CentOS Stream 9
Sponsored Link

Git : HTTP でアクセスする2022/07/21

 
HTTP プロトコルで Git リポジトリにアクセスできるよう設定します。
[1]
[2]
[3] Git リポジトリにアクセスできるよう Apache httpd を設定します。
例として、Git リポジトリのルートディレクトリを [/var/lib/git] として設定します。
[root@dlp ~]#
vi /etc/httpd/conf.d/git.conf
# 新規作成

SetEnv GIT_PROJECT_ROOT /var/lib/git
SetEnv GIT_HTTP_EXPORT_ALL
ScriptAlias /git/ /usr/libexec/git-core/git-http-backend/

<Location /git>
    Options ExecCGI
    AuthName "Git for HTTP"
    AuthType Basic
    AuthUserFile /etc/httpd/conf/.htpasswd
    Require valid-user
</Location>

[root@dlp ~]#
systemctl restart httpd
# ユーザーを登録 : [-c] でファイルを新規作成する

[root@dlp ~]#
htpasswd -c /etc/httpd/conf/.htpasswd cent

New password:    
# パスワード設定

Re-type new password:
Adding password for user cent
[4] 設定した Git リポジトリのルートディレクトリ配下に任意のリポジトリを作成しておきます。
[root@dlp ~]#
cd /var/lib/git

[root@dlp git]#
mkdir project01.git

[root@dlp git]#
cd project01.git

[root@dlp project01.git]#
git init --bare --shared

hint: Using 'master' as the name for the initial branch. This default branch name
hint: is subject to change. To configure the initial branch name to use in all
hint: of your new repositories, which will suppress this warning, call:
hint:
hint:   git config --global init.defaultBranch <name>
hint:
hint: Names commonly chosen instead of 'master' are 'main', 'trunk' and
hint: 'development'. The just-created branch can be renamed via this command:
hint:
hint:   git branch -m <name>
Initialized empty shared Git repository in /var/lib/git/project01.git/

[root@dlp project01.git]#
chgrp -R apache /var/lib/git/project01.git
[5] SELinux を有効にしている場合は、ポリシーの変更が必要です。
[root@dlp ~]#
setsebool -P domain_can_mmap_files on

[root@dlp ~]#
vi smart-git.te
# 以下の内容で新規作成

module smart-git 1.0;

require {
        type httpd_t;
        type httpd_var_lib_t;
        type git_sys_content_t;
        class file { create link map rename setattr unlink write };
        class dir { add_name create remove_name rmdir setattr write };
}

#============= httpd_t ==============
allow httpd_t git_sys_content_t:dir { add_name create remove_name rmdir setattr write };
allow httpd_t git_sys_content_t:file { create link rename setattr unlink write };

[root@dlp ~]#
checkmodule -m -M -o smart-git.mod smart-git.te

[root@dlp ~]#
semodule_package --outfile smart-git.pp --module smart-git.mod

[root@dlp ~]#
semodule -i smart-git.pp

[6] 任意のノードから Git リポジトリに HTTP アクセスして動作確認します。
[redhat@node01 ~]$
mkdir work

[redhat@node01 ~]$
cd work
# htpasswd で登録したユーザーで認証

[redhat@node01 work]$
git clone https://cent@dlp.srv.world/git/project01.git

Cloning into 'project01'...
Password for 'https://cent@dlp.srv.world':   # htpasswd で登録したユーザーのパスワード
warning: You appear to have cloned an empty repository.

[redhat@node01 work]$
cd project01

[redhat@node01 project01]$
git config --global user.name "Server World"

[redhat@node01 project01]$
git config --global user.email "redhat@node01.srv.world"
[redhat@node01 project01]$
echo testfile > testfile1.txt

[redhat@node01 project01]$
git add testfile1.txt

[redhat@node01 project01]$
git commit testfile1.txt -m "Initial Commit"

[master (root-commit) 90e9e0f] Initial Commit
 1 file changed, 1 insertion(+)
 create mode 100644 testfile1.txt

[cent@node01 project01]$
git remote -v

origin  https://cent@dlp.srv.world/git/project01.git (fetch)
origin  https://cent@dlp.srv.world/git/project01.git (push)

[redhat@node01 project01]$
git push origin master

Password for 'https://cent@dlp.srv.world':
Enumerating objects: 3, done.
Counting objects: 100% (3/3), done.
Writing objects: 100% (3/3), 234 bytes | 117.00 KiB/s, done.
Total 3 (delta 0), reused 0 (delta 0), pack-reused 0
To https://dlp.srv.world/git/project01.git
 * [new branch]      master -> master

[cent@node01 project01]$
git ls-files

testfile1.txt
関連コンテンツ