Book Image

Gitolite Essentials

By : Sitaram Chamarty
Book Image

Gitolite Essentials

By: Sitaram Chamarty

Overview of this book

Related Content you might be interested in

Current Title:

Small book image
Gitolite Essentials
Sitaram Chamarty
Apr, 2014 | 120 pages
No titles found
Table of Contents (19 chapters)
Gitolite Essentials
Gitolite Essentials
Credits
Credits
About the Author
About the Author
Acknowledgments
Acknowledgments
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Getting Started with Gitolite
Getting Started with Gitolite
Common Access Control needs
Access Control example with Gitolite
Sampling of Gitolite's power features
Gitolite and the Git control flow
Trying out Gitolite
Summary
2
Installing Gitolite
Installing Gitolite
Gitolite users and the hosting user
Preparing the server
Getting the Gitolite source
Installing the code
Setting up Gitolite
Summary
3
Your Users and Gitolite
Your Users and Gitolite
Accessing Git repositories
Accessing Gitolite repositories
Getting information from Gitolite
Gitolite commands
Getting help for commands
Troubleshooting SSH issues
Summary
4
Adding and Removing Users
Adding and Removing Users
Adding users
Users with multiple key pairs
Giving some users a shell
Managing keys outside Gitolite
Getting user group information from LDAP
Removing users
Summary
5
Managing Repositories
Managing Repositories
Adding repositories
Adding existing repositories
Common problems and troubleshooting
Summary
6
Getting Started with Access Control
Getting Started with Access Control
Basic access control examples
Lexical syntax of the conf file
The syntax of access control rules
Branch level access control and refexes
Defining user and repo groups
The include statement
Rule accumulation and delegation
Summary
7
Advanced Access Control and Configuration
Advanced Access Control and Configuration
Making changes to the rc file
Giving users their own branches
Types of write operations
Allowing Gitweb and Git-daemon access
Specifying Git config values and Gitolite options
Applying deny rules to read access
Understanding VREFs
Summary
8
Allowing Users to Create Repos
Allowing Users to Create Repos
Putting repositories in Sub-directories
Repository wildcards
Explaining wild repos to your users
Managing with just wild repos
Deleting wild repositories
Summary
9
Customizing Gitolite
Customizing Gitolite
Core and non-core Gitolite
Types of non-core code and examples
Writing your own non-core code
Summary
10
Understanding VREFs
Understanding VREFs
Migrating update hooks
Passing arguments to the VREF code
Using the permission field
Default is success
Example VREFs and their usage
Writing your own VREF
Summary
11
Mirroring
Mirroring
Terminology and basic concepts
Setting up mirroring
Local repositories and hostname substitution
Redirecting pushes
Manual synchronization
Switching to a different master
Summary
Index
Index

Common Access Control needs

Git server administrators face a bit of a challenge. The high uptake rate of Git means that there are thousands of developers who are not really familiar with Git, and who therefore may be running Git commands that cause irreversible or highly disruptive changes to the Git repository. Furthermore, Git itself does not help much with this; whatever access controls it has, apply to the entire repository, and cannot be made more fine-grained.

For instance, the master branch in most projects represents the most stable code. Yet, a junior developer can easily run a command such as git push origin +master, (which pushes the developer's local branch onto the server) and thus overwrite weeks or months of hardwork by the rest of the team. People with deeper Git expertise can probably recover the lost commits, but it would certainly take time and effort.

Worse, Git's command syntax sometimes makes it worse. For example, the command to delete the master branch is only slightly different from a normal push, that is, git push origin :master (notice the extra colon?).

The most common need, therefore, is to prevent these kinds of accidents: overwriting (or rewinding) one or more commits, and deleting a branch or a tag.

Git itself does provide some measure of protection. You can set the config items receive.denyDeletes and receive.denyNonFastForwards to true. Unfortunately, this is a bit of a blunt instrument—now no one can delete or rewind any branch!

In larger setups with several repositories and several developers, you may also be concerned about allowing everyone to read all repositories. Or it may be that some roles (such as a test engineer) should not need to write to the repository; read-only access is sufficient. Up to a certain point, this problem can be solved with Unix permissions and user/group permissions applied judiciously. Perhaps even POSIX ACLs can be used if you're comfortable with that sort of thing.

However, using POSIX ACLs and user/group permissions has several disadvantages:

  • Each Git user needs a corresponding Unix user ID on the server.

  • Managing access rights can only be done by using the usermod and setfacl commands.

  • Checking the current set of permissions is not straightforward. You will need to run multiple commands and correlate their output manually.

  • Auditing changes in permissions over time is impossible because no history is kept by the system.

These disadvantages require a lot of effort to manage even a few repositories and users, and even a modestly sized setup would quickly become unmanageable.

Previous Section
End of Section 2
Next Section