Code review with Gerrit

edit

What is Gerrit?

edit

Gerrit is a free, web-based collaborative code review tool that integrates with Git. It has been developed at Google by Shawn Pearce (co-author of Git, founder of JGit) for the development of the Android project.

Starting from a set of patches for Rietveld, it became a fork and evolved into a full blown project when ACL patches wouldn't be merged into Rietveld by its author, Guido van Rossum.

Originally written in Python like Rietveld, it is now written in Java (Java EE Java Servlet) with SQL since version 2.


Set Up SSH Keys in Gerrit

edit

We use SSH keys to establish a secure connection between your computer and Gerrit. Setting them up is fairly easy, but does involve a number of steps.

To make sure you generate a brand new key, you need to check if one already exists. First, you need to open Terminal.app, usually found at /Applications/Utilities

File:Bootcamp 1 mac terminal.jpg

Generate a new SSH key

edit

To generate a new SSH key, enter the code below. We want the default settings so when asked to enter a file in which to save the key, just press enter.

ssh-keygen -t rsa -C "your_email@youremail.com"

Assign the pass phrase (press [enter] key twice if you don't want a passphrase).

Why do passphrases matter?
edit

Passwords aren’t very secure, you already know this. If you use one that’s easy to remember, it’s easier to guess or brute-force (try many options until one works). If you use one that’s random it’s hard to remember, and thus you’re more inclined to write the password down. Both of these are Very Bad Things™. This is why you’re using ssh keys.

But using a key without a passphrase is basically the same as writing down that random password in a file on your computer. Anyone who gains access to your drive has gained access to every system you use that key with. This is also a Very Bad Thing™. The solution is obvious: add a passphrase.

But I don’t want to enter a long passphrase every time I use the key!
edit

Neither do we! Thankfully, there’s a nifty little tool called ssh-agent that can save your passphrase securely so you don’t have to re-enter it. If you’re on OSX Leopard or later your keys can be saved in the system’s keychain to make your life even easier.

Which should give you something like this: File:Ssh-keygen -t rsa -C "your email@youremail.com".png

It will create 2 files in ~/.ssh directory as follows:

~/.ssh/id_rsa : identification (private) key
~/.ssh/id_rsa.pub : public key

Add your SSH key

edit

Open the id_rsa.pub file with a text editor (Notepad, TextEdit, or gedit will do just fine). This is your public SSH key. You may need to turn on “view hidden files” to find it because the .ssh directory is hidden. It’s important you copy your SSH key exactly as it is written without adding any newlines or whitespace. Now paste it into the “Key” field.

cat /home/preilly/.ssh/id_rsa.pub

File:Cat id rsa.pub.png

Can’t view hidden files? Other ways to copy:
edit

OSX

$ pbcopy < ~/.ssh/id_rsa.pubCopies the contents of the id_rsa.pub file to your clipboard

Windows You can open Git Gui, go to Help > Show Key, and then press Copy To Clipboard to copy your public key to your clipboard

Linux

$ sudo apt-get install xclipDownloads and installs xclip
$ xclip -sel clip < ~/.ssh/id_rsa.pub

Log into the web interface for gerrit. Click on Settings then SSH Public Keys then add your key.

Discussion

edit

Any questions or would you like to take the test?