ParrotSecurity 4.2: Install Gerrit for Git code review

Table of Contents

1 Install Gerrit

In case of personal development and closed environment, you don’t have to change authentication type from “DEVELOPMENT_BECOME_ANY_ACCOUNT” which allows any remote user to access all operation.

The following script will install Gerrit.

#!/bin/sh -e# Access to http://<hostname>:8080/.cat <<EOF | sudo tee /etc/apt/sources.list.d/gerritforge.listdeb [trusted=yes] gerrit contribEOFsudo apt update -ysudo apt install -y openjdk-8-jdk havegedsudo update-java-alternatives -s java-1.8.0-openjdk-amd64sudo apt install -y gerritsudo systemctl enable gerritsudo reboot

Access to the following URL.


Welcome page is displayed.


DEVELOPMENT_BECOME_ANY_ACCOUNT can switch to all user.


“git clone” can be used via HTTP and SSH.

$ git clone http://<hostname>:8080/<project>.git$ git clone ssh://<hostname>:49128/<project>.git

2 Change authentication type to HTTP

If there are few developer and closed environment, you can use “HTTP” as an authentication type.

“HTTP” uses the username and password of Apache digest authentication.

The following script will change authentication type to HTTP and setup Apache.

#!/bin/sh -eGERRIT_ADMIN_PASSWD=gerritPORT=8080FQDN=$(hostname -f)# Make gerrit to accept only http://localhost:8080/ but to recognize# http://<hostname>/ as web site URL.sudo cp /etc/gerrit/gerrit.config /etc/gerrit/gerrit.config.origsudo sed -i /etc/gerrit/gerrit.config -e “s;type = DEVELOPMENT_BECOME_ANY_ACCOUNT;type = HTTP;g” -e “s;canonicalWebUrl = .*;canonicalWebUrl = http://${FQDN}/;g” -e “s;listenUrl = .*;listenUrl = proxy-http://localhost:${PORT}/;g” -e “s;firstTimeRedirectUrl = (.*);;g”# If gerrit.service is enabled and still not complete to start, wait it.while [ “$(systemctl is-active gerrit.service)x” = “activatingx” ]; do sleep 1donesudo systemctl restart gerrit# Make apache to map http://<hostname>/ to http://localhost:8080/.sudo apt install -y apache2sudo systemctl enable apache2cat <<EOF | sudo tee /etc/apache2/sites-available/gerrit.confProxyPass / http://localhost:${PORT}/ nocanonProxyPassReverse / http://localhost:${PORT}/ nocanonProxyRequests Off<Proxy http://localhost:${PORT}/> Order deny,allow Allow from all</Proxy><Location /> AuthType Digest AuthName “gerrit” AuthUserFile /etc/apache2/.htdigest Require valid-user</Location>EOFsudo a2enmod proxy_httpsudo a2enmod auth_digestsudo a2ensite gerritsudo systemctl restart apache2# Add gerrit user. You need to add htdigest for each user.sudo apt install -y expectexpect -c “set timeout -1spawn sudo htdigest -c /etc/apache2/.htdigest gerrit adminexpect “New password: “send “${GERRIT_ADMIN_PASSWD}n”expect “Re-type new password: “send “${GERRIT_ADMIN_PASSWD}n”expect eof”expect -c “set timeout -1spawn sudo htdigest /etc/apache2/.htdigest gerrit “${USER}”expect “New password: “send “${GERRIT_ADMIN_PASSWD}n”expect “Re-type new password: “send “${GERRIT_ADMIN_PASSWD}n”expect eof”

Access to the following URL.


Digest authentication dialog is displayed.


Also admin user cannot switch to account.


“git clone” can be used via HTTP and SSH. HTTP needs to success Apache digest authentication.

$ git clone http://<hostname>/gerrit/<project>.git$ git clone ssh://<hostname>:49128/<project>.git

You need to add entry to htdigest for adding new user.

$ sudo htdigest /etc/apache2/.htdigest “gerrit” ${USER}Adding user hiroom2 in realm gerritNew password:Re-type new password:

Success Apache digest authentication with added user.


Added user profile page is displayed.

Added user needs SSH public key and email. email must be the same with ~/.gitconfig.


Android | Linux | SDL - Narrow Escape