2009-08-26 02:47:27 +02:00
|
|
|
# gitolite
|
2009-08-24 03:59:25 +02:00
|
|
|
|
2009-10-30 16:55:06 +01:00
|
|
|
> [Update 2009-10-28: apart from all the nifty new features, there's now an
|
|
|
|
> "easy install" script in the src directory. This script can be used to
|
|
|
|
> install as well as upgrade a gitolite install. Please see the INSTALL
|
2009-12-01 02:45:05 +01:00
|
|
|
> document for details]
|
2009-10-10 09:08:22 +02:00
|
|
|
|
2009-09-06 10:04:41 +02:00
|
|
|
----
|
|
|
|
|
2009-10-11 05:01:59 +02:00
|
|
|
Gitolite is a rewrite of gitosis, with a completely different config file that
|
|
|
|
allows (at last!) access control down to the branch level, including
|
|
|
|
specifying who can and cannot *rewind* a given branch.
|
2009-08-24 09:59:33 +02:00
|
|
|
|
2009-08-24 03:59:25 +02:00
|
|
|
In this document:
|
|
|
|
|
2009-10-14 10:39:34 +02:00
|
|
|
* what
|
2009-08-24 09:59:33 +02:00
|
|
|
* why
|
2009-10-14 10:39:34 +02:00
|
|
|
* extra features
|
2009-10-11 05:01:59 +02:00
|
|
|
* security
|
|
|
|
* contact and license
|
2009-08-24 03:59:25 +02:00
|
|
|
|
|
|
|
----
|
|
|
|
|
2009-10-14 10:39:34 +02:00
|
|
|
### what
|
|
|
|
|
|
|
|
Gitolite allows a server to host many git repositories and provide access to
|
|
|
|
many developers, without having to give them real userids on the server. The
|
|
|
|
essential magic in doing this is ssh's pubkey access and the `authorized_keys`
|
|
|
|
file, and the inspiration was an older program called gitosis.
|
|
|
|
|
|
|
|
Gitolite can restrict who can read from (clone/fetch) or write to (push) a
|
|
|
|
repository. It can also restrict who can push to what branch or tag, which is
|
|
|
|
very important in a corporate environment. Gitolite can be installed without
|
|
|
|
requiring root permissions, and with no additional software than git itself
|
|
|
|
and perl. It also has several other neat features described below and
|
|
|
|
elsewhere in the `doc/` directory.
|
|
|
|
|
2009-08-24 09:59:33 +02:00
|
|
|
### why
|
|
|
|
|
|
|
|
I have been using gitosis for a while, and have learnt a lot from it. But in
|
|
|
|
a typical $DAYJOB setting, there are some issues:
|
2009-08-24 03:59:25 +02:00
|
|
|
|
2009-08-24 09:59:33 +02:00
|
|
|
* it's not always Linux; you can't just "urpmi gitosis" (or yum or apt-get)
|
|
|
|
and be done
|
|
|
|
* often, "python-setuptools" isn't installed (and on a Solaris9 I was trying
|
|
|
|
to help remotely, we never did manage to install it eventually)
|
2009-10-11 05:01:59 +02:00
|
|
|
* you don't have root access, or the ability to add users (this is also true
|
|
|
|
for people who have just one userid on a hosting provider)
|
2009-10-14 10:39:34 +02:00
|
|
|
* the most requested feature (see below) had to be written anyway
|
2009-08-24 03:59:25 +02:00
|
|
|
|
2009-08-24 09:59:33 +02:00
|
|
|
All of this pointed to a rewrite. In perl, naturally :-)
|
2009-08-24 03:59:25 +02:00
|
|
|
|
2009-10-14 10:39:34 +02:00
|
|
|
### extra features
|
2009-08-24 03:59:25 +02:00
|
|
|
|
2009-10-14 10:39:34 +02:00
|
|
|
The most important feature I needed was **per-branch permissions**. This is
|
|
|
|
pretty much mandatory in a corporate environment, and is almost the single
|
|
|
|
reason I started *thinking* about rolling my own gitosis in the first place.
