Hi. This is part 2 of the “How to set local AOSP Gerrit server”, you might want to start with part 1 here.

In part 1 we’ve downloaded all the necessary stuff and in this post we’re going to set it all up.

First thing, let’s bootstrap Gerrit.

Let’s create a Gerrit user:

$ sudo adduser --system --shell /bin/bash --gecos 'Gerrit Code Review User' --group --disabled-password --home /home/gerrit2 gerrit2

Gerrit needs to work with a database, it support various types of database. for this tutorial I chose MySQL.
Open a shell and type the following:

$ mysql -u root -p
CREATE USER 'gerrit2'@'localhost' IDENTIFIED BY 'secret';
ALTER DATABASE reviewdb charset=latin1;
GRANT ALL ON reviewdb.* TO 'gerrit2'@'localhost';

This commands create a Gerrit user, a database and sets the required permissions for the Gerrit user.

Log in as the new user:
$ sudo su gerrit2

Copy the gerrit-2.11.war file you’ve downloaded in the previous post to gerrit2 home directory and run the following comand

$ java -jar ./gerrit-2.11.war init -d review_site

Using secure store:

*** Gerrit Code Review 2.11

Create ‘/home/gerrit2/review_site’ [Y/n]?

*** Git Repositories

Location of Git repositories [git]:

*** SQL Database

Database server type [h2]: MySQL

Gerrit Code Review is not shipped with MySQL Connector/J 5.1.21
** This library is required for your configuration. **
Download and install it now [Y/n]?
Downloading … OK
Checksum mysql-connector-java-5.1.21.jar OK
Server hostname [localhost]:
Server port [(mysql default)]:
Database name [reviewdb]:
Database username [gerrit2]: gerrit2
gerrit’s password :
confirm password :

*** Index

Type [LUCENE/?]:

*** User Authentication

Authentication method [OPENID/?]:

*** Review Labels

Install Verified label [y/N]?

*** Email Delivery

SMTP server hostname [localhost]:
SMTP server port [(default)]:
SMTP encryption [NONE/?]:
SMTP username :

*** Container Process

Run as [gerrit2]:
Java runtime [/usr/lib/jvm/java-8-openjdk-amd64/jre]:
Copy gerrit-2.11.war to /home/gerrit2/review_site/bin/gerrit.war [Y/n]?
Copying gerrit-2.11.war to /home/gerrit2/review_site/bin/gerrit.war

*** SSH Daemon

Listen on address [*]:
Listen on port [29418]:

Gerrit Code Review is not shipped with Bouncy Castle Crypto SSL v151
If available, Gerrit can take advantage of features
in the library, but will also function without it.
Download and install it now [Y/n]?
Downloading … OK
Checksum bcpkix-jdk15on-151.jar OK
Generating SSH host key … rsa… dsa… done

*** HTTP Daemon

Behind reverse proxy [y/N]?
Use SSL (https://) [y/N]?
Listen on address [*]:
Listen on port [8080]:
Canonical URL [http://ubuntu:8080/]:

*** Plugins

Installing plugins.
Install plugin download-commands version v2.11 [y/N]?
Install plugin reviewnotes version v2.11 [y/N]?
Install plugin singleusergroup version v2.11 [y/N]?
Install plugin replication version v2.11 [y/N]?
Install plugin commit-message-length-validator version v2.11 [y/N]?
Initializing plugins.
No plugins found with init steps.

Initialized /home/gerrit2/review_site
Executing /home/gerrit2/review_site/bin/ start
Starting Gerrit Code Review: OK
Waiting for server on ubuntu:8080 … OK
Opening …FAILED
Open Gerrit with a JavaScript capable browser:

Allright. We’ve got Gerrit running now.
A thing worth mentioning, the first user that logs into Gerrit becomes an admin. so make sure to login first with the administrator user.

Gerrit can work with several authentication models. I chose OpenID for this tutorial.
If you don’t have OpenID server on your machine, you can use external service such as Yahoo for instance. (Lately Google stopped supporting OpenID)

Let’s get started. open up a browser and browse to Gerrit site.

In the upper right corner you should see Register and Login links.
Register first using OpenID and log in.

Gerrit welcome screen

Now, let’s set our SSH keys so we can work from command line. we’re doing it as the Admin user for the Ubuntu Server, not as the Gerrit user.

Generate an SSH key pair by doing the following:

serveradmin@ubuntu:$ ssh-keygen <ENTER>
Generating public/private rsa key pair.
Enter file in which to save the key (/home/serveradmin/.ssh/id_rsa):  <ENTER>
Enter passphrase (empty for no passphrase): <ENTER>
Enter same passphrase again: <ENTER>
Your identification has been saved in /home/serveradmin/.ssh/id_rsa.
Your public key has been saved in /home/serveradmin/.ssh/
The key fingerprint is:
d5:7b:51:d8:22:0e:95:63:f9:0e:a2:22:1c:97:76:40 serveradmin@ubuntu
The key's randomart image is:
+---[RSA 2048]----+
| .E ..o o.|
| . ..* o..|
| o .+.+.. |
| . + ... o... |
| . + .S. ..o. |
| o . . .. |
| . . |
| |
| |

serveradmin@ubuntu:~/aosp_mirror$ cat ~/.ssh/  <ENTER>
3alu453MeWn5PrpSS5dFw/7AkBW4KMPwrOvVnu8gb9xLA0TWtPf+sQ9ROEQC5SBeO+4Q9XRNf5YaswpLj serveradmin@ubuntu

Copy the entire blob to clipboard and paste switch back to Gerrit web interface.

