# create a new SSH/FTP user, let's call him wfgit
# log into your wfgit user with the password
chmod 700 .ssh
chmod 644 .ssh/authorized_keys
which git # check that git is on your box
which python2.7 # check that python is on your box
mkdir -p lib/python2.7
git clone git://eagain.net/gitosis.git
python2.7 setup.py install
# copy your ssh public key to your wfgit user's home dir.
# say it's called your-key.pub
gitosis-init < your-key.pub
chmod 755 repositories/gitosis-admin.git/hooks/post-update
# Add $HOME/bin to your path in .bashrc and export it
# switch to your local machine and follow the instructions here,
# starting with the line "Here some cool magic happens."
I spent a good chunk of the afternoon today getting Gitosis installed on my webfaction account, and I think I have it mostly figured out, so I wanted to share my findings with the community, because the existing resources I found seemed a little incomplete. The following two links got me most of the way there, and since I can't add to the old webfaction forum, I thought I'd try to fill in the missing pieces here:
Now, as best I can tell the problems people are having come from the model that Gitosis uses to manage permissions: SSH and keypairs. Every time you push the gitosis-admin repo, gitosis makes sure that any public key in your keydir is put into your ~/.ssh/authorized_keys, with a command in front of it that gets executed whenever that public key user logs in. The command is:
Now the problem comes when your are trying to reuse a webfaction account that already has some SSH users, probably you as the administrator, with no command in front of your public key. SSH starts at the top of your authorized_keys file and goes down until a key matches, and your unlimited key matches before your key that was added by Gitosis. You have unlimited rights, but the gitosis-serve command doesn't get run, and I think that's where a lot of the trouble comes from.
So you have a choice.
You can either use the same webfaction SSH user that you use for your regular work and management. If you take this route, then Gitosis will still work for any new user keys you add that don't already have an entry in your authorized key file, but for you, or anyone that has a full-access SSH login, you'll have to use the path directly to the repository (it's just a git repository after all). So for me, that was something like (note the '/repositories' part):
git clone ssh://firstname.lastname@example.org/repositories/MyRepository.git
You can set up a new SSH user, like dhmorgan suggests in the old forum, who's sole purpose is to run Gitosis and therefore the authorized_keys file won't have any risk of duplicates or problems.
So, for completeness, here's a rough outline of what I did, which seems to be working (granted it's only day 1, I'll report back if I run into more trouble):
- If you're shooting for option #2 above, set up a new SSH/FTP user through webfaction
- Log into whatever account your using (your normal account, or the one you just made in step #1) and make sure you've got a ~/.ssh/ directory and a ~/.ssh/authorized_keys file (mine are chmod 700 and 644 respectively).
- If you don't already have git (I did), install it. IAIHMB's instructions in the forum look reasonable, but I would modify them to just install in your user home directory. I have a ~/bin with git in it, and it works great.
- I believe python should be taken care of for you by webfaction. To check, try 'which python2.5' and I had a ~/lib/python2.5 directory. If you don't, report, and we'll find more detailed instructions.
- Install gitosis. I used IAIHMB's commands from the forum, executed in the home directory.
- Make sure you have your ~/bin directory in your $PATH. 'echo $PATH' to check, and 'export PATH=$HOME/bin:$PATH' in your .bashrc if not.
- Copy your public key somewhere on your server and run 'gitosis-init < my-key.pub'
- Make sure ~/repositories/gitosis-admin.git/hooks/post-update is chmod 755.
- Clone the gitosis-admin.git repo (either with the full path or the direct gitosis path, as discussed above) and away you go. Check out the scie.nti.st blog post for more gitosis specific configuration instructions.
Good Luck. Please report any problems, and we'll try to get a good solid set of instructions here.
Jul 03 '11 at 00:12