deac/gitolite
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

project renamed to gitolite

Browse source
This commit is contained in:
Sitaram Chamarty 2009-08-26 06:17:27 +05:30
parent cb5a802d3e
commit 09aeb31198
8 changed files with 42 additions and 42 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

38
INSTALL
View file

@ -5,7 +5,7 @@ access, permissions to create other userids, etc. This could be a typical
hosting provider type of thing, or -- in a corporate setting -- a very tightly
controlled server.
Gitosis-lite requires these:
Gitolite requires these:
* git itself, the more recent the better
* perl, typically installed with git, since git sort of needs it; any
@ -21,31 +21,31 @@ A quick install, taking all the defaults, can be done with the following
commands; just copy and paste them into your shell:
# this one is fixed to the location shown
cp example.gitosis-lite.rc ~/.gitosis-lite.rc
cp example.gitolite.rc ~/.gitolite.rc
# the destinations below are defaults; if you change the paths in the "rc"
# file above, these destinations also must change accordingly
# mkdir $REPO_BASE, $GL_ADMINDIR, and $GL_KEYDIR
mkdir ~/repositories
mkdir ~/.gitosis-lite
mkdir ~/.gitosis-lite/keydir
mkdir ~/.gitolite
mkdir ~/.gitolite/keydir
# copy sample conf to $GL_CONF
cp example.conf ~/.gitosis-lite/gitosis-lite.conf
cp example.conf ~/.gitolite/gitolite.conf
# copy the 3 programs to $GL_ADMINDIR
cp update-hook.pl ~/.gitosis-lite
cp gl-auth-command ~/.gitosis-lite
cp gl-compile-conf ~/.gitosis-lite
cp update-hook.pl ~/.gitolite
cp gl-auth-command ~/.gitolite
cp gl-compile-conf ~/.gitolite
# optional; copy the documents also (if you untarred the package into a
# temporary directory and need to get rid of it)
cp INSTALL README.markdown ~/.gitosis-lite
cp INSTALL README.markdown ~/.gitolite
### install notes
* At present the location of `~/.gitosis-lite.rc` is fixed (maybe later I'll
* At present the location of `~/.gitolite.rc` is fixed (maybe later I'll
change it to a "git config" variable).
If you edit it and change any paths, be sure to keep the perl syntax --
@ -53,11 +53,11 @@ commands; just copy and paste them into your shell:
limited case. And of course, make sure you adjust the commands shown
above to suit the new locations
* the config file is (by default) at `~/.gitosis-lite/gitosis-lite.conf`.
* the config file is (by default) at `~/.gitolite/gitolite.conf`.
Edit the file as you wish. The comments in the file ought to be clear
enough but let me know if not
* if you want to bring in existing (bare, server) repos into gitosis-lite,
* if you want to bring in existing (bare, server) repos into gitolite,
this should work:
* backup the repo, then move it to `$BASE_REPO`
* copy `$GL_ADMINDIR/update-hook.pl` to `[reponame].git/hooks/update` --
@ -89,7 +89,7 @@ It should all work, but the first couple of times you may want to check these
`$GL_ADMINDIR/gl-auth-command` file, then some sshd restrictions, the
key, etc.
* `$GL_CONF_COMPILED` (default
`~/.gitosis-lite/gitosis-lite.conf-compiled.pm`) should contain an
`~/.gitolite/gitolite.conf-compiled.pm`) should contain an
expanded list of the access control rules. It may look a little long,
but it's fairly intuitive!
@ -110,13 +110,13 @@ And once in a while, if you're feeling particularly BOFH-ish, take a look at
* when you clone an empty repo, git seems to complain about the remote
hanging up or something. I have no idea what that is, but it doesn't seem
to hurt anything. This happens even in normal git, not just gitosis-lite.
to hurt anything. This happens even in normal git, not just gitolite.
----
Footnotes:
[1] Actually, due to the way gitosis-lite is architected, you can manage
[1] Actually, due to the way gitolite is architected, you can manage
without `Data::Dumper` on the server if you have no choice. Only
`gl-compile-conf` needs it, so just run that on some other machine and copy
the two output files across. Cumbersome but doable... the advantage of
@ -125,11 +125,11 @@ separating all the hard work into a manually-run piece :)
[2] If you have *only* pubkey access, and **no** password access, then your
pubkey is already in the server's `~/.ssh/authorized_keys`. If you also need
to access git as a developer (clone, push, etc), do *not* submit this same
pubkey to gitosis-lite -- it won't work.
pubkey to gitolite -- it won't work.
Instead, create a different keypair for your "developer" role (by, e.g.,
`ssh-keygen -t rsa -f ~/.ssh/gitdev`), then give `~/.ssh/gitdev.pub` to
gitosis-lite as "yourname.pub", just like you would do for any other user.
gitolite as "yourname.pub", just like you would do for any other user.
Then you create a suitable `~/.ssh/config` to use the correct key
automatically, something like this:
@ -144,11 +144,11 @@ automatically, something like this:
identityfile ~/.ssh/gitdev
From now on, `ssh gitadm` will get you a command line on the server, to do
gitosis-lite admin and other work. And your repository URLs would look like
gitolite admin and other work. And your repository URLs would look like
`gitdev:reponame.git`. Very, very, simple...
And as with gitosis, there's more "ssh" magic than "git" magic here :-)
----
gitosis-lite is released under the GPL v2 license. See COPYING for details
gitolite is released under the GPL v2 license. See COPYING for details

