如何在实时服务器上保护git repo

Question

Reading all the tutorials and articles on the internet. As a simple workflow, I have understood that we can create a bare repository on our live server and push updates to it from the local repo etc.

My question and concern is that since the live server will also be a Git repo and it would have the .git folder, Wouldn't that be a security problem? How to prevent access to it?

Update

Suppose my live folder on server is /www and I can access it from the browser http://myserver.com so I can also access http://myserver.com/.git/HEAD ??? How to prevent it?

Answer 1

You may want to consider separating the repository and the working tree.

For example, somewhere outside of the folder served by your Web server, run git init --bare . Then replace the config file in this directory with the following (where /path/to/web/root is the path where the files should be placed).

[core]
    repositoryformatversion = 0
    filemode = true
    bare = false
    worktree = /path/to/web/root
[receive]
    denycurrentbranch = ignore

Finally add hooks/post-receive with the following contents and mark it executable

#!/bin/sh
git checkout -f

Now whenever you push to the repository, the files will be checked out into the correct location and you never have to worry about the repository accidentally being served up.

Answer 2

Git does not care about security of accessing to your .git folders - it is your responsibility and OS enforcing access to them.

Basically, if you can ssh into your server and access .git folder - you can do whatever you want, and so does git.

There is very convenitent way to handle users, passwords, ssh key management, etc. is to install Gerrit . Gerrit is Git server implemented in Java, but it also happens to be great code review engine. Code review part is very useful, however you do not have to use it if you don't want to. You can move to use code review later, but provided git server, web ui and user/keys management, UI to control access permissions to different git repos are very nice.

Answer 3

Love the accepted answer, great example of the use of git hooks.

How I went around this problem (I also posted a question long time ago whether the website should be a repository) is, after thinking about it, I decided to create git releases, zip-em-up, and decompress into a "live" folder.

With the use of helper scripts, and git aliases, of course.

I have a couple of scripts, such as rgitpropup (which merges branches from the ground up to master, and pushes to origin) and rgitrelease, which creates a GPG signed release, uses a dir prefix as an argument, and zips it up.

I've aliased the propup script (when aliasing scripts, you prefix them with "!", btw.)

I guess with hooks you could also manage the installation/decompression into the "live" directory...

EDIT: archive is a git command, and it has built-in support for compressing to archive formats. Usually it is used in combination with the tag command, which has bult-in support for pgp/gpg signing (gpg is how digitally sign in git in general, not to be confused with sign-off)