2009-08-27 11:54:23 +02:00
|
|
|
# administering and running gitolite
|
|
|
|
|
2009-11-13 00:33:09 +01:00
|
|
|
In this document:
|
|
|
|
|
2010-09-02 15:45:32 +02:00
|
|
|
* <a href="#_please_read_this_first">please read this first</a>
|
|
|
|
* <a href="#_adding_users_and_repos">adding users and repos</a>
|
2010-09-24 12:49:33 +02:00
|
|
|
* <a href="#_using_hooks">using hooks</a>
|
2010-09-02 15:45:32 +02:00
|
|
|
* <a href="#_custom_hooks">custom hooks</a>
|
2010-09-24 12:49:33 +02:00
|
|
|
* <a href="#_gl_post_init_hook">"gl-post-init" hook</a>
|
2010-09-02 15:45:32 +02:00
|
|
|
* <a href="#_hook_chaining">hook chaining</a>
|
|
|
|
* <a href="#_environment_variables_available_to_hooks">environment variables available to hooks</a>
|
2010-09-24 12:49:33 +02:00
|
|
|
* <a href="#_other_features">other features</a>
|
|
|
|
* <a href="#_moving_pre_existing_repos_into_gitolite">moving pre-existing repos into gitolite</a>
|
2010-11-12 14:55:29 +01:00
|
|
|
* <a href="#_moving_the_whole_thing_from_one_server_to_another">moving the whole thing from one server to another</a>
|
2010-09-24 12:49:33 +02:00
|
|
|
* <a href="#_specifying_gitweb_and_daemon_access">specifying gitweb and daemon access</a>
|
2010-09-02 15:45:32 +02:00
|
|
|
* <a href="#_custom_git_config">custom git config</a>
|
2009-11-13 00:33:09 +01:00
|
|
|
|
2010-05-21 14:23:05 +02:00
|
|
|
----
|
2009-08-27 11:54:23 +02:00
|
|
|
|
2010-09-02 15:45:32 +02:00
|
|
|
<a name="_please_read_this_first"></a>
|
2009-09-16 06:46:11 +02:00
|
|
|
|
2010-05-21 14:23:05 +02:00
|
|
|
### please read this first
|
2010-04-27 06:51:40 +02:00
|
|
|
|
2010-09-02 15:45:32 +02:00
|
|
|
Unless you know what you're doing, do not do **anything** manually on the
|
|
|
|
server, like adding new repositories or users or changing the access control
|
|
|
|
rules. Things will break. For example, if you manually create a repo on the
|
|
|
|
server, it will not have the required "update" hook, without which there is no
|
|
|
|
access control for pushes.
|
|
|
|
|
|
|
|
Most normal (day-to-day) gitolite admin work is done by cloning the
|
|
|
|
gitolite-admin repo from the server to your workstation, making changes to the
|
|
|
|
clone, and pushing those changes back.
|
|
|
|
|
|
|
|
The installation steps in the previous section include the steps to do this
|
|
|
|
clone, so you should already have one on your workstation, in
|
|
|
|
`~/gitolite-admin`. You can of course clone it anywhere else you want and use
|
|
|
|
that clone.
|
2010-05-21 14:23:05 +02:00
|
|
|
|
2010-09-02 15:45:32 +02:00
|
|
|
Either way, make sure you `cd` into this clone first.
|
|
|
|
|
|
|
|
*Note*: some of the paths in this document use variable names. Just refer to
|
|
|
|
`~/.gitolite.rc` for the correct values for *your* installation.
|
2010-04-27 06:51:40 +02:00
|
|
|
|
|
|
|
Once you've cloned it, you're ready to add users and repos.
|
2009-09-16 06:46:11 +02:00
|
|
|
|
2010-09-02 15:45:32 +02:00
|
|
|
<a name="_adding_users_and_repos"></a>
|
2010-05-21 14:23:05 +02:00
|
|
|
|
|
|
|
### adding users and repos
|
2009-09-16 06:46:11 +02:00
|
|
|
|
2009-08-27 11:54:23 +02:00
|
|
|
* ask each user who will get access to send you a public key. See other
|
2009-10-30 16:55:06 +01:00
|
|
|
sources (for example [here][genpub]) for how to do this
|
|
|
|
|
2009-08-29 07:21:48 +02:00
|
|
|
* rename each public key according to the user's name, with a `.pub`
|
|
|
|
extension, like `sitaram.pub` or `john-smith.pub`. You can also use
|
|
|
|
periods and underscores
|
2009-08-30 17:49:36 +02:00
|
|
|
|
2010-06-15 19:31:22 +02:00
|
|
|
* copy all these `*.pub` files to `keydir` in your gitolite-admin repo
|
|
|
|
clone. You can also organise them into various subdirectories of `keydir`
|
|
|
|
if you wish, since the entire tree is searched.
|
2009-08-30 17:49:36 +02:00
|
|
|
|
2009-10-11 05:01:59 +02:00
|
|
|
* edit the config file (`conf/gitolite.conf` in your admin repo clone). See
|
|
|
|
`conf/example.conf` in the gitolite source for details on what goes in
|
|
|
|
that file, syntax, etc. Just add new repos as needed, and add new users
|
|
|
|
and give them permissions as required. The users names should be exactly
|
|
|
|
the same as their keyfile names, but without the `.pub` extension
|
2009-09-16 06:46:11 +02:00
|
|
|
|
2010-05-21 14:23:05 +02:00
|
|
|
* when done, commit your changes and push. Any new repos you specified will
|
|
|
|
automatically be created (empty, but clonable) and users' access will be
|
|
|
|
updated as needed.
|
|
|
|
|
2010-09-24 12:49:33 +02:00
|
|
|
<a name="_using_hooks"></a>
|
|
|
|
|
|
|
|
### using hooks
|
|
|
|
|
|
|
|
<a name="_custom_hooks"></a>
|
|
|
|
|
|
|
|
#### custom hooks
|
|
|
|
|
|
|
|
You can supply your own, custom, hook scripts if you wish. Install gitolite
|
|
|
|
as usual, then:
|
|
|
|
|
|
|
|
* if you installed using "from-client" method (gl-easy-install):
|
|
|
|
* go to the gitolite *source* clone from which you did the original
|
|
|
|
install
|
|
|
|
* add your new hook into "hooks/common"
|
|
|
|
* run src/gl-easy-install with the same arguments as you ran the first
|
|
|
|
time
|
|
|
|
* if you installed using one of the other methods
|
|
|
|
* go to ~/.gitolite/hooks/common on the server and put your new hook
|
|
|
|
there
|
|
|
|
* now run "gl-setup" again
|
|
|
|
|
|
|
|
You can use this procedure to install new hooks as well as to update hooks
|
|
|
|
that you had previously installed.
|
|
|
|
|
|
|
|
**VERY IMPORTANT SECURITY NOTE: the `update` hook in `hooks/common` is what
|
|
|
|
implements all the branch-level permissions in gitolite. If you fiddle with
|
|
|
|
the hooks directory, please make sure you do not mess with this file
|
|
|
|
accidentally, or all your fancy per-branch permissions will stop working.**
|
|
|
|
|
|
|
|
<a name="_gl_post_init_hook"></a>
|
|
|
|
|
|
|
|
#### "gl-post-init" hook
|
|
|
|
|
|
|
|
Sometimes it is necessary to do something whenever a new repo is created. If
|
|
|
|
you need this functionality, just supply a hook called "gl-post-init" with
|
|
|
|
whatever code you want in it.
|
|
|
|
|
|
|
|
<a name="_hook_chaining"></a>
|
|
|
|
|
|
|
|
#### hook chaining
|
|
|
|
|
|
|
|
Gitolite basically takes over the update hook for all repos, but some setups
|
|
|
|
really need the update hook functionality for their own purposes too. In
|
|
|
|
order to allow this, Gitolite now exec's a hook called `update.secondary` when
|
|
|
|
it's own "update" hook is done and everything is ready to go.
