lee/hpr-knowledge-base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
hpr-knowledge-base/hpr_transcripts/hpr2461.txt

256 lines
22 KiB
Plaintext
Raw Permalink Normal View History

Initial commit: HPR Knowledge Base MCP Server - MCP server with stdio transport for local use - Search episodes, transcripts, hosts, and series - 4,511 episodes with metadata and transcripts - Data loader with in-memory JSON storage 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-26 10:54:13 +00:00
Episode: 2461
Title: HPR2461: Gitolite
Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr2461/hpr2461.mp3
Transcribed: 2025-10-19 03:33:27
---
This in HPR episode 2461 entitled Geterite, it is hosted by Klaatu and in about 31 minutes
long and Karina Cleanflag, the summer is, using Geterite to administer your Geterver.
This episode of HPR is brought to you by an honesthost.com, get 15% discount on all shared
hosting with the offer code HPR15, that's HPR15.
It's a better web hosting that's honest and fair at An Honesthost.com.
Everyone, this is Klaatu and I want to talk about Geterite.
Geterite is a server frontend for Geterite.
So in the previous Geterite episode, I talked about running Geterite on a server and making
that available to people via SSH, which is pretty typical, that's usually the vector
for getting into a Geterite repository.
You can access it over a Geterite protocol or an HTTP protocol, but when you're pushing
and pulling and actually making commits, usually people prefer SSH.
So you can do that, I explained how to do that in the previous episode, but that relies
entirely on the host server in terms of who gets permission to access what and when you
go to add users, for instance, you have to do that through, you know, it's just the
Unix users get receive, get access and you can manipulate permissions and things like
that to make sure that people don't have access to repositories that you don't want them
to have access to, but it would be a lot of work and someone's already done that work
and the project that gives you all of that work for free is called Geterite.
It's G-I-T-O-L-I-T-E. Specifically, it's Geterite 3 and I say that because the documentation
for Geterite at Geterite.com tells you to look for specifically Geterite 3 when you go to
install it because, I guess, there must be packages out there still for just Geterite,
which refers, I guess, to version two.
So Geterite 3 is quite a handy little front end to help administrators manage users and
user permissions in relation to a get server.
Now this isn't one of those fancy front ends that provides you a web interface or anything
like that. It's not, for instance, GitLab or something like that. It's just for administration.
So it's a command that you'll have on your server and users will never really interact
directly with Geterite. They will give them an address of what they should use as their
remote location for their Git repository. They will do that and that's pretty much the
only interaction they'll have with Geterite. Geterite is very much an administrative tool.
And its advantage is that if you want a developer to join your project or if the developer has
requested access to a get repository that you're managing, rather than them then automatically
having to have a user account on your server, you can make them a user of Gitolite and
simply grant that user read and write permission, for instance, to a single repository and that's
all they'll ever be able to access on your server. It's really handy. So here's how to get
it. So I'm just firing up a virtual machine right now and when you log in, you escalate
to root user or use sudo if you prefer and do an install of Gitolite 3 or Gitolite. It
just kind of depends on what your repository calls it. But if there's a Gitolite and
a Gitolite 3, go for Gitolite 3. So I've installed it. And the first thing that we need to do
and all of this stuff is what I'm talking you through really is available on the Gitolite.com
website. If you go to Gitolite.com slash Gitolite slash quick underscore install, that'll get
you set up really. You do have to kind of read the code, the box, the screen, capture
box, but other than that, it's pretty straightforward. Now there's longer explanations of all of
this, but I'm just going to do the quick install because I'm assuming that you're fairly
familiar at least with Unix and with SSH. And that's pretty much all this is going to
entail. So I've got, I've set up the user for myself on this virtual machine, which
you would want to do if you haven't already. Like a standard user, not just root, for instance.
And then I've also created or I've set up the SSH infrastructure on this server so that
I can access it with a public key or with a private and public key exchange. So that's
already set up. If you don't know how to do that, go learn how to do that and then come
back and complete this, this install. So on this server, I can now SSH into the into
this server. So I know that on this server, I have one user and I'm going to escalate
to root and I'm going to create a new user just called Git, GIT. This is what is going
to be considered the host user. That's what Gitolite refers to this user as. Now it doesn't
have to be the string Git. It could be GitDev. It could be developer. It could be whatever
you want. But the point of this user is going to be kind of the owner, the keeper of Gitolite.
