Commit graph

351 commits

Author SHA1 Message Date
Sitaram Chamarty 6a3cd5d6b1 Merge pull request #32 from ebfe/bump_requirements
git >= 1.6.6 is required since 49f5361
2011-09-02 05:09:06 -07:00
Sitaram Chamarty 7c8c5a899b add example setups to mirroring doc; also other fixups 2011-08-30 20:50:34 +05:30
Sitaram Chamarty e139be927a new 'subconf' feature to explicitly do delegation
(includes HOSTNAME substitution feature also...)
2011-08-30 20:50:34 +05:30
Sitaram Chamarty 0ec3d77761 delegation: allow includes in fragments, fixup doc
I could not think why we disallowed includes in subconfs, since an
include is the same as inserting all those lines inline anyway.
2011-08-30 11:42:03 +05:30
Sitaram Chamarty 2eee4d627a Merge 'mirroring-revamp' into pu 2011-08-29 13:57:38 +05:30
Sitaram Chamarty 388cf76c73 document the "sequencing repo config" fix made earlier
plus some reorg of the section so it reads easier (I hope!)
2011-08-27 22:07:01 +05:30
Michael Gehring d4570cc340 git >= 1.6.6 is required since 49f5361 2011-08-25 15:35:29 +02:00
Chris Tilden 0172868da7 Fixes documentation typos 2011-08-24 13:12:42 -07:00
Sitaram Chamarty e5e95794ef (doc) hook chaining explained a bit better
nagp-compatible ;-)
2011-08-23 00:01:43 +05:30
Sitaram Chamarty e970327cc1 rc: get rid of GL_GITCONFIG_WILD
was only for efficiency even when it was relevant, and now it's just in
the way, making useless noises.
2011-08-17 21:53:06 +05:30
Sitaram Chamarty 442d7ca29c mirroring doc updates:
- caution about wild repos needing to be manually created on the
    receiving side (because nothing gets auto-created now)

  - caution about the right and wrong way to "delete" a config variable

  - a few other minor fixes
2011-08-17 11:59:00 +05:30
Sitaram Chamarty b11d44e036 (mirroring) make cron jobs easier to write
gl-mirror-shell will now take a list of slaves and/or keys, expanding
the keys in place.  See doc for even more improvements and conveniences.
2011-08-15 07:02:42 +05:30
Sitaram Chamarty e3b1fdfd69 (mirroring doc) explain how this is more than just 'backup' 2011-08-14 08:20:03 +05:30
Sitaram Chamarty a3ffc9d8fd (mirroring) reject non-local pushes if GL_HOSTNAME not set
We previously said all mirroring features are disabled if GL_HOSTNAME is
not set.

But what if, after mirroring has been setup, and master/slaves defined
for a repo, a slave admin fat-fingers the RC file and accidentally
comments out GL_HOSTNAME?  We might end up violating RULE NUMBER ONE!
2011-08-13 14:32:38 +05:30
Sitaram Chamarty 37ce28a43b (new mirroring) documentation 2011-08-13 09:03:13 +05:30
Sitaram Chamarty bfbd887e71 minor docfixes 2011-08-12 21:45:23 +05:30
Sitaram Chamarty 4c1e4b2b1a v2.0.3 2011-08-08 09:47:56 +05:30
Sitaram Chamarty 817c1835ae (docfix) you need RW+ to overwrite a tag
to my eternal shame (considering how proud I am of my documentation)
this was not mentioned anywhere!  I'm getting old...

thanks to Pierre Habouzit for catching this

(also slipped in a few other minor doc changes.  I wouldn't mix
unrelated stuff in a commit when doing code changes but it seems ok to
do this for docfixes, for some reason).
2011-08-01 08:12:23 +05:30
Sitaram Chamarty 973157d777 (doc) "authentication-vs-authorisation"
"gitolite-without-ssh" doc name was misleading; rename to
"authentication-vs-authorisation"

