Gentoo Archives: gentoo-dev

From: Christian Ruppert <idl0r@g.o>
To: gentoo-dev@l.g.o
Subject: Re: [gentoo-dev] Upcoming git.overlays.g.o Maintenance: 2010/11/06 (Saturday) 15:00-16:00 UTC
Date: Thu, 04 Nov 2010 20:57:52
In Reply to: [gentoo-dev] Upcoming git.overlays.g.o Maintenance: 2010/11/06 (Saturday) 15:00-16:00 UTC by Christian Ruppert
What will change and for whom?

In this mail  (Table of contents)
Information for ...

- Everyone
  - New public key file format
    - Your real name
    - Your mail address
    - Nicknames
    - SSH options
    - Multiple keys
  - Querying your permissions

- Repository owners

- Overlay admins


New public key file format
We have a new ssh public key format.
The old one contained only your pubkey while the new format expects at
least your pubkey + 3 "variables".
Example of the new format:

   # git-realname: <your real_name>
  [# git-realname-ascii: <your real name in ascii>]
   # git-email: <your mail address>
   # git-username: <user name for and more>
   <optional ssh key options> <pubkey>
  [<optional ssh key options> <pubkey>]

git-realname, git-email, and git-username are required.

Your real name
git-realname-ascii is optional and only necessary if your real name
contains non-ASCII chars.

Your mail address
Your mail address will not be sent to! It's only used

 a) to be able to contact you in case something goes wrong, or

 b) in case you commit to a repo where each commit will be sent to
    gentoo-commits@l.g.o. It will be obfuscated to avoid

All current keys have been updated either by hand or one of the Overlay
admins already got the right data for those variables. Otherwise the
default user name is the same as you use to commit. For Gentoo devs it's
the nick.

SSH options
SSH key options like 'from="..."' are allowed, any forbidden options will be
stripped automatically.

Multiple keys
If you have multiple keys simply put them into one pubkey file or send
us multiple pubkey files, for the required filename take a look at [3].

Querying your permissions
You're also able to see what permissions you were granted on a certain
repository, see [4].

Repository owners  (including everyone with a dev overlay)

Branch- and file-specific access rules
You're now able to get branch based access rules for your repository
in place [1]. The default permission is now "RW+" (read, write, forced
for all users that had write access before. It's up to you if you want
someone to have other permissions, like "RW" (i.e. with forced pushing
denied). See [1] for further information about permissions and esp.
differences between permissions.

Overlay admins
First of all, you should take a look at example.conf,
it's included in the admin repository.
Furthermore take a look at the available permissions and branch based
access rules [1]. Also important for you are: [4,5,6,7,8].

The group @all includes _all_, so even gitweb and git daemon.
If you say "R = @all" it means that anybody can read/clone this repo
via SSH/git daemon/DAV and gitweb has read permissions.
If you don't want to enable gitweb, use "- = gitweb" or "daemon" for
NOTE: If you add a repository description, gitweb will automatically get
read access!

You cannot break gitolite as easily as gitosis. gitolite "compiles" the
config first and it'll tell you about any errors. You're still able to fix
your mistakes yourself then, unlike before where you had to contact
somebody from infra in such an event.



Christian Ruppert
Role: Gentoo Linux developer, Bugzilla administrator and Infrastructure
Fingerprint: EEB1 C341 7C84 B274 6C59  F243 5EAB 0C62 B427 ABC8


File name MIME type
signature.asc application/pgp-signature