zoukankan      html  css  js  c++  java
  • 在LINUX上创建GIT服务器

    如果使用Git的人数较少,可以使用下面的步骤快速部署一个git服务器环境。

    备注: .ssh 文件夹权限 700; .ssh/authorized_keys 文件权限 600

    1. Client生成 SSH 公钥,以便Server端识别。

    每个需要使用git服务器的工程师,自己需要生成一个ssh公钥

    进入自己的~/.ssh目录,看有没有用 文件名 和 文件名.pub 来命名的一对文件,这个 文件名 通常是 id_dsa 或者 id_rsa。 .pub 文件是公钥,另一个文件是密钥。假如没有这些文件(或者干脆连 .ssh 目录都没有),你可以用 ssh-keygen 的程序来建立它们,该程序在 Linux/Mac 系统由 SSH 包提供, 在 Windows 上则包含在 MSysGit 包里:

    1
    2
    3
    4
    5
    6
    7
    8
    9
    
    $ ssh-keygen 
    Generating public/private rsa key pair.
    Enter file in which to save the key (/Users/schacon/.ssh/id_rsa): 
    Enter passphrase (empty for no passphrase): 
    Enter same passphrase again: 
    Your identification has been saved in /Users/schacon/.ssh/id_rsa.
    Your public key has been saved in /Users/schacon/.ssh/id_rsa.pub.
    The key fingerprint is:
    43:c5:5b:5f:b1:f1:50:43:ad:20:a6:92:6a:1f:9a:3a schacon@agadorlaptop.local

    它先要求你确认保存公钥的位置(.ssh/id_rsa),然后它会让你重复一个密码两次,如果不想在使用公钥的时候输入密码,可以留空。

    现在,所有做过这一步的用户都得把它们的公钥给你或者 Git 服务器的管理者(假设 SSH 服务被设定为使用公钥机制)。他们只需要复制 .pub 文件的内容然后 e-email 之。公钥的样子大致如下:

    1
    2
    3
    4
    5
    6
    7
    
    $ cat ~/.ssh/id_rsa.pub 
    ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAklOUpkDHrfHY17SbrmTIpNLTGK9Tjom/BWDSU
    GPl+nafzlHDTYW7hdI4yZ5ew18JH4JW9jbhUFrviQzM7xlELEVf4h9lFX5QVkbPppSwg0cda3
    Pbv7kOdJ/MTyBlWXFCR+HAo3FXRitBqxiX1nKhXpHAZsMciLq8V6RjsNAQwdsdMFvSlVK/7XA
    t3FaoJoAsncM1Q9x5+3V0Ww68/eIFmb1zuUFljQJKprrX88XypNDvjYNby6vw/Pb0rwert/En
    mZ+AW4OZPnTPI89ZPmVMLuayrD2cE86Z/il8b+gw3r3+1nKatmIkjn2so1d01QraTlMqVSsbx
    NrRFi9wrf+M7Q== schacon@agadorlaptop.local

    2. 架设Server

     

    首先,创建一个 ‘git’ 用户并为其创建一个 .ssh 目录,在用户主目录下:

    1
    2
    3
    4
    
    $ sudo adduser git
    $ su git
    $ cd
    $ mkdir .ssh
    注意:将git用户添加到sudo组,以便解决
    ubuntu系统下“关于'xx'用户不在 sudoers文件中,此事将被报告。”的解决方法。
    怎么做?在具有sudo用户下执行如下命令:
    xiongmc@xiongmc-desktop:~$ sudo vim /etc/sudoers
    然后,添加 git     ALL=(ALL:ALL) ALL  
    #
    # This file MUST be edited with the 'visudo' command as root.
    #
    # Please consider adding local content in /etc/sudoers.d/ instead of
    # directly modifying this file.
    #
    # See the man page for details on how to write a sudoers file.
    #
    Defaults        env_reset
    Defaults        secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
    # Host alias specification
    # User alias specification
    # Cmnd alias specification
    # User privilege specification
    root    ALL=(ALL:ALL) ALL
    # Members of the admin group may gain root privileges
    %admin ALL=(ALL) ALL
    # Allow members of group sudo to execute any command
    %sudo   ALL=(ALL:ALL) ALL
    git     ALL=(ALL:ALL) ALL
    # See sudoers(5) for more information on "#include" directives:
    #includedir /etc/sudoers.d                        

