rduplain/.bootstrap.md

## .bootstrap.md

      
    Raw
  

              .bootstrap.md
            
          
    Git Hosting


GitHub.com provides great public repository hosting.
vanilla git over ssh works for simple project structures.
gitosis works well where you'd like to use ssh pubkeys without shell access.
gitolite works well where you'd like gitosis to have finer access control.

How I setup our gitolite server

See install option #2: "root method" at
http://github.com/sitaramc/gitolite/blob/pu/doc/1-INSTALL.mkd
As root:
cd /usr/local/src
git clone git://github.com/sitaramc/gitolite gitolite
cd gitolite
mkdir -p /usr/local/share/gitolite/conf /usr/local/share/gitolite/hooks
./install-update.sh # put into a script, so it can be run later to update

See install-update.sh, which simple does a git pull (for updating later) then:
./src/gl-system-install /usr/local/bin /usr/local/share/gitolite/conf /usr/local/share/gitolite/hooks

Copy your admin pubkey, and note that the name matters (so choose "you" wisely):
cp path/to/you.pub /tmp/you.pub

Create the git user, as root (change /home/git for your site):
adduser --system --shell /bin/sh --home /home/git --gecos 'Git Version Control System' --disabled-password --group git

Switch to git user:
su - git
gl-setup /tmp/you.pub

This will fire up git's $EDITOR.  Note $REPO_BASE, $REPO_UMASK, and $PERSONAL.  All others have good defaults imo.  See .gitolite.rc.
From your client machine, as you:
git clone git@server:gitolite-admin

Then see http://github.com/sitaramc/gitolite/blob/pu/doc/2-admin.mkd

  
## gitolite.conf
# Most repositories have same workflow. Simply add new repositories to list.
# If a repository requires nothing else, you are done after adding here:
@repositories = project1 project2 project3

# Note: repositories requiring more privacy should stay off @repositories.

# Now for users. Add user.pub to keydir & matching 'user' name here.
# Three groups of users in this configuration file:
# * admins: have access to everything
# * production: have write access to 'master' branch, 'v[0-9]...' version tags.
# * staff: everyone else, though currently @staff isn't listed anywhere.
#
# All members of @admins are also members of @production.
# All members of @production are also members of @staff.
@admins = rduplain jilladmin
@production = @admins jackieproduction steveproduction
@staff = @production joedeveloper git

# The general policy of repositories.
# The idea: everyone with a pubkey can read everything & write most areas.
# Restrictions:
# * branch 'master' can only be written by production group
# * branch 'master' cannot be rewinded by anyone
# * version tags, e.g. v1.2, can only be pushed by production group only
# * version tags, e.g. v1.2, can be deleted by production group only
# The purpose of these restrictions is to enable continuous deployment, where
# hooks can act on master and version tags. Adjust version refex to deployment.
# Everything outside these restrictions is allowed.
repo @repositories
    RW  master = @production
    RW+ refs/tags/v[0-9] = @production
    -   refs/tags/v[0-9] = @all
    R   master = @all
    -   master = @all
    RW+ = @all

# Special case: gitolite-admin - for configuration of gitolite server.
repo gitolite-admin
    RW+ = @admins

# Special case: testing - free-for-all repository for any use.
repo testing
    RW+ = @all

## gitolite.rc.diff
diff --git a/.gitolite.rc b/.gitolite.rc
index 9f3535e..df68757 100644
--- a/.gitolite.rc
+++ b/.gitolite.rc
@@ -28,15 +28,17 @@ $GL_PACKAGE_HOOKS = '/usr/local/share/gitolite/hooks';
 # like "/bigdisk" or whatever if your $HOME is too small for the repos, for
 # example

-$REPO_BASE="repositories";
+# With user git having home directory /home/git, this will place all
+# repositories directly into /home/git
+$REPO_BASE=".";

 # the default umask for repositories is 0077; change this if you run stuff
 # like gitweb and find it can't read the repos.  Please note the syntax;  the
 # leading 0 is required

