GIT Server Configuration:

GIT can be configured for use as a local user change management (CM) or system CM repository or for multiple users using a server configuration with SSH or "Smart HTTP" remote access. This tutorial will cover SSH and HTTP GIT server configurations.

A "bare" repository will be generated for remote access. A "bare" repository implies that there is only a GIT repository with no user working files as this is not to be used for code development and only as a repository.

SSH vs HTTP: Accessing a Git repository by ssh requires that all users have a shell account on the server and have read and write privileges over the repository. Http/https access can allow read only access as well as read/write to a more privileged group of users using Apache httpd authentication and authorization rules. This flexibility makes a "smart http" the preferred choice for internet based Git server installations.

SSH Prerequisites:

• Red Hat/CentOS/AWS: openssh, openssh-clients, openssh-askpass, openssh-server
• Ubuntu/Debian: ssh, openssh-client, openssh-server

HTTP Prerequisites:

• Apache httpd web server:
  • Red Hat/CentOS/AWS: httpd
  • Ubuntu/Debian: apache2
• Apache modules: mod_cgi, mod_alias, mod_env, mod_rewrite, mod_dav
  Verify with the command httpd -M or
  CentOS/Red Hat: verify the configuration in /etc/httpd/conf/httpd.conf
  Ubuntu: enable the modules with the command: a2enmod cgi alias env
• Perl module: Authen::SASL
• Perl module: GSSAPI
• Perl module: Net::SMTP
• Perl module: Term::ReadKey

GIT (Red Hat 6.x RPM Installation:

• git2u-core - Core package of git with minimal functionality
  commands: /usr/bin/git, git-receive-pack, git-shell, git-upload-archive, git-upload-pack
• git2u-core-doc - Documentation files for git-core
  Man pages (1,5,7)
• git2u - Fast Version Control System
  man pages for: gitweb, gitweb.conf, git-difftool, git-instaweb
• git2u-all - Meta-package to pull in all git tools
• git2u-daemon - Git protocol dæmon
• git2u-email - Git tools for sending email
  git-send-email
• git2u-gitk - Git revision tree visualizer
• git2u-gitweb - Simple web interface to git repositories
  Web front-end: /var/www/git/gitweb.cgi, /etc/gitweb.conf, /etc/httpd/conf.d/git.conf
• git2u-gui - Git GUI tool
  GUI tools: "git gui", git citool (alternative to commit) and man pages

Bare Repository Creation:

• mkdir /srv/git/
• git init --bare --shared=group /srv/git/projectx.git/
• cd /srv/git/projectx.git/
• cp hooks/post-update.sample hooks/post-update
• chgrp -R dev /srv/git/projectx.git/
  chmod ug+rw -R /srv/git/projectx.git/
  Change ownership of all files to the software developers group. All programmers must be part of this group "dev" in order to have access to the repository. Note that this requires all developers to have a login shell account on the system. For more on group access see managing Linux groups
• Set the repository "description": edit file /srv/git/projectx.git/description

• git init:
  • --bare: Create a bare repository. A bare repository has no working files and is a repository only. Developers do not work and edit files in this repository as it has no working area. If GIT_DIR environment is not set or a directory is not specified, it is set to the current working directory.
  • --shared: =(false|true|umask|group|all|world|everybody|0xxx)
    Specify that the Git repository is to be shared among several users. This allows users belonging to the same group to push into that repository. When not specified, Git will use permissions reported by umask

See our sshd server configuration tutorial

Bare Repository Creation:

• mkdir /srv/git/projectx.git
• git init --bare --shared /srv/git/projectx.git/
• cd /srv/git/projectx.git/
• cp hooks/post-update.sample hooks/post-update
• git config http.receivepack true
• git config http.uploadpack true
• git update-server-info
• chown -R apache.apache /srv/git/projectx.git/
• Set the repository "description": edit file /srv/git/projectx.git/description

Configure the Apache httpd server:

