From Fedora Project Wiki
m (→‎Cloning your repository: Use $(git --exec-path) to handle older and newer systems, where the path may differ)
(Added note about not editing authorized_keys manually.)
(24 intermediate revisions by 18 users not shown)
Line 4: Line 4:


This page covers the details on how to obtain and use your personal
This page covers the details on how to obtain and use your personal
space on [http://fedorapeople.org fedorapeople.org] , which is a site where Fedora
space on [http://fedorapeople.org fedorapeople.org], a site where Fedora
contributors can upload files for sharing out with the world. It is
contributors can upload files to share with the world. It is
perfect for uploading specfiles, srpms, patches, personal repository etc, etc.
perfect for uploading specfiles, SRPMs, patches, or personal Git repositories.


== Allowable content ==
== Forbidden contents ==


Please don't distribute anything on fedorapeople.org that Fedora itself cannot distribute for legal reasons. Nothing on the [http://fedoraproject.org/wiki/ForbiddenItems ForbiddenItems] list or otherwise non distributable by Fedora.  
* Do NOT distribute anything on fedorapeople.org that Fedora itself cannot distribute for legal reasons. Nothing on the [[ForbiddenItems]] list or otherwise non distributable by Fedora.
* Do NOT upload your private ssh keys. While the Fedora Infrastructure Team works hard on keeping the servers secure, break ins will happen and private keys uploaded can be downloaded and brute-forced easily. Private .ssh keys found during an audit will be deleted.


== Accessing Your fedorapeople.org Space ==
== Accessing Your fedorapeople.org Space ==


# You need an active [https://admin.fedoraproject.org/accounts/ Fedora account]
# You need an active [https://admin.fedoraproject.org/accounts/ Fedora account]
# You must be sponsored in a group (other than the CLA groups)
# You must be part of at least one group (other than the CLA group) in the Fedora account system. Often annotated as CLA+1
 
# You need to generate a ssh key (ssh-keygen -t rsa).
# You need to generate a ssh key (ssh-keygen -t rsa).
# Upload that ssh key into your Fedora account. To upload, [https://admin.fedoraproject.org/accounts/user/edit visit this link] and select your key file using the ''Public RSA SSH key'' field. Normally your key is stored in your home directory under ''.ssh/id_rsa.pub''. The ssh key gets activated an hour after you upload it.
# Upload the ssh key into your Fedora account. To upload, [https://admin.fedoraproject.org/accounts/user/edit visit this link] and select your key file using the ''Public RSA SSH key'' field. Oftentimes, your public key can be found in your home directory under ''.ssh/id_rsa.pub''. The ssh key will become activated an hour after it is uploaded.
# To connect, use the ssh key you uploaded into your Fedora account:<pre>ssh -i ~/.ssh/id_rsa <your_fedora_id>@fedorapeople.org</pre>
# To connect, use the ssh key you uploaded into your Fedora account: <pre>ssh -i ~/.ssh/id_rsa <your_username>@fedorapeople.org</pre>


This step can also be done via [https://admin.fedoraproject.org/accounts/ Fedora account.]  
{{admon/important | Updating your SSH public key | If you want to update your SSH public key in fedorapeople.org, do NOT manually edit your .ssh/authorized_keys file.  Go through [https://admin.fedoraproject.org/accounts/user/edit the usual FAS account edit page] and wait for it to be updated, or you will be locked out of your account.}}
 
# While logged in, click on "My Account" on the side bar.
# Select "edit" link next to "Account Details."
# Type the following in the "Public RSA SSH Key:" field:<pre>~/.ssh/id_rsa.pub</pre>
# Click the "Save!" button.
# Verify your success. You will see "ssh-rsa" followed by alpha numeric string in "Public SSH Key:" field of your Account Details.


