Branches is an application for serving private git repositories securely using SSH. It is based on the Python application with the same purpose, named Gitosis, however implemented in Ruby and using configuration in Ruby rather than INI-style configuration files.
To install the application, you can either install from the gem:
sudo gem install branchesOr you can install from the source
git clone git://github.com/krobertson/branches.git cd branches sudo rake installOnce Branches is installed, you’ll want to create the system user that will be used to access the repositories. On Ubuntu, you can use:
sudo adduser \ —system \ —gecos ‘git’ \ —shell /bin/sh \ —group \ —disabled-password \ —home /home/git \ gitNext, will need to create the configuration repository with the first user’s public key. The first user will default as being ‘admin’. You will need to upload your public SSH key to the server beforehand. Then run the following:
sudo -H -u git branches setup —key=mykey.pubThe command needs to be run as the git user we created earlier so that is permissions are all correct. The -H command also updates its HOME environment variable so the files are created in the proper place.
Now you are set! To begin customizing your configuration, you can pull the configuration repository using:
git clone git@serverhost:branches-admin.gitFor configuration options, see the Configuration section.
To push a repository to the server, run the following within its directory:
git remote add branches git@serverhost:myapp.git git push branches masterTODO
One of the design goals of Branches was to make it possible to override some core functionality to allow integration with external systems. One usage scenario was for Branches to perform access checks with a database rather than using its configuration file. The main functions that could be overridden are in Branches::Service and are check_access and init_repository. Check access performs permission checks and init_repository creates new repositories.
The check_access method verifies permissions. Its 3 parameters are path, user, and access. Path is the name/path of the repository being requested, e.g. ‘branches’. It doesn’t have a .git suffix. User is the name of the key being used, or if you custom generate the authorized_keys file, it could be a user ID of sorts. Access is a symbol of either :read or :write for the type of accessing being requested. The method just returns true or false depending on if access is allowed.
module Branches module Service class << self def check_access(path, user, access) user = User.find(user.to_i) return false unless user user.admin? end end end endThe init_repository method creates a bare repository when a user is attempting to push a repository that doesn’t already exist. This happens after permission checks. All that is passed in is the name of the repository with the .git extension. So the name will be ‘branches.git’. If the method is overridden, it will need to create the directory and initialize the git repository. See the example below
module Branches module Service class << self def init_repository(path) Repository.create(:name => path.capitalize, :path => path)- create the repository
FileUtils.mkdir_p(path, :mode => 0750)
%x[git —git-dir=#{path} init]
end
end
end
end