4
README.markdown
View file

@ -1,6 +1,6 @@
# gitosis-lite
# gitolite
gitosis-lite is the bare essentials of gitosis, with a completely different
Gitolite is the bare essentials of gitosis, with a completely different
config file that allows (at last!) access control down to the branch level,
including specifying who can and cannot *rewind* a given branch. It is
released under GPL v2. See COPYING for details.

2
conf-convert.pl
View file

@ -3,7 +3,7 @@
use strict;
use warnings;
# migrate gitosis.conf to gitosis-lite.conf format
# migrate gitosis.conf to gitolite.conf format
# not very smart, but there shouldn't be any errors for simple configurations.
# the biggest thing you'll find is probably some comments rearranged or

2
example.conf
View file

@ -1,4 +1,4 @@
# example conf file for gitosis-lite
# example conf file for gitolite
# overall syntax:
# - everything in this is space-separated; no commas, semicolons, etc

8
example.gitosis-lite.rc → example.gitolite.rc
View file

@ -3,17 +3,17 @@
# base directory for all the repos
$REPO_BASE="repositories";
# gitosis-lite admin directory, files, etc
$GL_ADMINDIR=$ENV{HOME} . "/.gitosis-lite";
# gitolite admin directory, files, etc
$GL_ADMINDIR=$ENV{HOME} . "/.gitolite";
# --------------------------------------
# the ones below can be left as they are, unless for some reason you want them
# elsewhere
$GL_CONF="$GL_ADMINDIR/gitosis-lite.conf";
$GL_CONF="$GL_ADMINDIR/gitolite.conf";
$GL_KEYDIR="$GL_ADMINDIR/keydir";
$GL_CONF_COMPILED="$GL_ADMINDIR/gitosis-lite.conf-compiled.pm";
$GL_CONF_COMPILED="$GL_ADMINDIR/gitolite.conf-compiled.pm";
# --------------------------------------
# this should be the last line in this file, per perl rules

4
gl-auth-command
View file

@ -5,7 +5,7 @@ use strict;
# === auth-command ===
# the command that GL users actually run
# part of the gitosis-lite (GL) suite
# part of the gitolite (GL) suite
# how run: via sshd, being listed in "command=" in ssh authkeys
# when: every login by a GL user
@ -29,7 +29,7 @@ our $GL_CONF_COMPILED;
our $REPO_BASE;
our %repos;
my $glrc = $ENV{HOME} . "/.gitosis-lite.rc";
my $glrc = $ENV{HOME} . "/.gitolite.rc";
unless (my $ret = do $glrc)
{
die "parse $glrc failed: $@" if $@;

