| Name | Size |
|---|---|
| .gitignore | 39B |
| LICENSE | 1213B |
| Makefile | 750B |
| PKGBUILD | 278B |
| README.md | 3164B |
| data/style.css | 2220B |
| gitolite/shell.py | 1049B |
| gitolite/stagit.py | 4534B |
| src/config.h | 279B |
| src/ctpl.py | 1524B |
| src/stagit.c.in | 19662B |
| src/strlcpy.c | 1599B |
stagit
This is my personal fork of stagit combined with access control scripts inspired by gitolite. Together they are a simple yet powerful solution for hosting git repositories.
- SSH Access to repos is controlled using the
commandoption in~/.ssh/authorized_keys. All (git-)users use the same (ssh-)user. - The
post-updategit hook is used to automatically create/update a static website for public repositories.
Installation and setup
$ make
$ make install
Then setup access control:
- Create a user
git - As that user, create the files
~/stagit.confand~/.ssh/authorized_keys(see next sections). - Whenever you change the config, run
python3 -m stagitto apply the changes, e.g. create repositories. (Note that this will never delete a repository to prevent data loss.)
stagit.conf
[private]
ssh = admin hobbs
post-update = git --work-tree=/var/www/example checkout -f main
[example]
desc = my shiny new project
ssh = @all
http = yes
- Every section defines one repo.
- The
sshkey controls which users can access the repositories via ssh. - The special user
@allmatches all users. - The
httpkey is boolean and enables anonymous access via website and git-daemon / git-http-backend.
Authorized keys
The authorized keys file should look roughly like this:
command="/usr/lib/stagit/shell admin",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa … admin@example.com
command="/usr/lib/stagit/shell hobbs",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa … hobbs@example.com
It is mostly a regular authorized keys file with some restrictions. Most importantly, the user is restricted to the stagit shell, so no regular shell access is possible.
Note that the stagit shell gets the username to use as first argument.
Differences to the originals
- General
- Everything is stripped down to the essentials (YMMV). That is not to say that the missing features are not relevant, but they are not relevant to my specific usecase.
- The integration between access control and static website is hardcoded, which makes it simpler but also less flexible.
- Compared to stagit
- The UI takes some inspiration from github.
- README is rendered using cmark.
- I wanted to use a proper (but minimal) templating library but did not find one. So I ended up with a crude pre-processing script.
- Compared to gitolite
- Config and keys are not tracked in an admin repository. I can just as well log into the server.
- If you want to add custom hooks you should add them directly to the source code.
- The conffile format is different and does not support some advanced features.
- The access control scripts are implemented in python instead of perl. I just don't know much perl, that's why.
Customization
The source code is meant to be hackable, so feel free to mess around.