subogero linux blog

See the new Corporate Git pages!

It’s about setting up git repos in Windows XP boxes, shared among each other via Cygwin/OpenSSH.

---

previous – home – next

---

We’ve arrived to the most exciting part: You may not be aware, but by now the “bar.baz” machine is a minor git-hub!

You’re still Master Foo, you already have an exciting project stored on your machine in git in “~/eggs/” (you’re a Cygwin user, obviously). The eggs are becoming popular within the corporation and you want to involve more developers. Here is how it goes:

MasterFoo@foo ~$ ssh git@bar.baz
Last login: ...
git@bar ~$ mkdir eggs.git && cd eggs.git
git@bar ~/eggs$ git --bare init
Initialized empty Git repository in /home/git/eggs/
git@bar ~/eggs$ exit
logout
connection to bar closed.
MasterFoo@foo ~$ cd eggs
MasterFoo@foo ~/eggs$ git remote add origin ssh://git@bar.baz/~/eggs.git
MasterFoo@foo ~/eggs$ git push origin master

A bare repo has no working tree. So the magic stuff is not in “~/eggs/.git/” but directly in “~/eggs.git/”. It’s a convention that bare repositories’ names should end with the “.git” extension.

Older versions of git allowed pushing into a non-bare repo. But push just updates the history and the HEAD, leaving a) the index and the working files intact b) the local repo-user in a severe shock. So it’s no more allowed from git 1.7.0. Bare repos are just a push-pull hub.

Now even the local MCSE can collaborate with you if he uses Cygwin and gives his public key to the owner of “bar.baz”.

MCSE@mcse ~$ git clone ssh://git@bar.baz/~/eggs.git
Initialized empty Git repo...
...
MCSE@mcse ~$ cd eggs
MCSE@mcse ~/eggs$ echo '# Even MCSEs love Unix' >> eggs
MCSE@mcse ~/eggs$ git commit -a -m "MCSEs love Unix"
MCSE@mcse ~/eggs$ git push origin master

Now you probably see how, with a bit more sophisticated handling of users, you could build your own Guerrilla GitHub. All you need is Cygwin. Have fun!

---

previous – home – next

---

Generating Keys for the ssh Client

Let’s say you’re Master Foo, and want to connect as user “git” to the machine described in the previous chapters, which we’ll call “bar.baz”.

You need a private/public key pair. You can give your public key to the whole world. They can encrypt stuff with it for you which, in turn, can be decoded only with your private key. So guard your private key with your life and, preferably, with a passphrase.

$ ssh-keygen

Accept the default location for the private key: ~/.ssh/id_rsa
When prompted for the passphrase, enter it twice. The passphrase actually encrypts your private key, so even if someone steals the file, he cannot use it.

When finished, your keys are saved in

~/.ssh/id_rsa
~/.ssh/id_rsa.pub

Logging in

Give your public key “id_rsa.pub” to the owner of the “bar.baz” box. If he trusts you, he’ll append it to “/home/git/.ssh/authorized_keys”. Once that done you can

$ ssh git@bar.baz

and after entering your private key’s passphrase, you’re logged in, and you can do whatever you want or, rather, whatever you’re allowed to. Done!

Using ssh-agent

Nearly. After a while, you’ll find find it cumbersome having to enter your passphrase every time you log in to “bar.baz”. Or every time you push or pull in git terms. But fear not, only believe!

The wise elders of OpenBSD have developed the ssh-agent to avoid this. You run your Cygwin session under its protection, and you’ll have to enter your passphrase just once at the start of your first bash after power-on. Add this to the system-wide /etc/profile

export SSH_AUTH_SOCK=/tmp/.ssh-socket

and the code below to your profile “~/.profile”. How it works is explained on Ovidiu Predescu’s excellent page. I’ve applied a minor fix. Find it!

# Start or connect to the ssh-agent
ssh-add -l >/dev/null 2>&1
if [ $? = 2 ]; then
  ssh-agent -a $SSH_AUTH_SOCK 2>/dev/null >/tmp/.ssh-script
  . /tmp/.ssh-script >/dev/null
  echo $SSH_AGENT_PID >/tmp/.ssh-agent-pid
  echo
  ssh-add
fi
# Command to stop the ssh-agent
function killssh {
  kill `cat /tmp/.ssh-agent-pid`
  rm -f /tmp/.ssh*
}

One more small gotcha: the outdated .ssh* files should be removed from /tmp during or after reboot, before starting the first Cygwin session. Preferably automatically.

---

previous – home – next

---

Start the Secure Shell Daemon (sshd) service on Windows

This will allow users on remote computers to log in to your box, get an interactive shell and do whatever they want. Or rather whatever you allow them to do. Remember? User “git” is not an admin…

There is a nice guide with a lot of troubleshooting info here.

In a nutshell. Start a Cygwin Shell window.

$ ssh-host-config -y

When prompted for “CYGWIN=”, type “tty ntsec”.

