Skip to content


Subversion checkout URL

You can clone with
Download ZIP
Commits on Jan 15, 2011
  1. v1.5.9

Commits on Jan 13, 2011
Commits on Jan 2, 2011
  1. (major change in big-config mode) split the compiled config file

    Fedora's config has over 11,000 repositories and the compiled config
    file is over 20 MB in size.  Although negligible on a server class
    machine, on my laptop just parsing this file takes a good 2.5 seconds.
    Even if you use GL_ALL_READ_ALL (see a couple of commits before this
    one) to remove the overhead for 'read's, that's still a pretty big
    overhead for writes.  And GL_ALL_READ_ALL is not really a solution for
    most people anyway.
    With this commit, using GL_BIG_CONFIG adds another optimisation; see
    doc/big-config.mkd for details (look for the word "split config" to find
    the section that talks about it).
    Implementation notes:
      - the check for GL_NO_CREATE_REPOS has moved *into* the loop (which it
        completely bypassed earlier) so that write_1_compiled_conf can be
        called on each item
  2. new rc var: GL_ALL_READ_ALL

Commits on Dec 31, 2010
  1. rc file stripped down, variables categorised, documentation lifted out

    the old file was getting too unwieldy...
Commits on Dec 28, 2010
  1. (minor) usermod has a "-a" -- I didn't know!

    (thanks to Michael Schueler)
Commits on Dec 25, 2010
  1. v1.5.8

  2. (minor) doc updates

Commits on Nov 16, 2010
  1. gitolite-down: disable write-access to take backups

    (we quietly do not document the 'able' adc, which is now the most
    "official" adc in the sense that it has a new test, t64-write-able!)
    other notes: fix bug in 'able' (not setting $loc)
Commits on Nov 14, 2010
  1. (install doc) various updates

    (thanks to a somewhat heated "discussion" with "abstrakt" on #git)
    While I don't agree with everything he said, some improvements are
    always possible (always, always!) in docs:
      - move the "conventions used" section closer to the action
      - add note about RPM/DEB using "gitolite" as the user, not "git"
      - de-emphasise multiple gitolite hosting users at the top; refer
        advanced users to the already present detailed section later instead
      - in that section, add a bit of intro, and hand-wave the inconsistency
        between its 2 sub-sections ;-)
    Unrelated to the "discussion" today, someone else (running Arch? don't
    remember) had a system where /usr/local/bin was not in $PATH for a
    normal user, so I added a note about that.
Commits on Nov 12, 2010
  1. (admin doc) moving servers

Commits on Nov 7, 2010
Commits on Nov 6, 2010
  1. custom perm categories in setperms (WARNING: PLEASE READ FULL COMMIT …

    NOT MIX VERSIONS OR DOWNGRADE.  Upgrading using normal gitolite upgrade
    means should be fine, though.
    Originally, we only allowed "R" and "RW" as categories of users supplied
    to the `setperms` command.  These map respectively to "READERS" and
    "WRITERS" in the access rules.
      - we prefer READERS instead of R and WRITERS instead of RW
      - we allow the admin to define other categories as she wishes
        (example: MANAGERS, TESTERS, etc).  These do not have abbreviations,
        however, so they must be supplied in full.
    PLEASE, *PLEASE*, read the section in doc/wildcard-repositories.mkd for
    more info.  This is a VERY powerful feature and if you're not careful
    you could mess up the ACLs nicely.
    Backward compat note: you can continue to use the "R" and "RW"
    categories when running the "setperms" command, and gitolite will
    internally convert them to READERS and WRITERS categories.
    implementation notes:
      - new RC var called GL_WILDREPOS_PERM_CATS that is a space-sep list of
        the allowed categories in a gl-perms file; defaults to "R RW" if not
      - wild_repo_rights no longer returns $c, $r, $wC, where $r = $user if
        "R $user", $r = '@all' if "R @all", and similarly with $w and "RW".
        Instead it returns $c and a new hash that effectively gives the same
        info, but expanded to include any other valid categories (listed in
      - consequently, the arguments that parse_acl takes also change the
        same way
      - (side note: R and RW are quietly converted to READERS and WRITERS;
        however, new categories that you define yourself do not have
      - setperms validates perms to make sure only allowed categories are
        used; however even if someone changed them behind the scenes,
        wild_repo_rights will also check.  This is necessary in case the
        admin tightened up GL_WILDREPOS_PERM_CATS after someone had already
        setperms-d his repos.
      - as a bonus, we eliminate all the post-Dumper shenanigans, at least
        for READERS and WRITERS.  Those two now look, to the compile script,
        just like any other usernames.
  2. v1.5.7

