setup-git-hosting.html - www.codemadness.org - www.codemadness.org saait content files
 (HTM) git clone git://git.codemadness.org/www.codemadness.org
 (DIR) Log
 (DIR) Files
 (DIR) Refs
 (DIR) README
 (DIR) LICENSE
       ---
       setup-git-hosting.html (9537B)
       ---
            1 <!DOCTYPE html>
            2 <html dir="ltr" lang="en">
            3 <head>
            4         <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
            5         <meta http-equiv="Content-Language" content="en" />
            6         <meta name="viewport" content="width=device-width" />
            7         <meta name="keywords" content="git, HTTP, gopher, SSH, OpenBSD" />
            8         <meta name="description" content="Howto setup your own git hosting service" />
            9         <meta name="author" content="Hiltjo" />
           10         <meta name="generator" content="Static content generated using saait: https://codemadness.org/saait.html" />
           11         <title>Setup your own git hosting service - Codemadness</title>
           12         <link rel="stylesheet" href="style.css" type="text/css" media="screen" />
           13         <link rel="stylesheet" href="print.css" type="text/css" media="print" />
           14         <link rel="alternate" href="atom.xml" type="application/atom+xml" title="Codemadness Atom Feed" />
           15         <link rel="alternate" href="atom_content.xml" type="application/atom+xml" title="Codemadness Atom Feed with content" />
           16         <link rel="icon" href="/favicon.png" type="image/png" />
           17 </head>
           18 <body>
           19         <nav id="menuwrap">
           20                 <table id="menu" width="100%" border="0">
           21                 <tr>
           22                         <td id="links" align="left">
           23                                 <a href="index.html">Blog</a> |
           24                                 <a href="/git/" title="Git repository with some of my projects">Git</a> |
           25                                 <a href="/releases/">Releases</a> |
           26                                 <a href="gopher://codemadness.org">Gopherhole</a>
           27                         </td>
           28                         <td id="links-contact" align="right">
           29                                 <span class="hidden"> | </span>
           30                                 <a href="/donate/">Donate</a> |
           31                                 <a href="feeds.html">Feeds</a> |
           32                                 <a href="pgp.asc">PGP</a> |
           33                                 <a href="mailto:hiltjo@AT@codemadness.DOT.org">Mail</a>
           34                         </td>
           35                 </tr>
           36                 </table>
           37         </nav>
           38         <hr class="hidden" />
           39         <main id="mainwrap">
           40                 <div id="main">
           41                         <article>
           42 <header>
           43         <h1>Setup your own git hosting service</h1>
           44         <p>
           45         <strong>Last modification on </strong> <time>2022-08-07</time>
           46         </p>
           47 </header>
           48 
           49 <p><strong>This article assumes you use OpenBSD for the service files and OS-specific
           50 examples.</strong></p>
           51 <h2>Why</h2>
           52 <p>A good reason to host your own git repositories is because of having and
           53 keeping control over your own computing infrastructure.</p>
           54 <p>Some bad examples:</p>
           55 <ul>
           56 <li><a href="https://en.wikipedia.org/wiki/SourceForge#Controversies">The SourceForge ads/malware/hijack controversies. Injecting malware into projects</a>.</li>
           57 <li><a href="https://gitlab.com/gitlab-org/gitaly/issues/2113">As of 2019-10-23 Gitlab added telemetry to their software</a>.</li>
           58 <li><a href="https://about.gitlab.com/blog/2019/10/10/update-free-software-and-telemetry/">On 2019-10-24 Gitlab reverted it again because many people complained</a>.</li>
           59 <li><a href="https://github.blog/2020-11-16-standing-up-for-developers-youtube-dl-is-back/">On 2020-11-16 Github reinstated youtube-dl, to reverse a Digital Millennium Copyright Act (DMCA) takedown</a>.</li>
           60 <li><a href="https://arstechnica.com/gadgets/2021/03/critics-fume-after-github-removes-exploit-code-for-exchange-vulnerabilities/">On 2021-03-11 Github (owned by Microsoft) removes exploit code for Microsoft Exchange vulnerabilities</a>.</li>
           61 <li><a href="https://www.bleepingcomputer.com/news/security/github-suspends-accounts-of-russian-devs-at-sanctioned-companies/">On 2022-04-16 Russian software developers are reporting that their GitHub accounts are being suspended without warning if they work for or previously worked for companies under US sanctions</a>.</li>
           62 <li><a href="https://www.theregister.com/2022/08/04/gitlab_data_retention_policy/">On 2022-08-04 GitLab plans to delete dormant projects in free accounts</a>.</li>
           63 <li><a href="https://www.theregister.com/2022/08/05/gitlab_reverses_deletion_policy/">On 2022-08-05 GitLab U-turns on deleting dormant projects after backlash</a>.</li>
           64 </ul>
           65 <p>The same thing can happen with Github, Atlassian Bitbucket or other similar
           66 services.  After all: they are just a company with commercial interests.  These
           67 online services also have different pricing plans and various (arbitrary)
           68 restrictions.  When you host it yourself the restrictions are the resource
           69 limits of the system and your connection, therefore it is a much more flexible
           70 solution.</p>
           71 <p>Always make sure you own the software (which is <a href="https://www.gnu.org/philosophy/free-sw.html">Free</a> or open-source) and you
           72 can host it yourself, so you will be in control of it.</p>
           73 <h2>Creating repositories</h2>
           74 <p>For the hosting it is recommended to use a so-called "bare" repository.  A bare
           75 repository means no files are checked out in the folder itself.  To create a
           76 bare repository use git init with the --bare argument:</p>
