Bazitis: Gitosis for Bzr (Baazar)

At work, I use git. For Exaile I use bzr. I like them both quite a bit. At work, we use Gitosis to manage our repositories and I have to say, it's pretty damn cool. Nothing quite like this exists for bzr, so I ported Gitosis to bzr and called it Bazitis. The launchpad project page can be found here. Here are the instructions on how to use Bazitis:

First off, I'd like to give credit to some people. Tommi Virtanen is the author of Gitosis. Bazitis is a copy of the Gitosis code, all except for the parts where I had to get a little hacky with bzrlib. His website is http://eagain.net. The other person I'd like to thank is Garry Dolley, who wrote a great blog post on how to use Gitosis, which can be found here: hosting git repositories the easy and secure way. Garry has given me permission to copy his instructions and modify them for Bazitis, as long as I give him kudos, which I have done in this paragraph. Thanks guys!

Install bazitis

bazitis is a tool for hosting bzr repositories (I'm repeating myself for those who skim :)

The first thing to do is grab a copy of bazitis and install it on your server:

$ cd ~/src
$ bzr branch lp:bazitis

Next, install it like so:

$ cd bazitis
$ python setup.py install

Don't use --prefix unless you like self-inflicted pain. It is possible to install bazitis in a non-standard location, but it's not nice. Read the Caveats section at the bottom and then come back here.

If you get this error:

-bash: python: command not found

or

Traceback (most recent call last):
  File "setup.py", line 2, in ?
    from setuptools import setup, find_packages
ImportError: No module named setuptools

You have to install Python setuptools. On Debian/Ubuntu systems, it's just:

$ sudo apt-get install python-setuptools

For other systems, someone tell me or leave a comment, so I can update this section and improve this tutorial.

The next thing to do is to create a user that will own the repositories you want to manage. This user is usually called bzr, but any name will work, and you can have more than one per system if you really want to. The user does not need a password, but does need a valid shell (otherwise, SSH will refuse to work).

$ sudo adduser \
    --system \
    --shell /bin/sh \
    --gecos 'bzr version control' \
    --group \
    --disabled-password \
    --home /home/bzr \
    bzr

You may change the home path to suit your taste. A successful user creation will look similar to:

Adding system user `bzr'...
Adding new group `bzr' (211).
Adding new user `bzr' (211) with group `bzr'.
Creating home directory `/home/bzr'.

You will need a public SSH key to continue. If you don't have one, you may generate one on your local computer:

$ ssh-keygen -t rsa

The public key will be in $HOME/.ssh/id_rsa.pub. Copy this file to your server (the one running bazitis).

Next we will run a command that will sprinkle some magic into the home directory of the bzr user and put your public SSH key into the list of authorized keys.

$ sudo -H -u bzr bazitis-init < /tmp/id_rsa.pub

id_rsa.pub above is your public SSH key that you copied to the server. I recommend you put it in /tmp so the bzr user won't have permission problems when trying to read it.

Here some cool magic happens. Run this on your local machine:

$ bzr branch bzr+ssh://bzr@YOUR_SERVER_HOSTNAME/bazitis-admin
$ cd bazitis-admin

You will now have a bazitis.conf file and keydir/ directory:

~/dev/bazitis-admin (master) $ ls -l
total 8
-rw-r--r--   1 garry  garry  104 Nov 13 05:43 bazitis.conf
drwxr-xr-x   3 garry  garry  102 Nov 13 05:43 keydir/

This repository that you just cloned contains all the files (right now, only 2) needed to create repositories for your projects, add new users, and defined access rights. Edit the settings as you wish, commit, and push. Once pushed, bazitis will immediately make your changes take effect on the server. So we're using Bzr to host the configuration file and keys that in turn define how our Bzr hosting behaves. That's just plain cool.

From this point on, you don't need to be on your server. All configuration takes place locally and you push the changes to your server when you're ready for them to take effect.

Creating new repositories

This is where the fun starts. Let's create a new repository to hold our project codenamed FreeMonkey.

Open up bazitis.conf and notice the default configuration:

[bazitis]

[group bazitis-admin]
writable = bazitis-admin
members = jdoe

Your "members" line will hold your key filename (without the .pub extension) that is in keydir/. In my example, it is "jdoe", but for you it'll probably be a combination of your username and hostname.

To create a new repo, we just authorize writing to it and push. To do so, add this to bazitis.conf:

[group myteam]
members = jdoe
writable = free_monkey

This defines a new group called "myteam", which is an arbitrary string. "jdoe" is a member of myteam and will have write access to the "free_monkey" repo.

Save this addition to bazitis.conf, commit and push it:

$ bzr commit -m "Allow jdoe write access to free_monkey"
$ bzr push bzr+ssh://bzr@YOUR_SERVER_HOSTNAME/bazitis-admin

Note: You only have to add the path to the bazitis-admin repo the first time you push. After that, it will be remembered and you can just type "bzr push"

Now the user "jdoe" has access to write to the repo named "free_monkey", but we still haven't created a repo yet. What we will do is create a new repo locally, and then push it:

$ mkdir free_monkey
$ cd free_monkey
$ bzr init

# do some work, bzr add and commit files

$ bzr push bzr+ssh://bzr@YOUR_SERVER_HOSTNAME/free_monkey

With the final push, you're off to the races. The repository "free_monkey" has been created on the server (in /home/bzr/repositories) and you're ready to start using it like any ol' bzr repo.

Adding users

The next natural thing to do is to grant some lucky few commit access to the FreeMonkey project. This is a simple two step process.

First, gather their public SSH keys, which I'll call "alice.pub" and "bob.pub", and drop them into keydir/ of your local bazitis-admin repository. Second, edit bazitis.conf and add them to the "members" list.

$ cd bazitis-admin
$ cp ~/alice.pub keydir/
$ cp ~/bob.pub keydir/
$ bzr add keydir/alice.pub keydir/bob.pub

Note that the key filename must have a ".pub" extension.

bazitis.conf changes:

 [group myteam]
- members = jdoe
+ members = jdoe alice bob
  writable = free_monkey

Commit and push:

$ bzr commit -m "Granted Alice and Bob commit rights to FreeMonkey"
$ bzr push

That's it. Alice and Bob can now clone the free_monkey repository like so:

$ bzr branch bzr+ssh://bzr@YOUR_SERVER_HOSTNAME/free_monkey

Alice and Bob will also have commit rights.

Limitations

• Currently, bazitis doesn't support everything that gitosis does, like public readonly access. This is planned for the future.
• I haven't tested bazitis with shared bzr repositories. I have no idea if it will work. If you try this, let me know how it goes.
• Bazitis works best with bzr 1.9. It works with earlier versions, but if you try to access a repository that you do no have permission for, a huge ugly exception is thrown that would probably lead a user to think something is wrong with bzr. This is handled a lot better in later versions of bzr.

And that's all. Let me know how it works out for you!