1 This guide is to help you if:
3 * you are a distro which is a downstream of Debian (directly
6 * you want to publish source packages as well as git branches
12 There are various options for the git server, depending on how much
13 you trust your uploaders. There are four levels of trust and
18 For use when uploaders have shell accounts on the server and you
19 trust them completely. You then do not need to install any special
20 software on the server.
24 Your uploaders do not (necessarily) have shell accounts.
25 You will need to collect their ssh keys and also their PGP
26 signing keys. You can restrict uploads on a per-package
27 per-key basis by using the Debian `dm.txt' format.
29 dgit-repos-server + policy hook
31 You want to impose additional policy. For example, Debian's
32 copyright review process means that uploads of new packages are
33 initially not public: dgit-repos-policy-debian is an example.
37 From the dgit client's point of view, the dgit git server is a git
38 server accessed by ssh (when pushing) or https (when fetching).
39 You may use anything that has the right properties for your needs.
40 dgit primarily authenticates pushes by signing tags, so your
41 software will probably need to check and verify that tag
42 appropriately before accepting a push. dgit-repos-server knows how
45 Set up your git server, as follows:
49 Make a suitable (sub)directory. You should create a _template.git
50 bare repo, with appropriate permissions. When new packages are
51 uploaded, this _template.git will be copied. You will probably
52 want to set core.sharedRepository in the template, and/or arrange
53 for personal groups and 002 umask.
57 Additionally, install dgit-infrastructure. Create a service
58 account `dgit' on the server. For each authorised uploader, put
59 their ssh key in dgit's authorized_keys file, with a
60 restricted_command specifying the dgit-repos-server invocation.
61 Put the keyring where dgit-repos-server can find it.
62 Consult the comment at the top of dgit-repos-server for the
63 restricted command rune.