diff options
Diffstat (limited to '_items/git.md')
| -rw-r--r-- | _items/git.md | 189 |
1 files changed, 94 insertions, 95 deletions
diff --git a/_items/git.md b/_items/git.md index e1f1b3c..7a42032 100644 --- a/_items/git.md +++ b/_items/git.md @@ -7,89 +7,82 @@ tags: - software --- -## Overview +# Overview -I have two mechanisms set up for accessing my git server. I use gitolite for -ssh access and permission management. I also have cgit set up which generates -html pages for viewing your repositories and also hosts your repositories over -http, or https if you have it set up. +I have two mechanisms set up for accessing [my git +server](https://git.pipeframe.xyz): -## SSH Access with gitolite +1. **gitolite** for ssh access and permission management +2. **cgit** for browsing and read-only access over HTTP + +# SSH Access with gitolite Gitolite was a pain in the ass to set up because I didn't understand umasks -before I started trying to set it up. A *umask* is like the opposite of what +before I started trying to set it up. A *umask* is like the "opposite" of what you'd enter when running `chmod`. For example: if I run `touch test`, I will -now have a file with the same permissions as `chmod 644`. That looks something -like this: +now have a file with the same permissions as `chmod 644` (though the default +umask may vary per distro). You can check this with the `stat` command: ```sh $ touch test -$ ls -l -total bla bla --rw-r--r-- 1 loek users 0 Apr 28 12:28 test -$ chmod 644 test -$ ls -l -total bla bla --rw-r--r-- 1 loek users 0 Apr 28 12:28 test -$ # notice the same permissions on the 'test' file +$ stat test + File: test + (bla bla) +Access: (0644/-rw-r--r--) Uid: ( 1000/ loek) Gid: ( 985/ users) ``` -If I want gitolite to create repositories with default permissions so other -users can read the repositories, I have to set my umask to the opposite of 644. -Here's a quick explanation of `ls -l`'s output: +The 9 least significant bits in the 'Access' field contain flags that represent +the file's permissions. This value is usually displayed using octal notation +(0-7) because this neatly groups each 3-bit pair in a single digit: -```sh --rw-r--r-- * user group size date time filename -|└┬┘└┬┘└┬┘ -| | | └all users -| | └owner group -| └owner user -└type -``` +||user|group|world| +|-:|:-:|:-:|:-:| +|flags|`rw-`|`r--`|`r--`| +|binary|`110`|`100`|`100`| +|octal|`6`|`4`|`4`| -Each digit in a `chmod` command sets the permission for the file owner, file -group, then everyone. That looks something like this: - -```sh -$ chmod 644 test +The umask very literally *masks* each bit (using a bitwise and operation). If I want gitolite to create +repositories with default permissions so other users can read but not write, I +have to use a mode with the bits set of the permissions that I *don't* want to grant: -decimal: 6 4 4 -binary: 110 100 100 -ls -l: - rw- r-- r-- -``` - -Then we take the opposite of this to get the umask: - -```sh -$ chmod 755 directory -R - -ls -l: d rwx r-x r-x -binary: 000 010 010 -decimal: 0 2 2 -``` +||user|group|world| +|-:|:-:|:-:|:-:| +|unwanted|`---`|`-w-`|`-w-`| +|binary|`000`|`010`|`010`| +|octal|`0`|`2`|`2`| And now my `.gitolite.rc`: ```perl %RC = ( - UMASK => 0022, - ROLES => { - READERS => 1, - WRITERS => 1, - }, - - ENABLE => [ - 'ssh-authkeys', - 'git-config', - 'daemon', - 'gitweb', - ], + UMASK => 0022, + WRITER_CAN_UPDATE_DESC => 1, + ROLES => { + READERS => 1, + WRITERS => 1, + }, + + ENABLE => [ + # commands + 'help', + 'desc', + 'info', + 'perms', + 'writable', + 'create', + 'readme', + 'D', + + 'ssh-authkeys', # authorization mechanism + 'git-config', # read by cgit + 'cgit', # updates 'description' file instead of 'gitweb.description' config + ], ); 1; ``` -## HTTP(S) Access with cgit +# HTTP Access with cgit Cgit is probably the easiest thing to set up. It has great built-in documentation (`man 5 cgitrc`). Pretty much all configuration is in @@ -97,25 +90,31 @@ documentation (`man 5 cgitrc`). Pretty much all configuration is in posting my config here is because for some reason, the order of the options in cgit's config matters: -```rc -# -# cgit config -# see cgitrc(5) for details +```conf +# cgit config; see cgitrc(5) for details cache-size=0 + enable-commit-graph=1 +enable-git-config=0 +enable-index-owner=0 + +clone-url=https://git.pipeframe.xyz/$CGIT_REPO_URL git@pipeframe.xyz:$CGIT_REPO_URL -css=/cgit.css -logo=/cgit.png +max-repo-count=9999 +max-repodesc-length=9999 + +css=/style.css +logo= +footer= virtual-root=/ remove-suffix=1 -root-title=git :tada: +root-title=git.pipeframe.xyz +root-desc= +root-readme=/usr/local/lib/cgit/root-readme.md -## -## List of common mimetypes -## mimetype.gif=image/gif mimetype.html=text/html mimetype.jpg=image/jpeg @@ -124,40 +123,40 @@ mimetype.pdf=application/pdf mimetype.png=image/png mimetype.svg=image/svg+xml -# Highlight source code with python pygments-based highlighter source-filter=/usr/lib/cgit/filters/syntax-highlighting.py +about-filter=/usr/local/lib/cgit/filters/about-filter +head-include=/usr/local/lib/cgit/head-include.html +robots= -# Format markdown, restructuredtext, manpages, text files, and html files -# through the right converters -about-filter=/usr/lib/cgit/filters/about-formatting.sh - -## -## Search for these files in the root of the default branch of repositories -## for coming up with the about page: -## readme=:README.md readme=:readme.md +readme=:README.mkd +readme=:readme.mkd readme=:README.rst readme=:readme.rst +readme=:README.html +readme=:readme.html +readme=:README.htm +readme=:readme.htm readme=:README.txt readme=:readme.txt readme=:README readme=:readme -readme=:INSTALL.md -readme=:install.md -readme=:INSTALL.mkd -readme=:install.mkd -readme=:INSTALL.rst -readme=:install.rst -readme=:INSTALL.html -readme=:install.html -readme=:INSTALL.htm -readme=:install.htm -readme=:INSTALL.txt -readme=:install.txt -readme=:INSTALL -readme=:install - -scan-path=/mnt/scf/git/repositories + +section-from-path=1 +scan-path=/srv/git ``` +Some notable tweaks I made were: + +- The `about-filter` uses `pandoc` to convert most document types to HTML (and + properly renders GitHub-flavored markdown unlike the built-in + about-formatting\.sh script) +- I tweaked the [style.css](https://git.pipeframe.xyz/style.css) +- I added a custom [script.js](https://git.pipeframe.xyz/script.js) that + currently does the following: + - Modifies the repository clone URLs to copy the URL on click instead of + navigating + - Make the root title a link to '/' for quickly clearing URL query parameters + - Open binary blobs in the tree explorer as raw instead of hexdump by default + |