From 870983086c4a0c92e2957637ec765156f023607d Mon Sep 17 00:00:00 2001 From: Sitaram Chamarty Date: Thu, 19 Aug 2010 21:48:04 +0530 Subject: [PATCH] CHANGELOG and progit article updates --- doc/CHANGELOG | 32 ++++++++++++++++++++++++++++++++ doc/progit-article.mkd | 38 ++++++++++++++++++++++---------------- 2 files changed, 54 insertions(+), 16 deletions(-) diff --git a/doc/CHANGELOG b/doc/CHANGELOG index 978e03f..b870cf8 100644 --- a/doc/CHANGELOG +++ b/doc/CHANGELOG @@ -2,6 +2,38 @@ Major changes to gitolite, master branch only, most recent first, no dates but the tags can help you position stuff approximately [NYD = not yet documented due to lack of time...] + - more than one wildcard may match a repo, plus it can also be matched by a + normal repo line + + - test suite has lots of new tests for the below + - (big change) all combinations of wild repos and big configs, including + daemon/gitweb/git-config settings, should work now! + + - v1.5.5 + + - mirroring support + + - setup_authkeys is now separate; can be called from outside also; useful + for people who want to maintain ssh keys via LDAP or something, and not + within gitolite + + - (two months too late for towel day) gl-dont-panic! + [replaces the old "gl-emergency-addkey" program. It does more (including + recovering from a botched push, not just lost keys), is cleaner, and works + for all install methods] + + - document on how to create a mob branch + + - info command now takes a parameter to limit output; this is mandatory if + GL_BIG_CONFIG is on + + - v1.5.4 + + - new RC variables: GL_NO_CREATE_REPOS and GL_NO_SETUP_AUTHKEYS (inspired by + the specific needs that Fedora have, but made as generic as possible) + - separating push branch rights from create branch rights changed to use the + same mechanism as the (older) mechanism for separating rewind from delete + - v1.5.3 - log file format changed; minor backward compat breakage if you've been diff --git a/doc/progit-article.mkd b/doc/progit-article.mkd index 8d7fa4f..48bccbb 100644 --- a/doc/progit-article.mkd +++ b/doc/progit-article.mkd @@ -1,6 +1,6 @@ ## Gitolite ## -Git has started to become very popular in corporate environments, which tend to have some additional requirements in terms of access control. Gitolite was created to help with those requirements. +Git has started to become very popular in corporate environments, which tend to have some additional requirements in terms of access control. Gitolite was originally created to help with those requirements, but it turns out that it's equally useful in the open source world: the Fedora Project controls access to their package management repositories (over 10,000 of them!) using gitolite, and this is probably the largest gitolite installation anywhere too. Gitolite allows you to specify permissions not just by repository, but also by branch or tag names within each repository. That is, you can specify that certain people (or groups of people) can only push certain "refs" (branches or tags) but not others. @@ -8,7 +8,13 @@ Gitolite allows you to specify permissions not just by repository, but also by b Installing Gitolite is very easy, even if you don't read the extensive documentation that comes with it. You need an account on a Unix server of some kind; various Linux flavours, and Solaris 10, have been tested. You do not need root access, assuming git, perl, and an openssh compatible ssh server are already installed. In the examples below, we will use the `gitolite` account on a host called `gitserver`. -Curiously, Gitolite is installed by running a script *on the workstation*, so your workstation must have a bash shell available. Even the bash that comes with msysgit will do, in case you're wondering. +Gitolite is somewhat unusual as far as "server" software goes -- access is via ssh, and so every userid on the server is a potential "gitolite host". As a result, there is a notion of "installing" the software itself, and then "setting up" a user as a "gitolite host". + +Gitolite has 4 methods of installation. People using Fedora or Debian systems can obtain an RPM or a DEB and install that. People with root access can install it manually. In these two methods, any user on the system can then become a "gitolite host". + +People without root access can install it within their own userids. And finally, gitolite can be installed by running a script *on the workstation*, from a bash shell. (Even the bash that comes with msysgit will do, in case you're wondering.) + +We will describe this last method in this article; for the other methods please see the documentation. You start by obtaining public key based access to your server, so that you can log in from your workstation to the server without