-$REPO_UMASK = 0077;         # gets you 'rwx------'
-# $REPO_UMASK = 0027;       # gets you 'rwxr-x---'
-# $REPO_UMASK = 0022;       # gets you 'rwxr-xr-x'
+# $REPO_UMASK = 0077;     # gets you 'rwx------'
+$REPO_UMASK = 0027;       # gets you 'rwxr-x---'
+# $REPO_UMASK = 0022;     # gets you 'rwxr-xr-x'

## install-update.sh
#!/bin/sh
# /usr/local/src/gitolite/install-update

unset PS4
set -x

git pull
./src/gl-system-install \
    /usr/local/bin \
    /usr/local/share/gitolite/conf \
    /usr/local/share/gitolite/hooks
	# Most repositories have same workflow. Simply add new repositories to list.
	# If a repository requires nothing else, you are done after adding here:
	@repositories = project1 project2 project3

	# Note: repositories requiring more privacy should stay off @repositories.

	# Now for users. Add user.pub to keydir & matching 'user' name here.
	# Three groups of users in this configuration file:
	# * admins: have access to everything
	# * production: have write access to 'master' branch, 'v[0-9]...' version tags.
	# * staff: everyone else, though currently @staff isn't listed anywhere.
	#
	# All members of @admins are also members of @production.
	# All members of @production are also members of @staff.
	@admins = rduplain jilladmin
	@production = @admins jackieproduction steveproduction
	@staff = @production joedeveloper git

	# The general policy of repositories.
	# The idea: everyone with a pubkey can read everything & write most areas.
	# Restrictions:
	# * branch 'master' can only be written by production group
	# * branch 'master' cannot be rewinded by anyone
	# * version tags, e.g. v1.2, can only be pushed by production group only
	# * version tags, e.g. v1.2, can be deleted by production group only
	# The purpose of these restrictions is to enable continuous deployment, where
	# hooks can act on master and version tags. Adjust version refex to deployment.
	# Everything outside these restrictions is allowed.
	repo @repositories
	RW master = @production
	RW+ refs/tags/v[0-9] = @production
	- refs/tags/v[0-9] = @all
	R master = @all
	- master = @all
	RW+ = @all

	# Special case: gitolite-admin - for configuration of gitolite server.
	repo gitolite-admin
	RW+ = @admins

	# Special case: testing - free-for-all repository for any use.
	repo testing
	RW+ = @all
	diff --git a/.gitolite.rc b/.gitolite.rc
	index 9f3535e..df68757 100644
	--- a/.gitolite.rc
	+++ b/.gitolite.rc
	@@ -28,15 +28,17 @@ $GL_PACKAGE_HOOKS = '/usr/local/share/gitolite/hooks';
	# like "/bigdisk" or whatever if your $HOME is too small for the repos, for
	# example

	-$REPO_BASE="repositories";
	+# With user git having home directory /home/git, this will place all
	+# repositories directly into /home/git
	+$REPO_BASE=".";

	# the default umask for repositories is 0077; change this if you run stuff
	# like gitweb and find it can't read the repos. Please note the syntax; the
	# leading 0 is required

	-$REPO_UMASK = 0077; # gets you 'rwx------'
	-# $REPO_UMASK = 0027; # gets you 'rwxr-x---'
	-# $REPO_UMASK = 0022; # gets you 'rwxr-xr-x'
	+# $REPO_UMASK = 0077; # gets you 'rwx------'
	+$REPO_UMASK = 0027; # gets you 'rwxr-x---'
	+# $REPO_UMASK = 0022; # gets you 'rwxr-xr-x'
	#!/bin/sh
	# /usr/local/src/gitolite/install-update

	unset PS4
	set -x

	git pull
	./src/gl-system-install \
	/usr/local/bin \
	/usr/local/share/gitolite/conf \
	/usr/local/share/gitolite/hooks