114 lines
3.5 KiB
Plaintext
114 lines
3.5 KiB
Plaintext
# Plugin SyncGit by Céondo Ltd
|
|
|
|
The SyncGit plugin allow the direct creation and synchronisation of
|
|
git repositories with the InDefero database. This requires giving
|
|
access to the repositories using a dedicated SSH account, usually the
|
|
`git` account.
|
|
|
|
## Prerequisites
|
|
|
|
A good understanding of:
|
|
|
|
* the security issues related to using a SSH account on a server;
|
|
* the principle of public/private SSH keys;
|
|
* the rights/ownership of files on a Linux/BSD/nix system;
|
|
|
|
Yes, what you are going to do has security implications.
|
|
|
|
## Git user configuration
|
|
|
|
On your system, you will need to create a new `git` account. This
|
|
account will only be used to access the git repositories and at the
|
|
moment cannot be shared for other use.
|
|
|
|
First create a new git account:
|
|
|
|
$ sudo adduser \
|
|
--system \
|
|
--shell /bin/sh \
|
|
--gecos 'git version control' \
|
|
--group \
|
|
--disabled-password \
|
|
--home /home/git \
|
|
git
|
|
|
|
Then, we need to create the base SSH files with the right permissions:
|
|
|
|
$ sudo su git
|
|
$ mkdir /home/git/.ssh
|
|
$ touch /home/git/.ssh/authorized_keys
|
|
$ chmod 0700 /home/git/.ssh
|
|
$ chmod 0600 /home/git/.ssh/authorized_keys
|
|
$ exit
|
|
|
|
We add the `www-data` user to the `git` group so it can access the
|
|
repositories to read the content:
|
|
|
|
$ sudo usermod -a -G git www-data
|
|
|
|
Do not forget to restart Apache or your fastcgi process to take the
|
|
group addition into account.
|
|
|
|
## Creation of the repositories base
|
|
|
|
For each project using git in InDefero a corresponding bare repository
|
|
will be created in `/home/git/repositories`. For example, if the
|
|
shortname of your project is `wonder`, it will be created in
|
|
`/home/git/repositories/wonder.git`
|
|
|
|
$ sudo -H -u git mkdir /home/git/repositories
|
|
|
|
## InDefero Configuration
|
|
|
|
First, you need to have python installed on your system to be able to
|
|
run the very small python script `gitserve.py` in the `scripts`
|
|
folder. Here is a configuration example:
|
|
|
|
|
|
$cfg['git_repositories'] = '/home/git/repositories/%s.git';
|
|
$cfg['git_remote_url'] = 'git://yourdomain.com/%s.git';
|
|
$cfg['idf_plugin_syncgit_path_gitserve'] = '/home/www/indefero/scripts/gitserve.py'; # yes .py
|
|
$cfg['idf_plugin_syncgit_path_authorized_keys'] = '/home/git/.ssh/authorized_keys';
|
|
$cfg['idf_plugin_syncgit_sync_file'] = '/tmp/SYNC-GIT';
|
|
# Remove the git repositories which do not have a corresponding project
|
|
# This is run at cron time
|
|
$cfg['idf_plugin_syncgit_remove_orphans'] = false;
|
|
# git account home dir
|
|
$cfg['idf_plugin_syncgit_git_home_dir'] = '/home/git';
|
|
# where are going to be the git repositories
|
|
$cfg['idf_plugin_syncgit_base_repositories'] = '/home/git/repositories';
|
|
|
|
When someone will change his SSH key or add a new one, the
|
|
`/tmp/SYNC-GIT` file will be created. The cron job
|
|
`/home/www/indefero/scripts/gitcron.php` will see the file and update
|
|
the content of the `authorized_keys` file.
|
|
|
|
## Cron Job Configuration
|
|
|
|
You need to run a cron job every now and then to synchronize the SSH
|
|
keys. The command to run in the cron job is:
|
|
|
|
php /home/www/indefero/scripts/gitcron.php
|
|
|
|
The user of the cron job must be `git`.
|
|
|
|
## Git daemon configuration
|
|
|
|
Put in `/etc/event.d/local-git-daemon` the following:
|
|
|
|
start on startup
|
|
stop on shutdown
|
|
|
|
exec /usr/bin/git-daemon \
|
|
--user=git --group=git \
|
|
--verbose \
|
|
--reuseaddr \
|
|
--base-path=/home/git/repositories/ \
|
|
/home/git/repositories/
|
|
respawn
|
|
|
|
Then run:
|
|
|
|
$ sudo start local-git-daemon
|
|
|