deac/gitolite
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
gitolite/README.mkd

149 lines
6.2 KiB
Markdown
Raw Normal View History

project renamed to gitolite
2009-08-26 02:47:27 +02:00
# gitolite
added README and TODO
2009-08-24 03:59:25 +02:00
*major* doc revamp people will NOT read documentation, especially the bloody install documentation. I'm about ready to throw in the towel and declare gitolite unsupported, take-it-or-leave-it. But I'm making one last attempt to refocus the install doc to better suit the "I know I'm very smart and I dont have to read docs so it's clearly your fault that I am not able to install gitolite" crowd. As a bonus, though, I ended up making proper, hyper-linked, TOCs for most of the docs, and moved a whole bunch of stuff around. Also finally got some of the ssh stuff over from my git-notes repo because it really belongs here.
2010-05-21 14:23:05 +02:00
Gitolite is an access control layer on top of git, which allows access control
down to the branch level, including specifying who can and cannot *rewind* a
given branch.
aa ha! easy install script! src/00-easy-install.sh does *everything* needed, and it's mostly self-documented
2009-10-10 09:08:22 +02:00
almost all src/conf: logging totally redone, upgrade doc added - logs go into $GL_ADMINDIR/logs by default, named by year-month - logfile name template (including dir prefix) now in $GL_LOGT - two new env vars passed down: GL_TS and GL_LOG (timestamp, logfilename) - log messages timestamps more compact, fields tab-delimited - old and new SHAs cut to 14 characters
2009-09-06 10:04:41 +02:00
----
added README and TODO
2009-08-24 03:59:25 +02:00
In this document:
better anchors in docs: changed autotoc and ran it through all docs
2010-06-01 02:46:13 +02:00
* <a href="#what">what</a>
* <a href="#why">why</a>
* <a href="#other_features">other features</a>
* <a href="#security">security</a>
* <a href="#contact_and_license">contact and license</a>
added README and TODO
2009-08-24 03:59:25 +02:00
----
better anchors in docs: changed autotoc and ran it through all docs
2010-06-01 02:46:13 +02:00
<a name="what"></a>
*major* doc revamp people will NOT read documentation, especially the bloody install documentation. I'm about ready to throw in the towel and declare gitolite unsupported, take-it-or-leave-it. But I'm making one last attempt to refocus the install doc to better suit the "I know I'm very smart and I dont have to read docs so it's clearly your fault that I am not able to install gitolite" crowd. As a bonus, though, I ended up making proper, hyper-linked, TOCs for most of the docs, and moved a whole bunch of stuff around. Also finally got some of the ssh stuff over from my git-notes repo because it really belongs here.
2010-05-21 14:23:05 +02:00
doc fixes... - README: add a "what" section first, plus a few minor fixes - doc/5: - remove reference to obsolete ml branch URL; point it to the right place with the right section name - change text to reflect the fact that p-t-a is now the default!
2009-10-14 10:39:34 +02:00
### what
Gitolite allows a server to host many git repositories and provide access to
*major* doc revamp people will NOT read documentation, especially the bloody install documentation. I'm about ready to throw in the towel and declare gitolite unsupported, take-it-or-leave-it. But I'm making one last attempt to refocus the install doc to better suit the "I know I'm very smart and I dont have to read docs so it's clearly your fault that I am not able to install gitolite" crowd. As a bonus, though, I ended up making proper, hyper-linked, TOCs for most of the docs, and moved a whole bunch of stuff around. Also finally got some of the ssh stuff over from my git-notes repo because it really belongs here.
2010-05-21 14:23:05 +02:00
many developers, without having to give them real userids on or shell access
to the server. The essential magic in doing this is ssh's pubkey access and
the `authorized_keys` file, and the inspiration was an older program called
gitosis.
doc fixes... - README: add a "what" section first, plus a few minor fixes - doc/5: - remove reference to obsolete ml branch URL; point it to the right place with the right section name - change text to reflect the fact that p-t-a is now the default!
