2011-01-26 02:22:09 +01:00
|
|
|
# main README file for gitolite -- start here!
|
|
|
|
|
2010-09-02 15:45:32 +02:00
|
|
|
<a name="start"></a>
|
|
|
|
|
2011-01-15 16:39:56 +01:00
|
|
|
***IMPORTANT NOTE: v2.0rc1 is out; all development will be on that now.
|
|
|
|
Please see new doc/developer-notes.mkd***
|
|
|
|
|
2011-01-26 02:22:09 +01:00
|
|
|
----
|
2009-08-24 03:59:25 +02:00
|
|
|
|
2010-05-21 14:23:05 +02:00
|
|
|
Gitolite is an access control layer on top of git, which allows access control
|
|
|
|
down to the branch level, including specifying who can and cannot *rewind* a
|
|
|
|
given branch.
|
2009-10-10 09:08:22 +02:00
|
|
|
|
2010-08-26 16:25:49 +02:00
|
|
|
Gitolite comes with a **huge** amount of documentation. If you're absolutely
|
|
|
|
new, the suggested reading order is this:
|
|
|
|
|
|
|
|
* the README (this document) for a quick intro
|
|
|
|
* the [INSTALL][install] document
|
|
|
|
* the [ADMIN][admin] document
|
2010-09-02 15:45:32 +02:00
|
|
|
|
|
|
|
If you run into trouble start [here](#support). If you're migrating from
|
|
|
|
gitosis, read [this][migr].
|
2010-08-26 16:25:49 +02:00
|
|
|
|
2010-09-28 16:33:25 +02:00
|
|
|
And [here][who]'s some information on some of the projects and people using
|
|
|
|
gitolite (and who, in turn, have helped shape its features).
|
|
|
|
|
2010-08-26 16:25:49 +02:00
|
|
|
Once you've installed it and started using it, you'll want to explore some of
|
2011-01-29 10:58:57 +01:00
|
|
|
the more powerful features. **The documentation is best read [online
|
|
|
|
here][docs] or you can read it in your clone's `doc/` directory**. All the
|
|
|
|
longer documents have tables of contents, so you can quickly get a feel for
|
|
|
|
what is covered right at the top.
|
2010-08-26 16:25:49 +02:00
|
|
|
|
2009-09-06 10:04:41 +02:00
|
|
|
----
|
|
|
|
|
2009-08-24 03:59:25 +02:00
|
|
|
In this document:
|
|
|
|
|
2010-09-02 15:45:32 +02:00
|
|
|
* <a href="#_what">what</a>
|
|
|
|
* <a href="#_why">why</a>
|
|
|
|
* <a href="#_main_features">main features</a>
|
|
|
|
* <a href="#_support">support</a>
|
|
|
|
* <a href="#_security">security</a>
|
|
|
|
* <a href="#_contact_and_license">contact and license</a>
|
2009-08-24 03:59:25 +02:00
|
|
|
|
|
|
|
----
|
|
|
|
|
2010-09-02 15:45:32 +02:00
|
|
|
<a name="_what"></a>
|
2010-05-21 14:23:05 +02:00
|
|
|
|
2009-10-14 10:39:34 +02:00
|
|
|
### what
|
|
|
|
|
2010-09-02 15:45:32 +02:00
|
|
|
Gitolite lets you use a single user on a server to host many git repositories
|
|
|
|
and provide access to many developers, without having to give them real
|
|
|
|
userids on or shell access to the server. The essential magic in doing this
|
|
|
|
is ssh's pubkey access and the `authorized_keys` file, and the inspiration was
|
|
|
|
an older program called gitosis.
|
2009-10-14 10:39:34 +02:00
|
|
|
|
|
|
|
Gitolite can restrict who can read from (clone/fetch) or write to (push) a
|
|
|
|
repository. It can also restrict who can push to what branch or tag, which is
|
|
|
|
very important in a corporate environment. Gitolite can be installed without
|
|
|
|
requiring root permissions, and with no additional software than git itself
|
|
|
|
and perl. It also has several other neat features described below and
|
2010-05-21 14:23:05 +02:00
|
|
|
elsewhere in the [doc/][docs] directory.
|
2009-08-24 03:59:25 +02:00
|
|
|
|
2010-09-02 15:45:32 +02:00
|
|
|
<a name="_why"></a>
|
2009-08-24 03:59:25 +02:00
|
|
|
|
2010-05-21 14:23:05 +02:00
|
|
|
### why
|
2009-08-24 03:59:25 +02:00
|
|
|
|
2010-05-21 14:23:05 +02:00
|
|
|
Gitolite is separate from git, and needs to be installed and configured. So...
|
|
|
|
why do we bother?
|
|
|
|
|
|
|
|
Gitolite is useful in any server that is going to host multiple git
|
|
|
|
repositories, each with many developers, where some sort of access control is
|
|
|
|
required.