On the upper right corner of the screen, click on your user name and then on Settings.
On the left menu that appears click on “SSH Public Keys” and paste the blob in the white box and press add.


Let’s test that we can access Gerrit now through SSH:

ssh -p 29418 admin@localhost <ENTER> <Change "admin" to your username in gerrit>

**** Welcome to Gerrit Code Review ****

Hi Administrator, you have successfully connected over SSH.

Unfortunately, interactive shells are disabled.
To clone a hosted Git repository, use:

git clone ssh://ramon@

Connection to localhost closed.

Now when we’re logged in. let’s create two groups:

“android-admin” and “android”

The former will be used for administration, it will have permissions to review, merge, delete, etc.
The latter will have only view and submit change-set permission.

On the menu, press on People –> Create New Group
Enter in group name “android-admin” (Without the quotes)

Do this again for “android”

Now, let’s create a parent project for all the AOSP tree. All configuration we apply to that project will be inherited to the children projects. if we skip this step, all AOSP projects will inherit from the default “All-Projects” project, which is too global.

On the Gerrit GUI, Press on Project -> Create New Project.
Fill in the following:

Project Name: Android
Rights Inherit From: All-Projects

Tick the “Only Serve As Parent For Other Projects” and press on “Create Project” button.

Now, when we’ve got our parent project. let’s set it’s access permissions:

Click on Projects -> List, and select the Android project.

Click on Access and Edit.


Now it’s time to push all Android projects to gerrit.

First command will create all the projects in gerrit. it should be rather quick.\
The Second command will change the parent project for all the projects we’ve just created.
The Third command will actually push all the code into the repositories, this should take a while…

Go into the folder where you’ve mirrored Android and type:
$ repo forall -c 'echo $REPO_PATH; ssh -p 29418 admin@localhost gerrit create-project --name android/$REPO_PATH --owner android;'


$ repo forall -c 'echo $REPO_PATH; ssh -p 29418 admin@localhost gerrit set-project-parent --parent Android android/$REPO_PATH;'


Go to Projects -> List
Select Android and Press on General.
Below on the page you should find a button called “Edit Config”
Press on it and paste the following:

[access "refs/*"]
read = group android
read = group android-admin
abandon = group android-admin
push = group android-admin
pushTag = group android-admin
pushSignedTag = group android-admin
label-Code-Review = -2..+2 group android-admin
submit = group android-admin
submitAs = group android-admin
forgeAuthor = group android-admin
forgeCommitter = group android-admin
pushMerge = group android-admin
rebase = group android-admin
editTopicName = group android-admin
[access "refs/heads/*"]
label-Code-Review = -2..+2 group android-admin
label-Code-Review = -1..+1 group android
read = group android
abandon = group android
rebase = group android
submit = group android
[access "refs/tags/*"]
pushTag = group android
pushSignedTag = group android

Press on Save.

In next step, which will take some time, we’re going to push all of git tags and objects to the projects we’ve created. It may fail, but if it is, you can run it again until it succeeds. I found that increasing the Virtual machine RAM solved the issue for me.

$ repo forall -c 'echo $REPO_PATH; git push ssh://ramon@localhost:29418/android/$REPO_PATH +refs/heads/* +refs/tags/*;'

That’s it for this time, in the next part I’ll show you how to maintain the gerrit server. how to add it as a startup service, how to update the mirror and push new releases of Google in to it.


Part 3 is ready, here’s the link.


How to set local AOSP Gerrit server – Part 1

In this tutorial I’ll explain how to set a local gerrit server that hosts Android source code.

After completing the tutorial you’ll have a fully runnable local AOSP mirror with local Gerrit server.

First thing first. we need a Linux server. if you don’t have one available, you can use a pre-installed Ubuntu 15.04 Server I created – here.
Actually, this tutorial was tested on this machine, so you’re unlikely to get in trouble if you use that.

This tutorial assumes that package management is apt-get. If you’re using other, please do the appropriate adjustments.

Gerrit Prerequisites:

1. Java JDK > 1.7
2. Git
3. SSH server
4. DB

I choose to work with mySQL, put you can also work with various other DB software. consult the Gerrit documentation here.

Here is a short command to get you everything you need:

$ sudo apt-get install git openjdk-8-jre openssh-server mysql-server gitweb

Download and install Android repo

$ sudo curl > /usr/bin/repo
$ sudo chmod a+x /usr/bin

Now we need to set a local mirror of Android. It will take a while, go do something else in the meanwhile…

$ mkdir -p /usr/local/aosp/mirror
$ cd /usr/local/aosp/mirror
$ repo init -u --mirror
$ repo sync

Download Gerrit.

You’re done with part one… Jump to part two of this tutorial

How to set local AOSP Gerrit server – Part 1

AOSP code navigation with cscope

Here’s my set of commands I always use in order to tag the entire tree.

It leaves some folder such as dalvik, external & ndk behind.

find . -type f \( -name "*.java" -o -name "*.c" -o -name "*.cpp" -o -name "*.h" \) -and -not \( -path "./out/*" -o -path "./prebuilts/*" -o -path "./external/*" -o -path "./dalvik/*"  -o -path "./ndk/*"  \) > cscope.files
cscope -b -q -k
AOSP code navigation with cscope