2011-07-29 12:44:24 +02:00
|
|
|
# Hosting git repositories
|
2011-01-26 02:22:09 +01:00
|
|
|
|
2010-09-02 15:45:32 +02:00
|
|
|
<a name="start"></a>
|
|
|
|
|
2011-07-29 12:44:24 +02:00
|
|
|
Gitolite allows you to setup git hosting on a central server, with
|
|
|
|
fine-grained access control and many (many!) more powerful features.
|
|
|
|
|
|
|
|
**Impatient?** The [install][install] document has a quick install section at
|
|
|
|
the top. Just remember that "impatient" does not always mean "successful" ;-)
|
2011-01-15 16:39:56 +01:00
|
|
|
|
2011-01-26 02:22:09 +01:00
|
|
|
----
|
2009-08-24 03:59:25 +02:00
|
|
|
|
2010-05-21 14:23:05 +02:00
|
|
|
Gitolite is an access control layer on top of git, which allows access control
|
|
|
|
down to the branch level, including specifying who can and cannot *rewind* a
|
2011-05-28 14:23:27 +02:00
|
|
|
given branch. [Here][who]'s some information on some of the projects and
|
|
|
|
people using gitolite (and who, in turn, have helped shape its features).
|
2009-10-10 09:08:22 +02:00
|
|
|
|
2010-08-26 16:25:49 +02:00
|
|
|
Gitolite comes with a **huge** amount of documentation. If you're absolutely
|
|
|
|
new, the suggested reading order is this:
|
|
|
|
|
|
|
|
* the README (this document) for a quick intro
|
|
|
|
* the [INSTALL][install] document
|
2011-05-28 14:23:27 +02:00
|
|
|
* the most common installation issues are caused by ssh. Here's how
|
|
|
|
[gitolite uses ssh][doc9gas]. And here's an [ssh trouble
|
|
|
|
shooting][doc6sts] document
|
2010-08-26 16:25:49 +02:00
|
|
|
* the [ADMIN][admin] document
|
2011-05-28 14:23:27 +02:00
|
|
|
* (if you're migrating from gitosis, read [this][migr])
|
2010-09-02 15:45:32 +02:00
|
|
|
|
2011-05-28 14:23:27 +02:00
|
|
|
There is also a **[master TOC of all gitolite documentation][docs]**; use your
|
|
|
|
browser's search function (Ctrl-F, usually) to look for likely sounding words
|
|
|
|
or just browse around -- you never know what you'll find!
|
2010-08-26 16:25:49 +02:00
|
|
|
|
2009-09-06 10:04:41 +02:00
|
|
|
----
|
|
|
|
|
2009-08-24 03:59:25 +02:00
|
|
|
In this document:
|
|
|
|
|
2010-09-02 15:45:32 +02:00
|
|
|
* <a href="#_what">what</a>
|
|
|
|
* <a href="#_why">why</a>
|
|
|
|
* <a href="#_main_features">main features</a>
|
|
|
|
* <a href="#_security">security</a>
|
|
|
|
* <a href="#_contact_and_license">contact and license</a>
|
2009-08-24 03:59:25 +02:00
|
|
|
|
|
|
|
----
|
|
|
|
|
2010-09-02 15:45:32 +02:00
|
|
|
<a name="_what"></a>
|
2010-05-21 14:23:05 +02:00
|
|
|
|
2009-10-14 10:39:34 +02:00
|
|
|
### what
|
|
|
|
|
2010-09-02 15:45:32 +02:00
|
|
|
Gitolite lets you use a single user on a server to host many git repositories
|
|
|
|
and provide access to many developers, without having to give them real
|
2011-05-28 14:23:27 +02:00
|
|
|
userids on or shell access to the server. Authentication is most commonly
|
|
|
|
done using sshd, but you can also use httpd if you prefer.
|
2009-10-14 10:39:34 +02:00
|
|
|
|
|
|
|
Gitolite can restrict who can read from (clone/fetch) or write to (push) a
|
|
|
|
repository. It can also restrict who can push to what branch or tag, which is
|
|
|
|
very important in a corporate environment. Gitolite can be installed without
|
|
|
|
requiring root permissions, and with no additional software than git itself
|
|
|
|
and perl. It also has several other neat features described below and
|
2010-05-21 14:23:05 +02:00
|
|
|
elsewhere in the [doc/][docs] directory.
|
2009-08-24 03:59:25 +02:00
|
|
|
|
2010-09-02 15:45:32 +02:00
|
|
|
<a name="_why"></a>
|
2009-08-24 03:59:25 +02:00
|
|
|
|
2010-05-21 14:23:05 +02:00
|
|
|
### why
|
2009-08-24 03:59:25 +02:00
|
|
|
|
2010-05-21 14:23:05 +02:00
|
|
|
Gitolite is separate from git, and needs to be installed and configured. So...
