setup gitosis on Fedora 11

setup gitosis on Fedora 11

[brizly vaan van Ulciputz]

Hello there,

i tried to setup gitosis on a Fedora 11 system,
since i dont seem to be the only person having trouble here,
i am asking here now.

someone pasted that:
http://paste.org/pastebin/view/9154
and that's just the way i did it and the way i end in :-(

with the only difference i was using another 'tutorial'
http://www.shakthimaan.com/installs/gitosis.html

i tried a bit an sometimes ended in the prompt to enter password for
gitosis@server after "git push..." No idea what to do.

I asked #git and #fedora on freenode, was referred to this list.
So can anyone gimme a hint?

_____
luck up
brizly

Re: setup gitosis on Fedora 11

[Sitaram Chamarty]

On Sat, Jul 18, 2009 at 3:15 AM, brizly vaan van
Ulciputz<brizly@freenet.de> wrote:

> i tried to setup gitosis on a Fedora 11 system,
> since i dont seem to be the only person having trouble here,
> i am asking here now.
>
> someone pasted that:
> http://paste.org/pastebin/view/9154
> and that's just the way i did it and the way i end in :-(
>
> with the only difference i was using another 'tutorial'
> http://www.shakthimaan.com/installs/gitosis.html
>
> i tried a bit an sometimes ended in the prompt to enter password for
> gitosis@server after "git push..." No idea what to do.
>
> I asked #git and #fedora on freenode, was referred to this list.
> So can anyone gimme a hint?

line 12 in the first pastebin (and there's no need to use pastebins for a few
lines on the mailing list; it's on #git that is really needed!) says
    ERROR:gitosis.serve.main:Repository read access denied

This means you got past ssh issues, which is further along than most people
who come to #git with gitosis problems :-)

This error could mean one of the following:

(1) you're using the wrong key/repo pair.  Of course your key *is* in
gitosis.conf but the repo you're trying to push to isn't, or doesnot
list you as one of the valid users

(2) your gitosis.conf is all correct, but you forgot the "chmod" somewhere
above, and the post-update hook never ran, so the real gitosis.conf (which
gitosis uses -- this is ~git/.gitosis.conf) doesn't have the same data

I also don't like that howto; it appears to be doing everything on one
machine, with the same userid, so people who don't grok ssh very well will
still have trouble even after all this is done to translate that knowledge to a
real deployment.

Bottom line: here's what should match for that error to go away:

  - the public key corresponding to the private key your client-side ssh is
    using
  - must match *exactly* one of the public keys in the server-side
    ~git/.ssh/authorized_keys

[this is probably OK in your case, but please check there is *exactly one*.  I
have a vague memory of seeing a case when someone adds a key twice with
different usernames in error.  Ssh picks up perhaps the first one, while your
gitosis.conf talks about the second one...]

and

  - the name after "gitosis-init" on the pubkey line that matched above
  - must match a username in ~git/.gitosis.conf (which is a symlink to
    something but never mind)

and

  - this username must be mentioned in the members= line of some section in
    gitosis.conf which also has "writable = my-first-repo"

You can check *all* of this by looking at ~git/.gitosis.conf and
~git/.ssh/authorized_keys on the server and ~/.ssh/id_[rd]sa.pub on your
client

Re: setup gitosis on Fedora 11

[brizly vaan van Ulciputz]

i think it could be the think with post-update.
But because i don't know for sure how to set it up,
i will at first try to be sure the other mentioned points are correct.

brizly2 is my notebook
s28 is the server with gitosis

Sitaram Chamarty:
> This error could mean one of the following:
> 
> (1) you're using the wrong key/repo pair.  Of course your key *is* in
> gitosis.conf but the repo you're trying to push to isn't, or doesnot
> list you as one of the valid users

to be sure i paste the md5 of the two keys:

[brizly2@brizlyMobil ~]md5sum ~/.ssh/id_rsa.pub 
ece497792a3cf840e55308f94b854efd  /home/brizly/.ssh/id_rsa.pub

[root@s28 ~]# md5sum /home/brizly/.ssh/id_rsa.pub
ece497792a3cf840e55308f94b854efd  /home/brizly/.ssh/id_rsa.pub

comment: gitosis uses the same key as me as admin. isn't a problem, is
it? The user brizly exists on notebook as on s2

> (2) your gitosis.conf is all correct, but you forgot the "chmod" somewhere
> above, and the post-update hook never ran, so the real gitosis.conf (which
> gitosis uses -- this is ~git/.gitosis.conf) doesn't have the same data

as mentioned above i don't know exactly where to set up the thing with
the post-update. And i actually don't have a git-user on the server (i
had one, but thought i didn't need one, so deleted it).

