[Dev] Replacing gitosis with git-shell
Luke T.Shumaker
lukeshu at sbcglobal.net
Fri Apr 13 18:52:04 GMT 2012
At Fri, 13 Apr 2012 10:31:46 -0300,
Nicolás Reynolds wrote:
>
> On Fri, 13 Apr 2012 00:41:23 -0400, Luke T.Shumaker <lukeshu at sbcglobal.net> wrote:
> > Of course, the decision is that of the doer, but other solutions I
> > would consider:
> > * git-http-server: a CGI script allowing push over HTTP. Permissions
> > are handled by the web server.
> > Also: There are clones that may work better with certain setups,
> > for example, jgit-http-server for Java, or Grack for Ruby. I'm not
> > aware of any that are Python (we're running Python for parabolaweb
> > anyway).
> > * Girocco (the repo.or.cz software): a set of (mostly perl) CGI
> > scripts.
> > * Gitorious: Ruby on Rails, RESTfully designed, meaning it has an API
> > we can use to integrate it with other software and script things.
>
> do we really need http-push?
No, but it offers an alternative to SSH for
authentication. Comparatively, HTTP authentication is easy to
integrate with another source of user management.
In fact, it looks like for ChiliProject/Redmine already has the
capability to do this with git-http-server/Grack. So the ChiliProject
install on labs.parabola.nu could be used to manage git commit access.
https://www.chiliproject.org/projects/chiliproject/wiki/HowTo_configure_ChiliProject_for_advanced_git_integration
> > I mention scripting and integration because it will allow us to
> > automate submodule repository creation, which you are iterested in.
>
> yeah, repo creation is something to fix... but can't it be done with a
> script? gitorious would be interesting if it's relatively straight
> forward to install...
I don't know how easy it is to install Gitorious, but yeah a script
would be pretty easy to do.
> > It also allows the possibility of integrating with parabolaweb, but I
> > wouldn't hope for that.
>
> labs.parabola.nu already integrates one repo to one project and shows
> it's commit (not very gui-friendly but you have feeds)
See my above comment about using labs.parabola.nu to manage commit
access.
> > You can work around this by not giving the address in URL form, but in
> > SCP form: "git2 at gparabola:abslibre.git"
>
> so with the ssh_config aliases it would be gparabola:abslibre.git :D
Yeah. I'd thought that git needed the '@' to identify the form, but I
was mistaken.
> > > On hackers.git I added a post-update hook that forces a checkout on
> > > .ssh, so anytime someone pushes a key to the server it gets immediately
> > > approved by sshd.
> >
> > Or a cron job if you want to get it working quickly.
>
> the hook is already tested and synchronic to the git-push, a cron would
> introduce waiting time.
Oh, I misread, I thought you still had to write the hook. Very well
then.
> another problem would be how to do this also on repos (different
> servers). you can add more than one pushing "url" to git so one push
> sends to more, but this requires manual configuration.
>
> also some security audit wouldn't be bad on ssh accesible users
>
> --
> libertad!
~ Luke Shumaker
More information about the Dev
mailing list