|
|
|
|
why do we bother?
|
|
|
|
|
|
|
|
Gitolite is useful in any server that is going to host multiple git
|
|
|
|
repositories, each with many developers, where some sort of access control is
|
|
|
|
required.
|
|
|
|
|
|
|
|
In theory, this can be done with plain old Unix permissions: each user is a
|
|
|
|
member of one or more groups, each group "owns" one or more repositories, and
|
|
|
|
using unix permissions (especially the setgid bit -- `chmod g+s`) you can
|
|
|
|
allow/disallow users access to repos.
|
|
|
|
|
|
|
|
But there are several disadvantages here:
|
|
|
|
|
|
|
|
* every user needs a userid and password on the server. This is usually a
|
2010-09-02 15:45:32 +02:00
|
|
|
killer, especially in tightly controlled environments
|
2010-05-21 14:23:05 +02:00
|
|
|
* adding/removing access rights involves complex `usermod -G ...` mumblings
|
2010-09-02 15:45:32 +02:00
|
|
|
which most admins would rather not deal with
|
2010-05-21 14:23:05 +02:00
|
|
|
* *viewing* (aka auditing) the current set of permissions requires running
|
|
|
|
multiple commands to list directories and their permissions/ownerships,
|
|
|
|
users and their group memberships, and then correlating all these manually
|
|
|
|
* auditing historical permissions or permission changes is pretty much
|
|
|
|
impossible without extraneous tools
|
|
|
|
* errors or omissions in setting the permissions exactly can cause problems
|
|
|
|
of either kind: false accepts or false rejects
|
2011-05-16 15:21:43 +02:00
|
|
|
* without going into ACLs it is not possible to give some people read-only
|
|
|
|
access while some others have read-write access to a repo (unless you make
|
|
|
|
it world-readable). Group access just doesn't have enough granularity
|
2010-05-21 14:23:05 +02:00
|
|
|
* it is absolutely impossible to restrict pushing by branch name or tag
|
|
|
|
name.
|
|
|
|
|
|
|
|
Gitolite does away with all this:
|
|
|
|
|
|
|
|
* it uses ssh magic to remove the need to give actual unix userids to
|
|
|
|
developers
|
|
|
|
* it uses a simple but powerful config file format to specify access rights
|
|
|
|
* access control changes are affected by modifying this file, adding or
|
|
|
|
removing user's public keys, and "compiling" the configuration
|
|
|
|
* this also makes auditing trivial -- all the data is in one place, and
|
|
|
|
changes to the configuration are also logged, so you can audit them.
|
|
|
|
* finally, the config file allows distinguishing between read-only and
|
|
|
|
read-write access, not only at the repository level, but at the branch
|
|
|
|
level within repositories.
|
|
|
|
|
2010-09-02 15:45:32 +02:00
|
|
|
<a name="_main_features"></a>
|
2010-05-21 14:23:05 +02:00
|
|
|
|
2010-09-02 15:45:32 +02:00
|
|
|
### main features
|
2009-08-24 03:59:25 +02:00
|
|
|
|
2009-10-14 10:39:34 +02:00
|
|
|
The most important feature I needed was **per-branch permissions**. This is
|
|
|
|
pretty much mandatory in a corporate environment, and is almost the single
|
2010-05-21 14:23:05 +02:00
|
|
|
reason I started *thinking* about writing gitolite.
|
2009-08-24 09:59:33 +02:00
|
|
|
|
2009-08-28 14:59:05 +02:00
|
|
|
It's not just "read-only" versus "read-write". Rewinding a branch (aka "non
|
|
|
|
fast forward push") is potentially dangerous, but sometimes needed. So is
|
|
|
|
deleting a branch (which is really just an extreme form of rewind). I needed
|
|
|
|
something in between allowing anyone to do it (the default) and disabling it
|
|
|
|
completely (`receive.denyNonFastForwards` or `receive.denyDeletes`).
|
|
|
|
|
2009-10-30 16:55:06 +01:00
|
|
|
Here're **some more features**. All of them, and more, are documented in
|
2010-05-21 14:23:05 +02:00
|
|
|
detail somewhere in gitolite's [doc/][docs] subdirectory.