also restructure the whole thing to answer the main question better, and
fix up links from other places
2011-07-25 20:28:03 +05:30
Sitaram Chamarty 8710521f30 gitosis migration document overhaul (I need feedback on this) 2011-07-18 21:07:38 +05:30
Sitaram Chamarty b649536847 (minor) fixed some broken links due to 867b34f
thanks to j416 for catching this...
2011-07-18 21:06:14 +05:30
Sitaram Chamarty 9882e24084 (a few minor doc fixes) 2011-07-14 19:20:24 +05:30
Sitaram Chamarty 42df4c01a9 gl-dont-panic replaced by more generic gl-admin-push
(sorry Douglas Adams; the "towel day" program is no more!)
2011-07-13 22:29:44 +05:30
Christopher M. Fuhrman df885e5989 Documentation tweaks
- Add note about daemon user
 - In example, set gitweb.url to proper URL

Signed-off-by: Christopher M. Fuhrman <cfuhrman@panix.com>
2011-07-04 09:08:38 +05:30
Sitaram Chamarty 1f768a1763 (minor) some minor doc fixes 2011-06-14 20:22:04 +05:30
Sitaram Chamarty 5381dbb2da (doc) upgrading a 'from-client' installation to 'non-root' 2011-06-14 20:21:11 +05:30
Sitaram Chamarty 436662f28f v2.0.2 2011-06-01 20:17:55 +05:30
Sitaram Chamarty a6a0db10e9 oopsies... should be checking for "-x" not just "-f or -l" to chain a hook
it was trying to execute a broken symlink!  (Thanks to Jeff of KDE for
catching this)
2011-05-28 20:33:21 +05:30
Sitaram Chamarty b706719a56 (here's more proof that writing code is easier...)
streamline the README and the install doc a fair bit, especially make
'from-client' install deprecated, and relegate it to an Appendix.
2011-05-28 18:14:19 +05:30
Sitaram Chamarty 31cd56b76d (minor) doc tweaks 2011-05-28 17:49:22 +05:30
Sitaram Chamarty d3a663d03f (ssh doc) (N+1)th time rewrite; the holy grail still eludes me <sigh> 2011-05-12 09:33:46 +05:30
Sitaram Chamarty 867b34f32c (doc) ADCs now have an overview doc, plus...
- repo-deletion is now a proper doc
  - other doc enhancements and clarifications
2011-05-12 09:33:19 +05:30
Sitaram Chamarty 2b6d0670df (doc) a slew of minor doc fixes 2011-05-05 09:32:13 +05:30
Christopher M. Fuhrman cbb2de157c (doc) Initial entry of gitolite-gitweb-http-backend documentation
Initial entry of markdown documentation as generated by pod2markdown.
Note addition of table-of-contents and appropriate anchors

