User Tools

Site Tools


pld-gitolite

Gitolite repository for PLD packages

I decided to check whether it would be feasible to host our own git repositories under control of gitolite.

Motivation

In comparison with github option, it would give us full control over our repository. Also github does provide only post-receive hooks. Therefore some tasks are difficult. For example restricting who can delete auto-xxx tags is problematic.

Repository setup

To enable for other developers to test how the PLD repository would look like after migration to git, I have created a mock setup on carme. It contains all packages present in PLD and should be quite up to date. The path to access the repository is: draenog@carme.pld-linux.org. All packages are in packages directory. For example to obtain glibc:

git clone draenog@carme.pld-linux.org:packages/glibc

Authentication

Authentication is based on ssh keys. People whose keys are in SSH-keys in PLD repository should have access.

Manage your keys

Changes to Developer

Changes to developer can be seen from cvs2git page.

Access control

Assumptions:

  • only <dist> builders can write auto-<dist> tags
  • builders cannot write to any other refs
  • master branch cannot be rewound
  • every user can write/rewrite all other refs

The gitolite configuration:

@admins = draenog

@th-builders = builderth
@ac-builders = builderac
@builders = @th-builders @ac-builders

repo    gitolite-admin
        RW+     =   @admins

repo    testing
        RW+     =   @all

repo   packages/..*
        C = @all
        RW refs/tags/auto-th = @th-builders
        RW refs/tags/auto-ac = @ac-builders
        - refs/tags/auto- = @all
        - = @builders
        RW master$ = @all
        -  master$ = @all
        RW+ = @all

New package creation

In upstream version of gitolite, new package is created by cloning of no existing repo (if the access rules allow for it). However I think that it is too error prone. So gitolite was forked and an option to disable creation of wildcard repositories was added. Instead an admin defined command was created for this task:

ssh draenog@carme.pld-linux.org create <new_repo>

Package deletion

People with write access to gitolite-admin repository can use admin defined command to move obsoleted packages to attic space:

ssh draenog@carme.pld-linux.org  trash <repo>

Restrictions on committed files

It is possible to prevent the commits of large files or archives. Currently every file must pass the following tests:

  • its size is smaller then 200kb or it is a text file smaller then 2Mb or its name matches one of patterns: *.spec, *.patch, *.diff
  • it is not a zip or compressed file
  • it is not a tar archive

Email notifications

Post-receive hook can be used to send email notifications about any changes in repositories. The example script can be found in git repository.

The example email:

Subject: packages/amanda branch master updated. 29fa1ceae8ca943f79d842b8229d713556a22342

The branch, master has been updated
       via  29fa1ceae8ca943f79d842b8229d713556a22342 (commit)
      from  a1d49d8d532329dad9e246d0671c5367d620561c (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 29fa1ceae8ca943f79d842b8229d713556a22342
Author: Arkadiusz MiĹ\233kiewicz <arekm@pld-linux.org>
Date:   Fri Mar 30 15:28:53 2012 +0000

    - release 3

    Changed files:
        amanda.spec -> 1.221

diff --git a/amanda.spec b/amanda.spec
index a27eb99..a98e6e6 100644
--- a/amanda.spec
+++ b/amanda.spec
@@ -10,7 +10,7 @@ Summary:      A network-capable tape backup solution
 Summary(pl.UTF-8):     Sieciowo zorientowany system tworzenia kopii zapasowych
 Name:          amanda
 Version:       3.2.3
-Release:       2
+Release:       3
 License:       BSD
 Group:         Networking/Utilities
 Source0:       http://downloads.sourceforge.net/amanda/%{name}-%{version}.tar.gz

-----------------------------------------------------------------------

Summary of changes:
 amanda.spec |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)


hooks/post-receive
--
packages/amanda

Anonymous access

Git daemon provides an anonymous, read-only access to repositories. For example:

git clone git://carme.pld-linux.org/packages/glibc

Web interface

A web interface for browsing git repositories can be provided by gitweb. You can see trial setup here.

User tools

Modified builder script

At http://github.com/draenog/rpm-build-tools is a modified builder script. On gitolite branch there is a version that works with the gitolite repo on carme. To download it:

git clone -b gitolite git://github.com/draenog/PLDbuilder

Useful options

To reduce the amount of downloaded data it is possible to make a shallow copy of repository with truncated history:

git clone --depth <n> draenog@carme.pld-linux.org:packages/kernel

or

builder.sh --depth <n>  -g kernel

slug.py

Slug.py facilitates creating, cloning and updating packages. Its sources can be found at git://github.com/draenog/slug.git, or alternatively it can be build from PLD CVS as git-core-slug package.

Basic usage

Create new repository
slug.py init name
Clone new repositories
slug.py clone pattern
Fetch/update packages including new ones
slug.py update -n pattern

If pattern is omitted, it fetches all repositories known to the upstream

Update packages that were downloaded earlier, but do not fetch new ones
slug.py update pattern
Alternative syntax

You can also use 'git pld' prefix to call the commands. For example:

git pld clone

Description of more advanced options can be obtained by:

slug.py <command> --help

PLD builder infrastructure

Only source builder needs to be modified. The changes are minimal so it would be possible to adapt the existing builder with small effort. The modified version of PLD builder automation can be found at https://github.com/draenog/pld-builder.new

Contact

In case of any problem, please contact draenog@pld-linux.org

pld-gitolite.txt · Last modified: 2016-03-21 10:20 by glen