2009-10-14 10:39:34 +02:00
Gitolite can restrict who can read from (clone/fetch) or write to (push) a
repository. It can also restrict who can push to what branch or tag, which is
very important in a corporate environment. Gitolite can be installed without
requiring root permissions, and with no additional software than git itself
and perl. It also has several other neat features described below and
*major* doc revamp people will NOT read documentation, especially the bloody install documentation. I'm about ready to throw in the towel and declare gitolite unsupported, take-it-or-leave-it. But I'm making one last attempt to refocus the install doc to better suit the "I know I'm very smart and I dont have to read docs so it's clearly your fault that I am not able to install gitolite" crowd. As a bonus, though, I ended up making proper, hyper-linked, TOCs for most of the docs, and moved a whole bunch of stuff around. Also finally got some of the ssh stuff over from my git-notes repo because it really belongs here.
2010-05-21 14:23:05 +02:00
elsewhere in the [doc/][docs] directory.
added README and TODO
2009-08-24 03:59:25 +02:00
better anchors in docs: changed autotoc and ran it through all docs
2010-06-01 02:46:13 +02:00
<a name="why"></a>
added README and TODO
2009-08-24 03:59:25 +02:00
*major* doc revamp people will NOT read documentation, especially the bloody install documentation. I'm about ready to throw in the towel and declare gitolite unsupported, take-it-or-leave-it. But I'm making one last attempt to refocus the install doc to better suit the "I know I'm very smart and I dont have to read docs so it's clearly your fault that I am not able to install gitolite" crowd. As a bonus, though, I ended up making proper, hyper-linked, TOCs for most of the docs, and moved a whole bunch of stuff around. Also finally got some of the ssh stuff over from my git-notes repo because it really belongs here.
2010-05-21 14:23:05 +02:00
### why
added README and TODO
2009-08-24 03:59:25 +02:00
*major* doc revamp people will NOT read documentation, especially the bloody install documentation. I'm about ready to throw in the towel and declare gitolite unsupported, take-it-or-leave-it. But I'm making one last attempt to refocus the install doc to better suit the "I know I'm very smart and I dont have to read docs so it's clearly your fault that I am not able to install gitolite" crowd. As a bonus, though, I ended up making proper, hyper-linked, TOCs for most of the docs, and moved a whole bunch of stuff around. Also finally got some of the ssh stuff over from my git-notes repo because it really belongs here.
2010-05-21 14:23:05 +02:00
Gitolite is separate from git, and needs to be installed and configured. So...
why do we bother?
Gitolite is useful in any server that is going to host multiple git
repositories, each with many developers, where some sort of access control is
required.
In theory, this can be done with plain old Unix permissions: each user is a
member of one or more groups, each group "owns" one or more repositories, and
using unix permissions (especially the setgid bit -- `chmod g+s`) you can
allow/disallow users access to repos.
But there are several disadvantages here:
* every user needs a userid and password on the server. This is usually a
killer...!
* adding/removing access rights involves complex `usermod -G ...` mumblings
which most admins would rather not deal with, thanks to you-know-who
* *viewing* (aka auditing) the current set of permissions requires running
multiple commands to list directories and their permissions/ownerships,
users and their group memberships, and then correlating all these manually
* auditing historical permissions or permission changes is pretty much
impossible without extraneous tools
* errors or omissions in setting the permissions exactly can cause problems
of either kind: false accepts or false rejects
* without going into ACLs it is not possible to give someone read-only
access to a repo; they either get read-write access or no access
* it is absolutely impossible to restrict pushing by branch name or tag
name.
Gitolite does away with all this:
* it uses ssh magic to remove the need to give actual unix userids to
developers
* it uses a simple but powerful config file format to specify access rights
* access control changes are affected by modifying this file, adding or
removing user's public keys, and "compiling" the configuration
* this also makes auditing trivial -- all the data is in one place, and
changes to the configuration are also logged, so you can audit them.
