Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
Wiki Replica
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Container Registry
Model registry
Operate
Environments
Monitor
Incidents
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
The Tor Project
TPA
Wiki Replica
Commits
4a4fb34e
Verified
Commit
4a4fb34e
authored
11 months ago
by
anarcat
Browse files
Options
Downloads
Patches
Plain Diff
more findings about the gitolite architecture
parent
d5f18a5e
No related branches found
Branches containing commit
No related tags found
No related merge requests found
Pipeline
#159099
passed with warnings
11 months ago
Stage: build
Stage: test
Changes
1
Pipelines
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
howto/git.md
+24
-4
24 additions, 4 deletions
howto/git.md
with
24 additions
and
4 deletions
howto/git.md
+
24
−
4
View file @
4a4fb34e
...
...
@@ -696,10 +696,11 @@ syncing everything.
## Design
git-rw runs on
`cupani.torproject.org`
and runs as the git user. Users in the
gitolite (gid 1504) group can become the git user. The gitolite installation
is contained inside
`/srv/git.torproject.org`
with the repositories being found
in the
`repositories`
folder there.
`git-rw.torproject.org`
, the writable git repository hosting, runs on
`cupani.torproject.org`
as the git user. Users in the gitolite (gid
1504) group can become the git user. The gitolite installation is
contained inside
`/srv/git.torproject.org`
with the repositories being
found in the
`repositories`
folder there.
The gitolite installation itself is
*not*
from Debian packages. It's a
manual install, in
`/srv/git.torproject.org/gitolite/src`
, of an
...
...
@@ -724,10 +725,29 @@ because `exportOptions` is set to `GITOLITE` on the `cupani` host. All
users with a valid LDAP account get their SSH key added to the list
and only gitolite configuration restricts further access.
When a repository is pushed to, it gets synchronised to the gitweb
host on a
`post-receive`
hook
(
`/srv/git.torproject.org/git-helpers/post-receive.d/00-sync-to-mirror`
),
which calls
`.../git-helpers/tools/sync-repository`
which just
`rsync`
's the repository over, if and only if the
`git-daemon-export-ok`
flag file is present. If it isn't, an
*empty*
repository (
`/srv/git.torproject.org/empty-repository`
) is
synchronized over, deleting the repository from the gitweb mirror.
Access to push to this repository is controlled by the
`gitolite-admin`
repository entry in the gitolite configuration file,
and not by LDAP groups.
Note that there is a
`/srv/git.torproject.org/projects.list`
file that
contains a list of repositories. That file is defined in
`/srv/git.torproject.org/etc/gitolite.rc`
and is, in theory, the
entire list of projects managed by gitolite. In practice, it's not:
some (private?) projects are missing in there, but it's not clear why
exactly (for example,
`admin/trac/TracAccountManager`
is not in there
even though it's got the
`git-daemon-export-ok`
flag and is listed in
the
`gitolite.conf`
file). This
*might*
be because of access controls
specifications in the
`gitolite.conf`
file.
## GitLab migration
As mentioned in the lead, the gitolite/gitweb infrastructure is, as of
...
...
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment
