ParrotSecurity 4.2: Install Gerrit for Git code review

This article will describe installing Gerrit.

1 Install Gerrit

In case of personal development and closed environment, you don't have to change authentication type from "DEVELOPMENT_BECOME_ANY_ACCOUNT" which allows any remote user to access all operation.

The following script will install Gerrit.

#!/bin/sh -e

# Access to http://<hostname>:8080/.
cat <<EOF | sudo tee /etc/apt/sources.list.d/gerritforge.list
deb [trusted=yes] gerrit contrib
sudo apt update -y
sudo apt install -y openjdk-8-jdk haveged
sudo update-java-alternatives -s java-1.8.0-openjdk-amd64
sudo apt install -y gerrit
sudo systemctl enable gerrit
sudo reboot

Access to the following URL.


Welcome page is displayed.


DEVELOPMENT_BECOME_ANY_ACCOUNT can switch to all user.


"git clone" can be used via HTTP and SSH.

$ git clone http://<hostname>:8080/<project>.git
$ git clone ssh://<hostname>:49128/<project>.git

2 Change authentication type to HTTP

If there are few developer and closed environment, you can use "HTTP" as an authentication type.

"HTTP" uses the username and password of Apache digest authentication.

The following script will change authentication type to HTTP and setup Apache.

#!/bin/sh -e

FQDN=$(hostname -f)

# Make gerrit to accept only http://localhost:8080/ but to recognize
# http://<hostname>/ as web site URL.
sudo cp /etc/gerrit/gerrit.config /etc/gerrit/gerrit.config.orig
sudo sed -i /etc/gerrit/gerrit.config \
-e "s;canonicalWebUrl = .*;canonicalWebUrl = http://${FQDN}/;g" \
-e "s;listenUrl = .*;listenUrl = proxy-http://localhost:${PORT}/;g" \
-e "s;firstTimeRedirectUrl = \(.*\);;g"
# If gerrit.service is enabled and still not complete to start, wait it.
while [ "$(systemctl is-active gerrit.service)x" = "activatingx" ]; do
  sleep 1
sudo systemctl restart gerrit

# Make apache to map http://<hostname>/ to http://localhost:8080/.
sudo apt install -y apache2
sudo systemctl enable  apache2
cat <<EOF | sudo tee /etc/apache2/sites-available/gerrit.conf
ProxyPass        / http://localhost:${PORT}/ nocanon
ProxyPassReverse / http://localhost:${PORT}/ nocanon
ProxyRequests    Off

<Proxy http://localhost:${PORT}/>
  Order deny,allow
  Allow from all

<Location />
  AuthType Digest
  AuthName "gerrit"
  AuthUserFile /etc/apache2/.htdigest
  Require valid-user
sudo a2enmod proxy_http
sudo a2enmod auth_digest
sudo a2ensite gerrit
sudo systemctl restart apache2

# Add gerrit user. You need to add htdigest for each user.
sudo apt install -y expect
expect -c "
set timeout -1
spawn sudo htdigest -c /etc/apache2/.htdigest gerrit admin
expect \"New password: \"
expect \"Re-type new password: \"
expect eof
expect -c "
set timeout -1
spawn sudo htdigest /etc/apache2/.htdigest gerrit \"${USER}\"
expect \"New password: \"
expect \"Re-type new password: \"
expect eof

Access to the following URL.


Digest authentication dialog is displayed.


Also admin user cannot switch to account.


"git clone" can be used via HTTP and SSH. HTTP needs to success Apache digest authentication.

$ git clone http://<hostname>/gerrit/<project>.git
$ git clone ssh://<hostname>:49128/<project>.git

You need to add entry to htdigest for adding new user.

$ sudo htdigest /etc/apache2/.htdigest "gerrit" ${USER}
Adding user hiroom2 in realm gerrit
New password:
Re-type new password:

Success Apache digest authentication with added user.


Added user profile page is displayed.

Added user needs SSH public key and email. email must be the same with ~/.gitconfig.