* finally, the config file allows distinguishing between read-only and
read-write access, not only at the repository level, but at the branch
level within repositories.
better anchors in docs: changed autotoc and ran it through all docs
2010-06-01 02:46:13 +02:00
<a name="other_features"></a>
*major* doc revamp people will NOT read documentation, especially the bloody install documentation. I'm about ready to throw in the towel and declare gitolite unsupported, take-it-or-leave-it. But I'm making one last attempt to refocus the install doc to better suit the "I know I'm very smart and I dont have to read docs so it's clearly your fault that I am not able to install gitolite" crowd. As a bonus, though, I ended up making proper, hyper-linked, TOCs for most of the docs, and moved a whole bunch of stuff around. Also finally got some of the ssh stuff over from my git-notes repo because it really belongs here.
2010-05-21 14:23:05 +02:00
### other features
added README and TODO
2009-08-24 03:59:25 +02:00
doc fixes... - README: add a "what" section first, plus a few minor fixes - doc/5: - remove reference to obsolete ml branch URL; point it to the right place with the right section name - change text to reflect the fact that p-t-a is now the default!
2009-10-14 10:39:34 +02:00
The most important feature I needed was **per-branch permissions**. This is
pretty much mandatory in a corporate environment, and is almost the single
*major* doc revamp people will NOT read documentation, especially the bloody install documentation. I'm about ready to throw in the towel and declare gitolite unsupported, take-it-or-leave-it. But I'm making one last attempt to refocus the install doc to better suit the "I know I'm very smart and I dont have to read docs so it's clearly your fault that I am not able to install gitolite" crowd. As a bonus, though, I ended up making proper, hyper-linked, TOCs for most of the docs, and moved a whole bunch of stuff around. Also finally got some of the ssh stuff over from my git-notes repo because it really belongs here.
2010-05-21 14:23:05 +02:00
reason I started *thinking* about writing gitolite.
INSTALL and README pretty much done
2009-08-24 09:59:33 +02:00
README: added para about selective rewind, plus some minor fixes
2009-08-28 14:59:05 +02:00
It's not just "read-only" versus "read-write". Rewinding a branch (aka "non
fast forward push") is potentially dangerous, but sometimes needed. So is
deleting a branch (which is really just an extreme form of rewind). I needed
something in between allowing anyone to do it (the default) and disabling it
completely (`receive.denyNonFastForwards` or `receive.denyDeletes`).
doc/src: major doc/help text revamp also removed some dead code from compile (pre PTA days)
2009-10-30 16:55:06 +01:00
Here're **some more features**. All of them, and more, are documented in
*major* doc revamp people will NOT read documentation, especially the bloody install documentation. I'm about ready to throw in the towel and declare gitolite unsupported, take-it-or-leave-it. But I'm making one last attempt to refocus the install doc to better suit the "I know I'm very smart and I dont have to read docs so it's clearly your fault that I am not able to install gitolite" crowd. As a bonus, though, I ended up making proper, hyper-linked, TOCs for most of the docs, and moved a whole bunch of stuff around. Also finally got some of the ssh stuff over from my git-notes repo because it really belongs here.
2010-05-21 14:23:05 +02:00
detail somewhere in gitolite's [doc/][docs] subdirectory.
lots of doc changes reflecting "push to admin" is default now :) - added comments to easy install to help do it manually - README: some stuff moved to tips doc, brief summary of extras (over gitosis) added - INSTALL: major revamp, easy install and manual install, much shorter and much more readable! plus other docs changed as needed, and updated the tips doc to roll in some details from "update.mkd" in the "ml" branch
2009-10-11 05:01:59 +02:00
*major* doc revamp people will NOT read documentation, especially the bloody install documentation. I'm about ready to throw in the towel and declare gitolite unsupported, take-it-or-leave-it. But I'm making one last attempt to refocus the install doc to better suit the "I know I'm very smart and I dont have to read docs so it's clearly your fault that I am not able to install gitolite" crowd. As a bonus, though, I ended up making proper, hyper-linked, TOCs for most of the docs, and moved a whole bunch of stuff around. Also finally got some of the ssh stuff over from my git-notes repo because it really belongs here.
2010-05-21 14:23:05 +02:00
* simple, yet powerful, config file syntax, including specifying
doc fixes... - README: add a "what" section first, plus a few minor fixes - doc/5: - remove reference to obsolete ml branch URL; point it to the right place with the right section name - change text to reflect the fact that p-t-a is now the default!
2009-10-14 10:39:34 +02:00
gitweb/daemon access. You'll need this power if you manage lots of
users+repos+combinations of access
mention NAME-based restrictions in README
2010-01-15 06:10:07 +01:00
* apart from branch-name based restrictions, you can also restrict by
file/dir name changed (i.e., output of `git diff --name-only`)
lots of doc changes reflecting "push to admin" is default now :) - added comments to easy install to help do it manually - README: some stuff moved to tips doc, brief summary of extras (over gitosis) added - INSTALL: major revamp, easy install and manual install, much shorter and much more readable! plus other docs changed as needed, and updated the tips doc to roll in some details from "update.mkd" in the "ml" branch
2009-10-11 05:01:59 +02:00
* if your requirements are still too complex, you can split up the config
file and delegate authority over parts of it
*major* doc revamp people will NOT read documentation, especially the bloody install documentation. I'm about ready to throw in the towel and declare gitolite unsupported, take-it-or-leave-it. But I'm making one last attempt to refocus the install doc to better suit the "I know I'm very smart and I dont have to read docs so it's clearly your fault that I am not able to install gitolite" crowd. As a bonus, though, I ended up making proper, hyper-linked, TOCs for most of the docs, and moved a whole bunch of stuff around. Also finally got some of the ssh stuff over from my git-notes repo because it really belongs here.
2010-05-21 14:23:05 +02:00
* easy to specify gitweb owner, description and gitweb/daemon access
* easy to sync gitweb (http) authorisation with gitolite's access config
* comprehensive logging [aka: management does not think "blame" is just a
synonym for "annotate" :-)]
lots of doc changes reflecting "push to admin" is default now :) - added comments to easy install to help do it manually - README: some stuff moved to tips doc, brief summary of extras (over gitosis) added - INSTALL: major revamp, easy install and manual install, much shorter and much more readable! plus other docs changed as needed, and updated the tips doc to roll in some details from "update.mkd" in the "ml" branch
2009-10-11 05:01:59 +02:00
* "personal namespace" prefix for each dev
* migration guide and simple converter for gitosis conf file
fold rebel into master :) [please read] Well, something even more outrageous than deny rules and path-based limits came along, so I decided that "rebel" was actually quite "conformist" in comparision ;-) Jokes apart, the fact is that the access control rules, even when using deny rules and path-limits, are still *auditable*. Which means it is good enough for "corporate use". [The stuff that I'm working on now takes away the auditability aspect -- individual users can "own" repos, create rules for themselves, etc. So let's just say that is the basis of distinguishing "master" now.]
2009-12-01 02:45:05 +01:00
* "exclude" (or "deny") rights at the branch/tag level
(minor) update changelog, features lists in both readme and doc/3 (and raise the reward, though Teemu already wont it actually!)
