git for local web development

git for local web development

[William DiNoia]

Hello,

I am having a bit of trouble trying to setup git for web development. I would like to have a git repository in /var/www/sites which I can clone and work on from my ~/Desktop. Working from the desktop clone, I would like to be able to git-push and have the work tree updated. It seems this is a common request as it is in the FAQ, Why won't I see changes in the remote repo after "git push"?

This is what I've done...

as www-data from /var/www/sites/

$mkdir test.com
$cd test.com
$git-init
$git-config core.worktree /var/www/sites/test.com
$vim .git/hooks/post-receive
 #!/bin/sh
 git-checkout -f
$chmod +x .git/hooks/post-receive

Then as william from /home/william/Desktop/

$git-clone /var/www/sites/test.com
$cd test.com
$vim index.html
 testing, testing, 1,2
$git-add index.html
$git-commit
$git-push origin master

Something like the following is returned, and the work tree at /var/www/sites/test.com is not updated

Counting objects: 5, done.
Compressing objects: 100% (2/2), done.
Writing objects: 100% (3/3), 277 bytes, done.
Total 3 (delta 1), reused 0 (delta 0)
Unpacking objects: 100% (3/3), done.
To /var/www/sites/test.com/.git
   9b490a2..5e5cc63  master -> master
error: unable to unlink old 'index.html' (Permission denied)
error: hooks/post-receive exited with error code 1

The interesting part is that if I change to /var/www/sites/test.com and run "git-checkout -f" it updates the work tree...
Should I be using a different hook? 
Is there something wrong with the script?
Is there a better, more elegant way to achieve updating of the work tree? 

git for local web development

[William DiNoia]

Hello,

I am having a bit of trouble trying to setup git for web development.
I would like to have a git repository in /var/www/sites which I can clone and
work on from my ~/Desktop. Working from the desktop clone, I would like to be
able to git-push and have the work tree updated. It seems this is a common
request as it is in the FAQ entitled, Why won't I see changes in the remote
repo after "git push"?

This is what I've done...

as www-data from /var/www/sites/

$mkdir test.com
$cd test.com
$git-init
$git-config core.worktree /var/www/sites/test.com
$vim .git/hooks/post-receive
#!/bin/sh
git-checkout -f
$chmod +x .git/hooks/post-receive

Then as william from /home/william/Desktop/

$git-clone /var/www/sites/test.com
$cd test.com
$vim index.html
testing, testing, 1,2
$git-add index.html
$git-commit
$git-push origin master

Something like the following is returned, and the work tree at
/var/www/sites/test.com is not updated

Counting objects: 5, done.
Compressing objects: 100% (2/2), done.
Writing objects: 100% (3/3), 277 bytes, done.
Total 3 (delta 1), reused 0 (delta 0)
Unpacking objects: 100% (3/3), done.
To /var/www/sites/test.com/.git
   9b490a2..5e5cc63  master -> master
error: unable to unlink old 'index.html' (Permission denied)
error: hooks/post-receive exited with error code 1

The interesting part is that if I change to /var/www/sites/test.com and run
"git-checkout -f" it updates the work tree...
Should I be using a different hook? 

Re: git for local web development

[Jeff King]

On Thu, Apr 16, 2009 at 07:04:10PM -0400, William DiNoia wrote:

> I would like to be able to git-push and have the work tree updated.
>
> [...]
>
> $vim .git/hooks/post-receive
>  #!/bin/sh
>  git-checkout -f
> $chmod +x .git/hooks/post-receive
>
> [...]
>
> Counting objects: 5, done.
> Compressing objects: 100% (2/2), done.
> Writing objects: 100% (3/3), 277 bytes, done.
> Total 3 (delta 1), reused 0 (delta 0)
> Unpacking objects: 100% (3/3), done.
> To /var/www/sites/test.com/.git
>    9b490a2..5e5cc63  master -> master
> error: unable to unlink old 'index.html' (Permission denied)
> error: hooks/post-receive exited with error code 1

Well, your post-receive hook is running, and checkout is barfing with a
permission denied error. Probably the repo directory is owned by
www-data, and you are pushing as user "william"? What are the directory
permissions like?

