suse 11下结合gitolite 配置git web

参考http://gitolite.com/gitolite/g2/ggshb.html

Suse linux enterprise server 11.

git

gitolite

apache

how to set upgitolite+gitweb+ssh+http-backend

NAME

gitolite-gitweb-http-backend

DESCRIPTION

You've been tasked with rolling outgitolite and git-web in your corporate environment and your requirements are asfollows:

1.     git access must be via both ssh andhttp[s]

2.     browsable via git-web

3.     your web server must run as a userdifferent from that of the git user

4.     The repository has its own virtual host

Note that these instructions are gearedtoward OpenSuSE 11.4. Feel free to modify the examples below to yourenvironment.

EXAMPLE ENVIRONMENT

The following assumptions are made for thepurposes of example:

·        The server name will be git.example.com

·        Repositories are located in /home/git and are owned by the git user

·        Apache 2.2.* running as wwwrun:www will be used as the web server

·        gitolite has been installed via package management (yum,zypper, apt-get, etc)

·        gitweb browsing is via http://git.example.com/

·        The repositories can be cloned from the following URLs:

o    git@git.example.com:<repo-name>

o    http://git.example.com/<repo-name>.git

·        HTTP authentication is handled via a local htpasswd file

htpasswd2 –c /home/git/passfile git密码也为git

 

·        http://git.example.com will be a virtual host

·        Two git repositories will be created:

o    engineering

o    operations

GITOLITE SETUP

Install gitolite via your packagemanagement tools. Under OpenSuSE, this will install repositories in /home/git. Follow the instructions found here for initial set up.

gitolite.rc

You will need to tell gitolite.rc aboutsome additional keys that will be needed for each repository. Make sure thefollowing config option is set in /home/git/.gitolite.rc:

$GL_GITCONFIG_KEYS ="gitweb.url receive.denyNonFastforwards receive.denyDeletes";

These options tell gitolite to allow theuser to set these values in gitolite.conf, which in turn will be propagated to eachrepositories git config.

gitolite.conf

For the purposes of example, we assumethat we have two groups accessing each repository: engineering and operations.So, our gitolite.conf file will look something like this:

## Group Definitions# @engineering  = daniel erik alex jose mark@operations   = james chris long bora dmitriy@gladmin      = james chris ## RepositoryDefinitions# # Note that we giveaccess to the daemon user, thus enabling#git-daemon-export-ok (see#https://github.com/sitaramc/gitolite/blob/pu/doc/2-admin.mkd#gwd) repo    gitolite-admin        RW     =   @sysops daemon        R      =   @all repo    engineering        RW     = @engineering @gladmin daemon        R      = @all        config gitweb.url                  =git@git.example.com:engineering        config receive.denyNonFastforwards = true        config receive.denyDeletes         = true repo    operations        RW     = @operations @engineering @gladmin daemon        R      = @all        config gitweb.url                  =git@git.example.com:operations        config receive.denyNonFastforwards = true        config receive.denyDeletes         = true repo    @all        R      =   daemon gitweb # additionalconfiguration ...

Save, commit, and push your changes to thegitolite-admin repo as described here.

APACHE SETUP

Under OpenSuSE 11.4, Apache runs as user wwwrun group www (see /etc/apache2/uid.conf). But wait! How can Apache running as wwwrun commit to git repositories, whichare owned by git?

suexec

Enter SuExec. This is an apache modulethat allows apache to run under the auspicious of a different user. For this towork, we need to do some setup ahead of time. First, we need to make sure the suexec program has the right permissions:

# OpenSuSE 11.4 putsthe suexec program under /usr/sbin/suexec2

$ chgrp www/usr/sbin/suexec2

$ chmod 4750/usr/sbin/suexec2

 

# Verify permissions

$ ls -al/usr/sbin/suexec2

-rwsr-x--- 1 root www14944 Feb 18 20:53 /usr/sbin/suexec2

Next, we need to create a wrapper scriptfor the suexec program and place that under the correct directory. To find outthe where to place the wrapper script, do the following:

$ /usr/sbin/suexec2-V

 -D AP_DOC_ROOT="/srv/www"