Signed-off-by: Christopher M. Fuhrman <cfuhrman@panix.com>

[some formatting type changes done by Sitaram]
2011-05-05 08:23:02 +05:30
Sitaram Chamarty 59f3c4a512 v2.0.1 2011-04-30 06:40:53 +05:30
Sitaram Chamarty 074fc61d3a more docfixes, esp the install doc 2011-04-30 06:39:01 +05:30
Sitaram Chamarty 0d1e05c7e1 "hooklets" -- play nice with any number of site-local 'update' hooks
(yes, I made up the name.  Deal with it!)
2011-04-29 04:47:30 +05:30
Sitaram Chamarty d74e58b5de (minor doc fixes) 2011-04-24 15:16:43 +05:30
Sitaram Chamarty 1006eba2fc allow the include statement to use globs
(bonus: we now have a test case for "include" itself, should it ever
decide to take an unplanned vacation!)
2011-04-01 16:11:59 +05:30
Dylan Simon 58064b8e20 Make limit on number of repos displayed by info with GL_BIG_CONFIG configurable
[doc added by Sitaram]
2011-03-30 20:27:12 +05:30
Sitaram Chamarty 0f377a7679 new doc on gitolite without ssh, plus some minor docfixes 2011-03-30 18:42:39 +05:30
Sitaram Chamarty fc2f8ee709 minor docfix to smart http doc 2011-03-25 11:11:41 +05:30
Ralf Hemmecke 85fe9c1739 (minor) docfix 2011-03-18 06:42:54 +05:30
Sitaram Chamarty 40f40edf20 (minor) fixups to shell-games doc 2011-03-13 18:20:30 +05:30
Sitaram Chamarty 23bf41eccd (minor) update mirroring doc about servers and mutual trust 2011-03-10 06:34:32 +05:30
Sitaram Chamarty b0f8924f80 (minor doc clarification)
thanks to kfogel for pointing it out
2011-03-09 21:40:00 +05:30
Sitaram Chamarty 396c23e187 forgot to update changelog when tagging v2.0 and promoting to master 2011-03-09 21:34:03 +05:30
Sitaram Chamarty 80d28e6fb0 Merge branch 'dmitrijsledkovs/pu' into pu 2011-03-05 17:29:20 +05:30
Sitaram Chamarty 396bfaa3b9 gl-auth now checks for and run a hook called 'gl-pre-git'
see sample code for motivation; other uses at your discretion
2011-03-05 12:23:17 +05:30
Sitaram Chamarty 284431e661 (minor) added info on config vars to admin-defined-commands.mkd 2011-03-02 23:24:45 +05:30
Dmitrijs Ledkovs a78d969f7c Fix a typo in docs 2011-03-01 12:29:57 +00:00
Sitaram Chamarty 635ccfafd0 (minor doc enhancement) how to rename a repo 2011-02-26 00:32:53 +05:30
Sitaram Chamarty 02128ff48f (minor doc fixes) 2011-02-21 21:25:43 +05:30
Sitaram Chamarty dfdab0f3c8 allow gitolite_rc.mkd values to be overridden by ~/.gitolite.rc
you might wonder why these are different from all the other variables in
the rc file... it's just that I never thought people would want to
change these!
2011-02-15 15:10:29 +05:30
Sitaram Chamarty 1c3d96e7cb (minor doc fix) how to change $REPO_BASE 2011-02-09 09:37:39 +05:30
Sitaram Chamarty 9b212ed0ef (minor) doc the effect of openssh 5.6 more clearly 2011-02-06 06:24:40 +05:30
Sitaram Chamarty df157e72b5 <sigh> gitweb doc fixes
This patch is dedicated to the person who, when referred to [1] for
gitweb access help, assumed we're talking about a Unix userid called
"gitweb" and said it still doesn't work.  He looked at the description
examples and wasn't sure what to do with them.  Finally, he missed the
sentence "All gitolite does is:" in the document, and assumed *he* was
supposed to do what the next 3 bullets said (in this case, create the
"description" file manually).

He didn't once think of the gitolite.conf file as being the location for
these instructions, or that "give read access" means "R = ..." instead
of a Unix level "chmod ...".

Do things have to be spelled out so goddamn clearly?  Can't people think
for a few seconds and see if there is another way before giving up?

I blame the prevalence of Windows and GUI IDEs.  People can only
"click".  They can't "think" anymore...

[1]: http://sitaramc.github.com/gitolite/doc/2-admin.html#gwd
2011-02-04 09:57:49 +05:30
Sitaram Chamarty 86206641c8 warnings on non-root method were not scary enough
(plus some other minor ssh/install related doc enhancements)
2011-02-03 19:47:11 +05:30
Sitaram Chamarty a1cbcf2001 migrate doc neglected to mention that gitolite needs update hook)
(although it *is* documented in doc/2, I can see where a migrating user
may miss that)
2011-02-02 06:38:03 +05:30
Sitaram Chamarty 86852dabe9 (v2 status) mob branches tested (manually) 2011-01-29 17:28:03 +05:30
Sitaram Chamarty d2cef2d05e doc fixes related to conf and rc getting their own doc files 2011-01-29 17:07:57 +05:30
Sitaram Chamarty 6a5d564917 (minor) less important docs have "## title" now
this is so the make-gh-pages (not part of gitolite) script can boldface
the ones which have "# title"
2011-01-29 15:47:53 +05:30
Sitaram Chamarty dab35f3565 fixup all docs to allow URLs pointing to gh-pages 2011-01-26 08:08:18 +05:30
Sitaram Chamarty 12f75cdc41 (minor doc fixes for next commit) 2011-01-26 08:08:18 +05:30
Sitaram Chamarty 6bcb5c162d gitolite.conf gets its own document now 2011-01-24 06:21:00 +05:30
Sitaram Chamarty 2cbe807b34 (doc) clarify GIT_HTTP_EXPORT_ALL is not mandatory for mixed ssh+http setups 2011-01-20 07:14:19 +05:30
Sitaram Chamarty 0360dc9f3f test smart http mode, update docs (including mob mode)
- allow a mob username to be defined; all unauthenticated access will
    look to gitolite like this user (if you setup apache also properly)

