KaliLinux 2018.2: Install Gerrit for Git code review

This article will describe installing Gerrit.

1 Install Gerrit

In case of personal development and closed environment, you don't have to change authentication type from "DEVELOPMENT_BECOME_ANY_ACCOUNT" which allows any remote user to access all operation.

The following script will install Gerrit.

#!/bin/sh -e


# Access to http://<hostname>:8080/.
cat <<EOF | sudo tee /etc/apt/sources.list.d/gerritforge.list
deb [trusted=yes] http://deb.gerritforge.com/ gerrit contrib
EOF
sudo apt update -y
sudo apt install -y openjdk-8-jdk haveged
sudo update-java-alternatives -s java-1.8.0-openjdk-amd64
sudo apt install -y gerrit
sudo systemctl enable gerrit
sudo reboot

Access to the following URL.

http://<hostname>:8080

Welcome page is displayed.

0001_Welcome.png

DEVELOPMENT_BECOME_ANY_ACCOUNT can switch to all user.

0002_auth-DEVELOPMENT_BECOME_ANY_ACCOUNT.png

"git clone" can be used via HTTP and SSH.

$ git clone http://<hostname>:8080/<project>.git
$ git clone ssh://<hostname>:49128/<project>.git

2 Change authentication type to HTTP

If there are few developer and closed environment, you can use "HTTP" as an authentication type.

"HTTP" uses the username and password of Apache digest authentication.

The following script will change authentication type to HTTP and setup Apache.

#!/bin/sh -e


GERRIT_ADMIN_PASSWD=gerrit
PORT=8080
FQDN=$(hostname -f)

# Make gerrit to accept only http://localhost:8080/ but to recognize
# http://<hostname>/ as web site URL.
sudo cp /etc/gerrit/gerrit.config /etc/gerrit/gerrit.config.orig
sudo sed -i /etc/gerrit/gerrit.config \
-e "s;type = DEVELOPMENT_BECOME_ANY_ACCOUNT;type = HTTP;g" \
-e "s;canonicalWebUrl = .*;canonicalWebUrl = http://${FQDN}/;g" \
-e "s;listenUrl = .*;listenUrl = proxy-http://localhost:${PORT}/;g" \
-e "s;firstTimeRedirectUrl = \(.*\);;g"
# If gerrit.service is enabled and still not complete to start, wait it.
while [ "$(systemctl is-active gerrit.service)x" = "activatingx" ]; do
  sleep 1
done
sudo systemctl restart gerrit

# Make apache to map http://<hostname>/ to http://localhost:8080/.
sudo apt install -y apache2
sudo systemctl enable  apache2
cat <<EOF | sudo tee /etc/apache2/sites-available/gerrit.conf
ProxyPass        / http://localhost:${PORT}/ nocanon
ProxyPassReverse / http://localhost:${PORT}/ nocanon
ProxyRequests    Off

<Proxy http://localhost:${PORT}/>
  Order deny,allow
  Allow from all
</Proxy>

<Location />
  AuthType Digest
  AuthName "gerrit"
  AuthUserFile /etc/apache2/.htdigest
  Require valid-user
</Location>
EOF
sudo a2enmod proxy_http
sudo a2enmod auth_digest
sudo a2ensite gerrit
sudo systemctl restart apache2

# Add gerrit user. You need to add htdigest for each user.
yes ${GERRIT_ADMIN_PASSWD} | \
  sudo htdigest -c /etc/apache2/.htdigest "gerrit" admin
yes ${GERRIT_ADMIN_PASSWD} | \
  sudo htdigest /etc/apache2/.htdigest "gerrit" "${USER}"

Access to the following URL.

http://<hostname>

Digest authentication dialog is displayed.

0003_DigestAuthToAdmin.png

Also admin user cannot switch to account.

0004_auth-HTTP.png

"git clone" can be used via HTTP and SSH. HTTP needs to success Apache digest authentication.

$ git clone http://<hostname>/gerrit/<project>.git
$ git clone ssh://<hostname>:49128/<project>.git

You need to add entry to htdigest for adding new user.

$ sudo htdigest /etc/apache2/.htdigest "gerrit" ${USER}
Adding user hiroom2 in realm gerrit
New password:
Re-type new password:

Success Apache digest authentication with added user.

0005_DigestAuthToUser.png

Added user profile page is displayed.

Added user needs SSH public key and email. email must be the same with ~/.gitconfig.

0006_UserProfile.png