|
2009-08-24 09:59:33 +02:00
|
|
|
|
2009-08-28 14:59:05 +02:00
|
|
|
It's not just "read-only" versus "read-write". Rewinding a branch (aka "non
|
|
|
|
fast forward push") is potentially dangerous, but sometimes needed. So is
|
|
|
|
deleting a branch (which is really just an extreme form of rewind). I needed
|
|
|
|
something in between allowing anyone to do it (the default) and disabling it
|
|
|
|
completely (`receive.denyNonFastForwards` or `receive.denyDeletes`).
|
|
|
|
|
2009-10-30 16:55:06 +01:00
|
|
|
Here're **some more features**. All of them, and more, are documented in
|
|
|
|
detail [here][gsdiff].
|
|
|
|
|
|
|
|
[gsdiff]: http://github.com/sitaramc/gitolite/blob/pu/doc/3-faq-tips-etc.mkd#diff
|
2009-10-11 05:01:59 +02:00
|
|
|
|
|
|
|
* simpler, yet far more powerful, config file syntax, including specifying
|
2009-10-14 10:39:34 +02:00
|
|
|
gitweb/daemon access. You'll need this power if you manage lots of
|
|
|
|
users+repos+combinations of access
|
2010-01-15 06:10:07 +01:00
|
|
|
* apart from branch-name based restrictions, you can also restrict by
|
|
|
|
file/dir name changed (i.e., output of `git diff --name-only`)
|
2009-10-11 05:01:59 +02:00
|
|
|
* config file syntax gets checked upfront, and much more thoroughly
|
|
|
|
* if your requirements are still too complex, you can split up the config
|
|
|
|
file and delegate authority over parts of it
|
2009-11-27 09:17:21 +01:00
|
|
|
* easier to specify gitweb owner, description and gitweb/daemon access
|
2009-11-18 02:48:05 +01:00
|
|
|
* easier to sync gitweb (http) authorisation with gitolite's access config
|
2009-10-11 05:01:59 +02:00
|
|
|
* more comprehensive logging [aka: management does not think "blame" is just
|
|
|
|
a synonym for "annotate" :-)]
|
|
|
|
* "personal namespace" prefix for each dev
|
|
|
|
* migration guide and simple converter for gitosis conf file
|
2009-12-01 02:45:05 +01:00
|
|
|
* "exclude" (or "deny") rights at the branch/tag level
|
2009-10-11 05:01:59 +02:00
|
|
|
|
|
|
|
### security
|
|
|
|
|
|
|
|
Due to the environment in which this was created and the need it fills, I
|
2010-02-05 11:30:47 +01:00
|
|
|
consider this a "security" program, albeit a very modest one.
|
2009-10-11 05:01:59 +02:00
|
|
|
|
|
|
|
For the first person to find a security hole in it, defined as allowing a
|
|
|
|
normal user (not the gitolite admin) to read a repo, or write/rewind a ref,
|
|
|
|
that the config file says he shouldn't, and caused by a bug in *code* that is
|
|
|
|
in the "master" branch, (not in the other branches, or the configuration file
|
|
|
|
or in Unix, perl, shell, etc.)... well I can't afford 1000 USD rewards like
|
|
|
|
djb, so you'll have to settle for 1000 INR (Indian Rupees) as a "token" prize
|
|
|
|
:-)
|
2009-08-24 03:59:25 +02:00
|
|
|
|
2010-02-05 11:30:47 +01:00
|
|
|
However, there are a few optional features (which must be explicitly enabled
|
|
|
|
in the RC file) where I just haven't had the time to reason about security
|
|
|
|
thoroughly enough. Please read the comments in `conf/example.gitolite.rc` for
|
|
|
|
details, looking for the word "security".
|
2010-01-31 15:54:36 +01:00
|
|
|
|
2009-10-11 05:01:59 +02:00
|
|
|
----
|
2009-08-24 03:59:25 +02:00
|
|
|
|
2009-10-11 05:01:59 +02:00
|
|
|
### contact and license
|
2009-08-28 14:59:05 +02:00
|
|
|
|
2009-10-11 05:01:59 +02:00
|
|
|
Gitolite is released under GPL v2. See COPYING for details.
|
2009-08-28 14:59:05 +02:00
|
|
|
|
|
|
|
sitaramc@gmail.com
|