deac/gitolite
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

project renamed to gitolite

Browse source
This commit is contained in:
Sitaram Chamarty 2009-08-26 06:17:27 +05:30
parent cb5a802d3e
commit 09aeb31198
8 changed files with 42 additions and 42 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

38
INSTALL
View file

@ -5,7 +5,7 @@ access, permissions to create other userids, etc. This could be a typical
hosting provider type of thing, or -- in a corporate setting -- a very tightly hosting provider type of thing, or -- in a corporate setting -- a very tightly
controlled server. controlled server.
Gitosis-lite requires these: Gitolite requires these:
* git itself, the more recent the better * git itself, the more recent the better
* perl, typically installed with git, since git sort of needs it; any * perl, typically installed with git, since git sort of needs it; any
@ -21,31 +21,31 @@ A quick install, taking all the defaults, can be done with the following
commands; just copy and paste them into your shell: commands; just copy and paste them into your shell:
# this one is fixed to the location shown # this one is fixed to the location shown
cp example.gitosis-lite.rc ~/.gitosis-lite.rc cp example.gitolite.rc ~/.gitolite.rc
# the destinations below are defaults; if you change the paths in the "rc" # the destinations below are defaults; if you change the paths in the "rc"
# file above, these destinations also must change accordingly # file above, these destinations also must change accordingly
# mkdir $REPO_BASE, $GL_ADMINDIR, and $GL_KEYDIR # mkdir $REPO_BASE, $GL_ADMINDIR, and $GL_KEYDIR
mkdir ~/repositories mkdir ~/repositories
mkdir ~/.gitosis-lite mkdir ~/.gitolite
mkdir ~/.gitosis-lite/keydir mkdir ~/.gitolite/keydir
# copy sample conf to $GL_CONF # copy sample conf to $GL_CONF
cp example.conf ~/.gitosis-lite/gitosis-lite.conf cp example.conf ~/.gitolite/gitolite.conf
# copy the 3 programs to $GL_ADMINDIR # copy the 3 programs to $GL_ADMINDIR
cp update-hook.pl ~/.gitosis-lite cp update-hook.pl ~/.gitolite
cp gl-auth-command ~/.gitosis-lite cp gl-auth-command ~/.gitolite
cp gl-compile-conf ~/.gitosis-lite cp gl-compile-conf ~/.gitolite
# optional; copy the documents also (if you untarred the package into a # optional; copy the documents also (if you untarred the package into a
# temporary directory and need to get rid of it) # temporary directory and need to get rid of it)
cp INSTALL README.markdown ~/.gitosis-lite cp INSTALL README.markdown ~/.gitolite
### install notes ### install notes
* At present the location of `~/.gitosis-lite.rc` is fixed (maybe later I'll * At present the location of `~/.gitolite.rc` is fixed (maybe later I'll
change it to a "git config" variable). change it to a "git config" variable).
If you edit it and change any paths, be sure to keep the perl syntax -- If you edit it and change any paths, be sure to keep the perl syntax --
@ -53,11 +53,11 @@ commands; just copy and paste them into your shell:
limited case. And of course, make sure you adjust the commands shown limited case. And of course, make sure you adjust the commands shown
above to suit the new locations above to suit the new locations
* the config file is (by default) at `~/.gitosis-lite/gitosis-lite.conf`. * the config file is (by default) at `~/.gitolite/gitolite.conf`.
Edit the file as you wish. The comments in the file ought to be clear Edit the file as you wish. The comments in the file ought to be clear
enough but let me know if not enough but let me know if not
* if you want to bring in existing (bare, server) repos into gitosis-lite, * if you want to bring in existing (bare, server) repos into gitolite,
this should work: this should work:
* backup the repo, then move it to `$BASE_REPO` * backup the repo, then move it to `$BASE_REPO`
