| 1 |
What will change and for whom? |
| 2 |
|
| 3 |
|
| 4 |
In this mail (Table of contents) |
| 5 |
============ |
| 6 |
Information for ... |
| 7 |
|
| 8 |
- Everyone |
| 9 |
- New public key file format |
| 10 |
- Your real name |
| 11 |
- Your mail address |
| 12 |
- Nicknames |
| 13 |
- SSH options |
| 14 |
- Multiple keys |
| 15 |
- Querying your permissions |
| 16 |
|
| 17 |
- Repository owners |
| 18 |
|
| 19 |
- Overlay admins |
| 20 |
|
| 21 |
|
| 22 |
Everyone |
| 23 |
======== |
| 24 |
|
| 25 |
New public key file format |
| 26 |
-------------------------- |
| 27 |
We have a new ssh public key format. |
| 28 |
The old one contained only your pubkey while the new format expects at |
| 29 |
least your pubkey + 3 "variables". |
| 30 |
Example of the new format: |
| 31 |
|
| 32 |
# git-realname: <your real_name> |
| 33 |
[# git-realname-ascii: <your real name in ascii>] |
| 34 |
# git-email: <your mail address> |
| 35 |
# git-username: <user name for cia.vc and more> |
| 36 |
<optional ssh key options> <pubkey> |
| 37 |
[<optional ssh key options> <pubkey>] |
| 38 |
[..] |
| 39 |
|
| 40 |
git-realname, git-email, and git-username are required. |
| 41 |
|
| 42 |
|
| 43 |
Your real name |
| 44 |
^^^^^^^^^^^^^^ |
| 45 |
git-realname-ascii is optional and only necessary if your real name |
| 46 |
contains non-ASCII chars. |
| 47 |
|
| 48 |
|
| 49 |
Your mail address |
| 50 |
----------------- |
| 51 |
Your mail address will not be sent to cia.vc! It's only used |
| 52 |
|
| 53 |
a) to be able to contact you in case something goes wrong, or |
| 54 |
|
| 55 |
b) in case you commit to a repo where each commit will be sent to |
| 56 |
gentoo-commits@l.g.o. It will be obfuscated to avoid |
| 57 |
spam. |
| 58 |
|
| 59 |
|
| 60 |
Nicknames |
| 61 |
^^^^^^^^^ |
| 62 |
All current keys have been updated either by hand or one of the Overlay |
| 63 |
admins already got the right data for those variables. Otherwise the |
| 64 |
default user name is the same as you use to commit. For Gentoo devs it's |
| 65 |
the nick. |
| 66 |
|
| 67 |
|
| 68 |
SSH options |
| 69 |
^^^^^^^^^^^ |
| 70 |
SSH key options like 'from="..."' are allowed, any forbidden options will be |
| 71 |
stripped automatically. |
| 72 |
|
| 73 |
|
| 74 |
Multiple keys |
| 75 |
^^^^^^^^^^^^^ |
| 76 |
If you have multiple keys simply put them into one pubkey file or send |
| 77 |
us multiple pubkey files, for the required filename take a look at [3]. |
| 78 |
|
| 79 |
|
| 80 |
Querying your permissions |
| 81 |
------------------------- |
| 82 |
You're also able to see what permissions you were granted on a certain |
| 83 |
repository, see [4]. |
| 84 |
|
| 85 |
|
| 86 |
Repository owners (including everyone with a dev overlay) |
| 87 |
================= |
| 88 |
|
| 89 |
Branch- and file-specific access rules |
| 90 |
-------------------------------------- |
| 91 |
You're now able to get branch based access rules for your repository |
| 92 |
in place [1]. The default permission is now "RW+" (read, write, forced |
| 93 |
pushing) |
| 94 |
for all users that had write access before. It's up to you if you want |
| 95 |
someone to have other permissions, like "RW" (i.e. with forced pushing |
| 96 |
denied). See [1] for further information about permissions and esp. |
| 97 |
differences between permissions. |
| 98 |
|
| 99 |
|
| 100 |
Overlay admins |
| 101 |
============== |
| 102 |
First of all, you should take a look at example.conf, |
| 103 |
it's included in the admin repository. |
| 104 |
Furthermore take a look at the available permissions and branch based |
| 105 |
access rules [1]. Also important for you are: [4,5,6,7,8]. |
| 106 |
|
| 107 |
The group @all includes _all_, so even gitweb and git daemon. |
| 108 |
If you say "R = @all" it means that anybody can read/clone this repo |
| 109 |
via SSH/git daemon/DAV and gitweb has read permissions. |
| 110 |
If you don't want to enable gitweb, use "- = gitweb" or "daemon" for |
| 111 |
git-daemon. |
| 112 |
NOTE: If you add a repository description, gitweb will automatically get |
| 113 |
read access! |
| 114 |
|
| 115 |
You cannot break gitolite as easily as gitosis. gitolite "compiles" the |
| 116 |
config first and it'll tell you about any errors. You're still able to fix |
| 117 |
your mistakes yourself then, unlike before where you had to contact |
| 118 |
somebody from infra in such an event. |
| 119 |
|
| 120 |
|
| 121 |
[1] http://github.com/sitaramc/gitolite/blob/pu/conf/example.conf |
| 122 |
[2] |
| 123 |
http://github.com/sitaramc/gitolite/blob/pu/doc/3-faq-tips-etc.mkd#_one_user_many_keys |
| 124 |
[3] http://github.com/sitaramc/gitolite/blob/pu/doc/report-output.mkd |
| 125 |
|
| 126 |
[4] http://github.com/sitaramc/gitolite/blob/pu/doc/2-admin.mkd |
| 127 |
[5] http://github.com/sitaramc/gitolite/blob/pu/doc/3-faq-tips-etc.mkd |
| 128 |
[6] http://github.com/sitaramc/gitolite/blob/pu/doc/delegation.mkd |
| 129 |
[7] http://github.com/sitaramc/gitolite/blob/pu/doc/gitolite-and-ssh.mkd |
| 130 |
[8] http://github.com/sitaramc/gitolite/blob/pu/doc/progit-article.mkd |
| 131 |
|
| 132 |
-- |
| 133 |
Regards, |
| 134 |
Christian Ruppert |
| 135 |
Role: Gentoo Linux developer, Bugzilla administrator and Infrastructure |
| 136 |
member |
| 137 |
Fingerprint: EEB1 C341 7C84 B274 6C59 F243 5EAB 0C62 B427 ABC8 |
Archives