|
|
|
|
|
|
|
|
You can create this `update.secondary` hook manually on selected repos on the
|
|
|
|
server, or use the mechanism in the previous section to make gitolite put it
|
|
|
|
on *all* your repos.
|
|
|
|
|
|
|
|
Similarly, gitolite also takes over the post-update hook for the special
|
|
|
|
"gitolite-admin" repo. This hook will also chain to a `post-update.secondary`
|
|
|
|
if such a hook exists. People wishing to do exotic things on the server side
|
|
|
|
when the admin repo is pushed should see doc/shell-games.notes for how to
|
|
|
|
exploit this :-)
|
|
|
|
|
|
|
|
Finally, these names (`update.secondary` and `post-update.secondary`) are
|
|
|
|
merely the defaults. You can change them to anything you want; look in
|
|
|
|
conf/example.gitolite.rc for details.
|
|
|
|
|
|
|
|
<a name="_environment_variables_available_to_hooks"></a>
|
|
|
|
|
|
|
|
#### environment variables available to hooks
|
|
|
|
|
|
|
|
The following environment variables are set, and may be useful for any custom
|
|
|
|
processing you wish to do in your hook code:
|
|
|
|
|
|
|
|
* `GL_USER` -- the user doing the push
|
|
|
|
* `GL_REPO` -- the reponame
|
|
|
|
* `GL_REPO_BASE_ABS` -- the absolute base path where all the repos are kept
|
|
|
|
|
|
|
|
The following variables are also set, but are generally less useful:
|
|
|
|
|
|
|
|
* `GL_BINDIR` -- where all the binaries live
|
|
|
|
* `GL_ADMINDIR` -- common directory for many gitolite things
|
|
|
|
|
2010-09-02 15:45:32 +02:00
|
|
|
<a name="_other_features"></a>
|
2010-05-21 14:23:05 +02:00
|
|
|
|
|
|
|
### other features
|
|
|
|
|
2010-09-02 15:45:32 +02:00
|
|
|
<a name="_moving_pre_existing_repos_into_gitolite"></a>
|
2009-09-16 06:46:11 +02:00
|
|
|
|
2010-03-07 14:35:56 +01:00
|
|
|
#### moving pre-existing repos into gitolite
|
|
|
|
|
|
|
|
One simple way to add a pre-existing repo to gitolite is to let gitolite
|
2010-07-23 12:41:44 +02:00
|
|
|
create it as a brand new repo as in the previous section, then do the
|
|
|
|
following:
|
|
|
|
|
|
|
|
cd your-copy-of-the-repo
|
|
|
|
# make sure all the branches are correct and no extra stuff, "temp"
|
|
|
|
# branches, etc., are present
|
|
|
|
git push --all git@server:reponame
|
|
|
|
git push --tags git@server:reponame
|
|
|
|
|
|
|
|
(You could also use "git push --mirror" instead of separately doing branches
|
|
|
|
and tags, but that will carry across *your* remote refs also, and typically
|
|
|
|
you may not want that. Anyway please do a `git ls-remote git@server:repo` to
|
|
|
|
make sure all the stuff you want went through, and is named correctly).
|
|
|
|
|
|
|
|
All this is actually very simple and easily done. However, if you have many
|
|
|
|
existing repos to add, this can be time-consuming and error-prone. Here's how
|
|
|
|
to take a bunch of existing repos and add them to gitolite:
|
2010-03-07 14:35:56 +01:00
|
|
|
|
|
|
|
* make sure they're *bare* repos ;-)
|
|
|
|
|
|
|
|
* log on to the server and copy the repos to `$REPO_BASE` (which defaults to
|
|
|
|
`~/repositories`), making sure that the directory names end in ".git".
