Initial commit: HPR Knowledge Base MCP Server
- MCP server with stdio transport for local use - Search episodes, transcripts, hosts, and series - 4,511 episodes with metadata and transcripts - Data loader with in-memory JSON storage 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Lee Hanken
255
hpr_transcripts/hpr2461.txt
Normal file
255
hpr_transcripts/hpr2461.txt
Normal file
@@ -0,0 +1,255 @@
|
||||
Episode: 2461
|
||||
Title: HPR2461: Gitolite
|
||||
Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr2461/hpr2461.mp3
|
||||
Transcribed: 2025-10-19 03:33:27
|
||||
|
||||
---
|
||||
|
||||
This in HPR episode 2461 entitled Geterite, it is hosted by Klaatu and in about 31 minutes
|
||||
long and Karina Cleanflag, the summer is, using Geterite to administer your Geterver.
|
||||
This episode of HPR is brought to you by an honesthost.com, get 15% discount on all shared
|
||||
hosting with the offer code HPR15, that's HPR15.
|
||||
It's a better web hosting that's honest and fair at An Honesthost.com.
|
||||
Everyone, this is Klaatu and I want to talk about Geterite.
|
||||
Geterite is a server frontend for Geterite.
|
||||
So in the previous Geterite episode, I talked about running Geterite on a server and making
|
||||
that available to people via SSH, which is pretty typical, that's usually the vector
|
||||
for getting into a Geterite repository.
|
||||
You can access it over a Geterite protocol or an HTTP protocol, but when you're pushing
|
||||
and pulling and actually making commits, usually people prefer SSH.
|
||||
So you can do that, I explained how to do that in the previous episode, but that relies
|
||||
entirely on the host server in terms of who gets permission to access what and when you
|
||||
go to add users, for instance, you have to do that through, you know, it's just the
|
||||
Unix users get receive, get access and you can manipulate permissions and things like
|
||||
that to make sure that people don't have access to repositories that you don't want them
|
||||
to have access to, but it would be a lot of work and someone's already done that work
|
||||
and the project that gives you all of that work for free is called Geterite.
|
||||
It's G-I-T-O-L-I-T-E. Specifically, it's Geterite 3 and I say that because the documentation
|
||||
for Geterite at Geterite.com tells you to look for specifically Geterite 3 when you go to
|
||||
install it because, I guess, there must be packages out there still for just Geterite,
|
||||
which refers, I guess, to version two.
|
||||
So Geterite 3 is quite a handy little front end to help administrators manage users and
|
||||
user permissions in relation to a get server.
|
||||
Now this isn't one of those fancy front ends that provides you a web interface or anything
|
||||
like that. It's not, for instance, GitLab or something like that. It's just for administration.
|
||||
So it's a command that you'll have on your server and users will never really interact
|
||||
directly with Geterite. They will give them an address of what they should use as their
|
||||
remote location for their Git repository. They will do that and that's pretty much the
|
||||
only interaction they'll have with Geterite. Geterite is very much an administrative tool.
|
||||
And its advantage is that if you want a developer to join your project or if the developer has
|
||||
requested access to a get repository that you're managing, rather than them then automatically
|
||||
having to have a user account on your server, you can make them a user of Gitolite and
|
||||
simply grant that user read and write permission, for instance, to a single repository and that's
|
||||
all they'll ever be able to access on your server. It's really handy. So here's how to get
|
||||
it. So I'm just firing up a virtual machine right now and when you log in, you escalate
|
||||
to root user or use sudo if you prefer and do an install of Gitolite 3 or Gitolite. It
|
||||
just kind of depends on what your repository calls it. But if there's a Gitolite and
|
||||
a Gitolite 3, go for Gitolite 3. So I've installed it. And the first thing that we need to do
|
||||
and all of this stuff is what I'm talking you through really is available on the Gitolite.com
|
||||
website. If you go to Gitolite.com slash Gitolite slash quick underscore install, that'll get
|
||||
you set up really. You do have to kind of read the code, the box, the screen, capture
|
||||
box, but other than that, it's pretty straightforward. Now there's longer explanations of all of
|
||||
this, but I'm just going to do the quick install because I'm assuming that you're fairly
|
||||
familiar at least with Unix and with SSH. And that's pretty much all this is going to
|
||||
entail. So I've got, I've set up the user for myself on this virtual machine, which
|
||||
you would want to do if you haven't already. Like a standard user, not just root, for instance.
|
||||
And then I've also created or I've set up the SSH infrastructure on this server so that
|
||||
I can access it with a public key or with a private and public key exchange. So that's
|
||||
already set up. If you don't know how to do that, go learn how to do that and then come
|
||||
back and complete this, this install. So on this server, I can now SSH into the into
|
||||
this server. So I know that on this server, I have one user and I'm going to escalate
|
||||
to root and I'm going to create a new user just called Git, GIT. This is what is going
|
||||
to be considered the host user. That's what Gitolite refers to this user as. Now it doesn't
|
||||
have to be the string Git. It could be GitDev. It could be developer. It could be whatever
|
||||
you want. But the point of this user is going to be kind of the owner, the keeper of Gitolite.
|
||||
So use whatever front-inscript that you use to create users. Maybe it's add user. Maybe
|
||||
it's user add. Maybe it's a GUI. Maybe it's a YAST. Whatever you use, do that. Create a
|
||||
user and this user I'm calling Git. Now I'm going to get out of my virtual machine and
|
||||
go back to my client machine and we're going to copy up to the server, up to the virtual
|
||||
machine, my public key for CLAT2. So I'm just going to do an SCP from my home directory
|
||||
in .ssh slash id underscore rsa.pub and I'm going to copy that up to CLAT2 at 192.168.122.70.
|
||||
That may not be the address of your virtual machine, but if you're using VIRT manager,
|
||||
that's what it defaults to. Now back in the virtual machine, I have this key. Now
|
||||
I've called it Gitolite.key is what I've changed the name of this file to. You don't
|
||||
have to do that. I did just so that I don't get all of my various keys confused. So I'm
|
||||
going to move as root user again. I'm going to move this Gitolite.key over to slash
|
||||
home slash Git. And then I'm going to go into slash home slash Git. And I'm going to
|
||||
change the owner of that key such that it is Git colon. I don't know where that is
|
||||
on the Quarty Keyboard anymore users and that will be Gitolite.key. And then I'm going
|
||||
to SU into SU space dash space Git. So now I am the Git user. Perfect. So what we have
|
||||
is a Git user, a dedicated Git user, and we've got my administrative SSH public key sitting
|
||||
in the home folder of this new Git user. Now what we have to do is do a setup for Gitolite.
|
||||
And there is a sub command for setup. It is called Gitolite space setup. And then
|
||||
the arguments, well you can see the arguments if you do a Gitolite space setup space dash
|
||||
H. That will kind of explain what you need to do. It doesn't explain it super well. I
|
||||
found it quite confusing to be honest. But you can at least read it. It is there. So
|
||||
Gitolite space setup and then what you really want to do is space dash pk or if you prefer
|
||||
the long version of that dash dash pub key and then the file. So in this case, the file
|
||||
that our public key is is Gitolite.key. So that is Clatuse key. It is living in Gitolites.
|
||||
It is Clatuse public key living in Gitolites home directory for now. So we have done
|
||||
a Gitolite setup dash pub key, Gitolite.key. I press return and it says that it does not
|
||||
end in .pub. I guess I am going to rename my Gitolite.key to Gitolite.pub. There we go.
|
||||
Now I am going to do Gitolite setup dash pk or dash dash pub key, Gitolite.pub. And
|
||||
it says it is initialized into repository. It is initialized into repository. .ssh is missing.
|
||||
It is creating a new one for me and it says that the authorized keys is missing. So it is
|
||||
creating a one and it is normal on a brand new install. So don't panic. Now if I do
|
||||
an LS in my home directory, I have my public key. I have a project.list and I have a
|
||||
repositories directory. If I do a list in repositories, I have a Gitolite-admin.git.
|
||||
And I have a testing.git. The only one I really care about right now is Gitolite-admin.git.
|
||||
So what I can do now on my client machine, this is not in the virtual machine, this is
|
||||
on my client machine. I am going to do a Git clone space Git at 192.168.122.70.gitolite-admin.git.
|
||||
So notice, the user on my client machine is this class 2. It is not Git. But I am doing
|
||||
a Git clone using Git at 192.168.122.70.gitolite-admin.git. And then I will copy it and then
|
||||
copy that, or I will deposit that in a folder called Gitolite-admin.git here on my local
|
||||
machine as well. So if I do that, it may prompt you for your password. If you have a password
|
||||
on your SSH key, and then suddenly it is cloning a new repository called Gitolite-admin.git.
