You are here: Foswiki>IN Web>Services>Git (13 Feb 2023, TobiasHabermann)Edit Attach

Git

ACO is running https://git.acc.gsi.de a gitea installation for controls related software.

Authentication

The server is only available inside the GSI Network. No internet service.

Gitea is attached to the ACO Identity Management. To apply for an account see UserAccount.

For git protocol access https (with username/password) and ssh (with public private keys, see also SshAgent) is available.

Access permissions for repositories are administrated by their respective owners.

Note: kerberos authentication is not possible. It collides with giteas cookie based authentication mechanisms.

Organizations

Any user has his own organization (equals username). Additional organizations can be created. The names of organizations may not collide with usernames.

Teams

Each organization has a special team "Owners". This team can't be deleted or renamed and has full access to all repositories in the organization.

Additional teams can be created by the organization owners.

Repositories must be assigned to teams to apply permissions.

Teams can be synchronized with ldap groups. For this add ldap=GROUP to the teams description. Multiple groups can be merged (ldap=GROUP1 ldap=GROUP2). Ldap synchronizations happens asynchronous. Manual changes to a synchronized team are possible (for example to grant immediate access), but will be overwritten on the next sync.

Jenkins

for protected/private projects that should be accessed by jenkins grant permissions to the user cibuild. Jenkins projects should then be configured use the https url and the credentials for cibuild.

Wiki and Bugtracker

There has been no decision if bugzilla will be replaced with the gitea bugtracker.

If we ever migrate to a different git management system only git repositories will be migrated.

Git Server SSH Hostkey

Git server key changed on 2023-02-06 to ed25519. If you get an error about host identification change you need to remove the existing entry (ssh-keygen -R git.acc.gsi.de) and accept the new key (fingerprint SHA256:uEdJTcn1xhRgiI3uC290Bwo7ktPxXvzbye9qv4/JpKE.) 

[handel@asl753 ~]$ git ls-remote git@git.acc.gsi.de:my/repo.git
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ED25519 key sent by the remote host is
SHA256:uEdJTcn1xhRgiI3uC290Bwo7ktPxXvzbye9qv4/JpKE.
Please contact your system administrator.
Add correct host key in /home/bel/handel/lnx/.ssh/known_hosts to get rid of this message.
Offending RSA key in /home/bel/handel/lnx/.ssh/known_hosts:155
Host key for git.acc.gsi.de has changed and you have requested strict checking.
Host key verification failed.
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
[handel@asl753 ~]$ ssh-keygen -R git.acc.gsi.de
# Host git.acc.gsi.de found: line 155
/home/bel/handel/lnx/.ssh/known_hosts updated.
Original contents retained as /home/bel/handel/lnx/.ssh/known_hosts.old
[handel@asl753 ~]$ git ls-remote git@git.acc.gsi.de:my/repo.git
The authenticity of host 'git.acc.gsi.de (140.181.140.112)' can't be established.
ED25519 key fingerprint is SHA256:uEdJTcn1xhRgiI3uC290Bwo7ktPxXvzbye9qv4/JpKE.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'git.acc.gsi.de' (ED25519) to the list of known hosts.
d093142a1caa3efb5afcbe83a43ad240adff6874   HEAD
d093142a1caa3efb5afcbe83a43ad240adff6874   refs/heads/master

Git Client SSH key

ssh rsa keys won't work with el9 clients. Time to switch to a newer crypto. ssh-keygen -t ed25519

-- ChristophHandel - 20 Feb 2019
Edit  | Attach | Print version | History: r9 < r8 < r7 < r6 | Backlinks | View wiki text | Edit wiki text | More topic actions
Topic revision: r9 - 13 Feb 2023, TobiasHabermann
This site is powered by FoswikiCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding Foswiki? Send feedback