  - update doc with more details (some repeat stuff from `man
    git-http-backend` but it's probably worth having everything in one
    place
2011-01-17 22:04:10 +05:30
Jan Koprowski c8b1d8cc5b Document handling non-openssh but ssh2-compatible public keys by gitolite. 2011-01-16 20:20:14 +05:30
Sitaram Chamarty 692552d146 gitolite v2.0rc1 -- please see new developer-notes doc 2011-01-16 07:26:13 +05:30
Sitaram Chamarty 9b5793f2d1 v1.5.9 2011-01-15 19:02:34 +05:30
Sitaram Chamarty efa8e0ff16 new contrib/ldap with 3 useful scripts (thanks to Nokia MeeGo folks) 2011-01-13 13:24:01 +05:30
Sitaram Chamarty 10a30c961d (major change in big-config mode) split the compiled config file
Fedora's config has over 11,000 repositories and the compiled config
file is over 20 MB in size.  Although negligible on a server class
machine, on my laptop just parsing this file takes a good 2.5 seconds.

Even if you use GL_ALL_READ_ALL (see a couple of commits before this
one) to remove the overhead for 'read's, that's still a pretty big
overhead for writes.  And GL_ALL_READ_ALL is not really a solution for
most people anyway.

With this commit, using GL_BIG_CONFIG adds another optimisation; see
doc/big-config.mkd for details (look for the word "split config" to find
the section that talks about it).

----

Implementation notes:

  - the check for GL_NO_CREATE_REPOS has moved *into* the loop (which it
    completely bypassed earlier) so that write_1_compiled_conf can be
    called on each item
2011-01-02 11:30:29 +05:30
Sitaram Chamarty 27081ad1c1 new rc var: GL_ALL_READ_ALL 2011-01-02 10:21:39 +05:30
Sitaram Chamarty e0f4bbaf16 (minor) more doc updates, really small ones 2010-12-31 20:17:36 +05:30
Sitaram Chamarty ffcbc52637 rc file stripped down, variables categorised, documentation lifted out
the old file was getting too unwieldy...
2010-12-31 19:03:48 +05:30
Sitaram Chamarty 3abb7ac1a8 (minor) usermod has a "-a" -- I didn't know!
(thanks to Michael Schueler)
2010-12-28 21:54:34 +05:30
Sitaram Chamarty f88b097db1 v1.5.8 2010-12-25 05:58:27 +05:30
Sitaram Chamarty 5f3344025c (minor) doc updates 2010-12-25 05:58:26 +05:30
Sitaram Chamarty 7313d48247 gitolite-down: disable write-access to take backups
(we quietly do not document the 'able' adc, which is now the most
"official" adc in the sense that it has a new test, t64-write-able!)

other notes: fix bug in 'able' (not setting $loc)
2010-11-16 22:57:23 +05:30
Sitaram Chamarty 16ab95665c (admin doc) try that "moving servers" thing again :) 2010-11-16 14:35:39 +05:30
Sitaram Chamarty ad727488fc (install doc) various updates
(thanks to a somewhat heated "discussion" with "abstrakt" on #git)

While I don't agree with everything he said, some improvements are
always possible (always, always!) in docs:

  - move the "conventions used" section closer to the action
  - add note about RPM/DEB using "gitolite" as the user, not "git"
  - de-emphasise multiple gitolite hosting users at the top; refer
    advanced users to the already present detailed section later instead
  - in that section, add a bit of intro, and hand-wave the inconsistency
    between its 2 sub-sections ;-)