> I also don't like that howto; it appears to be doing everything on one
> machine, with the same userid, so people who don't grok ssh very well will
> still have trouble even after all this is done to translate that knowledge to a
> real deployment.

Because my first run wasn't very successfull, i tried another tutorial
where the developer-machine and the gitosis-server are 2 different ones.
see http://www.shakthimaan.com/installs/gitosis.html

> Bottom line: here's what should match for that error to go away:
> 
>   - the public key corresponding to the private key your client-side ssh is
>     using
>   - must match *exactly* one of the public keys in the server-side
>     ~git/.ssh/authorized_keys

see md5sums above, i think they are the same.

> [this is probably OK in your case, but please check there is *exactly one*.  I
> have a vague memory of seeing a case when someone adds a key twice with
> different usernames in error.  Ssh picks up perhaps the first one, while your
> gitosis.conf talks about the second one...]

So it is a problem when by 'normal' user on the server uses the same key
as gitosis does? The server is not only serving gitosis, an for other
reasons the user "brizly" is, for perspective of ssh, the same on
notebook and on server.

> and
>   - the name after "gitosis-init" on the pubkey line that matched above
>   - must match a username in ~git/.gitosis.conf (which is a symlink to
>     something but never mind)

How do i check that?

> and
>   - this username must be mentioned in the members= line of some section in
>     gitosis.conf which also has "writable = my-first-repo"

> You can check *all* of this by looking at ~git/.gitosis.conf and
> ~git/.ssh/authorized_keys on the server and ~/.ssh/id_[rd]sa.pub on your
> client

by all my tries i know restarted end end up in again beeing prompted for
gitosis-password:

[root@s28 gitosis]# sudo -H -u gitosis gitosis-init
< /home/brizly/.ssh/id_rsa.pub 
Reinitialized existing Git repository
in /var/lib/gitosis/repositories/gitosis-admin.git/
Reinitialized existing Git repository
in /var/lib/gitosis/repositories/gitosis-admin.git/
[root@s28 gitosis]# su - gitosis
-sh-4.0$ pwd
/var/lib/gitosis
-sh-4.0$ cat .gitosis.conf 
[gitosis]

[group gitosis-admin]
writable = gitosis-admin
members = gitosis@s28

###
and after that (same on notebook or s28)
[brizly@s28 ~]$ git clone gitosis@192.168.23.27:gitosis-admin.git
Initialized empty Git repository in /home/brizly/gitosis-admin/.git/
gitosis@192.168.23.27's password:


so, at the moment i am again at the end of ideas, but the post-update.
How to check that?

_____
luck up
brizly

Re: setup gitosis on Fedora 11

[Sitaram Chamarty]

On Sat, Jul 18, 2009 at 1:10 PM, brizly vaan van Ulciputz
<brizly@freenet.de> wrote:
>
> i think it could be the think with post-update.
> But because i don't know for sure how to set it up,

It was in the how to you mentioned.

> comment: gitosis uses the same key as me as admin. isn't a problem, is
> it? The user brizly exists on notebook as on s2

By "gitosis uses..." I presume you mean "the userid on the server that is
being used as the gitosis user".  Should not matter, normally, but see below

> > (2) your gitosis.conf is all correct, but you forgot the "chmod" somewhere
> > above, and the post-update hook never ran, so the real gitosis.conf (which
> > gitosis uses -- this is ~git/.gitosis.conf) doesn't have the same data
>
> as mentioned above i don't know exactly where to set up the thing with
> the post-update. And i actually don't have a git-user on the server (i
> had one, but thought i didn't need one, so deleted it).

you either follow howtos (good or bad) as closely as you can, or you
understand enough about ssh to bypass it.  You are mixing these two
approaches; sorry I can't really help you.

