setup-git-hosting.md - www.codemadness.org - www.codemadness.org saait content files
(HTM) git clone git://git.codemadness.org/www.codemadness.org
(DIR) Log
(DIR) Files
(DIR) Refs
(DIR) README
(DIR) LICENSE
---
setup-git-hosting.md (6711B)
---
1 **This article assumes you use OpenBSD for the service files and OS-specific
2 examples.**
3
4
5 ## Why
6
7 A good reason to host your own git repositories is because of having and
8 keeping control over your own computing infrastructure.
9
10 Some bad examples:
11
12 * [The SourceForge ads/malware/hijack controversies. Injecting malware into projects](https://en.wikipedia.org/wiki/SourceForge#Controversies).
13 * [As of 2019-10-23 Gitlab added telemetry to their software](https://gitlab.com/gitlab-org/gitaly/issues/2113).
14 * [On 2019-10-24 Gitlab reverted it again because many people complained](https://about.gitlab.com/blog/2019/10/10/update-free-software-and-telemetry/).
15 * [On 2020-11-16 Github reinstated youtube-dl, to reverse a Digital Millennium Copyright Act (DMCA) takedown](https://github.blog/2020-11-16-standing-up-for-developers-youtube-dl-is-back/).
16 * [On 2021-03-11 Github (owned by Microsoft) removes exploit code for Microsoft Exchange vulnerabilities](https://arstechnica.com/gadgets/2021/03/critics-fume-after-github-removes-exploit-code-for-exchange-vulnerabilities/).
17 * [On 2022-04-16 Russian software developers are reporting that their GitHub accounts are being suspended without warning if they work for or previously worked for companies under US sanctions](https://www.bleepingcomputer.com/news/security/github-suspends-accounts-of-russian-devs-at-sanctioned-companies/).
18 * [On 2022-08-04 GitLab plans to delete dormant projects in free accounts](https://www.theregister.com/2022/08/04/gitlab_data_retention_policy/).
19 * [On 2022-08-05 GitLab U-turns on deleting dormant projects after backlash](https://www.theregister.com/2022/08/05/gitlab_reverses_deletion_policy/).
20
21 The same thing can happen with Github, Atlassian Bitbucket or other similar
22 services. After all: they are just a company with commercial interests. These
23 online services also have different pricing plans and various (arbitrary)
24 restrictions. When you host it yourself the restrictions are the resource
25 limits of the system and your connection, therefore it is a much more flexible
26 solution.
27
28 Always make sure you own the software (which is [Free](https://www.gnu.org/philosophy/free-sw.html) or open-source) and you
29 can host it yourself, so you will be in control of it.
30
31
32 ## Creating repositories
33
34 For the hosting it is recommended to use a so-called "bare" repository. A bare
35 repository means no files are checked out in the folder itself. To create a
36 bare repository use git init with the --bare argument:
37
38 $ git init --bare
39
40 I recommend to create a separate user and group for the source-code
41 repositories. In the examples we will assume the user is called "src".
42
43 Login as the src user and create the files. To create a directory for the
44 repos, in this example /home/src/src:
45
46 $ mkdir -p /home/src/src
47 $ cd /home/src/src
48 $ git init --bare someproject
49 $ $EDITOR someproject/description
50
51 Make sure the git-daemon process has access permissions to these repositories.
52
53
54 ## Install git-daemon (optional)
55
56 Using git-daemon you can clone the repositories publicly using the efficient
57 git:// protocol. An alternative without having to use git-daemon is by using
58 (anonymous) SSH, HTTPS or any public shared filesystem.
59
60 When you use a private-only repository I recommend to just use SSH without
61 git-daemon because it is secure.
62
63 Install the git package. The package should contain "git daemon":
64
65 # pkg_add git
66
67 Enable the daemon:
68
69 # rcctl enable gitdaemon
70
71 Set the gitdaemon service flags to use the src directory and use all the
72 available repositories in this directory. The command-line flags "--export-all"
73 exports all repositories in the base path. Alternatively you can use the
74 "git-daemon-export-ok" file (see the git-daemon man page).
75
76 # rcctl set gitdaemon flags --export-all --base-path="/home/src/src"
77
78 To configure the service to run as the user _gitdaemon:
79
80 # rcctl set gitdaemon user _gitdaemon
81
82 To run the daemon directly as the user _gitdaemon (without dropping privileges
83 from root to the user) set the following flags in /etc/rc.d/gitdaemon:
84
85 daemon_flags="--user=_gitdaemon"
86
87 Which will also avoid this warning while cloning:
88
89 "can't access /root/.git/config"
90
91 Now start the daemon:
92
93 # rcctl start gitdaemon
94
95
96 ## Cloning and fetching changes
97
98 To test and clone the repository do:
99
100 $ git clone git://yourdomain/someproject
101
102 if you skipped the optional git-daemon installation then just clone via SSH:
103
104 $ git clone ssh://youraccount@yourdomain:/home/src/src/someproject
105
106 When cloning via SSH make sure to setup private/public key authentication for
107 security and convenience.
108
109 You should also make sure the firewall allows connections to the services like
110 the git daemon, HTTPd or SSH, for example using OpenBSD pf something like this
111 can be set in [/etc/pf.conf](https://man.openbsd.org/pf.conf):
112
113 tcp_services="{ ssh, gopher, http, https, git }"
114 pass in on egress proto tcp from any to (egress) port $tcp_services
115
116
117 ## Pushing changes
118
119 Add the repository as a remote:
120
121 $ git remote add myremote ssh://youraccount@yourdomain:/home/src/src/someproject
122
123 Then push the changes:
124
125 $ git push myremote master:master
126
127
128 ## Git history web browsing (optional)
129
130 Sometimes it's nice to browse the git history log of the repository in a web
131 browser or some other program without having to look at the local repository.
132
133 * [Stagit](stagit.html) is a static HTML page generator for git.
134 * [Stagit-gopher](stagit-gopher.html) is a static page generator for
135 [gopher](http://gopherproject.org/) and
136 [geomyidae](gopher://bitreich.org/1/scm/geomyidae).
137 * cgit is a CGI-based program which shows HTML views of your repository, see
138 also the page: [OpenBSD httpd, slowcgi and cgit](openbsd-httpd-and-cgit.html).
139
140 It's also possible with these tools to generate an Atom feed and then use a
141 RSS/Atom reader to track the git history:
142
143 * An example url from cgit: [Linux kernel tree](https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/atom/?h=master).
144 * An example url from stagit for the [commit log](/git/stagit/atom.xml).
145 * An example url from stagit for the [releases](/git/stagit/tags.xml).
146
147 My [sfeed](sfeed.html) program can be used as a RSS/Atom reader.
148
149
150 ## Setting up git hooks (optional)
151
152 Using git hooks you can setup automated triggers, for example when pushing to a
153 repository. Some useful examples can be:
154
155 * [For stagit: update the repo files (example post-receive hook).](/git/stagit/file/example_post-receive.sh.html)
156 * Send an e-mail with the commit subject and message.
157 * Log/notify commits and changes to an IRC channel using a fifo: [ii](https://tools.suckless.org/ii/).
158 * Create a release tarball and checksum file on a tag push/change.
159 * Checkout files for website content.