Re: building git ; need suggestion
I'm closer to my requirement. I have found gitweb simply provide a GUI for history check and code comparison. And the git itself is good enough to do the ACL stuff with hooks. I already have the following code to deploy the push into its work-tree === #!/bin/bash while read oldrev newrev ref do branch=`echo $ref | cut -d/ -f3` if [ master == $branch ]; then git --work-tree=/path/under/root/dir/live-site/ checkout -f $branch echo 'Changes pushed live.' fi if [ dev == $branch ]; then git --work-tree=/path/under/root/dir/dev-site/ checkout -f $branch echo 'Changes pushed to dev.' fi done = This code can be extended for as many branches as you have. I now need a mechanism to restrict the user to it's own branch so that user can't push into any other branch in mistake. Say I have master branch - only admin user can push here. dev branch - only user dev1 , dev2 and master can push here. testing branch - only user test1 and test2 can push here. I think this can also be done with pre-receive hook. Any suggestion on the hook design is welcome. Also this can be implemented on the above hook or in a separate hook. A separate hook is better due to maintainability and then I need to call multiple pre-receive hook. Please suggest. Thanks On 18-Mar-2013, at 11:14 AM, Joydeep Bakshi joydeep.bak...@infoservices.in wrote: On 15-Mar-2013, at 6:44 PM, Magnus Bäck ba...@google.com wrote: Right, but that's R/W permissions. Almost any piece of Git hosting software supports restriction of pushes. Discriminating *read* access between developers and maintenance people sounds like a disaster if it's the same organisation. Just restriction on push access is what required. -- To unsubscribe from this list: send the line unsubscribe git in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line unsubscribe git in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: building git ; need suggestion
On Mon, Mar 18, 2013 at 5:24 AM, Joydeep Bakshi joydeep.bak...@infoservices.in wrote: I'm closer to my requirement. I have found gitweb simply provide a GUI for history check and code comparison. And the git itself is good enough to do the ACL stuff with hooks. I already have the following code to deploy the push into its work-tree You should try gitolite. It has very flexible rules, and it's already been implemented for you ;-) https://github.com/sitaramc/gitolite === #!/bin/bash while read oldrev newrev ref do branch=`echo $ref | cut -d/ -f3` if [ master == $branch ]; then git --work-tree=/path/under/root/dir/live-site/ checkout -f $branch echo 'Changes pushed live.' fi if [ dev == $branch ]; then git --work-tree=/path/under/root/dir/dev-site/ checkout -f $branch echo 'Changes pushed to dev.' fi done = This code can be extended for as many branches as you have. I now need a mechanism to restrict the user to it's own branch so that user can't push into any other branch in mistake. Say I have master branch - only admin user can push here. dev branch - only user dev1 , dev2 and master can push here. testing branch - only user test1 and test2 can push here. I think this can also be done with pre-receive hook. Any suggestion on the hook design is welcome. Also this can be implemented on the above hook or in a separate hook. A separate hook is better due to maintainability and then I need to call multiple pre-receive hook. Please suggest. Thanks On 18-Mar-2013, at 11:14 AM, Joydeep Bakshi joydeep.bak...@infoservices.in wrote: On 15-Mar-2013, at 6:44 PM, Magnus Bäck ba...@google.com wrote: Right, but that's R/W permissions. Almost any piece of Git hosting software supports restriction of pushes. Discriminating *read* access between developers and maintenance people sounds like a disaster if it's the same organisation. Just restriction on push access is what required. -- To unsubscribe from this list: send the line unsubscribe git in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line unsubscribe git in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html -- David -- To unsubscribe from this list: send the line unsubscribe git in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
building git ; need suggestion
Hello list, Greetings !!! I'm building a git repo on a dedicated server; hence need some kind guidelines from you. [1] the server will have different git repo with branches [2] there will be a web-based GUI which must be flexible to show just a specific branch of a repo based on user authentication [3] the web-based GUI should also have the flexibility to show a single repo based on the authentication [4] the web-based GUI should have an admin account to supervise and configure all repos along with their branches [3] there must be a control mechanism in the repo/web based GUI which have ACL on branches i.e. some specific users should see some specific/ or just a branch and able to commit there only. based on the above scenario could anyone suggest the best available solution ? There are many like gitolike/github etc…. but don't know whig one has much finer granular control/ACL/web-based GUI… Thanks in advanced for your kind response. -- To unsubscribe from this list: send the line unsubscribe git in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: building git ; need suggestion