|
||||
So this is actually how you administer your Gitolite server. So SUing to the Git user
|
||||
and going into Git home directory and all that other good stuff, that's, that's, you're
|
||||
done with that now. You're not really going to ever do that. And you are discouraged
|
||||
from doing that by Gitolite documentation. They tell you specifically, do not do that.
|
||||
Don't try to administer Gitolite from the server. Essentially those are now, those
|
||||
are going to become, well, those will be bare repositories that you are not meant to
|
||||
interact with directly. They're the trackers for all that remote repositories out there
|
||||
in the wild. And that includes your administration repository. So on our client machine still. So
|
||||
again, from here on out, we're always on the client machine. We are not dealing with the server
|
||||
ever again, not directly anyway. I'm going to keep the virtual machine running because
|
||||
obviously in real life, you would have the server running. But I'm just saying I'm not
|
||||
SSAging into that server with an interactive shell any longer. This is all from the client
|
||||
machine. So on the client machine, I'm going to go into, I'm going to CD into Gitolite-admin.git.
|
||||
And I can see that there are two things here. I'm going to do an LS-capital F. And I'll see
|
||||
that they're both directories. One directory is called CONF. And one is called KeyDur. So if we do,
|
||||
let's just do a cat on CONF slash. And then the only file in that directory is Gitolite.CONF. So
|
||||
this is the main configuration for the entire infrastructure of your Git server. I should say
|
||||
the entire infrastructure of Git on your server. So this configuration file currently has two
|
||||
entries in it. It defines two different repositories. And then it assigns a user certain permissions,
|
||||
one for each repository. So the first one will be repo space Gitolite-admin. And that's going to be
|
||||
true no matter what. If you've installed Gitolite and you've followed along with this,
|
||||
it defines itself the Gitolite-admin directory. That's what we're using right now, the repository.
|
||||
And the initial user for that is, well, it has permissions, RW plus. The R is for read,
|
||||
the W is for write. And then the plus is for everything else that you could do to a repository.
|
||||
Fast forward, delete branches, merge branches, things like that. And the user that it
|
||||
gives that permission to on my system is called Gitolite. And you might think that that might be
|
||||
different than yours, or you may just be confused as to why Gitolite is the user with those permissions.
|
||||
Like, didn't we SSH in as a user called Git? Well, more on that in a moment. The second repository
|
||||
that it defines is repo testing. And again, that has RW plus permissions set for the user
|
||||
at all. Now, that's that's the at symbol followed by the word all. And the at symbol is the
|
||||
notation in the Gitolite.conf file to denote that it is a group of users.
|
||||
So if we'll get into that in a little bit. So for now, just know that the at all means that
|
||||
everyone in the all group can access the testing repository as it is configured right now.
|
||||
Okay, so let's look before we get into groups and fancy things like that. Let's just have a look
|
||||
at where this Gitolite setting is coming from for the for the Gitolite admin. So now if you do an
|
||||
LS on KeyDur, at least on my system because this is what I did earlier in in setting it up,
|
||||
there's a public key called or named Gitolite.pub. And that's because if you'll recall on my
|
||||
virtual machine on the server, I had created or I had copied up my clatu public key to my Git
|
||||
server and I had named that key Gitolite.pub. So since Gitolite.pub is the name of the key,
|
||||
that becomes the unique identifier for the user for the sort of vague notion of the user on that
|
||||
system. So if we added, for instance, a bob.pub key to our keyDur, then we could go into our configuration
|
||||
file and give bob all kinds of permissions. And that is exactly how you add users to this
|
||||
infrastructure. So if you've got a developer who wants access to a repository, the developer
|
||||
sends you their public key. You give it some name that makes sense to you. It can be their user name.
|
||||
It can be your nickname for that person. It could just be some other designation that you have
|
||||
come up with for tracking your users. But whatever that public key gets named, the string before
|
||||
the dot pub becomes their unique identifier to Gitolite. And so you can open up the Gitolite.com.
|
||||
And you could say, well, let's give this person, let's say, Bob, read access, just read access
|
||||
to the testing repository. And so you would just type R and then equals and bob.