* copy `$GL_ADMINDIR/update-hook.pl` to `[reponame].git/hooks/update` -- * copy `$GL_ADMINDIR/update-hook.pl` to `[reponame].git/hooks/update` --
@ -89,7 +89,7 @@ It should all work, but the first couple of times you may want to check these
`$GL_ADMINDIR/gl-auth-command` file, then some sshd restrictions, the `$GL_ADMINDIR/gl-auth-command` file, then some sshd restrictions, the
key, etc. key, etc.
* `$GL_CONF_COMPILED` (default * `$GL_CONF_COMPILED` (default
`~/.gitosis-lite/gitosis-lite.conf-compiled.pm`) should contain an `~/.gitolite/gitolite.conf-compiled.pm`) should contain an
expanded list of the access control rules. It may look a little long, expanded list of the access control rules. It may look a little long,
but it's fairly intuitive! but it's fairly intuitive!
@ -110,13 +110,13 @@ And once in a while, if you're feeling particularly BOFH-ish, take a look at
* when you clone an empty repo, git seems to complain about the remote * when you clone an empty repo, git seems to complain about the remote
hanging up or something. I have no idea what that is, but it doesn't seem hanging up or something. I have no idea what that is, but it doesn't seem
to hurt anything. This happens even in normal git, not just gitosis-lite. to hurt anything. This happens even in normal git, not just gitolite.
---- ----
Footnotes: Footnotes:
[1] Actually, due to the way gitosis-lite is architected, you can manage [1] Actually, due to the way gitolite is architected, you can manage
without `Data::Dumper` on the server if you have no choice. Only without `Data::Dumper` on the server if you have no choice. Only
`gl-compile-conf` needs it, so just run that on some other machine and copy `gl-compile-conf` needs it, so just run that on some other machine and copy
the two output files across. Cumbersome but doable... the advantage of the two output files across. Cumbersome but doable... the advantage of
@ -125,11 +125,11 @@ separating all the hard work into a manually-run piece :)
[2] If you have *only* pubkey access, and **no** password access, then your [2] If you have *only* pubkey access, and **no** password access, then your
pubkey is already in the server's `~/.ssh/authorized_keys`. If you also need pubkey is already in the server's `~/.ssh/authorized_keys`. If you also need
to access git as a developer (clone, push, etc), do *not* submit this same to access git as a developer (clone, push, etc), do *not* submit this same
pubkey to gitosis-lite -- it won't work. pubkey to gitolite -- it won't work.
Instead, create a different keypair for your "developer" role (by, e.g., Instead, create a different keypair for your "developer" role (by, e.g.,
`ssh-keygen -t rsa -f ~/.ssh/gitdev`), then give `~/.ssh/gitdev.pub` to `ssh-keygen -t rsa -f ~/.ssh/gitdev`), then give `~/.ssh/gitdev.pub` to
gitosis-lite as "yourname.pub", just like you would do for any other user. gitolite as "yourname.pub", just like you would do for any other user.
Then you create a suitable `~/.ssh/config` to use the correct key Then you create a suitable `~/.ssh/config` to use the correct key
automatically, something like this: automatically, something like this:
@ -144,11 +144,11 @@ automatically, something like this:
identityfile ~/.ssh/gitdev identityfile ~/.ssh/gitdev
From now on, `ssh gitadm` will get you a command line on the server, to do From now on, `ssh gitadm` will get you a command line on the server, to do
gitosis-lite admin and other work. And your repository URLs would look like gitolite admin and other work. And your repository URLs would look like
`gitdev:reponame.git`. Very, very, simple... `gitdev:reponame.git`. Very, very, simple...
And as with gitosis, there's more "ssh" magic than "git" magic here :-) And as with gitosis, there's more "ssh" magic than "git" magic here :-)
---- ----
gitosis-lite is released under the GPL v2 license. See COPYING for details gitolite is released under the GPL v2 license. See COPYING for details