SetEnv GIT_PROJECT_ROOT /srv/git

# If you leave out GIT_HTTP_EXPORT_ALL environment variable, then Git will only serve to 
# unauthenticated clients the repositories with the git-daemon-export-ok file in them, just like the Git daemon did.
SetEnv GIT_HTTP_EXPORT_ALL

# Required for git clone
ScriptAlias /git/ /usr/libexec/git-core/git-http-backend/

# Allow execution of CGI
<Directory /usr/libexec/git-core/>
  AllowOverride None
  Options None
  Order allow,deny
  Allow from all
# Apache 2.4: Require all granted
#  DirectoryIndex git-web--browse
</Directory>

#RewriteCond %{QUERY_STRING} service=git-receive-pack [OR] 
RewriteCond %{REQUEST_URI} /git-receive-pack$
RewriteRule ^/git/ - [E=AUTHREQUIRED:yes]

# Repository URL access configuration
<LocationMatch "^/git/.*$">
  Order deny,allow
  Deny from env=AUTHREQUIRED
  AuthType Basic
  AuthName "Megacorp directory services login"
  AuthBasicProvider ldap
  AuthzLDAPAuthoritative on
  AuthLDAPURL "ldap://ldap.megacorp.com:389/ou=person,o=megacorp.com,c=us?uid?sub"
  Include authorized-users.txt
</LocationMatch>

# required even if mod rewrite is active!!!
<LocationMatch "^/git/.*/git-receive-pack$">
  Order deny,allow
  AuthType Basic
  AuthName "Megacorp directory services login"
  AuthBasicProvider ldap
  AuthzLDAPAuthoritative on
  AuthLDAPURL "ldap://ldap.megacorp.com:389/ou=person,o=megacorp.com,c=us?uid?sub"
  Include authorized-users.txt
</LocationMatch>

# Allow authenticated access to the GIT repository on disk
<Location "/srv/git">
# Use authentication for both read/write
  Order deny,allow
  AuthType Basic
  AuthName "Megacorp directory services login"
  AuthBasicProvider ldap
  AuthzLDAPAuthoritative on
  AuthLDAPURL "ldap://ldap.megacorp.com:389/ou=person,o=megacorp.com,c=us?uid?sub"
  Include authorized-users.txt
</Location>

# List of authorized LDAP users
Require ldap-user user1 user2 user3

• The following line causes a "git push" to fail:
  RewriteCond %{QUERY_STRING} service=git-receive-pack [OR]
  Also note that the syntax "[OR]" is valid Apache httpd configuration syntax and does not imply choosing one or the other.

• The following environment variable statement breaks the configuration:
  SetEnv REMOTE_USER=$REDIRECT_REMOTE_USER

• The following ScriptAliasMatch will also break the configuration:

  ScriptAliasMatch \
    "(?x)^/(.*/(HEAD | \
    info/refs | \
    objects/(info/[^/]+ | \
    [0-9a-f]{2}/[0-9a-f]{38} | \
    pack/pack-[0-9a-f]{40}\.(pack|idx)) | \
    git-(upload|receive)-pack))$" \
    "/usr/libexec/git-core/git-http-backend/$1"
      

• Ubuntu: apache2ctl -k graceful
• RedHat: service httpd restart

Now that the git server repository has been created, it is time to add files. Git stores files and will not store empty directories.

• Set user identity:
  • git config --global user.name "John Doe"
  • git config --global user.email john.doe@megacorp.com
  This configures user preferences: ~/.gitconfig

  [user]
          name = John Doe
          email = john.doe@megacorp.com
      

• Generate a local "clone" repository. This checks out the entire repository and all of its history:
  • Smart http:

    [prompt]$ git clone http://git.megacorp.com/git/repo/projectx.git
    Cloning into 'projectx'...
    warning: You appear to have cloned an empty repository.
        

