User Tools

Site Tools


pld-gitolite

This is an old revision of the document!


Gitolite repository for PLD packages

I decided to check whether it would be feasible to host our own git repositories under control of gitolite.

Motivation

In comparison with github option, it would give us full control over our repository. Also github does provide only post-receive hooks. Therefore some tasks are difficult. For example restricting who can delete auto-xxx tags is problematic.

Repository setup

To enable for other developers to test how the PLD repository would look like after migration to git, I have created a mock setup on carme. It contains all packages present in PLD and should be quite up to date. The path to access the repository is: draenog@carme.pld-linux.org. All packages are in packages directory. For example to obtain glibc:

git clone draenog@carme.pld-linux.org:packages/glibc

Authentication

Authentication is based on ssh keys. People whose keys are in SSH-keys in PLD repository should have access.

Access control

Assumptions:

  • only <dist> builders can write auto-<dist> tags
  • builders cannot write to any other refs
  • master branch cannot be rewound
  • every user can write/rewrite all other refs

The gitolite configuration:

@admins = draenog

@th-builders = builderth
@ac-builders = builderac
@builders = @th-builders @ac-builders

repo    gitolite-admin
        RW+     =   @admins

repo    testing
        RW+     =   @all

repo   packages/..*
        C = @all
        RW refs/tags/auto-th = @th-builders
        RW refs/tags/auto-ac = @ac-builders
        - refs/tags/auto- = @all
        - = @builders
        RW master$ = @all
        -  master$ = @all
        RW+ = @all

New package creation

In upstream version of gitolite, new package is created by cloning of no existing repo (if the access rules allow for it). However I think that it is too error prone. So gitolite was forked and an option to disable creation of wildcard repositories was added. Instead an admin defined command was created for this task:

ssh draenog@carme.pld-linux.org create <new_repo>

Restrictions on commited files

It is possible to prevent the commits of large files or archives. Currently every file must pass the following tests:

  • its size is smaller then 1 MB or its name matches one of patterns: *.spec, *.patch, *.diff
  • it is not a zip or compressed file
  • it is not a tar archive

Email notifications

Post-receive hook can be used to send email notifications about any changes in repositories. The example script can be found in git repository.

The example emai:

Subject: [SCM] packages/a branch master created. a575a0acd8e7d9fdfdffbfe3f78b5f33cc819f7a

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "packages/a".

The branch, master has been created
        at  a575a0acd8e7d9fdfdffbfe3f78b5f33cc819f7a (commit)

- Log -----------------------------------------------------------------
commit a575a0acd8e7d9fdfdffbfe3f78b5f33cc819f7a
Author: Kacper Kornet <draenog@pld-linux.org>
Date:   Thu May 26 16:19:28 2011 +0100

    Second commit

diff --git a/f b/f
index 7898192..422c2b7 100644
--- a/f
+++ b/f
@@ -1 +1,2 @@
 a
+b

commit 3a9172e6deb87fa536a356e2a703d334e63cb6dd
Author: Kacper Kornet <draenog@pld-linux.org>
Date:   Thu May 26 16:19:13 2011 +0100

    First commit

diff --git a/f b/f
new file mode 100644
index 0000000..7898192
--- /dev/null
+++ b/f
@@ -0,0 +1 @@
+a

-----------------------------------------------------------------------


hooks/post-receive
--
packages/a

Anonymous access

Git can provides an anonymous, read-only access to repositories. For example:

User tools

Modified builder script

At http://github.com/draenog/PLDbuilder is a modified builder script. On gitolite branch there is a version that works with the gitolite repo on carme. To download it:

git clone -b gitolite git://github.com/draenog/PLDbuilder

Useful options

To reduce the amount of downloaded data it is possible to make a shallow copy of repository with truncated history:

git clone --depth <n> draenog@carme.pld-linux.org:packages/kernel

or

builder --depth <n>  -g kernel

PLD builder infrastructure

Only source builder needs to be modified. The changes are minimal so it would be possible to adapt the existing builder with small effort. The modified version of PLD builder automation can be found at https://github.com/draenog/pld-builder.new

Contact

In case of any problem, please contact draenog@pld-linux.org

pld-gitolite.1315910841.txt.gz · Last modified: 2011-09-13 12:47 by draenog