4
README.markdown
View file

@ -1,6 +1,6 @@
# gitosis-lite # gitolite
gitosis-lite is the bare essentials of gitosis, with a completely different Gitolite is the bare essentials of gitosis, with a completely different
config file that allows (at last!) access control down to the branch level, config file that allows (at last!) access control down to the branch level,
including specifying who can and cannot *rewind* a given branch. It is including specifying who can and cannot *rewind* a given branch. It is
released under GPL v2. See COPYING for details. released under GPL v2. See COPYING for details.

2
conf-convert.pl
View file

@ -3,7 +3,7 @@
use strict; use strict;
use warnings; use warnings;
# migrate gitosis.conf to gitosis-lite.conf format # migrate gitosis.conf to gitolite.conf format
# not very smart, but there shouldn't be any errors for simple configurations. # not very smart, but there shouldn't be any errors for simple configurations.
# the biggest thing you'll find is probably some comments rearranged or # the biggest thing you'll find is probably some comments rearranged or

2
example.conf
View file

@ -1,4 +1,4 @@
# example conf file for gitosis-lite # example conf file for gitolite
# overall syntax: # overall syntax:
# - everything in this is space-separated; no commas, semicolons, etc # - everything in this is space-separated; no commas, semicolons, etc

8
example.gitosis-lite.rc → example.gitolite.rc
View file

@ -3,17 +3,17 @@
# base directory for all the repos # base directory for all the repos
$REPO_BASE="repositories"; $REPO_BASE="repositories";
# gitosis-lite admin directory, files, etc # gitolite admin directory, files, etc
$GL_ADMINDIR=$ENV{HOME} . "/.gitosis-lite"; $GL_ADMINDIR=$ENV{HOME} . "/.gitolite";
# -------------------------------------- # --------------------------------------
# the ones below can be left as they are, unless for some reason you want them # the ones below can be left as they are, unless for some reason you want them
# elsewhere # elsewhere
$GL_CONF="$GL_ADMINDIR/gitosis-lite.conf"; $GL_CONF="$GL_ADMINDIR/gitolite.conf";
$GL_KEYDIR="$GL_ADMINDIR/keydir"; $GL_KEYDIR="$GL_ADMINDIR/keydir";
$GL_CONF_COMPILED="$GL_ADMINDIR/gitosis-lite.conf-compiled.pm"; $GL_CONF_COMPILED="$GL_ADMINDIR/gitolite.conf-compiled.pm";
# -------------------------------------- # --------------------------------------
# this should be the last line in this file, per perl rules # this should be the last line in this file, per perl rules

4
gl-auth-command
View file

@ -5,7 +5,7 @@ use strict;
# === auth-command === # === auth-command ===
# the command that GL users actually run # the command that GL users actually run
# part of the gitosis-lite (GL) suite # part of the gitolite (GL) suite
# how run: via sshd, being listed in "command=" in ssh authkeys # how run: via sshd, being listed in "command=" in ssh authkeys
# when: every login by a GL user # when: every login by a GL user
@ -29,7 +29,7 @@ our $GL_CONF_COMPILED;
our $REPO_BASE; our $REPO_BASE;
our %repos; our %repos;
my $glrc = $ENV{HOME} . "/.gitosis-lite.rc"; my $glrc = $ENV{HOME} . "/.gitolite.rc";
unless (my $ret = do $glrc) unless (my $ret = do $glrc)
{ {
die "parse $glrc failed: $@" if $@; die "parse $glrc failed: $@" if $@;