I do not allow login by password, only the public-key method. See below. So change the related line in “/etc/sshd_config” like this:

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no

Finally start the service:

cygrunsrv --start sshd

Administering users with public-key authentication

Master Foo wants to log in remotely to your box’s “git” account.
He sends you his public RSA key in any way, email, pen-drive, whatever YOU trust.
If you find Master Foo worthy, you authorize his key, and from then he will be able to log in to your “git” account via ssh without typing git’s password:

$ cat MasterFoo_rsa.pub >> /home/git/.ssh/authorized_keys

---

previous – home – next

---

Install cygwin. See cygwin.com. Follow the installation instructions. I recommend the following options:

• Install from Internet
• All Users
• Use IE5 Settings
• Select a mirror near you (if you can find out where they are!)
• Unix style linefeeds (LF)

Make sure to Select Packages below (among others) besides the Base packages:

• git (git-gui, gitk)
• mintty
• cygrunsrv
• openssh

After installation let’s sort out the home folders. Cygwin 1.7.x uses it’s own user profiles in /home (C:\WhereeverYouInstalledCygwin\home). I don’t like that. I prefer Cygwin to use the original Windows user profiles. I sorted this by mounting “D:\Documents and Settings” to “/home”. Just a simple entry to “/etc/fstab”:

D:/Documents\040and\040Settings /home ntfs binary 0 0

Now let’s get a proper semi-transparent terminal window. The icon added by the Cygwin installer starts “C:\WhereeverYouInstalledCygwin\Cygwin.bat”. This opens an interactive login shell (bash) in an ugly Windows Command prompt. To fix this, right-click the “Cygwin Bash Shell” icon, Properties. Note the minus sign at the end!

Target:    C:\WhereeverYouInstalledCygwin\bin\mintty.exe -
Start in:  C:\WhereeverYouInstalledCygwin\bin

Last but not least, let’s set up a cosy and comfortable home environment.

$ cd ~
$ echo "export EDITOR=mcedit" > .profile  # for everybody else, it's vi
$ echo 'export HISTCONTROL="ignoredups"' >> .profile

If you’ve already installed Cygwin before creating user “git” (see previous chapter), you can export the Windows user list to Cygwin.

$ cp /etc/passwd /etc/passwd.old    # backup for safety
$ mkpasswd > /etc/passwd

---

previous – home – next

---

You need to have administrator privileges on your Windows XP. If you do not, contact your IT department. If they deny it from you, look for another job immediately.

Create a user to represent the git service on your box. Right-click “My Computer”, Manage, Local Users and Groups, Users. Right-click the right pane, New User…

Let’s call it “git”. Password never expires, user does not have to (or cannot) change it. Password does not really matter, we’ll see later why.

Member of “Users”. Not an admin. We won’t let other people screw up our box completely through ssh.

It’s user profile and home folder should be the standard “D:\Documents and Settings\git” or similar (I store the user profiles on “D:\”).

Contents

Intro
Credits
Prepare Windows
Set up Cygwin
Set up the OpenSSH server – sshd
Set up the OpenSSH client – ssh and ssh-agent
Git over ssh
The big picture
Politics
git Cheat Sheet
MKS vs git

Intro

In the original spirit of the subogero linux blog, this page is aimed to be a comprehensive guide for relative Newbies to set up git servers in a (corporate) network on Windows XP boxes. After reading this, you will be pushing and pulling among each other at a rate that will baffle both your managers and your IT department.

Large corporations tend to force developers to use a) Windows, b) a centralized version control system. Life under these circumstances is miserable. To make it bearable, one needs a Unix and a cool distributed version control tool. Fortunately you can turn your Windows machine into a Unix by using Cygwin (GNU/Windows), which comes with git, the Daddy of Distribution from His Majesty Linus Torvalds himself.

Listening to the Grand Master’s speech, pushing and pulling between each other seems to be the most trivial thing on earth. Once I tried this with a slightly remote server (pun intended) using the Samba protocol. It was incredibly slow. Git only shines on the local machine. With the SMB protocol, it’s the local git that accesses the remote server ten thousand times. That’s why git’s preferred protocol is ssh: behind the scenes, you run git on the remote box as well, and the two old gits reduce network traffic to the necessary minimum.

That’s what these pages are all about: setting up ssh and git on Windows XP.

Credits

Richard Stallman – the creator of GNU
Cygwin – the GNU/Windows people
Linus Torvalds – the creator of Git
OpenBSD – the creators of OpenSSH
Nicholas Fong – a compehensive Cygwin and OpenSSH setup page
Ovidiu Predescu – ssh-agent setup on Cygwin
Tim Lucas – how to setup a new remote git repo

I’ve just measured full reboot times with Ubuntu and Windows XP on the same machine.
Bonus: reboot times with Ubuntu Jaunty on Asus UL20A laptop (its BIOS is extremely fast too).

                             Ubuntu       XP  |  Ubuntu ASUS UL20A
----------------------------------------------|-------------------
boot from BIOS until login     26 s     29 s  |                17s
boot from login until ready    16 s     39 s  |                15s
reboot until BIOS              19 s     35 s  |                12s
----------------------------------------------|-------------------
overall reboot without BIOS    63 s    103 s  |                44s

No comment.