Gentoo Archives: gentoo-dev

From: Christian Ruppert <idl0r@g.o>
To: gentoo-dev@l.g.o
Subject: Re: [gentoo-dev] Upcoming git.overlays.g.o Maintenance: 2010/11/06 (Saturday) 15:00-16:00 UTC
Date: Thu, 04 Nov 2010 20:57:52
Message-Id: 4CD31E32.6070303@gentoo.org
In Reply to: [gentoo-dev] Upcoming git.overlays.g.o Maintenance: 2010/11/06 (Saturday) 15:00-16:00 UTC by Christian Ruppert
What will change and for whom?


In this mail  (Table of contents)
============
Information for ...

- Everyone
  - New public key file format
    - Your real name
    - Your mail address
    - Nicknames
    - SSH options
    - Multiple keys
  - Querying your permissions

- Repository owners

- Overlay admins


Everyone
========

New public key file format
--------------------------
We have a new ssh public key format.
The old one contained only your pubkey while the new format expects at
least your pubkey + 3 "variables".
Example of the new format:

   # git-realname: <your real_name>
  [# git-realname-ascii: <your real name in ascii>]
   # git-email: <your mail address>
   # git-username: <user name for cia.vc and more>
   <optional ssh key options> <pubkey>
  [<optional ssh key options> <pubkey>]
  [..]

git-realname, git-email, and git-username are required.


Your real name
^^^^^^^^^^^^^^
git-realname-ascii is optional and only necessary if your real name
contains non-ASCII chars.


Your mail address
-----------------
Your mail address will not be sent to cia.vc! It's only used

 a) to be able to contact you in case something goes wrong, or

 b) in case you commit to a repo where each commit will be sent to
    gentoo-commits@l.g.o. It will be obfuscated to avoid
    spam.


Nicknames
^^^^^^^^^
All current keys have been updated either by hand or one of the Overlay
admins already got the right data for those variables. Otherwise the
default user name is the same as you use to commit. For Gentoo devs it's
the nick.


SSH options
^^^^^^^^^^^
SSH key options like 'from="..."' are allowed, any forbidden options will be
stripped automatically.


Multiple keys
^^^^^^^^^^^^^
If you have multiple keys simply put them into one pubkey file or send
us multiple pubkey files, for the required filename take a look at [3].


Querying your permissions
-------------------------
You're also able to see what permissions you were granted on a certain
repository, see [4].


Repository owners  (including everyone with a dev overlay)
=================

Branch- and file-specific access rules
--------------------------------------
You're now able to get branch based access rules for your repository
in place [1]. The default permission is now "RW+" (read, write, forced
pushing)
for all users that had write access before. It's up to you if you want
someone to have other permissions, like "RW" (i.e. with forced pushing
denied). See [1] for further information about permissions and esp.
differences between permissions.


Overlay admins
==============
First of all, you should take a look at example.conf,
it's included in the admin repository.
Furthermore take a look at the available permissions and branch based
access rules [1]. Also important for you are: [4,5,6,7,8].

The group @all includes _all_, so even gitweb and git daemon.
If you say "R = @all" it means that anybody can read/clone this repo
via SSH/git daemon/DAV and gitweb has read permissions.
If you don't want to enable gitweb, use "- = gitweb" or "daemon" for
git-daemon.
NOTE: If you add a repository description, gitweb will automatically get
read access!

You cannot break gitolite as easily as gitosis. gitolite "compiles" the
config first and it'll tell you about any errors. You're still able to fix
your mistakes yourself then, unlike before where you had to contact
somebody from infra in such an event.


[1] http://github.com/sitaramc/gitolite/blob/pu/conf/example.conf
[2]
http://github.com/sitaramc/gitolite/blob/pu/doc/3-faq-tips-etc.mkd#_one_user_many_keys
[3] http://github.com/sitaramc/gitolite/blob/pu/doc/report-output.mkd

[4] http://github.com/sitaramc/gitolite/blob/pu/doc/2-admin.mkd
[5] http://github.com/sitaramc/gitolite/blob/pu/doc/3-faq-tips-etc.mkd
[6] http://github.com/sitaramc/gitolite/blob/pu/doc/delegation.mkd
[7] http://github.com/sitaramc/gitolite/blob/pu/doc/gitolite-and-ssh.mkd
[8] http://github.com/sitaramc/gitolite/blob/pu/doc/progit-article.mkd

-- 
Regards,
Christian Ruppert
Role: Gentoo Linux developer, Bugzilla administrator and Infrastructure
member
Fingerprint: EEB1 C341 7C84 B274 6C59  F243 5EAB 0C62 B427 ABC8

Attachments

File name MIME type
signature.asc application/pgp-signature

Replies