On Fri, Mar 15, 2013 at 05:54:05PM +0530, Joydeep Bakshi wrote: [1] the server will have different git repo with branches [2] there will be a web-based GUI which must be flexible to show just a specific branch of a repo based on user authentication [3] the web-based GUI should also have the flexibility to show a single repo based on the authentication [4] the web-based GUI should have an admin account to supervise and configure all repos along with their branches [3] there must be a control mechanism in the repo/web based GUI which have ACL on branches i.e. some specific users should see some specific/ or just a branch and able to commit there only. based on the above scenario could anyone suggest the best available solution ? There are many like gitolike/github etc…. but don't know whig one has much finer granular control/ACL/web-based GUI… gitolite have a more fine ACL. Check it out. However it doesn't really meet your needs with web-interface (and I'm not even sure about the ACL thing is fine enough for you). You can read more about ACL in the git book: http://git-scm.com/book/ch7-4.html The webgui that's most populair is cgit and git-web. They don't do ACL afaik. Why would you need ACL? Why not don't share the branches that are going to be secret? Or are you looking for some branches to be read only? When we did this, we did a simple gitolite implementation ourself and integrated cgit on our website wich already had ACL. It works well. Howerver we do ACL on repo-level, not on branch level. You can also look into git-submodules which will make it possible for you to do repo-wide ACL. However I'm not sure you will be using git in the way git is designed too and even if it will work, maybe an other solution is better for you. -- Med vänliga hälsningar Fredrik Gustafsson tel: 0733-608274 e-post: iv...@iveqy.com -- To unsubscribe from this list: send the line unsubscribe git in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: building git ; need suggestion
forgot to mention: a code review system like gerrit is also helpful, but don't know if gerrit has such fine control mechanism. On 15-Mar-2013, at 5:54 PM, Joydeep Bakshi joydeep.bak...@infoservices.in wrote: Hello list, Greetings !!! I'm building a git repo on a dedicated server; hence need some kind guidelines from you. [1] the server will have different git repo with branches [2] there will be a web-based GUI which must be flexible to show just a specific branch of a repo based on user authentication [3] the web-based GUI should also have the flexibility to show a single repo based on the authentication [4] the web-based GUI should have an admin account to supervise and configure all repos along with their branches [3] there must be a control mechanism in the repo/web based GUI which have ACL on branches i.e. some specific users should see some specific/ or just a branch and able to commit there only. based on the above scenario could anyone suggest the best available solution ? There are many like gitolike/github etc…. but don't know whig one has much finer granular control/ACL/web-based GUI… Thanks in advanced for your kind response. -- To unsubscribe from this list: send the line unsubscribe git in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line unsubscribe git in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: building git ; need suggestion
On 15-Mar-2013, at 6:14 PM, Fredrik Gustafsson iv...@iveqy.com wrote: On Fri, Mar 15, 2013 at 05:54:05PM +0530, Joydeep Bakshi wrote: [1] the server will have different git repo with branches [2] there will be a web-based GUI which must be flexible to show just a specific branch of a repo based on user authentication [3] the web-based GUI should also have the flexibility to show a single repo based on the authentication [4] the web-based GUI should have an admin account to supervise and configure all repos along with their branches [3] there must be a control mechanism in the repo/web based GUI which have ACL on branches i.e. some specific users should see some specific/ or just a branch and able to commit there only. based on the above scenario could anyone suggest the best available solution ? There are many like gitolike/github etc…. but don't know whig one has much finer granular control/ACL/web-based GUI… gitolite have a more fine ACL. Check it out. However it doesn't really meet your needs with web-interface (and I'm not even sure about the ACL thing is fine enough for you). You can read more about ACL in the git book: http://git-scm.com/book/ch7-4.html The webgui that's most populair is cgit and git-web. They don't do ACL afaik. Why would you need ACL? Why not don't share the branches that are going to be secret? Or are you looking for some branches to be read only? Actually the branches have to be dedicated to a group of users. developer branch --- developers bug fixed branch --- bug fixer and specific group don't need to RW permission on other branch. Obviously the admin must have the full permission on all these branches and merge as per requirement. The web-interface is required for checking the history by the users themselves and for code review. I don't know any web interface which can show repo/branch based on authentication. I have tried gitweb but it can handle a single repo or multiple repo with single authentication. NO ACL -- To unsubscribe from this list: send the line unsubscribe git in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: building git ; need suggestion