So use whatever front-inscript that you use to create users. Maybe it's add user. Maybe
it's user add. Maybe it's a GUI. Maybe it's a YAST. Whatever you use, do that. Create a
user and this user I'm calling Git. Now I'm going to get out of my virtual machine and
go back to my client machine and we're going to copy up to the server, up to the virtual
machine, my public key for CLAT2. So I'm just going to do an SCP from my home directory
in .ssh slash id underscore rsa.pub and I'm going to copy that up to CLAT2 at 192.168.122.70.
That may not be the address of your virtual machine, but if you're using VIRT manager,
that's what it defaults to. Now back in the virtual machine, I have this key. Now
I've called it Gitolite.key is what I've changed the name of this file to. You don't
have to do that. I did just so that I don't get all of my various keys confused. So I'm
going to move as root user again. I'm going to move this Gitolite.key over to slash
home slash Git. And then I'm going to go into slash home slash Git. And I'm going to
change the owner of that key such that it is Git colon. I don't know where that is
on the Quarty Keyboard anymore users and that will be Gitolite.key. And then I'm going
to SU into SU space dash space Git. So now I am the Git user. Perfect. So what we have
is a Git user, a dedicated Git user, and we've got my administrative SSH public key sitting
in the home folder of this new Git user. Now what we have to do is do a setup for Gitolite.
And there is a sub command for setup. It is called Gitolite space setup. And then
the arguments, well you can see the arguments if you do a Gitolite space setup space dash
H. That will kind of explain what you need to do. It doesn't explain it super well. I
found it quite confusing to be honest. But you can at least read it. It is there. So
Gitolite space setup and then what you really want to do is space dash pk or if you prefer
the long version of that dash dash pub key and then the file. So in this case, the file
that our public key is is Gitolite.key. So that is Clatuse key. It is living in Gitolites.
It is Clatuse public key living in Gitolites home directory for now. So we have done
a Gitolite setup dash pub key, Gitolite.key. I press return and it says that it does not
end in .pub. I guess I am going to rename my Gitolite.key to Gitolite.pub. There we go.
Now I am going to do Gitolite setup dash pk or dash dash pub key, Gitolite.pub. And
it says it is initialized into repository. It is initialized into repository. .ssh is missing.
It is creating a new one for me and it says that the authorized keys is missing. So it is
creating a one and it is normal on a brand new install. So don't panic. Now if I do
an LS in my home directory, I have my public key. I have a project.list and I have a
repositories directory. If I do a list in repositories, I have a Gitolite-admin.git.
And I have a testing.git. The only one I really care about right now is Gitolite-admin.git.
So what I can do now on my client machine, this is not in the virtual machine, this is
on my client machine. I am going to do a Git clone space Git at 192.168.122.70.gitolite-admin.git.
So notice, the user on my client machine is this class 2. It is not Git. But I am doing
a Git clone using Git at 192.168.122.70.gitolite-admin.git. And then I will copy it and then
copy that, or I will deposit that in a folder called Gitolite-admin.git here on my local
machine as well. So if I do that, it may prompt you for your password. If you have a password
on your SSH key, and then suddenly it is cloning a new repository called Gitolite-admin.git.
So this is actually how you administer your Gitolite server. So SUing to the Git user
and going into Git home directory and all that other good stuff, that's, that's, you're
done with that now. You're not really going to ever do that. And you are discouraged
from doing that by Gitolite documentation. They tell you specifically, do not do that.
Don't try to administer Gitolite from the server. Essentially those are now, those
are going to become, well, those will be bare repositories that you are not meant to
interact with directly. They're the trackers for all that remote repositories out there
in the wild. And that includes your administration repository. So on our client machine still. So
again, from here on out, we're always on the client machine. We are not dealing with the server
ever again, not directly anyway. I'm going to keep the virtual machine running because
obviously in real life, you would have the server running. But I'm just saying I'm not
SSAging into that server with an interactive shell any longer. This is all from the client
machine. So on the client machine, I'm going to go into, I'm going to CD into Gitolite-admin.git.
And I can see that there are two things here. I'm going to do an LS-capital F. And I'll see
that they're both directories. One directory is called CONF. And one is called KeyDur. So if we do,
let's just do a cat on CONF slash. And then the only file in that directory is Gitolite.CONF. So
this is the main configuration for the entire infrastructure of your Git server. I should say
the entire infrastructure of Git on your server. So this configuration file currently has two
entries in it. It defines two different repositories. And then it assigns a user certain permissions,
one for each repository. So the first one will be repo space Gitolite-admin. And that's going to be
true no matter what. If you've installed Gitolite and you've followed along with this,
it defines itself the Gitolite-admin directory. That's what we're using right now, the repository.
And the initial user for that is, well, it has permissions, RW plus. The R is for read,
the W is for write. And then the plus is for everything else that you could do to a repository.