== Common Answers ==
== Common Answers ==


* Each Fedora contributor has 2000000 KiB (approximately 1954 MiB) of quota-controlled space.
* Each Fedora contributor has 2000000 KiB (approximately 1954 MiB) of quota-controlled space.
* If you run out of space you should: clean up stuff you don't need. If you cannot clean up anything then you should contact fedora infrastructure to raise your quota.
* If you run out of space you should clean up files you don't need. If you cannot clean anything up, you should contact Fedora Infrastructure to raise your quota.
* To make a publicly viewable space, create a <code>public_html</code> directory.
* To make a publicly viewable space, create a <code>public_html</code> directory.
* Fedora people is NOT to be used for development or creating repositories on. Repositories will need to be created elsewhere and uploaded via scp or rsync.
* Fedora people is NOT to be used for development or repository creation. Repositories will need to be created elsewhere and uploaded via scp or rsync.
* DO NOT try to use sudo to install packages you "need." Unless you are in the Infrastructure group, and have gotten approval from sysadmin-main, extra packages are not to be installed on fedorapeople.
* DO NOT try to use sudo to install packages you "need". Unless you are in the Infrastructure group and have gotten approval from sysadmin-main, extra packages are not to be installed on fedorapeople.
* Upload files using scp, sftp, or rsync.
* Upload files using scp, sftp, or rsync.
{{admon/tip | Using Nautilus | If you use GNOME, visit [[Infrastructure/fedorapeople.org/Connecting_with_Nautilus | this page]] for an easy way to connect to your fedorapeople.org space.}}
{{admon/tip | Using Nautilus | If you use GNOME, visit [[Infrastructure/fedorapeople.org/Connecting_with_Nautilus | this page]] for an easy way to connect to your fedorapeople.org space.}}


{{admon/tip | Using Dolphin or Konqueror | If you use KDE, type <code>sftp://your_username@fedorapeople.org</code> in your file manager address bar for an easy way to connect to your fedorapeople.org space.}}
{{admon/tip | Using Dolphin or Konqueror | If you use KDE, type <code>sftp://your_username@fedorapeople.org</code> in your file manager address bar for an easy way to connect to your fedorapeople.org space.}}
{{admon/tip | Using Thunar | If you use XFCE, type <code>ctrl+l</code> to bring up the Open Location Dialogue and then enter <code>sftp://your_username@fedorapeople.org/home/fedora/your_username</code> in Location field for an easy way to connect to your fedorapeople.org space. PCManFM also works}}


To copy files from the command line, you can use scp
To copy files from the command line, you can use scp


<pre>
<pre>
scp /path/to/file your_fedora_username@fedorapeople.org:/home/fedora/your_fedora_username/public_html
scp /path/to/file your_username@fedorapeople.org:/home/fedora/your_username/public_html
</pre>
</pre>




* Once uploaded into the users public_html directory the files are available via http at: http://your_username.fedorapeople.org/.
* Once files are uploaded into the user's public_html directory, the files will become available at: http://your_username.fedorapeople.org/.
* Give other users access to read/write/etc files by using extended acls. Read man pages for setfacl and getfacl for adding them to your dirs/files. This gives the user jkeating read and write access to <code>file</code>:
* Give other users access to read/write/etc files by using extended acls. Read man pages for setfacl and getfacl for adding them to your dirs/files. This gives the user "your_username" read and write access to <code>file</code>:


<pre>setfacl -m u:jkeating:rw file</pre>
<pre>setfacl -m u:your_username:rw file</pre>


== ''BETA'' git hosting support ==
== fedora people git hosting support ==


fedorapeople.org now has support for hosting git repositories including accessing them via the git:// protocol for anonymous downloads as well as providing gitweb.  ''This should be considered beta.''
fedorapeople.org now has support for hosting git repositories. This includesaccess via the git:// protocol for anonymous downloads as well as providing the cgit web interface.


Here is a quick rundown of how to get started using git on fedorapeople.org.  It assumes that you are already somewhat familiar with git.  You might want to take a look at the [[Git quick reference]].
Here is a quick rundown of how to get started with git on fedorapeople.org.  It assumes that you are already somewhat familiar with git.  You might want to take a look at the [[Git quick reference]].


=== Create a <code>~/public_git</code> directory on fedorapeople.org ===
=== Create a <code>~/public_git</code> directory on fedorapeople.org ===


<pre>ssh your_fedora_username@fedorapeople.org "mkdir ~/public_git; restorecon -Rv ~/public_git"</pre>
<pre>ssh your_username@fedorapeople.org "mkdir ~/public_git; /sbin/restorecon -Rv ~/public_git"</pre>


=== Creating a new git repository in <code>~/public_git</code> ===
=== Creating a new git repository in <code>~/public_git</code> ===
Line 68: Line 66:
<pre>
<pre>
git init --bare repo.git
git init --bare repo.git
scp -r repo.git/ your_fedora_username@fedorapeople.org:~/public_git/
scp -r repo.git/ your_username@fedorapeople.org:~/public_git/
</pre>
</pre>


This creates a ''bare'' repository (i.e. a repository that has no working directory).  It contains just the files that are part of the <code>.git</code> directory of a ''non-bare'' git repository (the kind most users are accustomed to seeing).
This creates a ''bare'' repository (i.e. a repository that has no working directory).  It contains just the files that are part of the <code>.git</code> directory of a ''non-bare'' git repository (the kind most users are accustomed to seeing).