 -D AP_GID_MIN=96

 -D AP_HTTPD_USER="wwwrun"

 -DAP_LOG_EXEC="/var/log/apache2/suexec.log"

 -DAP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin"

 -D AP_UID_MIN=96

 -D AP_USERDIR_SUFFIX="public_html"

The variable we are interested in is AP_DOC_ROOT which is /srv/www. So, we place the wrapper script in/srv/www/bin/gitolite-suexec-wrapper.sh (需要mkdir /srv/www/bin/ )with the following contents: 

#!/bin/bash ## Wrapper forgl-auth-command# USER=$1 exportGIT_PROJECT_ROOT="/home/git/repositories"exportGITOLITE_HTTP_HOME="/home/git" # OpenSuSE gitoliteRPM places gl-auth-command in /usr/binexec/usr/bin/gl-auth-command $USER # End

For security purposes, this file MUSTexist under /srv/www!

Finally, make sure Apache loads the suexecmodule. Under OpenSuSE, this would mean adding "suexec" toAPACHE_MODULES in /etc/sysconfig/apache2.

Gitweb

As gitweb will now be run under the git user, all files must be under /srv/www as well.

# Under OpenSuSe,git-web installs in /usr/share/gitweb

$ cp -r/usr/share/git-web /srv/www

$ chown -R git:git/srv/www/git-web

 

Do not forget to point $projectroot in /srv/www/git-web/gitweb.cgi  to /home/git/repositories!

our $export_ok = "";　　　　　　　　　　　　　　 
　　这个保持空就可以，如果资源库中有不希望别人通过gitweb就可以看到的项目，那么可以写上GITWEB_EXPORT_OK。之后在资源库中想要显示的文件夹中的.git下使用touch GITWEB_EXPORT_OK，它就会显示在gitweb中了。

 

Virtual Host

如果要用域名，需要先将域名加到DNS中。

/etc/apache2/listen.conf 需要添加如下两行：

Listen 1234

NameVirtualHost *:1234

我们这里用的是1234的端口

 

Configure your virtual host as follows(/etc/apache2/vhosts.d，新建个gitserver.conf，名字随便起。)

<VirtualHostgit.example.com:1234>     ServerName git.example.com    ServerAlias git     # By default, use gitweb    DocumentRoot /srv/www/git-web     # Suexec setup    SuexecUserGroup git git     # Set up appropriate GIT environments    SetEnv GIT_PROJECT_ROOT /home/git/repositories    SetEnv GIT_HTTP_EXPORT_ALL     # Set up appropriate gitolite environment    SetEnv GITOLITE_HTTP_HOME /home/git     # To serve gitweb at the same url, use aScriptAliasMatch to    # only those URLs that git http-backend canhandle, and    # forward the rest to gitweb:    ScriptAliasMatch \            "(?x)^/(.*/(HEAD | \                            info/refs | \                            objects/(info/[^/]+| \                                    [0-9a-f]{2}/[0-9a-f]{38} | \                                    pack/pack-[0-9a-f]{40}\.(pack|idx)) | \                            git-(upload|receive)-pack))$"\           /srv/www/bin/gitolite-suexec-wrapper.sh/$1     # Make sure we can execute gitweb okay    <Directory "/srv/www/git-web">            Options ExecCGI            AllowOverride None            AddHandler cgi-script .cgi            DirectoryIndex gitweb.cgi            Order allow,deny            Allow from all    </Directory>     # We need gl-auth-command executable    <Directory "/srv/www/bin">            <Files "gitolite-suexec-wrapper.sh">                    Order allow,deny                    Allow from all            </Files>    </Directory>     # Set up authentication to taste    <Location />               AuthType Basic               AuthName "Private Git Access"               Require valid-user               AuthUserFile /home/git/passfile    </Location> </VirtualHost>

VALIDATION

Once apache has been restarted (/etc/init.d/apache2restart), verify your configuration:

• Repository browsable via gitweb
• Check out repository via ssh
• Check out repository via http
• Commit over ssh git@git.example.com

http://git.example.com:1234/  然后会要你输入帐号密码，输入git ,git。