On Friday, March 15, 2013 at 08:52 EDT, Joydeep Bakshi joydeep.bak...@infoservices.in wrote: On 15-Mar-2013, at 6:14 PM, Fredrik Gustafsson iv...@iveqy.com wrote: gitolite have a more fine ACL. Check it out. However it doesn't really meet your needs with web-interface (and I'm not even sure about the ACL thing is fine enough for you). You can read more about ACL in the git book: http://git-scm.com/book/ch7-4.html The webgui that's most populair is cgit and git-web. They don't do ACL afaik. Why would you need ACL? Why not don't share the branches that are going to be secret? Or are you looking for some branches to be read only? Actually the branches have to be dedicated to a group of users. developer branch --- developers bug fixed branch --- bug fixer and specific group don't need to RW permission on other branch. Obviously the admin must have the full permission on all these branches and merge as per requirement. Right, but that's R/W permissions. Almost any piece of Git hosting software supports restriction of pushes. Discriminating *read* access between developers and maintenance people sounds like a disaster if it's the same organization. Well, it sounds like a disaster even if there are two different organizations working on development and maintenance, but at least it's a reason. Anyway, Gerrit supports per-branch read ACLs. As long as all changes go through code review, perhaps Gerrit web interface works sufficiently well as a repository viewer? Pushes that bypass code review won't show up there. http://gerrit-documentation.googlecode.com/svn/Documentation/2.5/access-control.html#category_read The web-interface is required for checking the history by the users themselves and for code review. I don't know any web interface which can show repo/branch based on authentication. I have tried gitweb but it can handle a single repo or multiple repo with single authentication. NO ACL If you just have two levels of access you could have two separate Gitweb sites and use Gerrit to replicate a subset of the branches to each site. You could e.g. have gitweb-dev.example.com and gitweb-maint.example.com and grant access to those sites accordingly. -- Magnus Bäck ba...@google.com -- To unsubscribe from this list: send the line unsubscribe git in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: building git ; need suggestion
On Fri, 15 Mar 2013 13:44:15 +0100 Fredrik Gustafsson iv...@iveqy.com wrote: [...] The webgui that's most populair is cgit and git-web. They don't do ACL afaik. gitweb passes around branch names using a specific parameter in the GET queries it operates on, like http://gitweb.domain.local/?p=repo.git;a=shortlog;h=refs/heads/master So I think it should be possible to somehow implement different access rules in the front-end web server based on the qieries. -- To unsubscribe from this list: send the line unsubscribe git in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: building git ; need suggestion
On Fri, Mar 15, 2013 at 12:52 PM, Joydeep Bakshi joydeep.bak...@infoservices.in wrote: On 15-Mar-2013, at 6:14 PM, Fredrik Gustafsson iv...@iveqy.com wrote: On Fri, Mar 15, 2013 at 05:54:05PM +0530, Joydeep Bakshi wrote: [1] the server will have different git repo with branches [2] there will be a web-based GUI which must be flexible to show just a specific branch of a repo based on user authentication [3] the web-based GUI should also have the flexibility to show a single repo based on the authentication [4] the web-based GUI should have an admin account to supervise and configure all repos along with their branches [3] there must be a control mechanism in the repo/web based GUI which have ACL on branches i.e. some specific users should see some specific/ or just a branch and able to commit there only. based on the above scenario could anyone suggest the best available solution ? There are many like gitolike/github etc…. but don't know whig one has much finer granular control/ACL/web-based GUI… gitolite have a more fine ACL. Check it out. However it doesn't really meet your needs with web-interface (and I'm not even sure about the ACL thing is fine enough for you). You can read more about ACL in the git book: http://git-scm.com/book/ch7-4.html The webgui that's most populair is cgit and git-web. They don't do ACL afaik. Why would you need ACL? Why not don't share the branches that are going to be secret? Or are you looking for some branches to be read only? Actually the branches have to be dedicated to a group of users. developer branch --- developers bug fixed branch --- bug fixer and specific group don't need to RW permission on other branch. Obviously the admin must have the full permission on all these branches and merge as per requirement. The web-interface is required for checking the history by the users themselves and for code review. I don't know any web interface which can show repo/branch based on authentication. I have tried gitweb but it can handle a single repo or multiple repo with single authentication. NO ACL I think you would need to have a separate repo for each group. Then only push the appropriate branches to each repo. -- Paul [W] Campbell -- To unsubscribe from this list: send the line unsubscribe git in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