|
2009-10-11 05:01:59 +02:00
|
|
|
|
2010-05-21 14:23:05 +02:00
|
|
|
* simple, yet powerful, config file syntax, including specifying
|
2009-10-14 10:39:34 +02:00
|
|
|
gitweb/daemon access. You'll need this power if you manage lots of
|
|
|
|
users+repos+combinations of access
|
2010-01-15 06:10:07 +01:00
|
|
|
* apart from branch-name based restrictions, you can also restrict by
|
|
|
|
file/dir name changed (i.e., output of `git diff --name-only`)
|
2009-10-11 05:01:59 +02:00
|
|
|
* if your requirements are still too complex, you can split up the config
|
|
|
|
file and delegate authority over parts of it
|
2010-05-21 14:23:05 +02:00
|
|
|
* easy to specify gitweb owner, description and gitweb/daemon access
|
|
|
|
* easy to sync gitweb (http) authorisation with gitolite's access config
|
|
|
|
* comprehensive logging [aka: management does not think "blame" is just a
|
|
|
|
synonym for "annotate" :-)]
|
2009-10-11 05:01:59 +02:00
|
|
|
* "personal namespace" prefix for each dev
|
|
|
|
* migration guide and simple converter for gitosis conf file
|
2009-12-01 02:45:05 +01:00
|
|
|
* "exclude" (or "deny") rights at the branch/tag level
|
2010-04-27 11:12:05 +02:00
|
|
|
* specify repos using patterns (patterns may include creator's name)
|
|
|
|
* define powerful operations on the server side, even github-like forking
|
2009-10-11 05:01:59 +02:00
|
|
|
|
2010-09-02 15:45:32 +02:00
|
|
|
<a name="_security"></a>
|
2010-05-21 14:23:05 +02:00
|
|
|
|
2009-10-11 05:01:59 +02:00
|
|
|
### security
|
|
|
|
|
|
|
|
Due to the environment in which this was created and the need it fills, I
|
2010-02-05 11:30:47 +01:00
|
|
|
consider this a "security" program, albeit a very modest one.
|
2009-10-11 05:01:59 +02:00
|
|
|
|
|
|
|
For the first person to find a security hole in it, defined as allowing a
|
|
|
|
normal user (not the gitolite admin) to read a repo, or write/rewind a ref,
|
|
|
|
that the config file says he shouldn't, and caused by a bug in *code* that is
|
|
|
|
in the "master" branch, (not in the other branches, or the configuration file
|
|
|
|
or in Unix, perl, shell, etc.)... well I can't afford 1000 USD rewards like
|
2010-04-27 11:12:05 +02:00
|
|
|
djb, so you'll have to settle for 5000 INR (Indian Rupees) as a "token" prize
|
2009-10-11 05:01:59 +02:00
|
|
|
:-)
|
2009-08-24 03:59:25 +02:00
|
|
|
|
2010-02-05 11:30:47 +01:00
|
|
|
However, there are a few optional features (which must be explicitly enabled
|
|
|
|
in the RC file) where I just haven't had the time to reason about security
|
|
|
|
thoroughly enough. Please read the comments in `conf/example.gitolite.rc` for
|
|
|
|
details, looking for the word "security".
|
2010-01-31 15:54:36 +01:00
|
|
|
|
2009-10-11 05:01:59 +02:00
|
|
|
----
|
2009-08-24 03:59:25 +02:00
|
|
|
|
2010-09-02 15:45:32 +02:00
|
|
|
<a name="_contact_and_license"></a>
|
2010-05-21 14:23:05 +02:00
|
|
|
|
2009-10-11 05:01:59 +02:00
|
|
|
### contact and license
|
2009-08-28 14:59:05 +02:00
|
|
|
|
2009-10-11 05:01:59 +02:00
|
|
|
Gitolite is released under GPL v2. See COPYING for details.
|
2009-08-28 14:59:05 +02:00
|
|
|
|
2010-09-02 15:45:32 +02:00
|
|
|
* author: sitaramc@gmail.com, sitaram@atc.tcs.com
|
|
|
|
* mailing list: gitolite@googlegroups.com
|
|
|
|
* list subscribe address : gitolite+subscribe@googlegroups.com
|
|
|
|
|
2011-01-26 03:09:12 +01:00
|
|
|
[transcript]: http://sitaramc.github.com/gitolite/doc/install-transcript.html
|
|
|
|
[install]: http://sitaramc.github.com/gitolite/doc/1-INSTALL.html
|
|
|
|
[admin]: http://sitaramc.github.com/gitolite/doc/2-admin.html
|
|
|
|
[migr]: http://sitaramc.github.com/gitolite/doc/migrate.html
|
|
|
|
[doc9gas]: http://sitaramc.github.com/gitolite/doc/gitolite-and-ssh.html
|
|
|
|
[doc6sts]: http://sitaramc.github.com/gitolite/doc/ssh-troubleshooting.html
|
|
|
|
[who]: http://sitaramc.github.com/gitolite/doc/who-uses-it.html
|
2010-12-24 06:31:28 +01:00
|
|
|
[tut]: http://sites.google.com/site/senawario/home/gitolite-tutorial
|
2011-05-28 14:23:27 +02:00
|
|
|
[docs]: http://sitaramc.github.com/gitolite
|