|
|
|
|
|
|
|
|
In theory, this can be done with plain old Unix permissions: each user is a
|
|
|
|
member of one or more groups, each group "owns" one or more repositories, and
|
|
|
|
using unix permissions (especially the setgid bit -- `chmod g+s`) you can
|
|
|
|
allow/disallow users access to repos.
|
|
|
|
|
|
|
|
But there are several disadvantages here:
|
|
|
|
|
|
|
|
* every user needs a userid and password on the server. This is usually a
|
2010-09-02 15:45:32 +02:00
|
|
|
killer, especially in tightly controlled environments
|
2010-05-21 14:23:05 +02:00
|
|
|
* adding/removing access rights involves complex `usermod -G ...` mumblings
|
2010-09-02 15:45:32 +02:00
|
|
|
which most admins would rather not deal with
|
2010-05-21 14:23:05 +02:00
|
|
|
* *viewing* (aka auditing) the current set of permissions requires running
|
|
|
|
multiple commands to list directories and their permissions/ownerships,
|
|
|
|
users and their group memberships, and then correlating all these manually
|
|
|
|
* auditing historical permissions or permission changes is pretty much
|
|
|
|
impossible without extraneous tools
|
|
|
|
* errors or omissions in setting the permissions exactly can cause problems
|
|
|
|
of either kind: false accepts or false rejects
|
|
|
|
* without going into ACLs it is not possible to give someone read-only
|
|
|
|
access to a repo; they either get read-write access or no access
|
|
|
|
* it is absolutely impossible to restrict pushing by branch name or tag
|
|
|
|
name.
|
|
|
|
|
|
|
|
Gitolite does away with all this:
|
|
|
|
|
|
|
|
* it uses ssh magic to remove the need to give actual unix userids to
|
|
|
|
developers
|
|
|
|
* it uses a simple but powerful config file format to specify access rights
|
|
|
|
* access control changes are affected by modifying this file, adding or
|
|
|
|
removing user's public keys, and "compiling" the configuration
|
|
|
|
* this also makes auditing trivial -- all the data is in one place, and
|
|
|
|
changes to the configuration are also logged, so you can audit them.
|
|
|
|
* finally, the config file allows distinguishing between read-only and
|
|
|
|
read-write access, not only at the repository level, but at the branch
|
|
|
|
level within repositories.
|
|
|
|
|
2010-09-02 15:45:32 +02:00
|
|
|
<a name="_main_features"></a>
|
2010-05-21 14:23:05 +02:00
|
|
|
|
2010-09-02 15:45:32 +02:00
|
|
|
### main features
|
2009-08-24 03:59:25 +02:00
|
|
|
|
2009-10-14 10:39:34 +02:00
|
|
|
The most important feature I needed was **per-branch permissions**. This is
|
|
|
|
pretty much mandatory in a corporate environment, and is almost the single
|
2010-05-21 14:23:05 +02:00
|
|
|
reason I started *thinking* about writing gitolite.
|
2009-08-24 09:59:33 +02:00
|
|
|
|
2009-08-28 14:59:05 +02:00
|
|
|
It's not just "read-only" versus "read-write". Rewinding a branch (aka "non
|
|
|
|
fast forward push") is potentially dangerous, but sometimes needed. So is
|
|
|
|
deleting a branch (which is really just an extreme form of rewind). I needed
|
|
|
|
something in between allowing anyone to do it (the default) and disabling it
|
|
|
|
completely (`receive.denyNonFastForwards` or `receive.denyDeletes`).
|
|
|
|
|
2009-10-30 16:55:06 +01:00
|
|
|
Here're **some more features**. All of them, and more, are documented in
|
2010-05-21 14:23:05 +02:00
|
|
|
detail somewhere in gitolite's [doc/][docs] subdirectory.
|
2009-10-11 05:01:59 +02:00
|
|
|
|
2010-05-21 14:23:05 +02:00
|
|
|
* simple, yet powerful, config file syntax, including specifying
|
2009-10-14 10:39:34 +02:00
|
|
|
gitweb/daemon access. You'll need this power if you manage lots of
|
|
|
|
users+repos+combinations of access
|
2010-01-15 06:10:07 +01:00
|
|
|
* apart from branch-name based restrictions, you can also restrict by
|
|
|
|
file/dir name changed (i.e., output of `git diff --name-only`)
|
2009-10-11 05:01:59 +02:00
|
|
|
* if your requirements are still too complex, you can split up the config
|
|
|
|
file and delegate authority over parts of it
|
2010-05-21 14:23:05 +02:00
|
|
|
* easy to specify gitweb owner, description and gitweb/daemon access
|
|
|
|
* easy to sync gitweb (http) authorisation with gitolite's access config
|
|
|
|
* comprehensive logging [aka: management does not think "blame" is just a
|
|
|
|
synonym for "annotate" :-)]
|
2009-10-11 05:01:59 +02:00
|
|
|
* "personal namespace" prefix for each dev
|
|
|
|
* migration guide and simple converter for gitosis conf file
|
2009-12-01 02:45:05 +01:00
|
|
|
* "exclude" (or "deny") rights at the branch/tag level
|
2010-04-27 11:12:05 +02:00
|
|
|
* specify repos using patterns (patterns may include creator's name)
|
|
|
|
* define powerful operations on the server side, even github-like forking
|
2009-10-11 05:01:59 +02:00
|
|
|
|
2010-09-02 15:45:32 +02:00
|
|
|
<a name="support"></a>
|
|
|
|
|
|
|
|
<a name="_support"></a>
|
|
|
|
|
|
|
|
### support
|
|
|
|
|
|
|
|
Most installation problems are caused by not knowing ssh. Take a look at this
|
|
|
|
[transcript][] to see how simple it actually is, if your server's ssh daemon
|
2010-12-24 06:31:28 +01:00
|
|
|
is behaving itself. Someone also wrote a tutorial, see [here][tut].
|
2010-09-02 15:45:32 +02:00
|
|
|
|
|
|
|
If I suspect your problem is an ssh issue, I will probably ignore it. Please
|
|
|
|
learn how [gitolite uses ssh][doc9gas] and then methodically go through the
|
|
|
|
[ssh trouble shooting][doc6sts] document. These two documents contain
|
|
|
|
everything I could possibly tell you. I have nothing to add.
|
|
|
|
|
|
|
|
Even for other topics, please look through at least the table of contents of
|
|
|
|
at least the numbered documents to see if your question is already answered,
|
|
|
|
before asking.
|
|
|
|
|
|
|
|
<a name="_security"></a>
|
2010-05-21 14:23:05 +02:00
|
|
|
|
2009-10-11 05:01:59 +02:00
|
|
|
### security
|
|
|
|
|
|
|
|
Due to the environment in which this was created and the need it fills, I
|
2010-02-05 11:30:47 +01:00
|
|
|
consider this a "security" program, albeit a very modest one.
|
2009-10-11 05:01:59 +02:00
|
|
|
|
|
|
|
For the first person to find a security hole in it, defined as allowing a
|
|
|
|
normal user (not the gitolite admin) to read a repo, or write/rewind a ref,
|
|
|
|
that the config file says he shouldn't, and caused by a bug in *code* that is
|
|
|
|
in the "master" branch, (not in the other branches, or the configuration file
|
|
|
|
or in Unix, perl, shell, etc.)... well I can't afford 1000 USD rewards like
|
2010-04-27 11:12:05 +02:00
|
|
|
djb, so you'll have to settle for 5000 INR (Indian Rupees) as a "token" prize
|
2009-10-11 05:01:59 +02:00
|
|
|
:-)
|
2009-08-24 03:59:25 +02:00
|
|
|
|
2010-02-05 11:30:47 +01:00
|
|
|
However, there are a few optional features (which must be explicitly enabled
|
|
|
|
in the RC file) where I just haven't had the time to reason about security
|
|
|
|
thoroughly enough. Please read the comments in `conf/example.gitolite.rc` for
|
|
|
|
details, looking for the word "security".
|
2010-01-31 15:54:36 +01:00
|
|
|
|
2009-10-11 05:01:59 +02:00
|
|
|
----
|
2009-08-24 03:59:25 +02:00
|
|
|
|
2010-09-02 15:45:32 +02:00
|
|
|
<a name="_contact_and_license"></a>
|
2010-05-21 14:23:05 +02:00
|
|
|
|
2009-10-11 05:01:59 +02:00
|
|
|
### contact and license
|
2009-08-28 14:59:05 +02:00
|
|
|
|
2009-10-11 05:01:59 +02:00
|
|
|
Gitolite is released under GPL v2. See COPYING for details.
|
2009-08-28 14:59:05 +02:00
|
|
|
|
2010-09-02 15:45:32 +02:00
|
|
|
* author: sitaramc@gmail.com, sitaram@atc.tcs.com
|
|
|
|
* mailing list: gitolite@googlegroups.com
|
|
|
|
* list subscribe address : gitolite+subscribe@googlegroups.com
|
|
|
|
|
2011-01-26 03:09:12 +01:00
|
|
|
[transcript]: http://sitaramc.github.com/gitolite/doc/install-transcript.html
|
|
|
|
[install]: http://sitaramc.github.com/gitolite/doc/1-INSTALL.html
|
|
|
|
[admin]: http://sitaramc.github.com/gitolite/doc/2-admin.html
|
|
|
|
[migr]: http://sitaramc.github.com/gitolite/doc/migrate.html
|
|
|
|
[docs]: http://sitaramc.github.com/gitolite
|
|
|
|
[doc9gas]: http://sitaramc.github.com/gitolite/doc/gitolite-and-ssh.html
|
|
|
|
[doc6sts]: http://sitaramc.github.com/gitolite/doc/ssh-troubleshooting.html
|
|
|
|
[who]: http://sitaramc.github.com/gitolite/doc/who-uses-it.html
|
2010-12-24 06:31:28 +01:00
|
|
|
[tut]: http://sites.google.com/site/senawario/home/gitolite-tutorial
|