
 # htpasswd /srv/http/git/htpasswd ''username''

== Gitosis ライクな ssh ユーザー名 ==
If you want to distinguish users with the same login (like {{ic|username@server1}}, {{ic|username@server2}}) you may want to do the following (tested with {{Pkg|gitolite}} 3.04-1):

* edit {{ic|/usr/lib/gitolite/triggers/post-compile/ssh-authkeys}} and replace
 $user =~ s/(\@[^.]+)?\.pub$//;    # baz.pub, baz@home.pub -> baz
by
 $user =~ s/\.pub$//;              # baz@home.pub -> baz@home
* update authorized_keys file (for example, by pushing into the ''gitolite-admin'' repository)

== 参照 ==
http://sitaramc.github.com/gitolite/index.html