2010-04-27 11:12:05 +02:00
* specify repos using patterns (patterns may include creator's name)
* define powerful operations on the server side, even github-like forking
lots of doc changes reflecting "push to admin" is default now :) - added comments to easy install to help do it manually - README: some stuff moved to tips doc, brief summary of extras (over gitosis) added - INSTALL: major revamp, easy install and manual install, much shorter and much more readable! plus other docs changed as needed, and updated the tips doc to roll in some details from "update.mkd" in the "ml" branch
2009-10-11 05:01:59 +02:00
better anchors in docs: changed autotoc and ran it through all docs
2010-06-01 02:46:13 +02:00
<a name="security"></a>
*major* doc revamp people will NOT read documentation, especially the bloody install documentation. I'm about ready to throw in the towel and declare gitolite unsupported, take-it-or-leave-it. But I'm making one last attempt to refocus the install doc to better suit the "I know I'm very smart and I dont have to read docs so it's clearly your fault that I am not able to install gitolite" crowd. As a bonus, though, I ended up making proper, hyper-linked, TOCs for most of the docs, and moved a whole bunch of stuff around. Also finally got some of the ssh stuff over from my git-notes repo because it really belongs here.
2010-05-21 14:23:05 +02:00
lots of doc changes reflecting "push to admin" is default now :) - added comments to easy install to help do it manually - README: some stuff moved to tips doc, brief summary of extras (over gitosis) added - INSTALL: major revamp, easy install and manual install, much shorter and much more readable! plus other docs changed as needed, and updated the tips doc to roll in some details from "update.mkd" in the "ml" branch
2009-10-11 05:01:59 +02:00
### security
Due to the environment in which this was created and the need it fills, I
(IMPORTANT; read this in full) no more "wildrepos" The wildrepos branch has been merged into master, and deleted. It will no longer exist as a separate branch. Instead, a new variable called $GL_WILDREPOS has been added which acts as a switch; when off (which is the default), many wildrepos features are disabled. (the "C" permissions, and the getperms (etc.) commands mainly). Important: if you are using wildrepos, please set "$GL_WILDREPOS = 1;" in the RC file when you upgrade to this version (or just before you do the upgrade).
2010-02-05 11:30:47 +01:00
consider this a "security" program, albeit a very modest one.
lots of doc changes reflecting "push to admin" is default now :) - added comments to easy install to help do it manually - README: some stuff moved to tips doc, brief summary of extras (over gitosis) added - INSTALL: major revamp, easy install and manual install, much shorter and much more readable! plus other docs changed as needed, and updated the tips doc to roll in some details from "update.mkd" in the "ml" branch
2009-10-11 05:01:59 +02:00
For the first person to find a security hole in it, defined as allowing a
normal user (not the gitolite admin) to read a repo, or write/rewind a ref,
that the config file says he shouldn't, and caused by a bug in *code* that is
in the "master" branch, (not in the other branches, or the configuration file
or in Unix, perl, shell, etc.)... well I can't afford 1000 USD rewards like
(minor) update changelog, features lists in both readme and doc/3 (and raise the reward, though Teemu already wont it actually!)
2010-04-27 11:12:05 +02:00
djb, so you'll have to settle for 5000 INR (Indian Rupees) as a "token" prize
lots of doc changes reflecting "push to admin" is default now :) - added comments to easy install to help do it manually - README: some stuff moved to tips doc, brief summary of extras (over gitosis) added - INSTALL: major revamp, easy install and manual install, much shorter and much more readable! plus other docs changed as needed, and updated the tips doc to roll in some details from "update.mkd" in the "ml" branch
2009-10-11 05:01:59 +02:00
:-)
added README and TODO
2009-08-24 03:59:25 +02:00
(IMPORTANT; read this in full) no more "wildrepos" The wildrepos branch has been merged into master, and deleted. It will no longer exist as a separate branch. Instead, a new variable called $GL_WILDREPOS has been added which acts as a switch; when off (which is the default), many wildrepos features are disabled. (the "C" permissions, and the getperms (etc.) commands mainly). Important: if you are using wildrepos, please set "$GL_WILDREPOS = 1;" in the RC file when you upgrade to this version (or just before you do the upgrade).
