1 |
What will change and for whom? |
2 |
|
3 |
|
4 |
In this mail (Table of contents) |
5 |
============ |
6 |
Information for ... |
7 |
|
8 |
- Everyone |
9 |
- New public key file format |
10 |
- Your real name |
11 |
- Your mail address |
12 |
- Nicknames |
13 |
- SSH options |
14 |
- Multiple keys |
15 |
- Querying your permissions |
16 |
|
17 |
- Repository owners |
18 |
|
19 |
- Overlay admins |
20 |
|
21 |
|
22 |
Everyone |
23 |
======== |
24 |
|
25 |
New public key file format |
26 |
-------------------------- |
27 |
We have a new ssh public key format. |
28 |
The old one contained only your pubkey while the new format expects at |
29 |
least your pubkey + 3 "variables". |
30 |
Example of the new format: |
31 |
|
32 |
# git-realname: <your real_name> |
33 |
[# git-realname-ascii: <your real name in ascii>] |
34 |
# git-email: <your mail address> |
35 |
# git-username: <user name for cia.vc and more> |
36 |
<optional ssh key options> <pubkey> |
37 |
[<optional ssh key options> <pubkey>] |
38 |
[..] |
39 |
|
40 |
git-realname, git-email, and git-username are required. |
41 |
|
42 |
|
43 |
Your real name |
44 |
^^^^^^^^^^^^^^ |
45 |
git-realname-ascii is optional and only necessary if your real name |
46 |
contains non-ASCII chars. |
47 |
|
48 |
|
49 |
Your mail address |
50 |
----------------- |
51 |
Your mail address will not be sent to cia.vc! It's only used |
52 |
|
53 |
a) to be able to contact you in case something goes wrong, or |
54 |
|
55 |
b) in case you commit to a repo where each commit will be sent to |
56 |
gentoo-commits@l.g.o. It will be obfuscated to avoid |
57 |
spam. |
58 |
|
59 |
|
60 |
Nicknames |
61 |
^^^^^^^^^ |
62 |
All current keys have been updated either by hand or one of the Overlay |
63 |
admins already got the right data for those variables. Otherwise the |
64 |
default user name is the same as you use to commit. For Gentoo devs it's |
65 |
the nick. |
66 |
|
67 |
|
68 |
SSH options |
69 |
^^^^^^^^^^^ |
70 |
SSH key options like 'from="..."' are allowed, any forbidden options will be |
71 |
stripped automatically. |
72 |
|
73 |
|
74 |
Multiple keys |
75 |
^^^^^^^^^^^^^ |
76 |
If you have multiple keys simply put them into one pubkey file or send |
77 |
us multiple pubkey files, for the required filename take a look at [3]. |
78 |
|
79 |
|
80 |
Querying your permissions |
81 |
------------------------- |
82 |
You're also able to see what permissions you were granted on a certain |
83 |
repository, see [4]. |
84 |
|
85 |
|
86 |
Repository owners (including everyone with a dev overlay) |
87 |
================= |
88 |
|
89 |
Branch- and file-specific access rules |
90 |
-------------------------------------- |
91 |
You're now able to get branch based access rules for your repository |
92 |
in place [1]. The default permission is now "RW+" (read, write, forced |
93 |
pushing) |
94 |
for all users that had write access before. It's up to you if you want |
95 |
someone to have other permissions, like "RW" (i.e. with forced pushing |
96 |
denied). See [1] for further information about permissions and esp. |
97 |
differences between permissions. |
98 |
|
99 |
|
100 |
Overlay admins |
101 |
============== |
102 |
First of all, you should take a look at example.conf, |
103 |
it's included in the admin repository. |
104 |
Furthermore take a look at the available permissions and branch based |
105 |
access rules [1]. Also important for you are: [4,5,6,7,8]. |
106 |
|
107 |
The group @all includes _all_, so even gitweb and git daemon. |
108 |
If you say "R = @all" it means that anybody can read/clone this repo |
109 |
via SSH/git daemon/DAV and gitweb has read permissions. |
110 |
If you don't want to enable gitweb, use "- = gitweb" or "daemon" for |
111 |
git-daemon. |
112 |
NOTE: If you add a repository description, gitweb will automatically get |
113 |
read access! |
114 |
|
115 |
You cannot break gitolite as easily as gitosis. gitolite "compiles" the |
116 |
config first and it'll tell you about any errors. You're still able to fix |
117 |
your mistakes yourself then, unlike before where you had to contact |
118 |
somebody from infra in such an event. |
119 |
|
120 |
|
121 |
[1] http://github.com/sitaramc/gitolite/blob/pu/conf/example.conf |
122 |
[2] |
123 |
http://github.com/sitaramc/gitolite/blob/pu/doc/3-faq-tips-etc.mkd#_one_user_many_keys |
124 |
[3] http://github.com/sitaramc/gitolite/blob/pu/doc/report-output.mkd |
125 |
|
126 |
[4] http://github.com/sitaramc/gitolite/blob/pu/doc/2-admin.mkd |
127 |
[5] http://github.com/sitaramc/gitolite/blob/pu/doc/3-faq-tips-etc.mkd |
128 |
[6] http://github.com/sitaramc/gitolite/blob/pu/doc/delegation.mkd |
129 |
[7] http://github.com/sitaramc/gitolite/blob/pu/doc/gitolite-and-ssh.mkd |
130 |
[8] http://github.com/sitaramc/gitolite/blob/pu/doc/progit-article.mkd |
131 |
|
132 |
-- |
133 |
Regards, |
134 |
Christian Ruppert |
135 |
Role: Gentoo Linux developer, Bugzilla administrator and Infrastructure |
136 |
member |
137 |
Fingerprint: EEB1 C341 7C84 B274 6C59 F243 5EAB 0C62 B427 ABC8 |