|
|
|
|
|
|
|
|
* back on your workstation, add each repo (without the `.git` suffix) to
|
|
|
|
`conf/gitolite.conf` in your gitolite-admin repo clone. Then add, commit,
|
|
|
|
push.
|
|
|
|
|
2010-11-12 14:55:29 +01:00
|
|
|
<a name="_moving_the_whole_thing_from_one_server_to_another"></a>
|
|
|
|
|
|
|
|
#### moving the whole thing from one server to another
|
|
|
|
|
|
|
|
[**NOTE**: I would appreciate help testing these instructions]
|
|
|
|
|
|
|
|
Just copying everything won't work unless everything on the new server is
|
|
|
|
exactly the same. I suggest you don't try it unless you know what you're
|
|
|
|
doing.
|
|
|
|
|
2010-11-16 10:04:49 +01:00
|
|
|
**Assumptions**
|
2010-11-12 14:55:29 +01:00
|
|
|
|
2010-11-16 10:04:49 +01:00
|
|
|
* you have not changed `$REPO_BASE` on either of the servers; if you did,
|
|
|
|
substitute accordingly
|
|
|
|
* the admin's name is "YourName" -- again, substitute accordingly!
|
|
|
|
* the "hosting user" on both servers is "git". Substitute whatever you're
|
|
|
|
actually using (for example, if you're installing using RPM/DEB, this
|
|
|
|
would be "gitolite")
|
2010-11-12 14:55:29 +01:00
|
|
|
|
2010-11-16 10:04:49 +01:00
|
|
|
There are many ways of doing this, but the most *generic* set of steps are
|
|
|
|
given below. Please follow all the steps; do not skip or improvise! Ask me
|
|
|
|
if things are not clear -- you can help me fine tune this document :-)
|
2010-11-12 14:55:29 +01:00
|
|
|
|
2010-11-16 10:04:49 +01:00
|
|
|
* (old server) **disable** the old server so your users will not push any
|
2010-11-12 14:55:29 +01:00
|
|
|
changes to it. There are several ways to do this, but the simplest is to
|
|
|
|
insert this line at the top of `~/.gitolite.rc` on the old server:
|
|
|
|
|
|
|
|
exit 1;
|
|
|
|
|
2010-11-16 10:04:49 +01:00
|
|
|
* (new server) **copy** the repos to the new server, **except** the
|
|
|
|
`gitolite-admin` repo and files called `gitolite-hooked` in the `hooks`
|
|
|
|
directory of each repo.
|
|
|
|
|
|
|
|
That sounds complicated but it's not. It's just:
|
2010-11-12 14:55:29 +01:00
|
|
|
|
|
|
|
cd $HOME
|
2010-11-16 10:04:49 +01:00
|
|
|
rsync -a olduser@oldhost:repositories .
|
|
|
|
mv repositories/gitolite-admin.git $HOME/old-gitolite-admin.git
|
|
|
|
find repositories -name gitolite-hooked | xargs rm
|
2010-11-12 14:55:29 +01:00
|
|
|
|
2010-11-16 10:04:49 +01:00
|
|
|
* (workstation) if your old server was installed using the "from-client"
|
|
|
|
method, and you intend to use the same method to install the new server,
|
|
|
|
then
|
2010-11-12 14:55:29 +01:00
|
|
|
|
2010-11-16 10:04:49 +01:00
|
|
|
* edit `~/.ssh/config` and change the line that says `host gitolite` to
|
|
|
|
`host old-gitolite`, or in fact anything that does not match the
|
|
|
|
string "host gitolite" :-)
|
2010-11-12 14:55:29 +01:00
|
|
|
|
2010-11-16 10:04:49 +01:00
|
|
|
* (workstation, new server) **install** gitolite normally on your new
|
|
|
|
server. Use whatever install method suits you, but you must use the
|
|
|
|
**same** name for the admin ("YourName" in the install instructions). You
|
|
|
|
may use a different keypair if you need to, or use the same one that
|
|
|
|
currently gets access to the old server.
