Musings of a code junkie

Git Repo Hosting via SSH

Tagged git, shared host, and ssh
Sharing
Photo by Medmoiselle T

Do you use Git? Great! Do you have a Shared Hosting environment? Or just want to give other people access to your git repositories under one shell account? Then let me introduce you to HostGitRb: Git repository sharing Ruby style.

Features

  • Easy to install
  • Git Repository sharing via SSH under one user (ideal for shared hosting)
  • User permission is based on their public keys
  • Users can only pull/push Git repos, they can’t login via SSH.

I do know about Gitosis, but I had a few problems installing it on my host, so I did what a respectable hacker would do and created my own stuff. Plus playing with rubies are way more fun than playing with pythons. :)

Because time is precious, here are some shortcuts to help you jump around to the sections you need:

  • Use Case 1 – Example of how to share Git repos for a University project
  • Use Case 2 – Example of how to let a one user access multiple repos (even that of a different user)
  • Reference – Overview of command line options

Installation

It’s easy as pie, just login to your server and install the gem: gem install hostgitrb

Alternatively, clone the HostGitRb repository from GitHub and add the bin/ directory to your PATH.

Use Case 1 – Group Project

I originally made these scripts to share a Git repository with friends for a University project, so I’ll use that as an example to illustrate HostGitRb’s functionality.

On my host, I have a directory that contains all my Git repositories: ~/gitrepos. Under that directory, I created another one called tjs which is a subject I’m taking this semester (translates to Game and Simulation Technology).

The tjs folder contains all the Git repos I want my group to access. There’s actually only one repository in the directory, but hey, who’s counting? It’s called xinkysworld.git (the name of our game).

To give my friends access, I did the following:

  1. Got their public keys (generated via ssh-keygen -t rsa)
  2. Logged in to my server and for each key I executed the following command: hostgitrb --dir ~/gitrepos/tjs --key "ssh-rsa AAAAB3Nza..."
  3. After that they can access the repository like so: git clone rfe@rfelix.com:xinkysworld.git or even git clone ssh://rfe@rfelix.com/xinkysworld.git

Even though they’re using my username to access the repository, they can’t do anything else other than push or pull from the Git repositories under the tjs/ directory. Great! Now they can’t deface my site (yep, they’re evil like that).

Use Case 2 – One User, Multiple Repositories

If you’re a student, your group members might overlap between projects. To allow one person access to different Git repositories, you can set something up that is kinda like GitHub’s structure: git@github.com:rfelix/hostgitrb.git

Say you want to give the user foo access to not only his own repo, but also to another that’s shared between him and the user bar. You can do something like:

  1. Create a directory for him: mkdir -p ~/gitrepos/foo
  2. Create his own repo under ~/gitrepos/foo/project.git
  3. Create a symlink of bar ’s repository in foo ’s directory: ln -s ~/gitrepos/bar/shared.git ~/gitrepos/foo/shared.git
  4. Give his public key permission (from a file this time): hostgitrb --dir ~/gitrepos/tjs --file ~/tmp/foo.pub

Now foo can access whichever repository under his foo/ folder. For example, he can access the shared.git repo via the url (using GitHub’s url for comparison) git@github.com:shared.git

It’s not exactly the <user>/<repository>.git structure like GitHub, but it works.

Reference

Running hostgitrb --help will give you a list of possible options you can use (thanks to Trollop):

> hostgitrb --help
Options:
          --file, -f <s>:  Set path to public ssh key file (default: )
           --key, -k <s>:  Provide public ssh key as a string (default: )
           --dir, -d <s>:  Set full path to directory with git repositories to 
                           allow access to (default: )
          --readonly, -r:  Set access to repositories in --dir to read only
          --nobackup, -n:  Don't make backup of authorized_keys file
--authorizedkeys, -a <s>:  Set authorized_keys file (default: ~/.ssh/authorized_keys)
              --help, -h:  Show this message

They’re pretty much self-explanatory, but here are a few notes:

  • Use --key when you have the SSH public key is in the clipboard (don’t forget the "" due to spaces)
  • Use --file when you have the actual public key file on your server.
  • --readonly makes sure the user can only execute git pull
  • HostGitRb makes backups of the authorized_keys file it modifies; stop this with --nobackup
  • --authorizedkeys allows you to change the file that the new permission is added to.

Final Remarks

I’ve put this out in the open source world in hope that this will also be helpful to someone else other than myself. If you have any problems let me know in the comments. Or if you find a bug, please add it to Issues.

Until next time, happy git repo sharing!

Posted on 06 April 2010 under Programming
blog comments powered by Disqus