Git
How to get an account?
IMM employees and Ph.D's can get a git account by sending an email to IT Service with your SSH public key which you find in ~/.ssh/*pub. E.g. ~/.ssh/id_rsa.pub.
If you don't have a publick then you can create one by
ssh-keygen -N '' -t rsa -f ~/.ssh/id_rsa
It is important that you keep your private key (~/.ssh/id_rsa) and public key safe and have a backup. Should someone get hold of your private key, then all your git repositories can get accessed by that person.
Disk space
By default the git admin get 1GB of disk space and a hard limit of 1,5GB, where all the git admin's repositories combined can not exceed these limits.
This means that if you have created e.g. 3 repos and have added some users to these, and if just one of these users adds a big file by mistake, and exceed the 1GB limit, then no one will be allowed to push to any of the git admin's repos.
If the disk usage is e.g. 900MB, and a user pushes a commit of 700MB, then the file system will stop writing when 1,5GB is reached, and there is a potential data loss for the repos owned by the git admin.
Linus is not shy to say that Git is not designed to contain big binary blobs. Example.
So 1GB is an enormous amount of space, if your uses use it as intended, so these limits should never be a problem. The limits are there however to protect the other git admin's repos, so a user from gitAdmin1 can not impact other admins' repos.
If you have a need for version control on big amounts binary blobs of data (e.g. images), then please contact IT Service and will try to find a solution for this.
Deleting a big commit
More about this later.
Rename or delete repo
More about this later.
Creating repositories and setting permissions
Once your account have been created, you can clone the gitolite-admin repo by
git clone dtuInitials@git.imm.dtu.dk:gitolite-admin
where dtuInitials should be replaced by your IMM initials which are 4 or more letters long.
This repository is where you create repositories, add users, and set permissions for the users.
Create repository
The git admin is the only one by default who can pull the gitolite-admin repo.
To add a repo edit gitolite-admin/conf/gitolite.conf. Example:
@staff = dilbert alice # line 1 @projects = mobile fast_algo # line 2 repo @projects inv_prob # line 3 RW+ = @staff # line 4 - master = ashok # line 5 RW = ashok # line 6 R = wally # line 7
- See Syntax
- See Groups
Syntax
In general, everything is space separated; there are no commas, semicolons, etc., in the syntax.
Comments starts with #.
User names and repo names must start with an alphanumeric, but after that they can also contain ., _, or -.
Usernames can optionally be followed by an @ and a domainname containing at least one . (this allows you to use an email address as someone's username). Repo names can contain / characters (this allows you to put your repos in a tree-structure for convenience)
There are no continuation lines by default. You do not need them; the section on "groups" will tell you how you can break up large lists of names in a group definition into multiple lines.
Groups
You can group repos or users for convenience. The syntax is the same for both and does not distinguish; until you use the group name it could really be either.
Here's an example:
@developers = dilbert alice wally
Group definitions accumulate; this is the same as the above:
@developers = dilbert @developers = alice @developers = wally
You can use one group in another group definition; the values will be expanded right there (meaning later additions will not appear in the second group).
@developers = dilbert alice @interns = ashok @staff = @interns @developers @developers = wally # wally is NOT part of @staff
@all is a special group name that is often convenient to use if you really mean "all repos" or "all users".
Adding and removing users
Strictly speaking, gitolite doesn't know where users come from. If that surprises you, read this. However, gitolite does help with ssh-based authentication, so here's some info on adding and removing users.
WARNING: Do NOT add new repos or users manually on the server. Gitolite users, repos, and access rules are maintained by making changes to a special repo called 'gitolite-admin' and pushing those changes to the server.
All operations are in a clone of the gitolite-admin repo.
To add a user, say Alice, obtain her public key (typically $HOME/.ssh/id_rsa.pub on her workstation), copy it to keydir with the user name as the basename (e.g., 'alice.pub' for user alice), then git add keydir/alice.pub. (All keys files must have names ending in ".pub", and must be in openssh's default format).
To remove a user, git rm keydir/alice.pub.