Fast forward, delete branches, merge branches, things like that. And the user that it
gives that permission to on my system is called Gitolite. And you might think that that might be
different than yours, or you may just be confused as to why Gitolite is the user with those permissions.
Like, didn't we SSH in as a user called Git? Well, more on that in a moment. The second repository
that it defines is repo testing. And again, that has RW plus permissions set for the user
at all. Now, that's that's the at symbol followed by the word all. And the at symbol is the
notation in the Gitolite.conf file to denote that it is a group of users.
So if we'll get into that in a little bit. So for now, just know that the at all means that
everyone in the all group can access the testing repository as it is configured right now.
Okay, so let's look before we get into groups and fancy things like that. Let's just have a look
at where this Gitolite setting is coming from for the for the Gitolite admin. So now if you do an
LS on KeyDur, at least on my system because this is what I did earlier in in setting it up,
there's a public key called or named Gitolite.pub. And that's because if you'll recall on my
virtual machine on the server, I had created or I had copied up my clatu public key to my Git
server and I had named that key Gitolite.pub. So since Gitolite.pub is the name of the key,
that becomes the unique identifier for the user for the sort of vague notion of the user on that
system. So if we added, for instance, a bob.pub key to our keyDur, then we could go into our configuration
file and give bob all kinds of permissions. And that is exactly how you add users to this
infrastructure. So if you've got a developer who wants access to a repository, the developer
sends you their public key. You give it some name that makes sense to you. It can be their user name.
It can be your nickname for that person. It could just be some other designation that you have
come up with for tracking your users. But whatever that public key gets named, the string before
the dot pub becomes their unique identifier to Gitolite. And so you can open up the Gitolite.com.
And you could say, well, let's give this person, let's say, Bob, read access, just read access
to the testing repository. And so you would just type R and then equals and bob.
And as long as bob has a bob.pub in the keyDur, then bob can interact with that repository
using obviously Bob's private key on Bob's system to authenticate against that public key
on the server. Now, Bob will still do a Git clone of 192, well, Git at 192.168.177.20colon testing.get.
He won't use his name, Bob. It'll still be under Git at. Everyone's going to use Git at,
just like on GitHub, Git Lab, and all those other solutions. You're all SSHing to Git at.
And then that, you know, the domain name, the difference is that they are using SSH keys
to not only authenticate to the server, but also to identify themselves so that Gitolite can
determine who has permission to do what. Does that make sense? So once you make these changes,
the one really, really important thing you have to remember to do is you have to get add.conf.getolite.conf
and get commit, and we'll say we've added Bob. And we also need to get add the keyDur bob.pub.
And now we'll do another Git commit because I didn't do that initially. So get added Bob
pub key. And now we do a Git push origin head. All capitals head is H-E-A-D. All capitals
Git push origin head. Put in my password for my public key. And now if we were a user named Bob
with Bob.pub is our key, we could then clone Git test, the testing Git repository. And of course,
we can actually test that by simply doing, well, we'll have to make an entry, I think, this is the
only way I know to do it anyway. Make an entry into our .ssh config file. To mask grade is Bob
whenever we talk to this host. So the user remains as Git, but the key that we want to use now is in
my testing directory. And it's called bob.pub. And now I can do a Git clone one and two.
So any testing.git. And I didn't put a password for Bob's fake key. So it's just cloning the
directory immediately. And there it is. Not much to look at, but it does work.
Yeah, that's the really, really basic side of Gitolife. There's a lot more that you can do with it
in terms of the configuration file. You can add groups as I started to hint earlier
so that you can say, and you can group repose together, or you can group users together. So you
can create a, and at my repose group, for instance, and you could say, well, that's going to equal
the repose foo and bar. So it would be at my repose equals foo. And then at my repose equals bar.
So you're just adding them to a list in a sense, one per line. And then you can say, okay, repose
at my repose. And then you can grant read, write, and everything else access to yourself.
So you can go into any repo and do anything that you want as long as it's a repo that is listed
in at my repose. Or you can do that on the other end with users and define a set of users
that maybe all staff members might have access to all, I don't know, all of the project
repositories, whereas the developers may have access to something else, I don't know. So at staff
equals Bob and Classu. And then you can set r plus, you know, rw plus equals at staff.
So it's pretty simple, I guess. There are a few other things that you can do in terms of
obviously I should mention also rw plus is not the only set of permissions that you are allowed
to grant, obviously. So the rw plus is read, write, and then everything else that you can do with
a repository. But you can also just do r for just read. I guess you could do just w, I don't know
really how that would work, but you can do rw for read and write. And you can do a minus to deny
access. So if you need to explicitly deny access for whatever reason, whether you just
feel better about doing that, you can just do a dash. And it will remove access from a certain
repository. But I think more often you'd probably use it to deny access to a specific branch,
for instance. So you might give, you might give certain people access to a repository.