----

Unrelated to the "discussion" today, someone else (running Arch? don't
remember) had a system where /usr/local/bin was not in $PATH for a
normal user, so I added a note about that.
2010-11-14 11:05:13 +05:30
Sitaram Chamarty 64728c805b (admin doc) moving servers 2010-11-12 19:27:17 +05:30
Sitaram Chamarty 182b1d0b34 (who-uses) Gentoo's overlay system now uses gitolite 2010-11-07 21:59:49 +05:30
Sitaram Chamarty 047790140a custom perm categories in setperms (WARNING: PLEASE READ FULL COMMIT MESSAGE)
THE COMPILED CONFIG FILE FORMAT CHANGES WITH THIS VERSION.  PLEASE DO
NOT MIX VERSIONS OR DOWNGRADE.  Upgrading using normal gitolite upgrade
means should be fine, though.

Originally, we only allowed "R" and "RW" as categories of users supplied
to the `setperms` command.  These map respectively to "READERS" and
"WRITERS" in the access rules.

Now:

  - we prefer READERS instead of R and WRITERS instead of RW
  - we allow the admin to define other categories as she wishes
    (example: MANAGERS, TESTERS, etc).  These do not have abbreviations,
    however, so they must be supplied in full.

PLEASE, *PLEASE*, read the section in doc/wildcard-repositories.mkd for
more info.  This is a VERY powerful feature and if you're not careful
you could mess up the ACLs nicely.

Backward compat note: you can continue to use the "R" and "RW"
categories when running the "setperms" command, and gitolite will
internally convert them to READERS and WRITERS categories.

----

implementation notes:

  - new RC var called GL_WILDREPOS_PERM_CATS that is a space-sep list of
    the allowed categories in a gl-perms file; defaults to "R RW" if not
    specified

  - wild_repo_rights no longer returns $c, $r, $wC, where $r = $user if
    "R $user", $r = '@all' if "R @all", and similarly with $w and "RW".

    Instead it returns $c and a new hash that effectively gives the same
    info, but expanded to include any other valid categories (listed in
    GL_WILDREPOS_PERM_CATS)

  - consequently, the arguments that parse_acl takes also change the
    same way

  - (side note: R and RW are quietly converted to READERS and WRITERS;
    however, new categories that you define yourself do not have
    abbreviations)

  - setperms validates perms to make sure only allowed categories are
    used; however even if someone changed them behind the scenes,
    wild_repo_rights will also check.  This is necessary in case the
    admin tightened up GL_WILDREPOS_PERM_CATS after someone had already
    setperms-d his repos.

  - as a bonus, we eliminate all the post-Dumper shenanigans, at least
    for READERS and WRITERS.  Those two now look, to the compile script,
    just like any other usernames.
2010-11-06 21:03:34 +05:30
Sitaram Chamarty 4df32c3ff0 v1.5.7 2010-11-06 18:53:01 +05:30
Sitaram Chamarty 70359ce9ba (minor) doc fixes 2010-11-05 16:08:11 +05:30
Sitaram Chamarty 9716e32456 cbreak on #git: "I did bet that there are hundreds of sitaram admins out there"
Well from now on they will be called "YourName".

Even better quote from essial on #git (after literally typing in
"sitaram.pub" instead of substituting his name as the instructions [in
bold] tell him to do):

    come on you know how ubuntu users are
    if they see fixed width fonts inside a box they immediately copy-paste it

UBUNTU USERS: I DIDN'T SAY THAT, SOMEONE ELSE DID!  For details see
http://colabti.org/irclogger/irclogger_log/git?date=2010-11-04#l2417

[Although, since you apparently are quite happy to use a system that
default installs mono I doubt these little jibes matter to you
anyway...]

