Introduction
This page will help installing the git plugin to an existing v4.5.2x GForge server. It also gives guidance on how to setup the git repositories and the Apache web server on a remote machine.
Setup Overview
GForge and the git repositories are running on separate machines. Both servers run Apache2. On the repo server we have mod_auth_pgsql and mod_dav installed and enabled.
The mod_auth_pgsql module takes care of authentication. We ensure that only project members are able to push to the repository, but anyone can fetch, or clone the repo, unless the project choose to hide itself ("private projects").
The instructions here refer to Debian servers, but they are easy to follow on other Linux distributions as well.
Plugin Installation
At the time of writing this how-to the plugin is still under development.
TODO: complete this section as soon as the plugin is published.
Creating and Preparing git Repositories Automatically
I made a very simple shell script that creates a initializes a bare git repository on the server and makes a very first push to it, so that it can be cloned right away.
The script will be able to create a special web config if the project is a private one.
Our setup at garage will be such that this script will be called from the GForge server thru ssh. With the necessary sudo rights a special user will execute the script's commands on the git server.
This way it will be easy to implement the GForge plugin, which will only call the script with certain parameters, like project's name and "public" or "private".
The script will be added to the SCM section soonish (tm).
Apache2 Web Server Configuration
Repository update only by project members (git push access control)
With this configuration it is ensured that only project members can update (git push) the repository. Add this configuration to a new file, like: /etc/apache2/conf.d/git.conf and restart apache2.
DavLockDB /var/lock/apache2/DavLock
<LocationMatch "/projects/*">
<LimitExcept GET>
DAV on
AuthType Basic
AuthName "Git Repository"
AuthUserFile /dev/null
AuthBasicAuthoritative Off
Auth_PG_host <gforge hostname>
Auth_PG_database gforge
Auth_PG_port 5432
Auth_PG_encrypted on
Auth_PG_hash_type md5
Auth_PG_cache_passwords off
Auth_PG_authoritative on
Auth_PG_user gforge
Auth_PG_pwd <postgresql password of gforge user>
Auth_PG_pwd_table " users, user_group, groups"
Auth_PG_uid_field " users.user_name"
Auth_PG_pwd_field " users.user_pw"
Auth_PG_pwd_whereclause " and users.user_id=user_group.user_id and user_group.group_id=groups.group_id group by users.user_pw"
Require valid-user
Order allow,deny
Allow from all
</LimitExcept>
</LocationMatch>
Seal off private projects
It is very simple: add a new configuration file to /etc/apache2/conf.d, like: bigsecret.conf containing the following:
<LocationMatch "/projects/bigsecret">
DAV on
AuthType Basic
AuthName "Git Repository - Private Project"
AuthUserFile /dev/null
AuthBasicAuthoritative Off
Auth_PG_host gforge.maemo.dmz
Auth_PG_database gforge
Auth_PG_port 5432
Auth_PG_user gforge
Auth_PG_pwd <postgresql password of gforge user>
Auth_PG_pwd_table " users, user_group, groups"
Auth_PG_uid_field " users.user_name"
Auth_PG_pwd_field " users.user_pw"
Auth_PG_pwd_whereclause " and users.user_id=user_group.user_id and user_group.group_id=groups.group_id group by users.user_pw"
Auth_PG_encrypted on
Auth_PG_hash_type md5
Auth_PG_cache_passwords off
Auth_PG_authoritative on
Require valid-user
Order allow,deny
Allow from all
</LocationMatch>
Client Side Testing
Prerequisites
These tests were carried out on a Debian unstable machine. I figured that the following prerequisites are needed:
1. There is something fishy with git.maemo.org's SSL certificate, or the way how curl (the HTTP 'agent' of git) handles it. So, I did this:
export GIT_SSL_NO_VERIFY=1
2. If I want to push changes to the repo or fetch (clone) my private projects, then it is good to have some credentials specfied in ~/.netrc. I added these:
machine git.maemo.org
login <my garage user name>
password <mt garage password>
I m p o r t a n t : make sure ~/.netrc is only available to you!
3. Naturally you also need git on the client side, so please grab and install it first. Right after that you can test your brand new git repository. The test cases below should cover more or less or interactions between your working
4. If you are behind a web proxy, then make sure it supports webdav. You will not be able to use your new repository without webdav support on the proxy. (Tip from Riku Voipio, thanks!)
Basic Test Cases
1. Cloning (get a local mirror of the git repository)
Action :
* git clone https://git.maemo.org/projects/myproject
Result :
*if "myproject" is public, then you should get a full mirror of the repository inside the myproject directory. There will be an empty "welcome" file in the root of your project. Why? See the "Creating and Preparing git Repositories Automatically" section above.
2. Initial Push (share my changes with the rest of the world)
Action:
inside your newly cloned repository:
* touch test
* git add test
* git commit -m "testing my new repo"
* git push
Result:
* the new file is committed to the garage repository, where from others can pull it.
3. Initial Push from an existing local repository
Action:
Riku Voipio suggested for initial push if you already have a git repo in use locally:
* git remote add garage https://git.maemo.org/projects/myproject
* git pull garage
* git merge garage/master (adds the existing welcome file to your project)
* git push garage master
Result :
* your changes are synced with the brand new garage repo and you can continue pushing either to local or to the remote repositories.
4. Pull changes from the repository
Action:
* clone again the repository at a different location on your local machine
* push some new files as described in the 2nd test case
* go to your first cloned repository and do "git pull"
Result:
* the new file which was pushed from the other location is now pulled and placed to this local repository
Todos
* add references and links
--ferenc
(last edited February 24, 2009) - Read Only
[info]
[diff])
FindPage by browsing or searching
5 best incoming links:
TextFormattingRules (8), RecentChanges (2), TestPage (1)
5 best outgoing links:
5 most popular nearby:
TestPage (269), RecentChanges (248), TextFormattingRules (206)
|