{{admon/important|Repository name must end with .git|Gitweb will not list repos that do not end in <code>.git</code>.|}}
{{admon/important|Repository name must end with .git|cgit will not list repos that do not end in <code>.git</code>.|}}
 
Additionally if you wish your repository to show up in the cgit web interface, you must:
 
<pre>
touch ~/public_git/yourgitrepo.git/git-daemon-export-ok
</pre>
 
For any repositories you wish to appear there by default.


=== Uploading an existing repository to <code>~/public_git</code> ===
=== Uploading an existing repository to <code>~/public_git</code> ===
Line 81: Line 87:
<pre>
<pre>
git clone --bare /path/to/local/repo repo.git
git clone --bare /path/to/local/repo repo.git
touch repo.git/git-daemon-export-ok
scp -r repo.git/ your_username@fedorapeople.org:public_git/
scp -r repo.git/ your_fedora_username@fedorapeople.org:public_git/
</pre>
</pre>


The caveats from the previous section apply here as well.
The caveats from the previous section apply here as well.


=== Pushing to your repository ===
=== Pushing to your repository ===
Line 94: Line 98:
<pre>
<pre>
cd /path/to/local/repo
cd /path/to/local/repo
git remote add fedorapeople your_fedora_username@fedorapeople.org:public_git/repo.git
git remote add fedorapeople your_username@fedorapeople.org:public_git/repo.git
git push --mirror fedorapeople
git push --mirror fedorapeople
</pre>
</pre>
Line 112: Line 116:
To clone your repository, use a command similar to:
To clone your repository, use a command similar to:


<pre>git clone git://fedorapeople.org/~your_fedora_username/repo.git</pre>
<pre>git clone git://fedorapeople.org/~your_username/repo.git</pre>




Line 118: Line 122:


<pre>
<pre>
ssh ~your_fedora_username@fedorapeople.org
ssh your_username@fedorapeople.org
cd ~/public_git/repo.git/hooks
cd ~/public_git/repo.git/hooks
ln -svbf $(git --exec-path)/git-update-server-info post-update
ln -svbf $(git --exec-path)/git-update-server-info post-update
Line 135: Line 139:
You can clone your repository over http:// with a command similar to:
You can clone your repository over http:// with a command similar to:


<pre>git clone http://your_fedora_username.fedorapeople.org/git/repo.git/</pre>
<pre>git clone http://your_username.fedorapeople.org/git/repo.git/</pre>




{{admon/tip|git:// versus http://|Only clone via http:// if you are behind a firewall that prevents git:// from working.  The git:// protocol is faster and more efficient than the http:// protocol for git usage.}}
{{admon/tip|git:// versus http://|Only clone via http:// if you are behind a firewall that prevents git:// from working.  The git:// protocol is faster and more efficient than the http:// protocol for git usage.}}


=== Browsing your project via gitweb ===
=== Browsing your project via cgit ===


You can see your project listed in [http://fedorapeople.org/gitweb gitweb] once the project list updates.  This happens hourly.  ''Note that the gitweb URL may change.''
You can see your project listed in [http://fedorapeople.org/cgit cgit] once the project list updates.  This happens hourly.   




{{admon/tip|Repository description|You can set the description for the repository that is displayed in gitweb by editing the <code>description</code> file in your repository.}}
{{admon/tip|Repository description|You can set the description for the repository that is displayed in cgit by editing the <code>description</code> file in your repository.}}


=== Shared repository ===


{{admon/tip|Repository URLs|The URLs gitweb shows for your repository by default are incorrect (since the introduction of the service in mid-2008, last checked 2010-08-11). You can work around that by adding a file <code>cloneurl</code> to your repository which contains working URLs.
If you want to give access to your repository to other users you can do this with ACLs.