Commits on Nov 5, 2010
  1. (minor) doc fixes

  2. cbreak on #git: "I did bet that there are hundreds of sitaram admins …

    …out there"
    Well from now on they will be called "YourName".
    Even better quote from essial on #git (after literally typing in
    "" instead of substituting his name as the instructions [in
    bold] tell him to do):
        come on you know how ubuntu users are
        if they see fixed width fonts inside a box they immediately copy-paste it
    [Although, since you apparently are quite happy to use a system that
    default installs mono I doubt these little jibes matter to you
    [idea: distribute my own pubkey with gitolite and instantly get access
    to every gitolite install that is not behind a firewall, anywhere in the
    world.  No one will notice or realise what I'm doing - MUAHAHAHAHA!!!]
Commits on Oct 28, 2010
  1. a slew of adc changes; details below:

      - get_rights_and_owner normalises its arg1 by stripping .git if
        supplied, then sets the variable "repo" to the result as a side
      - new "help" adc with some default text but main purpose is to allow
        site local help text
      - other adc's refer to 'help' adc when appropriate
      - 'undelete' renamed to 'restore'; that's what the KDE "trashcan"
        program calls that operation
      - minor typo in sample script in documentation
      - main adc doc points to contrib/adc/repo-deletion.README now
Commits on Oct 26, 2010
  1. Monkeysphere integration documentation.

    Clint Adams committed with
Commits on Oct 23, 2010
  1. warning against server-side fiddling (<sigh>)

    I had someone delete the admin repo on the server, then run gl-setup
    again, and complain that included config files did not get restored.
    There have been others (see below) before with similar demands, but
    those at least had the excuse of being provoked by genuine mistakes.
    This guy was intentionally breaking stuff server side.
    Wish I could say he was stupid, but actually he was probably smarter
    than I.  Just that his idea of the limits of gitolite's responsibility
    was vastly different from mine.
    [1] There was this guy who, as root, went on a "chmod go-rwx" spree for
    security, which bollixed up gitweb access to all his repos, so he tells
    me gitolite should be able to fix all the permissions on the next admin
    push at least?  (That is, instead of just setting umask as it currently
    does, it should go on a chmod spree just like he did).
    [2] Then there was the guy who told me gitolite should re-create all the
    "gl-creater" files for his wildcard repos because he was restoring from
    a git push --mirror backup and that doesn't preserve those files?  I
    tried to tell him that a git push --mirror doesn't preserve "config" or
    "description" or "info/exclude" or any of the other files that git (not
    gitolite) maintains, but he didn't care -- losing those did not affect
    him (or he never had them), but losing these affected access control,
    and it's my fault.
Commits on Oct 16, 2010
  1. update CHANGELOG

Commits on Oct 7, 2010
  1. new method for passing usergroup info (warning: minor backward compat…

    … breakage)
    The old method of passing in usergroup info had some problems, which are
    now fixed.  It is also much easier to use now -- no more "wrapper"
    script, plus it should work identially whether you use sshd or httpd.
    See doc/big-config.mkd for details on the new method.
    Notes on problems with the old method:
    The old method for passing in usergroup info consisted of tacking them
    on as extra arguments to gl-auth-command, after the username.
    However, there are some problems with this method.
    Some actions in gitolite look for permissions for users other than the
    invoking user.  Determining permissions for gitweb and daemon is one.
    An admin asking for "info" on some other user, is another.
    However, the list of groups sent in via the command line
    pertains only to the invoking user, so these actions don't work
    correctly.  They may even pick up the wrong permissions.
    What it all boils down to is that we need group information for any user
    dynamically, instead of being passed a (static) list just for the
    invoking user.
Commits on Oct 4, 2010
  1. progit doc...

    thanks to tsgarp for making me think about adding this caution
Commits on Oct 3, 2010
Commits on Oct 2, 2010
  1. tighten permissions on install

      - hardcode 0700 mode for GL_ADMINDIR tree (thanks to ma at for catching this
      - honor REPO_UMASK for GL_REPO_BASE_ABS creation
      - plus a minor doc update
Commits on Sep 28, 2010
  1. (doc) who-uses-it

  2. gitosis migr doc update to handle user@foo type keys

    thanks to frogonwheels for catching this...
Commits on Sep 24, 2010
  1. added support for a post-repo-create hook (gl-post-init)

    ...some people want to run a special function after a repo is created
  2. (minor) doc updates

    inspired by various denizens of #git and the internet at large
Commits on Sep 23, 2010
  1. wildrepos doc badly needed update due to new features:

      - 79f0a5f ("(big one!) more than one wildcard may match a repo...")
        makes some of the dire warnings about this irrelevant
      - d1d2c3e and ad64f99 ("git config settings in wild repos: part 1" and
        "...part 2") makes this caveat also useless
    While we were about it, we added a quick intro and tried to make some
    other details a little clearer.
Something went wrong with that request. Please try again.