-Peff

Re: git for local web development

[William DiNoia]

Jeff King <peff <at> peff.net> writes:

> 
> On Thu, Apr 16, 2009 at 07:04:10PM -0400, William DiNoia wrote:
> 
> > I would like to be able to git-push and have the work tree updated.
> >
> > [...]
> >
> > $vim .git/hooks/post-receive
> >  #!/bin/sh
> >  git-checkout -f
> > $chmod +x .git/hooks/post-receive
> >
> > [...]
> >
> > Counting objects: 5, done.
> > Compressing objects: 100% (2/2), done.
> > Writing objects: 100% (3/3), 277 bytes, done.
> > Total 3 (delta 1), reused 0 (delta 0)
> > Unpacking objects: 100% (3/3), done.
> > To /var/www/sites/test.com/.git
> >    9b490a2..5e5cc63  master -> master
> > error: unable to unlink old 'index.html' (Permission denied)
> > error: hooks/post-receive exited with error code 1
> 
> Well, your post-receive hook is running, and checkout is barfing with a
> permission denied error. Probably the repo directory is owned by
> www-data, and you are pushing as user "william"? What are the directory
> permissions like?
> 
> -Peff

I have since switched to using the post-update hook which now looks like:

git-checkout -f
exec git-update-server-info

However upon git-push from /home/william/Desktop I receive the following:

Counting objects: 5, done.
Compressing objects: 100% (2/2), done.
Writing objects: 100% (3/3), 281 bytes, done.
Total 3 (delta 1), reused 0 (delta 0)
Unpacking objects: 100% (3/3), done.
To /var/www/sites/test.com/.git
   e337c9b..581228f  master -> master
error: unable to unlink old 'index.html' (Permission denied)

The repo is owned by "www-data" and I am pushing as user "william". "william"
is in the "www-data" group. I also ran

git-config core.sharedrepository group

as "www-data", but no change...

Re: git for local web development

[Jeff King]

On Fri, Apr 17, 2009 at 03:44:43PM +0000, William DiNoia wrote:

> I have since switched to using the post-update hook which now looks like:
> 
> git-checkout -f
> exec git-update-server-info

That will ignore any error code from git-checkout; you probably want

  git checkout -f && git update-server-info

> However upon git-push from /home/william/Desktop I receive the following:
> 
> Counting objects: 5, done.
> Compressing objects: 100% (2/2), done.
> Writing objects: 100% (3/3), 281 bytes, done.
> Total 3 (delta 1), reused 0 (delta 0)
> Unpacking objects: 100% (3/3), done.
> To /var/www/sites/test.com/.git
>    e337c9b..581228f  master -> master
> error: unable to unlink old 'index.html' (Permission denied)

So this is the same error as before, because it is coming from the
"git-checkout -f" invocation.

> The repo is owned by "www-data" and I am pushing as user "william". "william"
> is in the "www-data" group. I also ran
> 
> git-config core.sharedrepository group
> 
> as "www-data", but no change...

The error is in the permissions of the working tree that already exists.
core.sharedrepository is about the settings that git uses for files within
$GIT_DIR. The working tree files that already exist are not changed.

I suspect if you "ls -ld /var/www/sites/test.com" you will see that it
does not have group write permissions.  If that is the case, it is
probably simplest to just add group write permissions to the whole
tree:

  find /var/www/sites/test.com -name .git -prune -o -print0 |
    xargs -0 chmod g+w

I don't recall offhand whether newly created files in the working tree
will have the group and permissions set according to
core.sharedrepository (I think sharedrepository is usually about users
sharing a common repo for pushing into).

If you are just going to push as "william", is there a reason that the
repo and working tree are not owned by "william"? As long as www-data,
presumably the webserver could still serve it.

-Peff

Re: git for local web development

[Martin Langhoff]

On Fri, Apr 17, 2009 at 8:30 PM, Jeff King <peff@peff.net> wrote:
> repo and working tree are not owned by "william"? As long as www-data,
> presumably the webserver could still serve it.

Also, as long as they are owned by www-data, the setup is more
vulnerable to security problems.

Files served by Apache (or any other webserver) should _not_ be owned
by the same user that the webserver runs under. The www-data ownership
is exclusively for files that you expect the webserver to be able to
_modify_: files uploaded by users, session data files, sqlite
databases and such.

You don't really want your webserver changing executable files such as PHP.

It is a valid thing to create a user to own those files, and in
servers where a team was maintaining the code, we have often used
'www-code'.

cheers,



m
-- 
 martin.langhoff@gmail.com
 martin@laptop.org -- School Server Architect
 - ask interesting questions
 - don't get distracted with shiny stuff  - working code first
 - http://wiki.laptop.org/go/User:Martinlanghoff

Re: git for local web development

[William DiNoia]

Jeff King <peff <at> peff.net> writes:

> If you are just going to push as "william", is there a reason that the
> repo and working tree are not owned by "william"? As long as www-data,
> presumably the webserver could still serve it.
> 
> -Peff
> 

Solved...

I took your advice and changed the owner of /var/www/var/sites to "william".
It pushes and the post-update hook checks out the pushed files to adjacent work
tree. I was mistakenly under the impression that Apache could only read files
owned by "www-data".

Thank you for your help,
William