|
2010-11-12 14:55:29 +01:00
|
|
|
|
2010-11-16 10:04:49 +01:00
|
|
|
* (new server) **edit** the `~/.gitolite.rc` file to match the settings on
|
|
|
|
the old server, if needed. Do not copy the entire file outright -- some
|
2010-11-12 14:55:29 +01:00
|
|
|
of the variables (notably `GL_PACKAGE_CONF` and `GL_PACKAGE_HOOKS`) are
|
2010-11-16 10:04:49 +01:00
|
|
|
installation dependent and should not be touched! Do a diff or a vimdiff
|
|
|
|
and copy across only what you know *you* changed on the old server.
|
|
|
|
|
|
|
|
* (workstation) **push** the config to the new server. To do this, go to
|
|
|
|
your admin clone, and:
|
|
|
|
|
|
|
|
* if you used a different keypair when installing to the new server,
|
|
|
|
copy that pubkey to this clone into `keydir/Yourname.pub`, then add
|
|
|
|
and commit the change to the pubkey
|
|
|
|
|
|
|
|
cd gitolite-admin
|
|
|
|
cp path/to/new/YourName.pub keydir/YourName.pub
|
|
|
|
git add keydir
|
|
|
|
git commit -m "new server, new key"
|
|
|
|
|
|
|
|
* if you did *not* use a different keypair, just make a dummy commit
|
|
|
|
|
|
|
|
git commit -m "new server" --allow-empty
|
|
|
|
|
|
|
|
* set the URL for the new server
|
|
|
|
|
|
|
|
git remote --set-url origin git@newserver:gitolite-admin
|
|
|
|
# if you used easy install this will be "gitolite:gitolite-admin"
|
|
|
|
|
|
|
|
* push the config, including past history
|
2010-11-12 14:55:29 +01:00
|
|
|
|
2010-11-16 10:04:49 +01:00
|
|
|
git push -f
|
2010-11-12 14:55:29 +01:00
|
|
|
|
2010-11-16 10:04:49 +01:00
|
|
|
And that should be that!
|
2010-11-12 14:55:29 +01:00
|
|
|
|
2010-10-03 05:18:59 +02:00
|
|
|
<a name="gwd"></a>
|
|
|
|
|
2010-09-02 15:45:32 +02:00
|
|
|
<a name="_specifying_gitweb_and_daemon_access"></a>
|
2010-05-21 14:23:05 +02:00
|
|
|
|
2009-09-25 08:47:33 +02:00
|
|
|
#### specifying gitweb and daemon access
|
|
|
|
|
|
|
|
This is a feature that I personally do not use (corporate environments don't
|
|
|
|
like unauthenticated access of any kind to any repo!), but someone wanted it,
|
|
|
|
so here goes.
|
|
|
|
|
2010-10-03 05:18:59 +02:00
|
|
|
Gitolite defines two "special" usernames: `daemon` and `gitweb`.
|
|
|
|
|
2009-11-12 14:23:49 +01:00
|
|
|
To make a repo or repo group accessible via "git daemon", just give read
|
2010-10-03 05:18:59 +02:00
|
|
|
permission to the special user "daemon". Similarly, give read permission to
|
|
|
|
`gitweb` to allow the gitweb CGI to show the repo.
|
|
|
|
|
|
|
|
This gives you a quick way to offer multiple repos up for gitweb/daemon
|
|
|
|
access.
