From bae3008d17d492b174db552f64c0cdfaf1804bdd Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Sat, 15 Oct 2011 13:17:00 -0400 Subject: add a copy of my mailing list post --- doc/todo/gitolite_and_gitosis_support.mdwn | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/doc/todo/gitolite_and_gitosis_support.mdwn b/doc/todo/gitolite_and_gitosis_support.mdwn index 0131cdc07..daa54854d 100644 --- a/doc/todo/gitolite_and_gitosis_support.mdwn +++ b/doc/todo/gitolite_and_gitosis_support.mdwn @@ -10,5 +10,25 @@ git-annex-shell subcommands to read-only users. I have posted an RFC for modifying gitolite to the [gitolite mailing list](http://groups.google.com/group/gitolite?lnk=srg). +> I have not developed a patch yet, but all that git-annex needs is a way +> to ssh to the server and run the git-annex-shell command there. +> git-annex-shell is very similar to git-shell. So, one way to enable +> it is simply to set GL_ADC_PATH to a directory containing git-annex-shell. +> +> But, that's not optimal, since git-annex-shell will send off receive-pack +> commands to git, which would bypass gitolite's permissions checking. +> Also, it makes sense to limit readonly users to only download, not +> upload/delete files from git-annex. Instead, I suggest adding something +> like this to gitolite's config: + + # If set, users with W access can write file contents into the git-annex, + # and users with R access can read file contents from the git-annex. + $GL_GIT_ANNEX = 0; + +> If this makes sense, I'm sure I can put a patch together for your +> review. It would involve modifying gl-auth-command so it knows how +> to run git-annex-shell, and how to parse out the "verb" from a +> git-annex-shell command line, and modifying R_COMMANDS and W_COMMANDS. + As I don't write python, someone else is needed to work on gitosis. --[[Joey]] -- cgit v1.2.3