Front Page

Introduction

This page will help installing the git plugin to an existing v4.5.2x GForge server. It also gives guidance on how to setup the git repositories and the Apache web server on a remote machine.

Setup Overview

GForge and the git repositories are running on separate machines. Both servers run Apache2. On the repo server we have mod_auth_pgsql and mod_dav installed and enabled. The mod_auth_pgsql module takes care of authentication. We ensure that only project members are able to push to the repository, but anyone can fetch, or clone the repo, unless the project choose to hide itself ("private projects").

The instructions here refer to Debian servers, but they are easy to follow on other Linux distributions as well.

Plugin Installation

At the time of writing this how-to the plugin is still under development.

TODO: complete this section as soon as the plugin is published.

Creating and Preparing git Repositories Automatically

I made a very simple shell script that creates a initializes a bare git repository on the server and makes a very first push to it, so that it can be cloned right away.

The script will be able to create a special web config if the project is a private one.

Our setup at garage will be such that this script will be called from the GForge server thru ssh. With the necessary sudo rights a special user will execute the script's commands on the git server.

This way it will be easy to implement the GForge plugin, which will only call the script with certain parameters, like project's name and "public" or "private".

The script will be added to the SCM section soonish (tm).

Apache2 Web Server Configuration

Repository update only by project members (git push access control)

With this configuration it is ensured that only project members can update (git push) the repository. Add this configuration to a new file, like: /etc/apache2/conf.d/git.conf and restart apache2.

 DavLockDB /var/lock/apache2/DavLock

 <LocationMatch "/projects/*">
  <LimitExcept GET>
	DAV on

	AuthType Basic
	AuthName "Git Repository"

	AuthUserFile /dev/null
	AuthBasicAuthoritative Off

	Auth_PG_host		  <gforge hostname>
	Auth_PG_database	  gforge
	Auth_PG_port		  5432
	Auth_PG_encrypted	  on
	Auth_PG_hash_type	  md5
	Auth_PG_cache_passwords off
	Auth_PG_authoritative	on
	Auth_PG_user		  gforge
	Auth_PG_pwd		  <postgresql password of gforge user>
	Auth_PG_pwd_table	  " users, user_group, groups"
	Auth_PG_uid_field	  " users.user_name"
	Auth_PG_pwd_field	  " users.user_pw"
	Auth_PG_pwd_whereclause " and users.user_id=user_group.user_id and user_group.group_id=groups.group_id group by users.user_pw"

	Require valid-user
	Order allow,deny
	Allow from all
  </LimitExcept>
 </LocationMatch>

Seal off private projects

It is very simple: add a new configuration file to /etc/apache2/conf.d, like: bigsecret.conf containing the following:

 <LocationMatch "/projects/bigsecret">
	DAV on

	AuthType Basic
	AuthName "Git Repository - Private Project"

	AuthUserFile /dev/null
	AuthBasicAuthoritative Off
	Auth_PG_host		gforge.maemo.dmz
	Auth_PG_database	gforge
	Auth_PG_port		5432
	Auth_PG_user		gforge
	Auth_PG_pwd		<postgresql password of gforge user>
	Auth_PG_pwd_table	" users, user_group, groups"
	Auth_PG_uid_field	" users.user_name"
	Auth_PG_pwd_field	" users.user_pw"
	Auth_PG_pwd_whereclause " and users.user_id=user_group.user_id and user_group.group_id=groups.group_id group by users.user_pw"
	Auth_PG_encrypted	on
	Auth_PG_hash_type	md5
	Auth_PG_cache_passwords off
	Auth_PG_authoritative	on

	Require valid-user
	Order allow,deny
	Allow from all
 </LocationMatch>

Client Side Testing

Prerequisites

These tests were carried out on a Debian unstable machine. I figured that the following prerequisites are needed:

1. There is something fishy with git.maemo.org's SSL certificate, or the way how curl (the HTTP 'agent' of git) handles it. So, I did this:

 export GIT_SSL_NO_VERIFY=1

2. If I want to push changes to the repo or fetch (clone) my private projects, then it is good to have some credentials specfied in ~/.netrc. I added these:

  machine git.maemo.org
  login <my garage user name>
  password <mt garage password>

I m p o r t a n t : make sure ~/.netrc is only available to you!

3. Naturally you also need git on the client side, so please grab and install it first. Right after that you can test your brand new git repository. The test cases below should cover more or less or interactions between your working

4. If you are behind a web proxy, then make sure it supports webdav. You will not be able to use your new repository without webdav support on the proxy. (Tip from Riku Voipio, thanks!)

Basic Test Cases

1. Cloning (get a local mirror of the git repository)

 Action :

 * git clone https://git.maemo.org/projects/myproject

 Result :

 *if "myproject" is public, then you should get a full mirror of the repository inside the myproject directory.
There will be an empty "welcome" file in the root of your project. Why? See the "Creating and Preparing git Repositories Automatically" section above.

2. Initial Push (share my changes with the rest of the world)

 Action:

  inside your newly cloned repository:

  * touch test
  * git add test
  * git commit -m "testing my new repo"
  * git push

 Result:

 * the new file is committed to the garage repository, where from others can pull it.

3. Initial Push from an existing local repository

  Action:

  Riku Voipio suggested for initial push if you already have a git repo in use locally:

  * git remote add garage https://git.maemo.org/projects/myproject
  * git pull garage
  * git merge garage/master (adds the existing welcome file to your project)
  * git push garage master

  Result :

  * your changes are synced with the brand new garage repo and you can continue pushing either to local or to the remote repositories.

4. Pull changes from the repository

  Action:

   * clone again the repository at a different location on your local machine
   * push some new files as described in the 2nd test case
   * go to your first cloned repository and do "git pull"

  Result:

  * the new file which was pushed from the other location is now pulled and placed to this local repository

Todos

  * add references and links

--ferenc