Posts tagged gitolite

gitolite install

posted on 2017-01-02 22:37

A fast setup of a proper gitolite server setup, since the current debian package is either borked, or I just need sleep. Keep in mind this was written on the fly and may have errors.


  • this will use the user git (hope its not used already)
  • put the files in `/var/lib/gitolite
  • use the latest gitolite.
  • GITSERVER: ip or domain name or /etc/hosts alias of your git server
  • debian was used, adopt accordingly if you use redhat derivates or (god help) suse

setup and install

On the server: (as root)

apt install git -y
mkdir -p /var/lib/gitolite/bin
useradd -d /var/lib/gitolite/ -U -s /bin/bash git
passwd git
ssh-keygen -trsa -b4096
cp /root/.ssh/ /var/lib/gitolite/
chown -R git:git /var/lib/gitolite

su - git

cat << EOF > .bash_profile
alias l='ls -alh --color'
export PATH=/var/lib/gitolite/bin:\$PATH
echo $PATH  ## gitolite path missing
su - git
echo $PATH  ## gitolite path not missing anymore, and 'l' works, too

git clone git://
gitolite/install -ln /var/lib/gitolite/bin
gitolite setup -pk

git clone git@localhost:gitolite-admin
cd gitolite-admin/conf

Now we're mostly set, but no 'testing.git' repo is needed, so let's just delete it. This is also a showcase how to use the admin repo on the server, in case you manage to fuck up your workstation or ssh key, which we will setup later:

vim conf/gitolite.conf  ## remove 'repo testing' line and the one following it
git add -A .
git commit -m '-testing repo'
git push

In case the rhabarber of 'git config' stuff is annoying:

git config --global root
git config --global root@GITSERVER
git config --global push.default simple  ## adopting default behaviour is usually the way to go

So far, so good.

on deleting repositories

Repositories that existed but were deleted later on will still exist under `/var/lib/gitolite/repositories after deletion:

git@git-1:/var/lib/gitolite/$ gitolite list-repos
git@git-1:/var/lib/gitolite/$ gitolite list-phy-repos

If you want it to be gone, simple delete the repo folder on disk.

adding your workstation key to gitolite, too?

Likely you want ssh access to root via key (you disable key logins for root in ssh, don't you?), so lets set this up and put the key into gitolite, too. I'll provide an example, my user is called 'sjas', of course.

On my workstation:

ssh-copy-id root@GITSERVER  ## in case you didn't do that already
scp ~/.ssh/ root@GITSERVER:/root/gitolite-admin/keydir/
ssh root@GITSERVER
cd gitolite-admin

# ... now edit gitolite config... 
# ... see next section how I prefer doing things ...

git add -A .
git commit -m '+workstation key'
git push

splitting the gitolite.conf and groups

I prefer having two files, one for the group definitions, one for repositories. Here are how that these files would look like:

root@git-1:~/gitolite-admin/conf# tail -n +1 *
==> gitolite.conf <==
include "groups.conf"
include "repos.conf"

==> groups.conf <==
@sjas   = sjas
@admins = @sjas admin

==> repos.conf <==
repo    gitolite-admin
    RW+ = @admins admin
repo    ansible
    RW+ = @sjas

The @'s depict groups. Actually you can group users to usergroups and repositories to repository-groups, in case you'd ever need that.

Comments also do work, via #.

Only remember to first define a group prior to ever using it, and first cite the groupnames and then the users in group definitions. That is, on the right side after the equals sign, in case you have no idea what the last sentence meant.

On more about this, go here and here. There's way more you can do, but this should be everything as a bare minimum to do most work you'd ever need to do.

The official documentation looks rather sketchy at first, but is pretty good and all you need is covered there.

gitolite emergency access

posted on 2016-06-11 10:32

In case you somehow managed to lock yourself out of your gitolite access list (lost key, commited misconfiguration, ...), there is an easy way to bypass this problem.

  1. ssh to your server
  2. su gitolite (or whatever user you use for running gitolite)
  3. cd
  4. git clone $HOME/repositories/gitolite-admin.git temp
  5. fix everything you need, exchange keys, do whatever you need to fix it
  6. git commit your changes
  7. gitolite push

Done. 7.) is gitolite push, not git push!