But forbid them, you know, deny access from the master branch. And that can be very useful.
Obviously, if you don't want people breaking your builds and you're, you know, your master is
your, is your stable, then you can remove access from master for Bob, but then grant access to,
for instance, dev to Bob so that he can work in the dev branch, but can never access master.
So there you go. The configuration file options are delineated pretty clearly
at getolight.com slash geto light slash conf. It's a pretty good, pretty good page full of
various rulings and subtleties of how you can manage permissions. And it's quite flexible.
It is, it's, it's, it's a lot more flexible, for instance, than just letting people
SSH into your server and grab the repository, that's for sure. I mean, you can replicate a lot of
this with, for instance, get hooks and, you know, you can kind of see what users trying to push to
what branch and you could deny a push if it was happening. But I mean, that's just a lot of work.
And it's a lot easier to just set that here in one centralized location. And as I say, the two
things that you have to remember to do, I think, for the configuration part is to obtain the public
keys and give them the proper name. That's one thing. It's two things, but I'm counting it as one.
And then the other, the, the one that keeps messing me up is I forget to push. I just, I,
I make the change on my client, on my client computer, where I have my geto light dash admin
configuration. And then I forget to push the thing back up to the server. So I grant someone
access and then they email me later and tell me I, they can't get to it. I'm asking them,
are you using the right port? Are you using your key? And then I realize, oh yeah, I forgot to push
that commit. So don't forget to do that. I think that's everything to be honest. The, the bulk of the
work is kind of the setting up of that initial SSH key infrastructure to make sure that you've,
you've got permission and that geto light knows that that's the key that's going to be the administrative
user that whole part. After that, it's, it's really almost self explanatory. I mean, you can kind
of look at the configuration file and figure out how to do that yourself. Oh, I, which I should
mention. Yeah. So if you're adding a repository. So if you, if you want to add a new repository,
all you have to do is create a new line. So repo, let's do hpr and we'll rw plus
equals kin and rw equals clatu. So I'm pretending here that I have kin's public key
and repo hpr. Yeah. So that's all I have to do in order to create a new repository. I'll do the get add
and then I'll do the get commit. Add did hpr repo and then I'll do the get push origin head.
Type in my password from my user, my SSH public or private key, whatever it is called.
And there we go. So now geto light on the back end. If we were to, if we were to look at the
infrastructure of this thing on our virtual machine, which of course we, we've been told not to
really mess around with that, not to really look too, too closely behind the curtain, but we're
going to do it anyway. If we look at this and we look in the repository's directory, we'll see now
that there's a geto light dash admin dot get a testing dot get and an hpr dot get. So in order to
create a new bear repository on your server, you just add it to your geto light configuration file,
give it some you a at least one user and it'll be created for you. Now this is probably a good
time to mention that if you are doing something fancy like taking existing get repositories
and migrating them to be under the control of geto light, you should read up on how to do that.
There is a section called basic dash admin. So if you go to geto light dot com slash geto light slash
basic dash admin, there's a section there on bringing existing repose into geto light.
You don't want to just do this yourself without reading their warnings because should you have
anything very fancy set up or if you just have it named wrong, like it just it'll either won't work
or something will get messed up. So you don't really want to do that really honestly. So be careful
there. But yeah, that's that's geto light. It's it makes the administration of a get server much,
much easier. It makes it really flexible. It does not provide a pretty front end for your users.
So if your users are those types of get users who really, really rely on the HTTP stuff and
want a web page where they can view all their diffs and things like that. This is not it.
But if your users are fairly confident in competent and confident in get and you know whether they're
using the terminal or whether they're using something like get cola or some gooey front end,
this is a brilliant, brilliant, brilliant way to do administration on the server side. Give it a
go. Try it out. I think you'll like it. Thank you for listening. Talk to you next time.
You've been listening to Hacker Public Radio at Hacker Public Radio dot org. We are a community
podcast network that releases shows every weekday Monday through Friday. Today's show, like all our
shows, was contributed by an HPR listener like yourself. If you ever thought of recording a
podcast and click on our contributing to find out how easy it really is. Hacker Public Radio was
founded by the digital dot pound and the infonomicon computer club and is part of the binary revolution
at binwreff.com. If you have comments on today's show, please email the host directly, leave a
comment on the website or record a follow-up episode yourself. Unless otherwise stated, today's show
is released on the creative comments, attribution, share a life, 3.0 license.
Reference in New Issue Copy Permalink