|
2009-09-25 08:47:33 +02:00
|
|
|
|
2009-11-12 14:23:49 +01:00
|
|
|
However, setting a description for the project also enables gitweb permissions
|
|
|
|
so you may as well use that method and kill two birds with one stone, like so:
|
2009-09-25 08:47:33 +02:00
|
|
|
|
2009-11-12 14:23:49 +01:00
|
|
|
gitolite = "fast, secure, access control for git in a corporate environment"
|
|
|
|
|
2009-11-27 09:17:21 +01:00
|
|
|
You can also specify an owner for gitweb to show, if you like:
|
|
|
|
|
|
|
|
gitolite "Sitaram Chamarty" = "fast, secure, access control for git in a corporate environment"
|
|
|
|
|
2010-10-03 05:18:59 +02:00
|
|
|
Note that gitolite does **not** install or configure gitweb/git-daemon -- that
|
|
|
|
is a one-time setup you must do separately. All gitolite does is:
|
2009-11-12 14:23:49 +01:00
|
|
|
|
|
|
|
* for daemon, create the file `git-daemon-export-ok` in the repository
|
2009-11-27 09:17:21 +01:00
|
|
|
* for gitweb, add the repo (plus owner name, if given) to the list of
|
|
|
|
projects to be served by gitweb (see the config file variable
|
|
|
|
`$PROJECTS_LIST`, which should have the same value you specified for
|
|
|
|
`$projects_list` when setting up gitweb)
|
2009-11-12 14:23:49 +01:00
|
|
|
* put the description, if given, in `$repo/description`
|
2009-09-25 08:47:33 +02:00
|
|
|
|
2009-10-11 05:01:59 +02:00
|
|
|
The "compile" script will keep these files consistent with the config settings
|
2009-11-12 14:23:49 +01:00
|
|
|
-- this includes removing such settings/files if you remove "read" permissions
|
|
|
|
for the special usernames or remove the description line.
|
2009-11-13 00:33:09 +01:00
|
|
|
|
2010-10-03 05:18:59 +02:00
|
|
|
Please **note** that giving permissions to these special users via `@all`
|
|
|
|
(that is, using either `repo @all` or `R = @all`), will not work unless you
|
|
|
|
set the rc-file variable `$GL_ALL_INCLUDES_SPECIAL` to `1`. Also, **NOTE**
|
|
|
|
that giving them read access to `repo @all` means the `gitolite-admin` repo is
|
|
|
|
also accessible. **It is upto you to decide if that is OK in your
|
|
|
|
environment**.
|
|
|
|
|
2010-09-02 15:45:32 +02:00
|
|
|
<a name="_custom_git_config"></a>
|
2010-05-21 14:23:05 +02:00
|
|
|
|
2009-12-09 07:46:22 +01:00
|
|
|
#### custom git config
|
|
|
|
|
|
|
|
The custom hooks feature is a blunt instrument -- all repos get the hook you
|
|
|
|
specified and will run it. In order to make it a little more fine-grained,
|
|
|
|
you could set your hooks to only work if a certain "gitconfig" variable was
|
|
|
|
set. Which means we now need a way to specify "git config" settings on a per
|
|
|
|
repository basis.
|
|
|
|
|
2010-10-23 18:28:18 +02:00
|
|
|
[Note: this feature is disabled by default. Read the comments around a
|
|
|
|
variable called `GL_GITCONFIG_KEYS` in the rc file, then set it to some
|
|
|
|
appropriate value, to enable this feature.]
|
|
|
|
|
2009-12-09 07:46:22 +01:00
|
|
|
Thanks to Teemu (teemu dot matilainen at iki dot fi), gitolite now does this
|
|
|
|
very easily. For security reasons, this can only be done from the master
|
|
|
|
config file (i.e., if you're using delegation, the delegated admins cannot
|
|
|
|
specify git config settings).
|
|
|
|
|
|
|
|
Please see `conf/example.conf` for syntax. Note that this only supports the
|
|
|
|
basic forms of the "git config" command:
|
|
|
|
|
|
|
|
git config section.key value # value may be an empty string
|
|
|
|
git config --unset-all section.key
|
|
|
|
|
|
|
|
It does not (currently) support other options like `--add`, the `value_regex`,
|
|
|
|
etc.
|
2010-05-21 14:23:05 +02:00
|
|
|
|
|
|
|
[genpub]: http://sitaramc.github.com/0-installing/2-access-gitolite.html#generating_a_public_key
|
|
|
|
|