2010-02-05 11:30:47 +01:00
However, there are a few optional features (which must be explicitly enabled
in the RC file) where I just haven't had the time to reason about security
thoroughly enough. Please read the comments in `conf/example.gitolite.rc` for
details, looking for the word "security".
(read this in full) access control for non-git commands running over ssh This is actually a pretty big deal, and I am seriously starting wonder if calling this "gito*lite*" is justified anymore. Anyway, in for a penny, in for a pound... This patch implements a generic way to allow access control for external commands, as long as they are invoked via ssh and present a server-side command that contains enough information to make an access control decision. The first (and only, so far) such command implemented is rsync. Please read the changes in this commit (at least the ones in conf/ and doc/) carefully.
2010-01-31 15:54:36 +01:00
lots of doc changes reflecting "push to admin" is default now :) - added comments to easy install to help do it manually - README: some stuff moved to tips doc, brief summary of extras (over gitosis) added - INSTALL: major revamp, easy install and manual install, much shorter and much more readable! plus other docs changed as needed, and updated the tips doc to roll in some details from "update.mkd" in the "ml" branch
2009-10-11 05:01:59 +02:00
----
added README and TODO
2009-08-24 03:59:25 +02:00
better anchors in docs: changed autotoc and ran it through all docs
2010-06-01 02:46:13 +02:00
<a name="contact_and_license"></a>
*major* doc revamp people will NOT read documentation, especially the bloody install documentation. I'm about ready to throw in the towel and declare gitolite unsupported, take-it-or-leave-it. But I'm making one last attempt to refocus the install doc to better suit the "I know I'm very smart and I dont have to read docs so it's clearly your fault that I am not able to install gitolite" crowd. As a bonus, though, I ended up making proper, hyper-linked, TOCs for most of the docs, and moved a whole bunch of stuff around. Also finally got some of the ssh stuff over from my git-notes repo because it really belongs here.
2010-05-21 14:23:05 +02:00
lots of doc changes reflecting "push to admin" is default now :) - added comments to easy install to help do it manually - README: some stuff moved to tips doc, brief summary of extras (over gitosis) added - INSTALL: major revamp, easy install and manual install, much shorter and much more readable! plus other docs changed as needed, and updated the tips doc to roll in some details from "update.mkd" in the "ml" branch
2009-10-11 05:01:59 +02:00
### contact and license
README: added para about selective rewind, plus some minor fixes
2009-08-28 14:59:05 +02:00
lots of doc changes reflecting "push to admin" is default now :) - added comments to easy install to help do it manually - README: some stuff moved to tips doc, brief summary of extras (over gitosis) added - INSTALL: major revamp, easy install and manual install, much shorter and much more readable! plus other docs changed as needed, and updated the tips doc to roll in some details from "update.mkd" in the "ml" branch
2009-10-11 05:01:59 +02:00
Gitolite is released under GPL v2. See COPYING for details.
README: added para about selective rewind, plus some minor fixes
2009-08-28 14:59:05 +02:00
sitaramc@gmail.com
created gitolite@googlegroups.com, updated README enough people told me they want one because they don't watch the git ML or it's too high traffic, so I finally made one and invited a few folks.
2010-03-19 02:47:44 +01:00
mailing list: gitolite@googlegroups.com
*major* doc revamp people will NOT read documentation, especially the bloody install documentation. I'm about ready to throw in the towel and declare gitolite unsupported, take-it-or-leave-it. But I'm making one last attempt to refocus the install doc to better suit the "I know I'm very smart and I dont have to read docs so it's clearly your fault that I am not able to install gitolite" crowd. As a bonus, though, I ended up making proper, hyper-linked, TOCs for most of the docs, and moved a whole bunch of stuff around. Also finally got some of the ssh stuff over from my git-notes repo because it really belongs here.
2010-05-21 14:23:05 +02:00
[docs]: http://github.com/sitaramc/gitolite/blob/pu/doc
Reference in a new issue Copy permalink