Few tips for CentOS

Question

Few tips for CentOS

mtarlac opened this issue 11 years ago · 5 comments

Sorry for bothering but I have a few notes:

/sbin/nologin doesn't work so I had to do:

usermod -s /bin/bash git

Also, I had a problem with update hook which is enabled by default.

mv update update.sample1

(disable update hook)

For self signed certificates (before you do this, please see my last comment on this issue):

git config http.sslVerify false

or

export GIT_SSL_NO_VERIFY=1

Answer 1 · 2014-04-20T23:42:13.000Z

Thanks for the tips.
I was having the following error when pushing to my remote.

fatal: protocol error: bad line length character: This

The usermod -s /bin/bash git did the trick to me. CentOS 6.2

Answer 2 · 2014-04-21T07:21:43.000Z

Yeap, I'm aware of the push issue, I'll update the guide probably today along with other fixes :)

About hooks, what was the problem you encountered? That's the first time I ever heard of this.

For self signed certificate, disabling ssl in git, is malpractice security-wise. There is a thread with many solutions proposed https://github.com/gitlabhq/gitlabhq/issues/4272. We should probably make a doc with this info.

Answer 3 · 2014-04-21T09:57:41.000Z

=============== Regarding SSL

#git push -u origin master
error: server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none while accessing https://git.MYDOMAIN.com/root/MYPROJECT.git/info/refs?service=git-receive-pack
fatal: HTTP request failed

/etc/ssl/certs/ca-certificates.crt seems like "hard coded"

grep -r ca-certificates git/
git/gitlab/vendor/bundle/ruby/2.0.0/gems/oauth-0.4.7/lib/oauth/consumer.rb: CA_FILES = %w(/etc/ssl/certs/ca-certificates.crt /usr/share/curl/curl-ca-bundle.crt)
git/gitlab/vendor/bundle/ruby/2.0.0/gems/httparty-0.13.0/lib/httparty.rb: # ssl_ca_file '/etc/ssl/certs/ca-certificates.crt'

Also, when I try to clone project

git clone http://git.MYDOMAIN.com/root/MYPROJECT.git
Cloning into 'MYPROJECT'...
error: server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none while accessing http://git.MYDOMAIN.com/root/MYPROJECT.git/info/refs?service=git-upload-pack
fatal: HTTP request failed

============== Regarding hook
Sorry I didn't copied the exact error but now when I renamed back the "update" hook, everything seems fine.

Answer 4 · 2014-04-21T12:23:55.000Z

Ok seems I found a problem... The problem was on my side... I didn't have imported crt file from server.

As root on client host:

 cd /usr/share/ca-certificates/
 mkdir git.MYDOMAIN.com
 cd git.MYDOMAIN.com
 scp git.MYDOMAIN.com:/path/to/cert.crt .
 vi /etc/ca-certificates.conf

Add:

git.MYDOMAIN.com/cert.crt

Save file and execute:

update-ca-certificates

You should get something like:

Updating certificates in /etc/ssl/certs... 1 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d....
Adding debian:git.MYDOMAIN.com.pem
done.
done.

Thanks

Answer 5 · 2014-04-21T12:57:56.000Z

@mtarlac thanks for the valuable feedback! I'll make sure to add it somewhere :) Closing this for now.