This blog covers .csv, .htaccess, .pfx, .vmx, /etc/crypttab, /etc/network/interfaces, /etc/sudoers, /proc, 10.04, 14.04, AS, ASA, ControlPanel, DS1054Z, GPT, HWR, Hyper-V, IPSEC, KVM, LSI, LVM, LXC, MBR, MTU, MegaCli, PHP, PKI, R, RAID, S.M.A.R.T., SNMP, SSD, SSL, TLS, TRIM, VEEAM, VMware, VServer, VirtualBox, Virtuozzo, XenServer, acpi, adaptec, algorithm, ansible, apache, apache2.4, apachebench, apple, applet, arcconf, arch, architecture, areca, arping, asa, asdm, autoconf, awk, backup, bandit, bar, bash, benchmarking, binding, bitrate, blackarmor, blockdev, blowfish, bochs, bond, bonding, booknotes, bootable, bsd, btrfs, buffer, c-states, cache, caching, ccl, centos, certificate, certtool, cgdisk, cheatsheet, chrome, chroot, cisco, clamav, cli, clp, clush, cluster, coleslaw, colorscheme, common lisp, configuration management, console, container, containers, controller, cron, cryptsetup, csync2, cu, cups, cygwin, d-states, database, date, db2, dcfldd, dcim, dd, debian, debug, debugger, debugging, decimal, desktop, df, dhclient, dhcp, diff, dig, display manager, dm-crypt, dmesg, dmidecode, dns, docker, dos, drivers, dtrace, dtrace4linux, du, dynamictracing, e2fsck, eBPF, ebook, efi, egrep, emacs, encoding, env, error, ess, esx, esxcli, esxi, ethtool, evil, expect, exportfs, factory reset, factory_reset, factoryreset, fail2ban, fbsd, fdisk, fedora, file, filesystem, find, fio, firewall, firmware, fish, flashrom, forensics, free, freebsd, freedos, fritzbox, fsck, fstrim, ftp, ftps, g-states, gentoo, ghostscript, git, git-filter-branch, github, gitolite, global, gnutls, gradle, grep, grml, grub, grub2, guacamole, hardware, haskell, hdd, hdparm, hellowor, hex, hexdump, history, howto, htop, htpasswd, http, httpd, https, i3, icmp, ifenslave, iftop, iis, imagemagick, imap, imaps, init, innoDB, innodb, inodes, intel, ioncube, ios, iostat, ip, iperf, iphone, ipmi, ipmitool, iproute2, ipsec, iptables, ipv6, irc, irssi, iw, iwconfig, iwlist, iwlwifi, jailbreak, jails, java, javascript, javaws, js, juniper, junit, kali, kde, kemp, kernel, keyremap, kill, kpartx, krypton, lacp, lamp, languages, ldap, ldapsearch, less, leviathan, liero, lightning, links, linux, linuxin3months, lisp, list, livedisk, lmctfy, loadbalancing, locale, log, logrotate, looback, loopback, losetup, lsblk, lsi, lsof, lsusb, lsyncd, luks, lvextend, lvm, lvm2, lvreduce, lxc, lxde, macbook, macro, magento, mailclient, mailing, mailq, manpages, markdown, mbr, mdadm, megacli, micro sd, microsoft, minicom, mkfs, mktemp, mod_pagespeed, mod_proxy, modbus, modprobe, mount, mouse, movement, mpstat, multitasking, myISAM, mysql, mysql 5.7, mysql workbench, mysqlcheck, mysqldump, nagios, nas, nat, nc, netfilter, networking, nfs, nginx, nmap, nocaps, nodejs, numberingsystem, numbers, od, onyx, opcode-cache, openVZ, openlierox, openssl, openvpn, openvswitch, openwrt, oracle linux, org-mode, os, oscilloscope, overview, parallel, parameter expansion, parted, partitioning, passwd, patch, pct, pdf, performance, pfsense, php, php7, phpmyadmin, pi, pidgin, pidstat, pins, pkill, plasma, plesk, plugin, posix, postfix, postfixadmin, postgres, postgresql, poudriere, powershell, preview, profiling, prompt, proxmox, ps, puppet, pv, pveam, pvecm, pvesm, pvresize, python, qemu, qemu-img, qm, qmrestore, quicklisp, quickshare, r, racktables, raid, raspberry pi, raspberrypi, raspbian, rbpi, rdp, redhat, redirect, registry, requirements, resize2fs, rewrite, rewrites, rhel, rigol, roccat, routing, rs0485, rs232, rsync, s-states, s_client, samba, sar, sata, sbcl, scite, scp, screen, scripting, seafile, seagate, security, sed, serial, serial port, setup, sftp, sg300, shell, shopware, shortcuts, showmount, signals, slattach, slip, slow-query-log, smbclient, snmpget, snmpwalk, software RAID, software raid, softwareraid, sophos, spacemacs, spam, specification, speedport, spi, sqlite, squid, ssd, ssh, ssh-add, sshd, ssl, stats, storage, strace, stronswan, su, submodules, subzone, sudo, sudoers, sup, swaks, swap, switch, switching, synaptics, synergy, sysfs, systemd, systemtap, tar, tcpdump, tcsh, tee, telnet, terminal, terminator, testdisk, testing, throughput, tmux, todo, tomcat, top, tput, trafficshaping, ttl, tuning, tunnel, tunneling, typo3, uboot, ubuntu, ubuntu 16.04, udev, uefi, ulimit, uname, unetbootin, unit testing, upstart, uptime, usb, usbstick, utf8, utm, utm 220, ux305, vcs, vgchange, vim, vimdiff, virtualbox, virtualization, visual studio code, vlan, vmstat, vmware, vnc, vncviewer, voltage, vpn, vsphere, vzdump, w, w701, wakeonlan, wargames, web, webdav, weechat, wget, whois, wicd, wifi, windowmanager, windows, wine, wireshark, wpa, wpa_passphrase, wpa_supplicant, x11vnc, x2x, xfce, xfreerdp, xmodem, xterm, xxd, yum, zones, zsh

Unless otherwise credited all material Creative Commons License by sjas