20
gl-compile-conf
View file

@ -5,7 +5,7 @@ use Data::Dumper;
# === add-auth-keys === # === add-auth-keys ===
# part of the gitosis-lite (GL) suite # part of the gitolite (GL) suite
# (1) - "compiles" ~/.ssh/authorized_keys from the list of pub-keys # (1) - "compiles" ~/.ssh/authorized_keys from the list of pub-keys
# (2) - also "compiles" the user-friendly GL conf file into something easier # (2) - also "compiles" the user-friendly GL conf file into something easier
@ -17,13 +17,13 @@ use Data::Dumper;
# how run: manual, by GL admin # how run: manual, by GL admin
# when: # when:
# - anytime a pubkey is added/deleted # - anytime a pubkey is added/deleted
# - anytime gitosis-lite.conf is changed # - anytime gitolite.conf is changed
# input: # input:
# - GL_CONF (default: ~/.gitosis-lite/gitosis-lite.conf) # - GL_CONF (default: ~/.gitolite/gitolite.conf)
# - GL_KEYDIR (default: ~/.gitosis-lite/keydir) # - GL_KEYDIR (default: ~/.gitolite/keydir)
# output: # output:
# - ~/.ssh/authorized_keys (dictated by sshd) # - ~/.ssh/authorized_keys (dictated by sshd)
# - GL_CONF_COMPILED (default: ~/.gitosis-lite/gitosis-lite.conf-compiled.pm) # - GL_CONF_COMPILED (default: ~/.gitolite/gitolite.conf-compiled.pm)
# security: # security:
# - touches a very critical system file that manages the restrictions on # - touches a very critical system file that manages the restrictions on
# incoming users. Be sure to audit AUTH_COMMAND and AUTH_OPTIONS (see # incoming users. Be sure to audit AUTH_COMMAND and AUTH_OPTIONS (see
@ -46,7 +46,7 @@ our $GL_KEYDIR;
our $GL_CONF_COMPILED; our $GL_CONF_COMPILED;
our $REPO_BASE; our $REPO_BASE;
my $glrc = $ENV{HOME} . "/.gitosis-lite.rc"; my $glrc = $ENV{HOME} . "/.gitolite.rc";
unless (my $ret = do $glrc) unless (my $ret = do $glrc)
{ {
die "parse $glrc failed: $@" if $@; die "parse $glrc failed: $@" if $@;
@ -208,12 +208,12 @@ open my $newkeys_fh, ">", $ENV{HOME} . "/.ssh/new_authkeys"
# save existing authkeys minus the GL-added stuff # save existing authkeys minus the GL-added stuff
while (<$authkeys_fh>) while (<$authkeys_fh>)
{ {
print $newkeys_fh $_ unless (/^# gitosis-lite start/../^# gitosis-lite end/); print $newkeys_fh $_ unless (/^# gitolite start/../^# gitolite end/);
} }
# add our "start" line, each key on its own line (prefixed by command and # add our "start" line, each key on its own line (prefixed by command and
# options, in the standard ssh authorized_keys format), then the "end" line. # options, in the standard ssh authorized_keys format), then the "end" line.
print $newkeys_fh "# gitosis-lite start\n"; print $newkeys_fh "# gitolite start\n";
my_chdir($GL_KEYDIR); my_chdir($GL_KEYDIR);
for my $pubkey (glob("*.pub")) for my $pubkey (glob("*.pub"))
{ {
@ -221,7 +221,7 @@ for my $pubkey (glob("*.pub"))
print $newkeys_fh "command=\"$AUTH_COMMAND $user\",$AUTH_OPTIONS "; print $newkeys_fh "command=\"$AUTH_COMMAND $user\",$AUTH_OPTIONS ";
print $newkeys_fh `cat $pubkey`; print $newkeys_fh `cat $pubkey`;
} }
print $newkeys_fh "# gitosis-lite end\n"; print $newkeys_fh "# gitolite end\n";
close $newkeys_fh or die "close newkeys failed: $!"; close $newkeys_fh or die "close newkeys failed: $!";
# check what changes are being made; just a comfort factor # check what changes are being made; just a comfort factor
@ -231,7 +231,7 @@ close $newkeys_fh or die "close newkeys failed: $!";
system("cat ~/.ssh/new_authkeys > ~/.ssh/authorized_keys"); system("cat ~/.ssh/new_authkeys > ~/.ssh/authorized_keys");
system("rm ~/.ssh/new_authkeys"); system("rm ~/.ssh/new_authkeys");
# if the gl admin directory (~/.gitosis-lite) is itself a git repo, do an # if the gl admin directory (~/.gitolite) is itself a git repo, do an
# autocheckin. nothing fancy; this is a "just in case" type of thing. # autocheckin. nothing fancy; this is a "just in case" type of thing.
my_chdir($GL_ADMINDIR); my_chdir($GL_ADMINDIR);
if (-d ".git") if (-d ".git")

6
update-hook.pl
View file

@ -3,9 +3,9 @@
use strict; use strict;
# === update === # === update ===
# this is gitosis-lite's update hook # this is gitolite's update hook
# part of the gitosis-lite (GL) suite # part of the gitolite (GL) suite
# how run: via git, being copied as .git/hooks/update in every repo # how run: via git, being copied as .git/hooks/update in every repo
# when: every push # when: every push
@ -31,7 +31,7 @@ our $GL_CONF_COMPILED;
our $REPO_BASE; our $REPO_BASE;
our %repos; our %repos;
my $glrc = $ENV{HOME} . "/.gitosis-lite.rc"; my $glrc = $ENV{HOME} . "/.gitolite.rc";
unless (my $ret = do $glrc) unless (my $ret = do $glrc)
{ {
die "parse $glrc failed: $@" if $@; die "parse $glrc failed: $@" if $@;