|
||||
And as long as bob has a bob.pub in the keyDur, then bob can interact with that repository
|
||||
using obviously Bob's private key on Bob's system to authenticate against that public key
|
||||
on the server. Now, Bob will still do a Git clone of 192, well, Git at 192.168.177.20colon testing.get.
|
||||
He won't use his name, Bob. It'll still be under Git at. Everyone's going to use Git at,
|
||||
just like on GitHub, Git Lab, and all those other solutions. You're all SSHing to Git at.
|
||||
And then that, you know, the domain name, the difference is that they are using SSH keys
|
||||
to not only authenticate to the server, but also to identify themselves so that Gitolite can
|
||||
determine who has permission to do what. Does that make sense? So once you make these changes,
|
||||
the one really, really important thing you have to remember to do is you have to get add.conf.getolite.conf
|
||||
and get commit, and we'll say we've added Bob. And we also need to get add the keyDur bob.pub.
|
||||
And now we'll do another Git commit because I didn't do that initially. So get added Bob
|
||||
pub key. And now we do a Git push origin head. All capitals head is H-E-A-D. All capitals
|
||||
Git push origin head. Put in my password for my public key. And now if we were a user named Bob
|
||||
with Bob.pub is our key, we could then clone Git test, the testing Git repository. And of course,
|
||||
we can actually test that by simply doing, well, we'll have to make an entry, I think, this is the
|
||||
only way I know to do it anyway. Make an entry into our .ssh config file. To mask grade is Bob
|
||||
whenever we talk to this host. So the user remains as Git, but the key that we want to use now is in
|
||||
my testing directory. And it's called bob.pub. And now I can do a Git clone one and two.
|
||||
So any testing.git. And I didn't put a password for Bob's fake key. So it's just cloning the
|
||||
directory immediately. And there it is. Not much to look at, but it does work.
|
||||
Yeah, that's the really, really basic side of Gitolife. There's a lot more that you can do with it
|
||||
in terms of the configuration file. You can add groups as I started to hint earlier
|
||||
so that you can say, and you can group repose together, or you can group users together. So you
|
||||
can create a, and at my repose group, for instance, and you could say, well, that's going to equal
|
||||
the repose foo and bar. So it would be at my repose equals foo. And then at my repose equals bar.
|
||||
So you're just adding them to a list in a sense, one per line. And then you can say, okay, repose
|
||||
at my repose. And then you can grant read, write, and everything else access to yourself.
|
||||
So you can go into any repo and do anything that you want as long as it's a repo that is listed
|
||||
in at my repose. Or you can do that on the other end with users and define a set of users
|
||||
that maybe all staff members might have access to all, I don't know, all of the project
|
||||
repositories, whereas the developers may have access to something else, I don't know. So at staff
|
||||
equals Bob and Classu. And then you can set r plus, you know, rw plus equals at staff.
|
||||
So it's pretty simple, I guess. There are a few other things that you can do in terms of
|
||||
obviously I should mention also rw plus is not the only set of permissions that you are allowed
|
||||
to grant, obviously. So the rw plus is read, write, and then everything else that you can do with
|
||||
a repository. But you can also just do r for just read. I guess you could do just w, I don't know
|
||||
really how that would work, but you can do rw for read and write. And you can do a minus to deny
|
||||
access. So if you need to explicitly deny access for whatever reason, whether you just
|
||||
feel better about doing that, you can just do a dash. And it will remove access from a certain
|
||||
repository. But I think more often you'd probably use it to deny access to a specific branch,
|
||||
for instance. So you might give, you might give certain people access to a repository.
|
||||
But forbid them, you know, deny access from the master branch. And that can be very useful.
|
||||
Obviously, if you don't want people breaking your builds and you're, you know, your master is
|
||||
your, is your stable, then you can remove access from master for Bob, but then grant access to,
|
||||
for instance, dev to Bob so that he can work in the dev branch, but can never access master.
|
||||
So there you go. The configuration file options are delineated pretty clearly
|
||||
at getolight.com slash geto light slash conf. It's a pretty good, pretty good page full of
|
||||
various rulings and subtleties of how you can manage permissions. And it's quite flexible.
|
||||
It is, it's, it's, it's a lot more flexible, for instance, than just letting people
|
||||
SSH into your server and grab the repository, that's for sure. I mean, you can replicate a lot of
|
||||
this with, for instance, get hooks and, you know, you can kind of see what users trying to push to
|
||||
what branch and you could deny a push if it was happening. But I mean, that's just a lot of work.