    接下来,把开发者的 SSH 公钥添加到这个用户的 authorized_keys 文件中。假设你通过 e-mail 收到了几个公钥并存到了临时文件里(

    或git@xiongmc-desktop:~$ sudo cat /home/client2/.ssh/id_rsa.pub >> /home/git/.ssh/authorized_keys)。只要把它们加入 authorized_keys 文件
    1
    2
    3
    
    $ cat /tmp/id_rsa.john.pub >> ~/.ssh/authorized_keys
    $ cat /tmp/id_rsa.josie.pub >> ~/.ssh/authorized_keys
    $ cat /tmp/id_rsa.jessica.pub >> ~/.ssh/authorized_keys

    现在可以使用 –bare 选项运行 git init 来设定一个空仓库,这会初始化一个不包含工作目录的仓库。

    1
    2
    3
    4
    
    $ cd /opt/git
    $ mkdir project.git
    $ cd project.git
    $ git --bare init

    这时,开发人员就可以把它加为远程仓库,推送一个分支,从而把第一个版本的工程上传到仓库里了。值得注意的是,每次添加一个新项目都需要通过 shell 登入主机并创建一个纯仓库。我们不妨以 gitserver 作为 git 用户和仓库所在的主机名。如果你在网络内部运行该主机,并且在 DNS 中设定 gitserver 指向该主机,那么以下这些命令都是可用的:

    1
    2
    3
    4
    5
    6
    7
    
    # 在一个工程师的电脑上
    $ cd myproject
    $ git init
    $ git add .
    $ git commit -m 'initial commit'
    $ git remote add origin git@gitserver:/opt/git/project.git
    $ git push origin master

    这样,其他人的克隆和推送也一样变得很简单:

    1
    2
    3
    4
    
    $ git clone git@gitserver:/opt/git/project.git
    $ vim README
    $ git commit -am 'fix for the README file'
    $ git push origin master

    用这个方法可以很快捷的为少数几个开发者架设一个可读写的 Git 服务。

    作为一个额外的防范措施,你可以用 Git 自带的 git-shell 简单工具来把 git 用户的活动限制在仅与 Git 相关。把它设为 git 用户登入的 shell,那么该用户就不能拥有主机正常的 shell 访问权。为了实现这一点,需要指明用户的登入shell 是 git-shell ,而不是 bash 或者 csh。你可能得编辑 /etc/passwd 文件

    1
    
    $ sudo vim /etc/passwd

    在文件末尾,你应该能找到类似这样的行:

    1
    
    git:x:1000:1000::/home/git:/bin/sh

    把 bin/sh 改为 /usr/bin/git-shell (或者用 which git-shell 查看它的位置)。该行修改后的样子如下:

    1
    
    git:x:1000:1000::/home/git:/usr/bin/git-shell

    现在 git 用户只能用 SSH 连接来推送和获取 Git 仓库,而不能直接使用主机 shell。尝试登录的话,你会看到下面这样的拒绝信息:

    1
    2
    3
    
    $ ssh git@gitserver
    fatal: What do you think I am? A shell? (你以为我是个啥?shell吗?)
    Connection to gitserver closed. (gitserver 连接已断开。)

    Q&A参考

    (4)为了集成到SCM,我们在Linxu上安装GIT
    http://www.examw.com/linux/all/182529/index-2.html
    在LINUX上创建GIT服务器
    http://lionest.iteye.com/blog/1447310
    http://blog.csdn.NET/andy_android/article/details/6996134
    Receiving objects:  26% (5668/21560), 8.06 MiB | 183 KiB/s      21560)   
    (5)
    Q:
    xiongmc@xiongmc-desktop:~/myproject.git$ git push origin master ssh: connect to host xiongmc-desktop port 22: Connection refused
    fatal: The remote end hung up unexpectedly
    xiongmc@xiongmc-desktop:~/myproject.git$ git push origin master 
    ssh: connect to host xiongmc-desktop port 22: Connection refused
    fatal: The remote end hung up unexpectedly

    A:
    http://blog.csdn.Net/zlm_250/article/details/7979221
    sudo apt-get install openssh-server
    sudo net start sshd  
    sudo ufw disable 
    ssh localhost  

