non-core features shipped with gitolite
Important Notes on "non-core" features:
The "non-core" gitolite page is the starting point for all information about ... non-core gitolite :)
This page decribes many of the non-core features that come with gitolite. If a non-core feature is shipped with gitolite, but information about it is not found in this page, it can be found within the source code; please look there.
Commands, however, have some extra magic, which is not available to the other types of non-core programs:
Running the command with a single
gitolite <command> -hor
ssh git@host <command> -h), will display a suitable message. Please report a bug to me if one of them doesn't.
Running 'help', (either as
gitolite helpon the server, or
ssh git@host helpremotely), will give you a list of commands you are allowed to run.
This is a list of commands that are available in gitolite, with brief
descriptions and, if available, a link to more detailed information. Note
that in most cases running it with
-h will give you enough to work with.
Also note that not all of these commands are available remotely.
(The more common/important commands are in bold).
- access -- print or test access rights for repo/user
- config (v3.6.3+) -- allow limited remote use of 'git config'
- create -- create a wild repo
- creator -- print or test creator name for wild repo
- D -- lets you Delete wild repos created using the C permission :)
- desc -- show/set description for wild repo
- fork -- fork a repo on the server. This uses the
-loption to git clone, so it runs really fast
- git-config -- print (or text existence of) 'config' values in the repo.
(Don't forget that
option foo.bar = 1is merely syntactic sugar for
config gitolite-options.foo.bar = 1, so this can be used to query gitolite options also
- help -- see note 1 at the top of this page
- htpasswd -- sets your htpasswd
- info -- print git/gitolite version, list repos you have access to
- lock -- lock binary files for exclusive use (in combination with the 'lock' VREF)
- mirror -- manually mirror a repo to a slave
- motd (v3.6.1+) -- set/remove a message of the day, per repo or for the whole system
- option (v3.6.3+) -- allow repo owner to set options for a repo
- perms -- list or set permissions for wild repo
- push -- push a gitolite repo locally, bypassing gitolite
- readme (v3.6.1+) -- show, remove or set the README.html file for repo.
- rsync -- resumable downloads of git bundles (bundles are auto-created as needed)
- sshkeys-lint -- look for potential problems in ssh keys
- sskm -- self-service key management
- sudo -- allows an admin (i.e., someone who has push rights to the 'gitolite-admin' repo) to run any remote command as some other user. This is useful, for example, when a user claims he is unable to access a repo, and you need to check the 'info' output for him, etc. However, it does not work the other way, sorry!
- symbolic-ref -- run
git symbolic-refon a repo, remotely
- who-pushed -- determine who pushed a given commit
- writable -- disable/enable writes to specific repo (or all repos, if you're an admin)
The following "sugar" programs are available:
- continuation-lines -- allow C-style backslash escaped continuation lines in the conf file
- keysubdirs-as-groups -- use the last component of the sub-directory name within keydir as a group name
- macros -- simple line-wise macro processor
Here's a list of features that are enabled by triggers, or a combination of a trigger and something else, like a command.
- Alias -- allow repos to have aliases
- AutoCreate -- deny auto-create of wild repos on R or RW access
- bg -- allow long running post-compile/post-create jobs to be backgrounded
- CpuTime -- CPU and elapsed times for gitolite+git
- Mirroring -- mirroring all or some repos
- Motd (v3.6.1+) -- allows printing a message of the day to STDERR in ssh mode
- partial-copy -- simulated read control for branches (in combination with the partial-copy VREF)
- RefexExpr -- (in combination with VREF/refex-expr) logical expressions over refexes, like "refex-1 and not refex-2". (Example: changing file 'foo' but not on 'master' branch)
- renice -- renice the git operation
- RepoUmask -- repo-specific umask settings
- Shell -- see "giving shell access to gitolite users" in the ssh troubleshooting and tips page. (Internally enables the 'ssh-authkeys-shell-users' trigger also).
- ssh-authkeys-split -- split pubkey files with multiple keys into separate files with one pubkey each
- update-description-file -- if you want the 'description' file to be updated instead of the 'gitweb.description' config entry (e.g. cgit users)
- upstream -- manage local, gitolite-controlled, copies of read-only upstream repos
In addition, the following post-compile trigger scripts are enabled by default, so are included here only for completeness and in case you wish to disable them:
- ssh-authkeys -- process keys in keydir/ and add/update appropriate lines to the authorized keys file
- update-git-configs -- run
git configin each repo to add/update entries as needed
- update-git-daemon-access-list -- create/delete the 'git-daemon-export-ok' files in each repo as needed
- update-gitweb-access-list -- create the "projects.list" file that gitweb uses to determine what repos to show/not show
VREFs are a complex topic and have their own page with lots more details. However, here's a list of VREFs shipped with gitolite:
- COUNT -- restrict pushes by number of changed or new files pushed
- EMAIL-CHECK -- check if all new commits are authored by the person pushing
- lock -- lock binary files for exclusive use (in combination with the 'lock' command)
- MAX_NEWBIN_SIZE -- restrict by size of new binary files (helps catch people checking in random PDFs, JARs, WARs, etc.)
- NAME -- restrict pushes by dir/file name
- partial-copy -- simulated read control for branches (in combination with the partial-copy trigger)
- refex-expr -- (in combination with the refex-expr trigger) logical expressions over refexes, like "refex-1 and not refex-2". (Example: changing file 'foo' but not on 'master' branch)
- VOTES -- voting on commits a la gerrit
details on some non-core programs
These non-core programs needed more detail than could be provided in the source code, but did not fit anywhere else neatly enough.
partial-copy: selective read control for branches
Git (and therefore gitolite) cannot do selective read control -- allowing someone to read branch A but not branch B. It's the entire repo or nothing.
Gerrit Code Review can do that, but that is because they have their own git (as well as their own sshd, and so on). If code review is part of your access control decision, you really should consider Gerrit anyway.
The standard answer you get when you ask is "use separate repos" (where one contains all the branches, and one contains a subset of the branches). This is nice in theory but in practice, when people are potentially pushing to both repos, you need to figure out how to keep them in sync.
Gitolite can now help you do this. Note that this is only for branches; you can't do this for files and directories.
enable 'partial-copy' in the ENABLE list in the rc file.
for each repo "foo" which has secret branches that a certain set of developers (we'll use a group called
@temp-empas an example) are not supposed to see, do this:
repo foo # rules should allow @temp-emp NO ACCESS
repo foo-partialcopy-1 # first, a deny rule that allows no access to secret-branch - secret-branch = @all
# other rules; see notes below
- VREF/partial-copy = @all config gitolite.partialCopyOf = foo
if you're using other VREFs, make sure this one is placed at the end, after all the others.
remember that any change allowed to be made to the partial-copy repo will propagate to the main repo so make sure you use other rules to restrict pushes to other branches and tags as needed.
And that should be it. Please test it and let me know if it doesn't work!
If you change the config to disallow something that used to be allowed, you should delete the partial repo on the server and then run
gitolite compile; gitolite trigger POST_COMPILEto let it build again.
Not tested with smart http; probably won't work.
Also not tested with mirroring, or with wild card repos.