[idea: distribute my own pubkey with gitolite and instantly get access
to every gitolite install that is not behind a firewall, anywhere in the
world.  No one will notice or realise what I'm doing - MUAHAHAHAHA!!!]
2010-11-05 06:36:35 +05:30
Sitaram Chamarty 5b3dcb3757 a slew of adc changes; details below:
- get_rights_and_owner normalises its arg1 by stripping .git if
    supplied, then sets the variable "repo" to the result as a side
    effect
  - new "help" adc with some default text but main purpose is to allow
    site local help text
  - other adc's refer to 'help' adc when appropriate
  - 'undelete' renamed to 'restore'; that's what the KDE "trashcan"
    program calls that operation
  - minor typo in sample script in documentation
  - main adc doc points to contrib/adc/repo-deletion.README now
2010-10-28 16:43:04 +05:30
Sitaram Chamarty 84fe767b64 pubkeys and the pareto principle! 2010-10-26 20:30:10 +05:30
Sitaram Chamarty 0316baf726 mirror code learns receive.fsckObjects 2010-10-26 20:30:10 +05:30
Clint Adams 38c23b850f Monkeysphere integration documentation. 2010-10-26 09:01:24 +05:30
Sitaram Chamarty 10289c6d64 warning against server-side fiddling (<sigh>)
I had someone delete the admin repo on the server, then run gl-setup
again, and complain that included config files did not get restored.

There have been others (see below) before with similar demands, but
those at least had the excuse of being provoked by genuine mistakes.
This guy was intentionally breaking stuff server side.

Wish I could say he was stupid, but actually he was probably smarter
than I.  Just that his idea of the limits of gitolite's responsibility
was vastly different from mine.

----

[1] There was this guy who, as root, went on a "chmod go-rwx" spree for
security, which bollixed up gitweb access to all his repos, so he tells
me gitolite should be able to fix all the permissions on the next admin
push at least?  (That is, instead of just setting umask as it currently
does, it should go on a chmod spree just like he did).

[2] Then there was the guy who told me gitolite should re-create all the
"gl-creater" files for his wildcard repos because he was restoring from
a git push --mirror backup and that doesn't preserve those files?  I
tried to tell him that a git push --mirror doesn't preserve "config" or
"description" or "info/exclude" or any of the other files that git (not
gitolite) maintains, but he didn't care -- losing those did not affect
him (or he never had them), but losing these affected access control,
and it's my fault.
2010-10-23 23:01:12 +05:30
Sitaram Chamarty cd0eac8c3f (minor) a slew of little docfixes 2010-10-23 23:01:12 +05:30
Sitaram Chamarty 87cf2d4892 minor doc clarification on easy-install requiring 2 keys for the admin 2010-10-17 05:12:19 +05:30
Sitaram Chamarty d1515ea8d8 update CHANGELOG 2010-10-16 14:46:32 +05:30
Sitaram Chamarty db0485fa7e new method for passing usergroup info (warning: minor backward compat breakage)
The old method of passing in usergroup info had some problems, which are
now fixed.  It is also much easier to use now -- no more "wrapper"
script, plus it should work identially whether you use sshd or httpd.

See doc/big-config.mkd for details on the new method.

----

Notes on problems with the old method:

The old method for passing in usergroup info consisted of tacking them
on as extra arguments to gl-auth-command, after the username.

However, there are some problems with this method.

Some actions in gitolite look for permissions for users other than the
invoking user.  Determining permissions for gitweb and daemon is one.
An admin asking for "info" on some other user, is another.

However, the list of groups sent in via the command line
pertains only to the invoking user, so these actions don't work
correctly.  They may even pick up the wrong permissions.

What it all boils down to is that we need group information for any user
dynamically, instead of being passed a (static) list just for the
invoking user.
2010-10-07 20:20:39 +05:30
Sitaram Chamarty dc62d69848 progit doc...
thanks to tsgarp for making me think about adding this caution
2010-10-04 19:30:55 +05:30
Sitaram Chamarty 91f1b74503 document $GL_ALL_INCLUDES_SPECIAL (and clarify/refactor the docs a bit) 2010-10-03 08:48:59 +05:30
Sitaram Chamarty 3914dc0161 tighten permissions on install
- hardcode 0700 mode for GL_ADMINDIR tree (thanks to ma at
    ibitsense.com) for catching this
  - honor REPO_UMASK for GL_REPO_BASE_ABS creation
  - plus a minor doc update
2010-10-02 05:55:33 +05:30
Sitaram Chamarty 4957900360 (doc) who-uses-it 2010-09-28 20:26:26 +05:30