Let me say this: gitosis requires far more ssh knowledge than git knowledge.
I do not want use this list to teach ssh, more than bare minimum.  Anyway I
have written quite a lot of stuff at
http://sitaramc.github.com/0-installing/9-gitosis-server-install.html that
might help you in understanding.

> > I also don't like that howto; it appears to be doing everything on one
> > machine, with the same userid, so people who don't grok ssh very well will
> > still have trouble even after all this is done to translate that knowledge to a
> > real deployment.
>
> Because my first run wasn't very successfull, i tried another tutorial
> where the developer-machine and the gitosis-server are 2 different ones.
> see http://www.shakthimaan.com/installs/gitosis.html
>
> > Bottom line: here's what should match for that error to go away:
> >
> >   - the public key corresponding to the private key your client-side ssh is
> >     using
> >   - must match *exactly* one of the public keys in the server-side
> >     ~git/.ssh/authorized_keys
>
> see md5sums above, i think they are the same.

You compared id_rsa.pub on both sides; you did not even compare the file I
mentioned here (authorized_keys).  Sorry.

One mistake I made is I used the wrong emphasis above.  "*exactly* one" should
be read "exactly *one*" meaning it should not match more than one entry in the
authorized_keys file.

Oh the below para clarifies my intent anyway...

> > [this is probably OK in your case, but please check there is *exactly one*.  I
> > have a vague memory of seeing a case when someone adds a key twice with
> > different usernames in error.  Ssh picks up perhaps the first one, while your
> > gitosis.conf talks about the second one...]

> So it is a problem when by 'normal' user on the server uses the same key
> as gitosis does? The server is not only serving gitosis, an for other
> reasons the user "brizly" is, for perspective of ssh, the same on
> notebook and on server.

Yes normally it is a problem.  I repeat: this is nothing to do with gitosis;
it is ssh knowledge you need.

> > and
> >   - the name after "gitosis-init" on the pubkey line that matched above
> >   - must match a username in ~git/.gitosis.conf (which is a symlink to
> >     something but never mind)
>
> How do i check that?

Since you did not even look in the file I asked you to look, I guess you would
not find it...

Summary: gitosis does require you to know a fair bit about unix and ssh.  I'm
sorry that most howtos pretend to whitewash all that.

Re: setup gitosis on Fedora 11

[brizly vaan van Ulciputz]

> you either follow howtos (good or bad) as closely as you can, or you
> understand enough about ssh to bypass it.  You are mixing these two
> approaches; sorry I can't really help you.
> 
> Let me say this: gitosis requires far more ssh knowledge than git knowledge.
> I do not want use this list to teach ssh, more than bare minimum.  Anyway I
> have written quite a lot of stuff at
> http://sitaramc.github.com/0-installing/9-gitosis-server-install.html that
> might help you in understanding.

To make this long story short i will go into me, rework through my
ssh-setup i have in my little network and walk through your link
mentioned above.

Thank you so far.
I thouht i had enough knowledge about ssh, but seems it's just dangerous
smattering (in my neighborhood we call it "gefaehrliches
Halbwissen") :-)

_____
luck up
brizly

Re: setup gitosis on Fedora 11

[Shakthi Kannan]

Hi,

--- On Sat, Jul 18, 2009 at 1:10 PM, brizly vaan van
Ulciputz<brizly@freenet.de> wrote:
| brizly2 is my notebook
| s28 is the server with gitosis
|
| The user brizly exists on notebook as on s2
\--

As per the gitosis documentation that I have tested, the local user
does not have a HOME account on the gitosis remote server. I am not
sure if specifying the SSH file as 'username@hostname' will make a
difference in this context, when you add the local user SSH key to
gitosis-admin/keydir.

---
| Because my first run wasn't very successfull, i tried another tutorial
| where the developer-machine and the gitosis-server are 2 different ones.
| see http://www.shakthimaan.com/installs/gitosis.html
\--

Please ping me 'mbuf' on #git if you have any queries regarding the
documentation.

SK

-- 
Shakthi Kannan
http://www.shakthimaan.com

Re: setup gitosis on Fedora 11

[brizly vaan van Ulciputz]

> Have you manually included your key on the ~/.ssh/authorized_keys? It
> will bypass gitosis control!

no, the authorizes_keys-file does not exists on both system in "brizly"s
account.