In both cases, you must commit and push. On receiving the push, gitolite will carry out the changes specified.
The user name is simply the base name of the public key file name. So 'alice.pub', 'foo/alice.pub' and 'bar/alice.pub', all resolve to user "alice".
adding and removing repos
NOTE: this page describes how to add new repos. To bring already existing repos into gitolite control, click here.
WARNING: Do NOT add new repos or users manually on the server. Gitolite users, repos, and access rules are maintained by making changes to a special repo called 'gitolite-admin' and pushing those changes to the server.
Just as for users, all operations are in a clone of the gitolite-admin repo.
To add a new repo, edit conf/gitolite.conf and add it, along with at least one user with some permissions. Or add it to an existing repo line:
repo gitolite tsh gitpod
RW+ = sitaram RW dev = alice bob R = @all
The "repo" line can have any number of repo names or repo group names in it. However, it can only be one line; this will not work
repo foo repo bar # WRONG; 'foo' is now forgotten
RW = alice
If you have too many, use a group name:
@myrepos = foo @myrepos = bar
repo @myrepos
RW = alice
Finally, you add, commit, and push this change. Gitolite will create a bare, empty, repo on the server that is ready to be cloned.
Removing a repo is not so straightforward. You certainly must remove the appropriate lines from the conf/gitolite.conf file, but gitolite will not automatically delete the repo from the server. You have to log on to the server and do the dirty deed yourself :-)
It is best to make the change in the conf file, push it, and then go to the server and do what you need to.
Renaming a repo is also not automatic. Here's what you do (and the order is important):
Go to the server and rename the repo at the Unix command line. Change the name in the conf/gitolite.conf file and add/commit/push.
moving existing repos into gitolite
Needs to be done on server side. Contact ITservice.
Accees rules
This is arguably the most complex part of day-to-day gitolite. There are several interconnected ideas that make this hard to lay out easily if you're totally new to this, so read carefully.
We will use this as a running example:
@staff = dilbert alice wally bob
repo foo
RW+ = dilbert # line 1 RW+ dev = alice # line 2 - = wally # line 3 RW temp/ = @staff # line 4 R = ashok # line 5
what does a rule look like?
A rule line has the structure
<permission> <zero or more refexes> = <one or more users/user groups> The most common permissions used are:
R, for read only RW, for push existing ref or create new ref RW+, for "push -f" or ref deletion allowed (i.e., destroy information) - (the minus sign), to deny access.
Less commonly used types of permissions
Git supplies enough information to the update hook to be able to distinguish several types of writes.
The most common are:
RW -- create a ref or fast-forward push a ref. No rewinds or deletes. RW+ -- create, fast-forward push, rewind push, or delete a ref. Sometimes you want to allow people to push, but not create a ref. Or rewind, but not delete a ref. The C and D qualifiers help here.
When a rule specifies RWC or RW+C, then rules that do NOT have the C qualifier will no longer permit creating a ref.
Please do not confuse this with the standalone C permission that allows someone to create a repo
When a rule specifies RWD or RW+D, then rules that do NOT have the D qualifier will no longer permit deleting a ref.
Note: These two can be combined, so you can have RWCD and RW+CD as well.
One very rare need is to reject merge commits (a commit series that is not a straight line of commits). The M qualifier helps here:
When a rule has M appended to the permissions, rules that do NOT have it will reject a commit sequence that contains a merge commit (i.e., they only accept a straight line series of commits).
?
git clone git-owner@git.imm.dtu.dk:gitolite-admin scp mttj@pcmttj:.ssh/*pub gitolite-admin/keydir/mttj.pub sed -i 's/mttj@pcmttj/mttj/g' gitolite-admin/keydir/mttj.pub cd gitolite-admin git add keydir/mttj.pub vi conf/gitolite.conf git commit -a -m "Added mttj pub key and RW perm to mttj on fast_algo repo" git push
mttj can now access fast_algo repo by
git clone git-owner@git.imm.dtu.dk:fast_algo
