[Dev] Replacing gitosis with git-shell

Luke T.Shumaker lukeshu at sbcglobal.net
Fri Apr 13 18:52:04 GMT 2012 

At Fri, 13 Apr 2012 10:31:46 -0300,
Nicolás Reynolds wrote:
> 
> On Fri, 13 Apr 2012 00:41:23 -0400, Luke T.Shumaker <lukeshu at sbcglobal.net> wrote:
> > Of course, the decision is that of the doer, but other solutions I
> > would consider:
> >  * git-http-server: a CGI script allowing push over HTTP. Permissions
> >    are handled by the web server.
> >    Also: There are clones that may work better with certain setups,
> >    for example, jgit-http-server for Java, or Grack for Ruby. I'm not
> >    aware of any that are Python (we're running Python for parabolaweb
> >    anyway).
> >  * Girocco (the repo.or.cz software): a set of (mostly perl) CGI
> >    scripts.
> >  * Gitorious: Ruby on Rails, RESTfully designed, meaning it has an API
> >    we can use to integrate it with other software and script things.
> 
> do we really need http-push?

No, but it offers an alternative to SSH for
authentication. Comparatively, HTTP authentication is easy to
integrate with another source of user management.

In fact, it looks like for ChiliProject/Redmine already has the
capability to do this with git-http-server/Grack. So the ChiliProject
install on labs.parabola.nu could be used to manage git commit access.

https://www.chiliproject.org/projects/chiliproject/wiki/HowTo_configure_ChiliProject_for_advanced_git_integration

> > I mention scripting and integration because it will allow us to
> > automate submodule repository creation, which you are iterested in.
> 
> yeah, repo creation is something to fix... but can't it be done with a
> script? gitorious would be interesting if it's relatively straight
> forward to install...

I don't know how easy it is to install Gitorious, but yeah a script
would be pretty easy to do.

> > It also allows the possibility of integrating with parabolaweb, but I
> > wouldn't hope for that.
> 
> labs.parabola.nu already integrates one repo to one project and shows
> it's commit (not very gui-friendly but you have feeds)

See my above comment about using labs.parabola.nu to manage commit
access.

> > You can work around this by not giving the address in URL form, but in
> > SCP form: "git2 at gparabola:abslibre.git"
> 
> so with the ssh_config aliases it would be gparabola:abslibre.git :D

Yeah. I'd thought that git needed the '@' to identify the form, but I
was mistaken.

> > > On hackers.git I added a post-update hook that forces a checkout on
> > > .ssh, so anytime someone pushes a key to the server it gets immediately
> > > approved by sshd.
> > 
> > Or a cron job if you want to get it working quickly.
> 
> the hook is already tested and synchronic to the git-push, a cron would
> introduce waiting time.

Oh, I misread, I thought you still had to write the hook. Very well
then.

> another problem would be how to do this also on repos (different
> servers). you can add more than one pushing "url" to git so one push
> sends to more, but this requires manual configuration.
> 
> also some security audit wouldn't be bad on ssh accesible users
> 
> -- 
> libertad!

~ Luke Shumaker

More information about the Dev mailing list