|
||||
And it's a lot easier to just set that here in one centralized location. And as I say, the two
|
||||
things that you have to remember to do, I think, for the configuration part is to obtain the public
|
||||
keys and give them the proper name. That's one thing. It's two things, but I'm counting it as one.
|
||||
And then the other, the, the one that keeps messing me up is I forget to push. I just, I,
|
||||
I make the change on my client, on my client computer, where I have my geto light dash admin
|
||||
configuration. And then I forget to push the thing back up to the server. So I grant someone
|
||||
access and then they email me later and tell me I, they can't get to it. I'm asking them,
|
||||
are you using the right port? Are you using your key? And then I realize, oh yeah, I forgot to push
|
||||
that commit. So don't forget to do that. I think that's everything to be honest. The, the bulk of the
|
||||
work is kind of the setting up of that initial SSH key infrastructure to make sure that you've,
|
||||
you've got permission and that geto light knows that that's the key that's going to be the administrative
|
||||
user that whole part. After that, it's, it's really almost self explanatory. I mean, you can kind
|
||||
of look at the configuration file and figure out how to do that yourself. Oh, I, which I should
|
||||
mention. Yeah. So if you're adding a repository. So if you, if you want to add a new repository,
|
||||
all you have to do is create a new line. So repo, let's do hpr and we'll rw plus
|
||||
equals kin and rw equals clatu. So I'm pretending here that I have kin's public key
|
||||
and repo hpr. Yeah. So that's all I have to do in order to create a new repository. I'll do the get add
|
||||
and then I'll do the get commit. Add did hpr repo and then I'll do the get push origin head.
|
||||
Type in my password from my user, my SSH public or private key, whatever it is called.
|
||||
And there we go. So now geto light on the back end. If we were to, if we were to look at the
|
||||
infrastructure of this thing on our virtual machine, which of course we, we've been told not to
|
||||
really mess around with that, not to really look too, too closely behind the curtain, but we're
|
||||
going to do it anyway. If we look at this and we look in the repository's directory, we'll see now
|
||||
that there's a geto light dash admin dot get a testing dot get and an hpr dot get. So in order to
|
||||
create a new bear repository on your server, you just add it to your geto light configuration file,
|
||||
give it some you a at least one user and it'll be created for you. Now this is probably a good
|
||||
time to mention that if you are doing something fancy like taking existing get repositories
|
||||
and migrating them to be under the control of geto light, you should read up on how to do that.
|
||||
There is a section called basic dash admin. So if you go to geto light dot com slash geto light slash
|
||||
basic dash admin, there's a section there on bringing existing repose into geto light.
|
||||
You don't want to just do this yourself without reading their warnings because should you have
|
||||
anything very fancy set up or if you just have it named wrong, like it just it'll either won't work
|
||||
or something will get messed up. So you don't really want to do that really honestly. So be careful
|
||||
there. But yeah, that's that's geto light. It's it makes the administration of a get server much,
|
||||
much easier. It makes it really flexible. It does not provide a pretty front end for your users.
|
||||
So if your users are those types of get users who really, really rely on the HTTP stuff and
|
||||
want a web page where they can view all their diffs and things like that. This is not it.
|
||||
But if your users are fairly confident in competent and confident in get and you know whether they're
|
||||
using the terminal or whether they're using something like get cola or some gooey front end,
|
||||
this is a brilliant, brilliant, brilliant way to do administration on the server side. Give it a
|
||||
go. Try it out. I think you'll like it. Thank you for listening. Talk to you next time.
|
||||
You've been listening to Hacker Public Radio at Hacker Public Radio dot org. We are a community
|
||||
podcast network that releases shows every weekday Monday through Friday. Today's show, like all our
|
||||
shows, was contributed by an HPR listener like yourself. If you ever thought of recording a
|
||||
podcast and click on our contributing to find out how easy it really is. Hacker Public Radio was
|
||||
founded by the digital dot pound and the infonomicon computer club and is part of the binary revolution
|
||||
at binwreff.com. If you have comments on today's show, please email the host directly, leave a
|
||||
comment on the website or record a follow-up episode yourself. Unless otherwise stated, today's show
|
||||
is released on the creative comments, attribution, share a life, 3.0 license.
|
||||
Reference in New Issue
Block a user