    (6)
    Q:
    ubuntu系统下“关于'xx'用户不在 sudoers文件中,此事将被报告。”的解决方法


    A:
    http://blog.sina.com.cn/s/blog_bede36550101b0av.html
    git ALL=(ALL:ALL) ALL


    (7)
    Q:
    xiongmc@xiongmc-desktop:~/myproject.git$ git push origin master 
    git@xiongmc-desktop's password: 
    fatal: '/opt/git/project.git' does not appear to be a git repository
    fatal: The remote end hung up unexpectedly


    A:
    http://www.dotkam.com/2010/08/22/gitolite-does-not-appear-to-be-a-git-repository/








    2013-5-26
    (1)
    Q:
    xiongmc@xiongmc-desktop:~/myproject2$ git push origin master
    Agent admitted failure to sign using the key.
    git@localhost's password: 
    error: src refspec master does not match any.
    error: failed to push some refs to 'git@localhost:/opt/git/project.git/'


    A:
    http://www.linuxidc.com/Linux/2013-03/81022.htm


    如果初始的代码仓库为空,git push origin master提交代码的时候会出现以下异常:


    (2)
    Q:
    xiongmc@xiongmc-desktop:~/myproject2$ git push origin master
    Agent admitted failure to sign using the key.
    git@localhost's password: 
    Permission denied, please try again.
    git@localhost's password: 
    Counting objects: 3, done.
    Writing objects: 100% (3/3), 213 bytes, done.
    Total 3 (delta 0), reused 0 (delta 0)
    error: insufficient permission for adding an object to repository database ./objects


    fatal: failed to write object
    error: unpack failed: unpack-objects abnormal exit
    To git@localhost:/opt/git/project.git/
     ! [remote rejected] master -> master (n/a (unpacker error))
    error: failed to push some refs to 'git@localhost:/opt/git/project.git/'
    A:
    服务器无权限。
    http://linsheng1990526.blog.163.com/blog/static/203824150201231423917228/


    (3)
    http://www.linuxidc.com/Linux/2013-03/81022.htm
    Q:


    xiongmc@xiongmc-desktop:~/myproject2$ git push origin master
    Agent admitted failure to sign using the key.
    git@localhost's password: 
    Counting objects: 3, done.
    Writing objects: 100% (3/3), 213 bytes, done.
    Total 3 (delta 0), reused 0 (delta 0)
    remote: error: refusing to update checked out branch: refs/heads/master
    remote: error: By default, updating the current branch in a non-bare repository
    remote: error: is denied, because it will make the index and work tree inconsistent
    remote: error: with what you pushed, and will require 'git reset --hard' to match
    remote: error: the work tree to HEAD.
    remote: error: 
    remote: error: You can set 'receive.denyCurrentBranch' configuration variable to
    remote: error: 'ignore' or 'warn' in the remote repository to allow pushing into
    remote: error: its current branch; however, this is not recommended unless you
    remote: error: arranged to update its work tree to match what you pushed in some
    remote: error: other way.
    remote: error: 
    remote: error: To squelch this message and still keep the default behaviour, set
    remote: error: 'receive.denyCurrentBranch' configuration variable to 'refuse'.
    To git@localhost:/opt/git/project.git/
     ! [remote rejected] master -> master (branch is currently checked out)
    error: failed to push some refs to 'git@localhost:/opt/git/project.git/'


    A:


    $cd .git
    $vim config


    该配置文件的原始内容为:


    [core]
            repositoryformatversion = 0
            filemode = true
            bare = false
            logallrefupdates = true


    在该配置文件中加入以下内容:


    [receive]
    denyCurrentBranch = ignore

  • 相关阅读:
    关于SNMP的MIB文件的语法简述
    windows 与 Centos7 共享文件方法
    虚拟机 与 host主机,无法ping通的问题
    能ping通虚拟机,但snmp报文 Destination unreachable(Host administratively prohibited
    qt 打包发布 获取dll
    qt5.7.1 (create4.2.0)+msvc2015 安装后无法编译 & 缺少h文件
    windows 为qt5.7.1 安装openssl
    windows下为qt msvc版本配置调试器
    Rust中的类型大小总结
    substrate 为什么有的调用的地方用<T::Lookup as StaticLookup>::Source 代替 T::AccountId
  • 原文地址:https://www.cnblogs.com/chenweixuan/p/6488994.html
Copyright © 2011-2022 走看看