           77 <pre><code>$ git init --bare
           78 </code></pre>
           79 <p>I recommend to create a separate user and group for the source-code
           80 repositories.  In the examples we will assume the user is called "src".</p>
           81 <p>Login as the src user and create the files. To create a directory for the
           82 repos, in this example /home/src/src:</p>
           83 <pre><code>$ mkdir -p /home/src/src
           84 $ cd /home/src/src
           85 $ git init --bare someproject
           86 $ $EDITOR someproject/description
           87 </code></pre>
           88 <p>Make sure the git-daemon process has access permissions to these repositories.</p>
           89 <h2>Install git-daemon (optional)</h2>
           90 <p>Using git-daemon you can clone the repositories publicly using the efficient
           91 git:// protocol. An alternative without having to use git-daemon is by using
           92 (anonymous) SSH, HTTPS or any public shared filesystem.</p>
           93 <p>When you use a private-only repository I recommend to just use SSH without
           94 git-daemon because it is secure.</p>
           95 <p>Install the git package. The package should contain "git daemon":</p>
           96 <pre><code># pkg_add git
           97 </code></pre>
           98 <p>Enable the daemon:</p>
           99 <pre><code># rcctl enable gitdaemon
          100 </code></pre>
          101 <p>Set the gitdaemon service flags to use the src directory and use all the
          102 available repositories in this directory. The command-line flags "--export-all"
          103 exports all repositories in the base path. Alternatively you can use the
          104 "git-daemon-export-ok" file (see the git-daemon man page).</p>
          105 <pre><code># rcctl set gitdaemon flags --export-all --base-path="/home/src/src"
          106 </code></pre>
          107 <p>To configure the service to run as the user _gitdaemon:</p>
          108 <pre><code># rcctl set gitdaemon user _gitdaemon
          109 </code></pre>
          110 <p>To run the daemon directly as the user _gitdaemon (without dropping privileges
          111 from root to the user) set the following flags in /etc/rc.d/gitdaemon:</p>
          112 <pre><code>daemon_flags="--user=_gitdaemon"
          113 </code></pre>
          114 <p>Which will also avoid this warning while cloning:</p>
          115 <pre><code>"can't access /root/.git/config"
          116 </code></pre>
          117 <p>Now start the daemon:</p>
          118 <pre><code># rcctl start gitdaemon
          119 </code></pre>
          120 <h2>Cloning and fetching changes</h2>
          121 <p>To test and clone the repository do:</p>
          122 <pre><code>$ git clone git://yourdomain/someproject
          123 </code></pre>
          124 <p>if you skipped the optional git-daemon installation then just clone via SSH:</p>
          125 <pre><code>$ git clone ssh://youraccount@yourdomain:/home/src/src/someproject
          126 </code></pre>
          127 <p>When cloning via SSH make sure to setup private/public key authentication for
          128 security and convenience.</p>
          129 <p>You should also make sure the firewall allows connections to the services like
          130 the git daemon, HTTPd or SSH, for example using OpenBSD pf something like this
          131 can be set in <a href="https://man.openbsd.org/pf.conf">/etc/pf.conf</a>:</p>
          132 <pre><code>tcp_services="{ ssh, gopher, http, https, git }"
          133 pass in on egress proto tcp from any to (egress) port $tcp_services
          134 </code></pre>
          135 <h2>Pushing changes</h2>
          136 <p>Add the repository as a remote:</p>
          137 <pre><code>$ git remote add myremote ssh://youraccount@yourdomain:/home/src/src/someproject
          138 </code></pre>
          139 <p>Then push the changes:</p>
          140 <pre><code>$ git push myremote master:master
          141 </code></pre>
          142 <h2>Git history web browsing (optional)</h2>
          143 <p>Sometimes it's nice to browse the git history log of the repository in a web
          144 browser or some other program without having to look at the local repository.</p>
          145 <ul>
          146 <li><a href="stagit.html">Stagit</a> is a static HTML page generator for git.</li>
          147 <li><a href="stagit-gopher.html">Stagit-gopher</a> is a static page generator for
          148 <a href="http://gopherproject.org/">gopher</a> and
          149 <a href="gopher://bitreich.org/1/scm/geomyidae">geomyidae</a>.</li>
          150 <li>cgit is a CGI-based program which shows HTML views of your repository, see
          151 also the page: <a href="openbsd-httpd-and-cgit.html">OpenBSD httpd, slowcgi and cgit</a>.</li>
          152 </ul>
          153 <p>It's also possible with these tools to generate an Atom feed and then use a
          154 RSS/Atom reader to track the git history:</p>
          155 <ul>
          156 <li>An example url from cgit: <a href="https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/atom/?h=master">Linux kernel tree</a>.</li>
          157 <li>An example url from stagit for the <a href="/git/stagit/atom.xml">commit log</a>.</li>
          158 <li>An example url from stagit for the <a href="/git/stagit/tags.xml">releases</a>.</li>
          159 </ul>
          160 <p>My <a href="sfeed.html">sfeed</a> program can be used as a RSS/Atom reader.</p>
          161 <h2>Setting up git hooks (optional)</h2>
          162 <p>Using git hooks you can setup automated triggers, for example when pushing to a
          163 repository.  Some useful examples can be:</p>
          164 <ul>
          165 <li><a href="/git/stagit/file/example_post-receive.sh.html">For stagit: update the repo files (example post-receive hook).</a></li>
          166 <li>Send an e-mail with the commit subject and message.</li>
          167 <li>Log/notify commits and changes to an IRC channel using a fifo: <a href="https://tools.suckless.org/ii/">ii</a>.</li>
          168 <li>Create a release tarball and checksum file on a tag push/change.</li>
          169 <li>Checkout files for website content.</li>
          170 </ul>
          171 
          172                         </article>
          173                 </div>
          174         </main>
          175 </body>
          176 </html>