Default broken URLs:
  setfacl -R -m u:<user>:rwX <repo.git>
<pre>
  find <repo.git> -type d | xargs setfacl -R -m d:u:<user>:rwX
git://fedorapeople.org/home/fedora/your_fedora_username/public_git/repo.git
 
ssh://fedorapeople.org/home/fedora/your_fedora_username/public_git/repo.git
 
</pre>
=== Enable per-repo upload-archive ===


Write these URLs into the <code>cloneurl</code> file to work around that:
If you want to allow your repository to be accessible via <code>git archive --remote </code>, you will need to set set the following in your repostiory's config file:
<pre>
git://fedorapeople.org/~your_fedora_username/repo.git
ssh://fedorapeople.org/~your_fedora_username/public_git/repo.git
</pre>


}}
  [daemon] 
  uploadarch = true


[[Category:Infrastructure]]
[[Category:Infrastructure]]
== Policies ==
=== Viruses ===
Fedorapeople.org servers are regularly scanned for viruses, including people's home directories, because of the nature of providing download of user-uploaded files on a Fedora domain name.
As soon as a virus is reported by the scanners, they will be scanned again by another scanner to make sure they're actual viruses (and not just an overly active scanner).
If the second opinion also reports the file as being a virus, the file will be moved to a non-public facing directory, and the owner will be notified.
If the user has not yet responded after a week, the file will be deleted.

Revision as of 13:39, 12 August 2016

fedorapeople.org

This page covers the details on how to obtain and use your personal space on fedorapeople.org, a site where Fedora contributors can upload files to share with the world. It is perfect for uploading specfiles, SRPMs, patches, or personal Git repositories.

Forbidden contents

  • Do NOT distribute anything on fedorapeople.org that Fedora itself cannot distribute for legal reasons. Nothing on the ForbiddenItems list or otherwise non distributable by Fedora.
  • Do NOT upload your private ssh keys. While the Fedora Infrastructure Team works hard on keeping the servers secure, break ins will happen and private keys uploaded can be downloaded and brute-forced easily. Private .ssh keys found during an audit will be deleted.

Accessing Your fedorapeople.org Space

  1. You need an active Fedora account
  2. You must be part of at least one group (other than the CLA group) in the Fedora account system. Often annotated as CLA+1
  1. You need to generate a ssh key (ssh-keygen -t rsa).
  2. Upload the ssh key into your Fedora account. To upload, visit this link and select your key file using the Public RSA SSH key field. Oftentimes, your public key can be found in your home directory under .ssh/id_rsa.pub. The ssh key will become activated an hour after it is uploaded.
  3. To connect, use the ssh key you uploaded into your Fedora account:
    ssh -i ~/.ssh/id_rsa <your_username>@fedorapeople.org
Important.png
Updating your SSH public key
If you want to update your SSH public key in fedorapeople.org, do NOT manually edit your .ssh/authorized_keys file. Go through the usual FAS account edit page and wait for it to be updated, or you will be locked out of your account.

Common Answers

  • Each Fedora contributor has 2000000 KiB (approximately 1954 MiB) of quota-controlled space.
  • If you run out of space you should clean up files you don't need. If you cannot clean anything up, you should contact Fedora Infrastructure to raise your quota.
  • To make a publicly viewable space, create a public_html directory.
  • Fedora people is NOT to be used for development or repository creation. Repositories will need to be created elsewhere and uploaded via scp or rsync.
  • DO NOT try to use sudo to install packages you "need". Unless you are in the Infrastructure group and have gotten approval from sysadmin-main, extra packages are not to be installed on fedorapeople.
  • Upload files using scp, sftp, or rsync.
Idea.png
Using Nautilus
If you use GNOME, visit this page for an easy way to connect to your fedorapeople.org space.
Idea.png
Using Dolphin or Konqueror
If you use KDE, type sftp://your_username@fedorapeople.org in your file manager address bar for an easy way to connect to your fedorapeople.org space.
Idea.png
Using Thunar
If you use XFCE, type ctrl+l to bring up the Open Location Dialogue and then enter sftp://your_username@fedorapeople.org/home/fedora/your_username in Location field for an easy way to connect to your fedorapeople.org space. PCManFM also works

To copy files from the command line, you can use scp

scp /path/to/file your_username@fedorapeople.org:/home/fedora/your_username/public_html


  • Once files are uploaded into the user's public_html directory, the files will become available at: http://your_username.fedorapeople.org/.
  • Give other users access to read/write/etc files by using extended acls. Read man pages for setfacl and getfacl for adding them to your dirs/files. This gives the user "your_username" read and write access to file:
setfacl -m u:your_username:rw file

fedora people git hosting support

fedorapeople.org now has support for hosting git repositories. This includesaccess via the git:// protocol for anonymous downloads as well as providing the cgit web interface.