20
gl-compile-conf
View file

@ -5,7 +5,7 @@ use Data::Dumper;
# === add-auth-keys ===
# part of the gitosis-lite (GL) suite
# part of the gitolite (GL) suite
# (1) - "compiles" ~/.ssh/authorized_keys from the list of pub-keys
# (2) - also "compiles" the user-friendly GL conf file into something easier
@ -17,13 +17,13 @@ use Data::Dumper;
# how run: manual, by GL admin
# when:
# - anytime a pubkey is added/deleted
# - anytime gitosis-lite.conf is changed
# - anytime gitolite.conf is changed
# input:
# - GL_CONF (default: ~/.gitosis-lite/gitosis-lite.conf)
# - GL_KEYDIR (default: ~/.gitosis-lite/keydir)
# - GL_CONF (default: ~/.gitolite/gitolite.conf)
# - GL_KEYDIR (default: ~/.gitolite/keydir)
# output:
# - ~/.ssh/authorized_keys (dictated by sshd)
# - GL_CONF_COMPILED (default: ~/.gitosis-lite/gitosis-lite.conf-compiled.pm)
# - GL_CONF_COMPILED (default: ~/.gitolite/gitolite.conf-compiled.pm)
# security:
# - touches a very critical system file that manages the restrictions on
# incoming users. Be sure to audit AUTH_COMMAND and AUTH_OPTIONS (see
@ -46,7 +46,7 @@ our $GL_KEYDIR;
our $GL_CONF_COMPILED;
our $REPO_BASE;
my $glrc = $ENV{HOME} . "/.gitosis-lite.rc";
my $glrc = $ENV{HOME} . "/.gitolite.rc";
unless (my $ret = do $glrc)
{
die "parse $glrc failed: $@" if $@;
@ -208,12 +208,12 @@ open my $newkeys_fh, ">", $ENV{HOME} . "/.ssh/new_authkeys"
# save existing authkeys minus the GL-added stuff
while (<$authkeys_fh>)
{
print $newkeys_fh $_ unless (/^# gitosis-lite start/../^# gitosis-lite end/);
print $newkeys_fh $_ unless (/^# gitolite start/../^# gitolite end/);
}
# add our "start" line, each key on its own line (prefixed by command and
# options, in the standard ssh authorized_keys format), then the "end" line.
print $newkeys_fh "# gitosis-lite start\n";
print $newkeys_fh "# gitolite start\n";
my_chdir($GL_KEYDIR);
for my $pubkey (glob("*.pub"))
{
@ -221,7 +221,7 @@ for my $pubkey (glob("*.pub"))
print $newkeys_fh "command=\"$AUTH_COMMAND $user\",$AUTH_OPTIONS ";
print $newkeys_fh `cat $pubkey`;
}
print $newkeys_fh "# gitosis-lite end\n";
print $newkeys_fh "# gitolite end\n";
close $newkeys_fh or die "close newkeys failed: $!";
# check what changes are being made; just a comfort factor
@ -231,7 +231,7 @@ close $newkeys_fh or die "close newkeys failed: $!";
system("cat ~/.ssh/new_authkeys > ~/.ssh/authorized_keys");
system("rm ~/.ssh/new_authkeys");
# if the gl admin directory (~/.gitosis-lite) is itself a git repo, do an
# if the gl admin directory (~/.gitolite) is itself a git repo, do an
# autocheckin. nothing fancy; this is a "just in case" type of thing.
my_chdir($GL_ADMINDIR);
if (-d ".git")

6
update-hook.pl
View file

@ -3,9 +3,9 @@
use strict;
# === update ===
# this is gitosis-lite's update hook
# this is gitolite's update hook
# part of the gitosis-lite (GL) suite
# part of the gitolite (GL) suite
# how run: via git, being copied as .git/hooks/update in every repo
# when: every push
@ -31,7 +31,7 @@ our $GL_CONF_COMPILED;
our $REPO_BASE;
our %repos;
my $glrc = $ENV{HOME} . "/.gitosis-lite.rc";
my $glrc = $ENV{HOME} . "/.gitolite.rc";
unless (my $ret = do $glrc)
{
die "parse $glrc failed: $@" if $@;