    The first time a check-out is made to a new bare repository, it will be a "clone" on an empty repository with nothing in it.
  • OR ssh:

    [prompt]$ git clone ssh://user@git.megacorp.com:/srv/git/repo/projectx.git
    Cloning into 'projectx'...
    The authenticity of host 'git.megacorp.com (192.168.1.2)' can't be established.
    ECDSA key fingerprint is ce:68:f4:3d:fa:58:b7:49:92:36:63:a7:82:c2:df:a4.
    Are you sure you want to continue connecting (yes/no)? yes
    Warning: Permanently added '192.168.1.2' (ECDSA) to the list of known hosts.
    user@192.168.1.2's password:
    warning: You appear to have cloned an empty repository.
        

• Add files (create or copy) to the local working repository:

  [prompt]$ cd projectx
  [prompt]$ mkdir src
  [prompt]$ touch src/Readme.txt
  [prompt]$ git add --all
  [prompt]$ git commit -m "Add user files"
  [master (root-commit) 1184908] Add user files
   5 files changed, 0 insertions(+), 0 deletions(-)
   create mode 100644 src/Readme.txt
  

• Push changes to the local repository to the Git server:

  [prompt]$ git push origin master
  user@192.168.1.2's password: 
  Counting objects: 4, done.
  Writing objects: 100% (4/4), 252 bytes | 0 bytes/s, done.
  Total 4 (delta 0), reused 0 (delta 0)
  To [protocol ssh or http]://user@192.168.1.2:/path/to/repo/projectx.git
   * [new branch]      master -> master
      

• Query your repository:
  • Smart http:

    [prompt]$ git remote -v
    origin	http://git.megacorp.com/git/repo/projectx.git (fetch)
    origin	http://git.megacorp.com/git/repo/projectx.git (push)
        

  • OR ssh:

    [prompt]$ git remote -v
    origin	ssh://user@git.megacorp.com/git/repo/projectx.git (fetch)
    origin	ssh://user@git.megacorp.com/git/repo/projectx.git (push)
        

Pro Tip for ssh users: Generate an ssh key to automatically authenticate your connection so that you do not have to enter your password each time.
See ssh-keygen man page

[Potential Pitfall]: ssh connection error:

[prompt]$ git clone ssh://user@git.megacorp.com:/srv/git/repo/projectx.git
Cloning into 'projectx'...
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
...
    

[Potential Pitfall]: Vague git error about a valid git repository is actually a proxy error:

[prompt]$ git clone http://git.megacorp.com/git/repo/projectx.git
Cloning into 'projectx'...
fatal: http://git.megacorp.com/git/projectx.git/info/refs not valid: is this a git repository?
    

[prompt]$ env | grep http_proxy
    

[Potential Pitfall]: Http server works for clone but not a push. This is typically an Apache httpd web server configuration problem. Check the server logs /var/log/httpd/error_log

[prompt]$ git push origin master
fatal: http://git.megacorp.com/git/projectx.git/info/refs not valid: is this a git repository?
    

[Potential Pitfall]: When you "push" you may get the warning:

*** Project description file hasn't been set
    

There will probably be files that you have no interest storing in the CM repository such as build artifacts. Git can be configured to ignore these files by generating the file .gitignore in the top directory of your repository. eg: src/projectx.git/.gitignore

core.*
*.o
*.a
*.so
*.dll
*.lib
a.out

*.jar
*.class
/**/dist/
/**/build/

private.*
/**/nbproject/private/

Git commands are separated into two categories:

1. high level ("porcelain") commands
2. low level ("plumbing") commands

High Level "porcelain" Commands:

• Main commands:
  • git
  • git add - Add file contents to the index
  • git am - Apply a series of patches from a mailbox
  • git archive - Create an archive of files from a named tree
  • git bisect Use binary search to find the commit that introduced a bug
  • git branch - List, create, or delete branches
  • git bundle - Move objects and refs by archive
  • git checkout - Switch branches or restore working tree files
  • git cherry-pick - Apply the changes introduced by some existing commits
  • git citool - Graphical alternative to git-commit
  • git clean - Remove un-tracked files from the working tree
  • git clone Clone a repository into a new directory
  • git commit - Record changes to the repository
  • git describe - Describe a commit using the most recent tag reachable from it
  • git diff - Show changes between commits, commit and working tree, etc
  • git fetch - Download objects and refs from another repository
  • git format-patch - Prepare patches for e-mail submission
  • git gc - Cleanup unnecessary files and optimize the local repository
  • git grep - Print lines matching a pattern
  • git gui - A portable graphical interface to Git
  • git init - Create an empty Git repository or reinitialize an existing one
  • git log - Show commit logs
  • git merge - Join two or more development histories together
  • git mv - Move or rename a file, a directory, or a symlink
  • git notes - Add or inspect object notes
  • git pull - Fetch from and integrate with another repository or a local branch
  • git push - Update remote refs along with associated objects
  • git rebase - Forward-port local commits to the updated upstream head
  • git reset - Reset current HEAD to the specified state
  • git revert - Revert some existing commits
  • git rm - Remove files from the working tree and from the index
  • git shortlog - Summarize git log output
  • git show - Show various types of objects
  • git stash - Stash the changes in a dirty working directory away
  • git status - Show the working tree status
  • git submodule - Initialize, update or inspect sub-modules
  • git tag - Create, list, delete or verify a tag object signed with GPG
  • git worktree - Manage multiple working trees
  • gitk - The Git repository browser
• Ancillary Commands Manipulators:
  • git config - Get and set repository or global options
  • git fast-export - Git data exporter
  • git fast-import - Back-end for fast Git data importers
  • git filter-branch - Rewrite branches
  • git mergetool - Run merge conflict resolution tools to resolve merge conflicts
  • git pack refs - Pack heads and tags for efficient repository access
  • git prune - Prune all unreachable objects from the object database
  • git reflog - Manage reflog information
  • git relink - Hard link common objects in local repositories
  • git remote - Manage set of tracked repositories
  • git repack - Pack unpacked objects in a repository
  • git replace - Create, list, delete refs to replace objects
• Interrogators:
  • git annotate - Annotate file lines with commit information
  • git blame - Show what revision and author last modified each line of a file
  • git cherry - Find commits yet to be applied to upstream
  • git count-objects - Count unpacked number of objects and their disk consumption
  • git difftool - Show changes using common diff tools
  • git fsck - Verifies the connectivity and validity of the objects in the database
  • git get-tar-commit-id - Extract commit ID from an archive created using git-archive
  • git help - Display help information about Git
  • git instaweb - Instantly browse your working repository in gitweb
  • git merge-tree - Show three-way merge without touching index
  • git rerere - Reuse recorded resolution of conflicted merges
  • git rev-parse - Pick out and massage parameters
  • git show-branch - Show branches and their commits
  • git verify-commit - Check the GPG signature of commits
  • git verify-tag - Check the GPG signature of tags
  • git whatchanged - Show logs with difference each commit introduces
  • gitweb - Git web interface (web front-end to Git repositories)
• Interacting with Others: (interact with foreign SCM and with other people via patch over e-mail)
  • git archimport - Import an Arch repository into Git
  • git cvsexportcommit - Export a single commit to a CVS checkout
  • git cvsimport - Salvage your data out of another SCM people love to hate
  • git cvsserver - A CVS server emulator for Git
  • git imap-send - Send a collection of patches from stdin to an IMAP folder
  • git p4 - Import from and submit to Perforce repositories
  • git quiltimport - Applies a quilt patchset onto the current branch
  • git request-pull - Generates a summary of pending changes
  • git send-email - Send a collection of patches as emails
  • git svn - Bidirectional operation between a Subversion repository and Git

Low-Level "Plumbing" Commands:

• Manipulation commands:
  • git apply - Apply a patch to files and/or to the index
  • git checkout-index - Copy files from the index to the working tree
  • git commit-tree - Create a new commit object
  • git hash-object - Compute object ID and optionally creates a blob from a file
  • git index-pack - Build pack index file for an existing packed archive
  • git merge-file - Run a three-way file merge
  • git merge-index - Run a merge for files needing merging
  • git mktag - Creates a tag object
  • git mktree - Build a tree-object from ls-tree formatted text
  • git pack-objects - Create a packed archive of objects
  • git prune-packed - Remove extra objects that are already in pack files
  • git read-tree - Reads tree information into the index
  • git symbolic-ref - Read, modify and delete symbolic refs
  • git unpack-objects - Unpack objects from a packed archive
  • git update-index - Register file contents in the working tree to the index
  • git update-ref - Update the object name stored in a ref safely
  • git write-tree - Create a tree object from the current index
• Interrogation commands: (in general, these commands do not touch the files in the working tree)
  • git cat-file - Provide content or type and size information for repository objects
  • git diff-files - Compares files in the working tree and the index
  • git diff-index - Compare a tree to the working tree or index
  • git diff-tree - Compares the content and mode of blobs found via two tree objects
  • git for-each-ref - Output information on each ref
  • git ls-files - Show information about files in the index and the working tree
  • git ls-remote - List references in a remote repository
  • git ls-tree - List the contents of a tree object
  • git merge-base - Find as good common ancestors as possible for a merge
  • git name-rev - Find symbolic names for given revs
  • git pack-redundant - Find redundant pack files
  • git rev-list - Lists commit objects in reverse chronological order
  • git show-index - Show packed archive index
  • git show-ref - List references in a local repository
  • git unpack-file - Creates a temporary file with a blob's contents
  • git var - Show a Git logical variable
  • git verify-pack - Validate packed Git archive files
• Synching repositories:
  • git daemon - A really simple server for Git repositories
  • git fetch-pack - Receive missing objects from another repository
  • git http-backend - Server side implementation of Git over HTTP
  • git send-pack - Push objects over Git protocol to another repository
  • git update-server-info - Update auxiliary info file to help dumb servers
  • Helper commands typically not used directly:
    • git http-fetch - Download from a remote Git repository via HTTP
    • git http-push - Push objects over HTTP/DAV to another repository
    • git parse-remote - Routines to help parsing remote repository access parameters
    • git receive-pack - Receive what is pushed into the repository
    • git shell - Restricted login shell for Git-only SSH access
    • git upload-archive - Send archive back to git-archive
    • git upload-pack - Send objects packed back to git-fetch-pack
  • Internal helper commands: (typically used by other commands and not used directly)
    • git check-attr - Display gitattributes information
    • git check-ignore - Debug gitignore / exclude files
    • git check-mailmap - Show canonical names and email addresses of contacts
    • git check-ref-format - Ensures that a reference name is well formed
    • git column - Display data in columns
    • git credential - Retrieve and store user credentials
    • git credential-cache - Helper to temporarily store passwords in memory
    • git credential-store - Helper to store credentials on disk
    • git fmt-merge-msg - Produce a merge commit message
    • git interpret-trailers - help add structured information into commit messages
    • git mailinfo - Extracts patch and authorship from a single e-mail message
    • git mailsplit - Simple UNIX mbox splitter program
    • git merge-one-file - The standard helper program to use with git-merge-index
    • git patch-id - Compute unique ID for a patch
    • git sh-i18n - Git's i18n setup code for shell scripts
    • git sh-setup - Common Git shell script setup code
    • git stripspace - Remove unnecessary white-space

• Git home page
• Trac home page
• Git Plugin for Trac - Trac-Hacks
• YoLinux.com GitWeb Installation and Configuration
• YoLinux.com Git and Trac tutorial - lots of Trac administration information. Hosting multiple Trac projects, etc.
• YoLinux.com Jenkins tutorial - will require the use of the Jenkins "git" plugin.

Books:

	"Version Control With Git" by Jon Loeliger ISBN #1449316387, O'Reilly Media; 2 edition (August 27, 2012)
	Distributed Version Control with Git [Kindle Edition] Lars Vogel (Author) A practical introduction into the Git version control system.
	Pro Git Scott Chacon (Author) Visual explanations of the git concepts and methodology. Step-by-step ways to track, merge, and manage software projects, using Git.

   

Advertisements