Here is a quick rundown of how to get started with git on fedorapeople.org. It assumes that you are already somewhat familiar with git. You might want to take a look at the Git quick reference.

Create a ~/public_git directory on fedorapeople.org

ssh your_username@fedorapeople.org "mkdir ~/public_git; /sbin/restorecon -Rv ~/public_git"

Creating a new git repository in ~/public_git

As an example, here is one method to create an empty repository on your local system and upload it:

git init --bare repo.git
scp -r repo.git/ your_username@fedorapeople.org:~/public_git/

This creates a bare repository (i.e. a repository that has no working directory). It contains just the files that are part of the .git directory of a non-bare git repository (the kind most users are accustomed to seeing).

Important.png
Repository name must end with .git
cgit will not list repos that do not end in .git.

Additionally if you wish your repository to show up in the cgit web interface, you must:

touch ~/public_git/yourgitrepo.git/git-daemon-export-ok

For any repositories you wish to appear there by default.

Uploading an existing repository to ~/public_git

If you have an existing repository you want to use on fedorapeople, you can do so easily:

git clone --bare /path/to/local/repo repo.git
scp -r repo.git/ your_username@fedorapeople.org:public_git/

The caveats from the previous section apply here as well.

Pushing to your repository

To push changes from a local repository:

cd /path/to/local/repo
git remote add fedorapeople your_username@fedorapeople.org:public_git/repo.git
git push --mirror fedorapeople

This creates a mirror of your local repository. All of the branches and tags in the local repository will be pushed to the fedorapeople repository.

If you only want to push selected branches, amend the git push example. For example, to push only your local master branch:

git push fedorapeople master


Idea.png
Allowing others to push
You can allow other fedorapeople.org users to push to your repository using extended acls (see setfacl(1) for details). However, if you have many others working on your project, using Fedora Hosted is strongly preferred.


Cloning your repository

To clone your repository, use a command similar to:

git clone git://fedorapeople.org/~your_username/repo.git


It is also possible to clone your project via the http:// protocol. In order for this to work, you must arrange to have git-update-server-info run whenever you update your repository. Typically, this is done with a post-update hook script. However, the user home directories on fedorapeople.org are mounted with the noexec option, which prevents the script from running. Instead, you may create a symbolic link to git-update-server-info in the hooks directory of your repository:

ssh your_username@fedorapeople.org
cd ~/public_git/repo.git/hooks
ln -svbf $(git --exec-path)/git-update-server-info post-update
git update-server-info


You also need to create a link from ~/public_html/git to ~/public_git:

cd ~/public_html
ln -svbf ../public_git git


You can clone your repository over http:// with a command similar to:

git clone http://your_username.fedorapeople.org/git/repo.git/


Idea.png
git:// versus http://
Only clone via http:// if you are behind a firewall that prevents git:// from working. The git:// protocol is faster and more efficient than the http:// protocol for git usage.

Browsing your project via cgit

You can see your project listed in cgit once the project list updates. This happens hourly.


Idea.png
Repository description
You can set the description for the repository that is displayed in cgit by editing the description file in your repository.

Shared repository

If you want to give access to your repository to other users you can do this with ACLs.

 setfacl -R -m u:<user>:rwX <repo.git>
 find <repo.git> -type d | xargs setfacl -R -m d:u:<user>:rwX


Enable per-repo upload-archive

If you want to allow your repository to be accessible via git archive --remote , you will need to set set the following in your repostiory's config file:

  [daemon]   
  uploadarch = true


Policies

Viruses

Fedorapeople.org servers are regularly scanned for viruses, including people's home directories, because of the nature of providing download of user-uploaded files on a Fedora domain name. As soon as a virus is reported by the scanners, they will be scanned again by another scanner to make sure they're actual viruses (and not just an overly active scanner). If the second opinion also reports the file as being a virus, the file will be moved to a non-public facing directory, and the owner will be notified. If the user has not yet responded after a week, the file will be deleted.