Basics and both run on

git is the user the git daemon runs as. It's home directory is at /var/git

gerrit is the user the gerrit software runs as. It's home directory is at /var/gerrit


Gerrit replicates to the git server via ssh, so /var/gerrit/.ssh and /var/git/.ssh are important. On forge the git user and it's home are important as well.

Permissions for replication are handled by two special permission groups "Forge Mirror" and "Git Mirror" (see etc/replication.config). Projects by default have proper permissions enabled. To disable replication for a (private) project one has to add a special Permission "Read Access/-1 no access" for both of these groups ("Forge Mirror" and "Git Mirror").


This is a read-only server offering the git protocol to access the repositores in /var/git/repositories. A repository must contain the git-daemon-export-ok file to be exported by the git daemon.

The configuration can be found in /etc/sv/git-daemon/run, the daemon logs to /var/log/git-daemon/current

The daemon is managed with sv, so use sv down git-daemon and svn up git-daemon to stop and start the service.

upload-archive is disabled and selectivly enabled in TYPO3v4/Core.git/config (to allow git archive --remote for the packaking team)


The web interface to git is delivered with gitweb.

The gitweb configuration is in /etc/gitweb.conf
The apache configuration is in /etc/apache2/sites-available/git
Data in /var/git/www

The Apache logs to /var/log/apache2/*.log

Gerrit is installed in /var/gerrit/review
The Apache configuration is in /etc/apache2/sites-available/review

The Apache logs to /var/log/apache2/*.log

Gerrit pushes git changes to and (in both cases using ssh to connect as the user git), the data ends up in /var/git/repositories. If you need to trigger sync manually, for example because some refs where updated manually, you can use gerrit ssh -p29418 gerrit replicate PROJECT/PATH to trigger the sync.

Custom Gerrit Version

We are using a custom gerrit version, with some patches (CSS classes, not adding e-mail on cherry-pick, enabling anon access via http)
  • This version (and diffs to the original version) can be found at
  • You can build the version by cloning it, and you need Maven 2. Then just run tools/ and upload the resulting file.

Authentication against

The Apache proxy serving gerrit authenticates against using /var/gerrit/typo3org-authentication.php. This calls to authenticate the user.

Account/group sync with (forge.)

Every 4 hours gerrit calls (/var/gerrit/sync-accounts.php && /var/gerrit/sync-groups.php && cd /var/gerrit/review && bin/ restart) via cron.

This syncs accounts from (by using and group memberships from Forge/redmine (by using[projectid], which only works for public forge projects)

git repository repacking

Every two weeks gerrit repacks the git repositories using /var/gerrit/

srv04 system setup

Installed packages (not listing automated dependencies)

When installing packages pure recommendation dependencies have been unset in most cases. non-free was added to apt sources.


From local package (downloaded from backports)


Created users

$ sudo adduser --home /var/git --shell /bin/bash --group git --system
Adding system user `git' (UID 104) ...
Adding new group `git' (GID 107) ...
Adding new user `git' (UID 104) with group `git' ...
Creating home directory `/var/git' ...
$ sudo adduser --home /var/gerrit --shell /bin/bash --group gerrit --system
Adding system user `gerrit' (UID 105) ...
Adding new group `gerrit' (GID 108) ...
Adding new user `gerrit' (UID 105) with group `gerrit' ...
Creating home directory `/var/gerrit' ...

Updated by Peter Niederlag over 10 years ago ยท 8 revisions