getting a password prompt. The following method works on Linux; for other workstation OSs you may have to do this manually. We assume you already had a key pair generated using `ssh-keygen`. @@ -27,8 +33,6 @@ Next, you clone Gitolite from the project's main site and run the "easy install" And you're done! Gitolite has now been installed on the server, and you now have a brand new repository called `gitolite-admin` in the home directory of your workstation. You administer your gitolite setup by making changes to this repository and pushing. -[By the way, *upgrading* gitolite is also done the same way. Also, if you're interested, run the script without any arguments to get a usage message.] - That last command does produce a fair amount of output, which might be interesting to read. Also, the first time you run this, a new keypair is created; you will have to choose a passphrase or hit enter for none. Why a second keypair is needed, and how it is used, is explained in the "ssh troubleshooting" document that comes with Gitolite. (Hey the documentation has to be good for *something*!) ### Customising the Install ### @@ -37,7 +41,7 @@ While the default, quick, install works for most people, there are some ways to ### Config File and Access Control Rules ### -So once the install is done, you switch to the `gitolite-admin` repository (placed in your HOME directory) and poke around to see what you got: +Once the install is done, you switch to the `gitolite-admin` repository (placed in your HOME directory) and poke around to see what you got: $ cd ~/gitolite-admin/ $ ls @@ -135,24 +139,26 @@ Gitolite allows you to specify repositories with wildcards (actually perl regexe ### Other Features ### -We'll round off this discussion with a bunch of other features, all of which are described in great detail in the "faqs, tips, etc" document. +We'll round off this discussion with a sampling of other features, all of which, and many more, are described in great detail in the "faqs, tips, etc" and other documents. **Logging**: Gitolite logs all successful accesses. If you were somewhat relaxed about giving people rewind permissions (`RW+`) and some kid blew away "master", the log file is a life saver, in terms of easily and quickly finding the SHA that got hosed. **Git outside normal PATH**: One extremely useful convenience feature in gitolite is support for git installed outside the normal `$PATH` (this is more common than you think; some corporate environments or even some hosting providers refuse to install things system-wide and you end up putting them in your own directories). Normally, you are forced to make the *client-side* git aware of this non-standard location of the git binaries in some way. With gitolite, just choose a verbose install and set `$GIT_PATH` in the "rc" files. No client-side changes are required after that :-) -**Access rights reporting**: Another convenient feature is what happens when you try and just ssh to the server. Older versions of gitolite used to complain about the `SSH_ORIGINAL_COMMAND` environment variable being empty (see the ssh documentation if interested). Now Gitolite comes up with something like this: +**Access rights reporting**: Another convenient feature is what happens when you try and just ssh to the server. Gitolite shows you what repos you have access to, and what that access may be. Here's an example: - hello sitaram, the gitolite version here is v0.90-9-g91e1e9f - you have the following permissions: - R anu-wsd - R entrans - R W git-notes - R W gitolite - R W gitolite-admin - R indic_web_input - R shreelipi_converter + hello sitaram, the gitolite version here is v1.5.4-19-ga3397d4 + the gitolite config gives you the following access: + R anu-wsd + R entrans + R W git-notes + R W gitolite + R W gitolite-admin + R indic_web_input + R shreelipi_converter **Delegation**: For really large installations, you can delegate responsibility for groups of repositories to various people and have them manage those pieces independently. This reduces the load on the main admin, and makes him less of a bottleneck. This feature has its own documentation file in the `doc/` directory. **Gitweb support**: Gitolite supports gitweb in several ways. You can specify which repos are visible via gitweb. You can set the "owner" and "description" for gitweb from the gitolite config file. Gitweb has a mechanism for you to implement access control based on HTTP authentication, so you can make it use the "compiled" config file that gitolite produces, which means the same access control rules (for read access) apply for gitweb and gitolite. + +**Mirroring**: Gitolite can help you maintain multiple mirrors, and switch between them easily if the primary server goes down.