WebFaction
Community site: login faq
1
1

tl;dr

 # create a new SSH/FTP user, let's call him wfgit
 # log into your wfgit user with the password
 mkdir .ssh
 chmod 700 .ssh
 touch .ssh/authorized_keys
 chmod 644 .ssh/authorized_keys
 which git # check that git is on your box
 which python2.7 # check that python is on your box
 mkdir -p lib/python2.7
 mkdir src
 cd src
 git clone git://eagain.net/gitosis.git
 cd gitosis
 python2.7 setup.py install
 # copy your ssh public key to your wfgit user's home dir. 
 # say it's called your-key.pub
 cd ~
 gitosis-init < your-key.pub
 chmod 755 repositories/gitosis-admin.git/hooks/post-update
 # Add $HOME/bin to your path in .bashrc and export it
 # switch to your local machine and follow the instructions here, 
 # starting with the line "Here some cool magic happens." 
 # http://scie.nti.st/2007/11/14/hosting-git-repositories-the-easy-and-secure-way

I spent a good chunk of the afternoon today getting Gitosis installed on my webfaction account, and I think I have it mostly figured out, so I wanted to share my findings with the community, because the existing resources I found seemed a little incomplete. The following two links got me most of the way there, and since I can't add to the old webfaction forum, I thought I'd try to fill in the missing pieces here:

  • http://forum.webfaction.com/viewtopic.php?id=2321
  • http://scie.nti.st/2007/11/14/hosting-git-repositories-the-easy-and-secure-way

Now, as best I can tell the problems people are having come from the model that Gitosis uses to manage permissions: SSH and keypairs. Every time you push the gitosis-admin repo, gitosis makes sure that any public key in your keydir is put into your ~/.ssh/authorized_keys, with a command in front of it that gets executed whenever that public key user logs in. The command is:

command="gitosis-serve username",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty

Now the problem comes when your are trying to reuse a webfaction account that already has some SSH users, probably you as the administrator, with no command in front of your public key. SSH starts at the top of your authorized_keys file and goes down until a key matches, and your unlimited key matches before your key that was added by Gitosis. You have unlimited rights, but the gitosis-serve command doesn't get run, and I think that's where a lot of the trouble comes from.

So you have a choice.

  1. You can either use the same webfaction SSH user that you use for your regular work and management. If you take this route, then Gitosis will still work for any new user keys you add that don't already have an entry in your authorized key file, but for you, or anyone that has a full-access SSH login, you'll have to use the path directly to the repository (it's just a git repository after all). So for me, that was something like (note the '/repositories' part):

    git clone ssh://wf-username@wf-domain.com/repositories/MyRepository.git

  2. You can set up a new SSH user, like dhmorgan suggests in the old forum, who's sole purpose is to run Gitosis and therefore the authorized_keys file won't have any risk of duplicates or problems.

So, for completeness, here's a rough outline of what I did, which seems to be working (granted it's only day 1, I'll report back if I run into more trouble):

  1. If you're shooting for option #2 above, set up a new SSH/FTP user through webfaction
  2. Log into whatever account your using (your normal account, or the one you just made in step #1) and make sure you've got a ~/.ssh/ directory and a ~/.ssh/authorized_keys file (mine are chmod 700 and 644 respectively).
  3. If you don't already have git (I did), install it. IAIHMB's instructions in the forum look reasonable, but I would modify them to just install in your user home directory. I have a ~/bin with git in it, and it works great.
  4. I believe python should be taken care of for you by webfaction. To check, try 'which python2.5' and I had a ~/lib/python2.5 directory. If you don't, report, and we'll find more detailed instructions.
  5. Install gitosis. I used IAIHMB's commands from the forum, executed in the home directory.
  6. Make sure you have your ~/bin directory in your $PATH. 'echo $PATH' to check, and 'export PATH=$HOME/bin:$PATH' in your .bashrc if not.
  7. Copy your public key somewhere on your server and run 'gitosis-init < my-key.pub'
  8. Make sure ~/repositories/gitosis-admin.git/hooks/post-update is chmod 755.
  9. Clone the gitosis-admin.git repo (either with the full path or the direct gitosis path, as discussed above) and away you go. Check out the scie.nti.st blog post for more gitosis specific configuration instructions.

Good Luck. Please report any problems, and we'll try to get a good solid set of instructions here.

This question is marked "community wiki".

asked 03 Jul '11, 00:12

simoinsta
113
accept rate: 0%

edited 07 Jul '11, 19:38

Thank you for the great work.

(03 Jul '11, 00:18) johns

Hi,

These instructions are great. I followed them but am getting and error......

git push git@my-url:repositories/gitosis-admin.git

error: cannot run hooks/post-update: No such file or directory remote: hooks/post-update: line 3: gitosis-run-hook: command not found

or in repositories/gitosis-admin.git/hooks

$ ./post-update ERROR:gitosis.run_hook:Must have GIT_DIR set in enviroment

(15 Sep '11, 12:10) jaycanty
Be the first one to answer this question!
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×111
×6
×2

question asked: 03 Jul '11, 00:12

question was seen: 4,561 times

last updated: 15 Sep '11, 12:26

WEBFACTION
REACH US
SUPPORT
AFFILIATE PROGRAM
LEGAL
© COPYRIGHT 2003-2019 SWARMA LIMITED - WEBFACTION IS A SERVICE OF SWARMA LIMITED
REGISTERED IN ENGLAND AND WALES 5729350 - VAT REGISTRATION NUMBER 877397162
5TH FLOOR, THE OLD VINYL FACTORY, HAYES, UB3 1HA, UNITED KINGDOM