Corollary: As far as I know jgit does not support the same hooks that 'man githooks' talks about. User view : Gitolite is invisible to users except when access is denied. Gerrit is much more visible to devs because of its role in enforcing code review, approvals, and workflow. However, it is trivial to add your own code to do either or if someone contributes it, to just "enable" what ships with gitolite in a disabled state. There are several alternatives which offer a full web-based GUI, for administrators or users or both.
They also offer a lot of enterprise features for example LDAP integration , and social coding features issue trackers, discussions, comments on code, pull requests, etc. However, they are unlikely to be as customisable as gitolite is, if you care about that sort of thing.
At a very high level, gitolite relies on sshd or httpd if you're using the smart http mode to authenticate the user and supply the username. Based on this, and the command given, it decides whether to allow or deny the request. Consider a push command in ssh mode. Normally i. When you install gitolite and setup the user, gitolite sets up ssh to force the gitolite-shell command to run first, instead of the command requested:.
The gitolite-shell program uses the username supplied by ssh, and the repo name in the command, to decide if the user has write access to the repo or not. If he does have some write access, git-receive-pack is called, but that's not the end of the story. If you're using gitolite and find it very useful in some way, I would love to describe your use of it or add a link to your own description of it here.
Of course, you can anonymise it as much as you need to. The Fedora Project controls access to over 10, package management repositories accessed by over 1, package maintainers using gitolite. This is probably the largest confirmed gitolite installation anywhere. The whole "big-config" option back in v2 in v3 this is the default! You can find out more up-to-date info about available commands if you run:. Delete a repository.
You will need to run D unlock first, and then D rm. The desc command does not like special characters such as quotes, ampersands, brackets, etc. See Repo appearance on git. Sets up a random password you can use to authenticate against mail. Next slide : right arrow, page down, space Prev slide : left arrow, page up. Down within slide : down arrow Up within slide : up arrow. Before we start, we need to be clear about the difference between authentication and authorisation.
The client user authenticates herself to the server using any method supported by ssh -- password or ssh public key. It does not matter to either the git client or the git server how that happens; that's entirely between ssh and sshd the ssh daemon or server.
There is no authorisation in this mode, other than any file system permissions that the OS may enforce. Gitolite adds an extra layer in between the sshd and the git-receive-pack or git-upload-pack, for read operations , to check if the access is allowed and abort if needed.
Gitolite also installs its own update hook see man githooks in every repository to check branches being pushed. Gitolite also requires that the authentication must happen using an ssh public key. We'll see why as we go along. Here's a series of pictures that show how gitolite works. If you don't want these unexpected reports confusing users or programs!
You can see the mirror status of any repo using the 'mirror status' command; the command line help for the mirror command 'gitolite mirror -h' or 'ssh git host mirror -h' has details. You can use the gitolite mirror push command on a master to manually synchronise any of its copies. Try it with -h to get usage info.
Note: if your version of the mirror command does not support 'list copies', use gitolite git-config -r reponame mirror. Please read carefully; there are security implications if you enable this for mirrors NOT under your control. Normally, a master, and only a master , pushes to a copy, and the copies are "read-only" to the users.
Gitolite allows a copy to receive pushes from a user and transparently redirect them to the master. This simplifies things for users in complex setups, letting them use their local mirror for both fetch and push access to all repos. Just to be clear, the actual push will still happen only on the master, which needs to be up the redirection is at the ssh level. It's main use is in geographically distributed setups, where users are encouraged to use a nearer node as their "fetch" remote, but, without this feature, they'd have to use the actual master node as the "push" remote.
This allows users to use the same nearby node as the "push" remote also. It is also useful if the master dies, and the administrator redesignates some other node as the master.
In that situation, only users who had the original master as a remote need to update their remote URLs. The first syntax trusts all valid copies to redirect user pushes, while the second one trusts only some copies. Authentication happens on the copy, but authorisation is on the master.
The master is trusting the copy to authenticate the user correctly, even though the actual push is going to the master. This means that user alice on the copy must be guaranteed to be the same as user alice on the master. The part of the authorisation that happens before passing control to git-receive-pack see access rules will happen on the copy as well.
This lets you maintain configurations for all servers in one repo, yet have them act differently on different servers, by saying something like:. If you're paranoid enough to use mirrors, you should be paranoid enough to set this on each server, despite the possible CPU overhead:.
Moving only some repos other than the gitolite-admin repo to a different master is easy. Just make the change in the gitolite. Even for the gitolite-admin repo, if the current master is ok, it's the same thing; just make the change and push to the current master.
Subsequent pushes will go to the new master, of course. But if the current master is already dead, there's a bit of a catch
0コメント