add shared repository support
Created by: SaitoWu
Problem
The original bug report comes from here: https://groups.google.com/forum/?fromgroups=#!topic/gitlabhq/l1wSZmULJSo
Cause
This is a grack and gitolite cowork problem.
If u push over SSH, ur .git/objects 's permission look like this:
drwxrwx--- git:gitwhen u push over HTTP, ur .git/objects 's permission looks like this:
drwxr-xr-x gitlab:gitlabso, git user didn't have group write permission on that object, and gitlab user will always have push permission.
Fix
To fix this problem, we need add a git config to each repo.
[core]
sharedRepository = 0660this will always give objects folder a drwxrws--- permission. like gitolites umask variable.
Gitolite support git config varible.
Our gitolite-client also support config variable, its easy to use:
repo.set_git_config("core.sharedRepository", "0660")also we need edit .gitolite.rc file
GIT_CONFIG_KEYS => '.*'when we done what we do.
our new repo will have this in the config:
[core]
repositoryformatversion = 0
filemode = true
bare = true
sharedRepository = 0660 And all things will work again.
TL;DR
merge this patch
edit .gitolite.rc file, GIT_CONFIG_KEYS => '.*'
will fix this problem.
Merge request reports
Activity
Created by: SaitoWu
based on:
- git-config http://www.kernel.org/pub/software/scm/git/docs/git-config.html
- gitolite-git-config http://sitaramc.github.com/gitolite/git-config.html
- gitolite-specific-variables http://sitaramc.github.com/gitolite/rc.html
By Administrator on 2012-10-17T08:24:31 (imported from GitLab project)
By Administrator on 2012-10-17T08:24:31 (imported from GitLab)
Created by: SaitoWu
Also we need update wiki page, If user didn't edit
.gitolite.rcfile, he cant create new repo.Next release we need to notice people this.
By Administrator on 2012-10-17T09:35:00 (imported from GitLab project)
By Administrator on 2012-10-17T09:35:00 (imported from GitLab)
Created by: dzaporozhets
@SaitoWu i understand :). But we need to save non-interactive setup of GitLab.
By Administrator on 2012-10-17T17:21:42 (imported from GitLab project)
By Administrator on 2012-10-17T17:21:42 (imported from GitLab)
Created by: btate
@SaitoWu Haven't had a chance to do this yet. But I'm assuming you mean I should put it in the gitolite.conf file in my gitolite-admin clone and push the change. Correct?
By Administrator on 2012-10-17T18:23:17 (imported from GitLab project)
By Administrator on 2012-10-17T18:23:17 (imported from GitLab)
Created by: btate
@SaitoWu Also, thank you for the fantastic job you all did on this. Loving this project.
By Administrator on 2012-10-17T18:24:08 (imported from GitLab project)
By Administrator on 2012-10-17T18:24:08 (imported from GitLab)
Created by: SaitoWu
@btate
repo.set_git_config("core.sharedRepository", "0660")just did what u say, and usegitolite-clientgem.after this, the bare repository's
.git/configfile will have a new configuration,sharedRepository = 0660By Administrator on 2012-10-17T18:30:57 (imported from GitLab project)
By Administrator on 2012-10-17T18:30:57 (imported from GitLab)
Created by: btate
@SaitoWu I understand what the repo.set_git_config will do. I just don't know what file to update to get the new repositories to generate with the sharedRepository. I went into the gitolite-client gem and found repo_spec.rb. I added it under the repo.set_git_config("email") setting. Didn't generate the new repo with the shared repository setting.
By Administrator on 2012-10-17T18:46:00 (imported from GitLab project)
By Administrator on 2012-10-17T18:46:00 (imported from GitLab)
Created by: SaitoWu
# gitolite v2 sudo -u git -H sed -i 's/\(GL_GITCONFIG_KEYS\s*=>*\s*\).\{2\}/\1"\.\*"/g' /home/git/.gitolite.rc # gitlite v3 sudo -u git -H sed -i "s/\(GIT_CONFIG_KEYS\s*=>*\s*\).\{2\}/\1'\.\*'/g" /home/git/.gitolite.rcI've already updated wiki.
sedis much harder than ruby.By Administrator on 2012-10-18T10:04:31 (imported from GitLab project)
By Administrator on 2012-10-18T10:04:31 (imported from GitLab)
Created by: btate
I tried adding the line repo web config core.sharedRepository = 0660 to the gitolite-admin repo's conf file. It's showing up in the /home/git/.gitolite conf file now. I'm still not getting my new repositories to have the setting. Where do I put the repo.set_git_config line to make that happen?
By Administrator on 2012-10-19T19:46:26 (imported from GitLab project)
By Administrator on 2012-10-19T19:46:26 (imported from GitLab)
Created by: janaka
I upgraded from 2.3 to 2.9 and now to 3.0. I had Gitolite v2 therefore may be you should add the command to the upgrade wiki page or mention the key should be check manually. I wouldn't have known it didn't make the change if I didn't
Cheers
By Administrator on 2012-10-22T17:54:15 (imported from GitLab project)
By Administrator on 2012-10-22T17:54:15 (imported from GitLab)
Created by: janaka
Thanks @oomathias I saw that @SaitoWu has covered that above, which solved the issue for me. Saying if somebody could include in the upgrade guide it may be helpful to others. Thanks
By Administrator on 2012-10-23T17:54:00 (imported from GitLab project)
By Administrator on 2012-10-23T17:54:00 (imported from GitLab)
Created by: riyad
Added this to the Trouble Shooting Guide. :)
By Administrator on 2012-10-23T19:04:40 (imported from GitLab project)
By Administrator on 2012-10-23T19:04:40 (imported from GitLab)
Created by: janaka
Thanks
On 23 October 2012 20:04, Riyad Preukschas notifications@github.com wrote:
Added this to the Trouble Shooting Guidehttps://github.com/gitlabhq/gitlab-public-wiki/wiki/Trouble-Shooting-Guide. :)
— Reply to this email directly or view it on GitHubhttps://github.com/gitlabhq/gitlabhq/pull/1719#issuecomment-9713944.
Click herehttps://www.mailcontrol.com/sr/NYYUBVMIWQ3GX2PQPOmvUv46NwAC7+vkE+2krqwR5R+PiFIJqizVcCf!lZnMcgnu0S2vc9r44Ds94h7CChK4GQ==to report this email as spam.
By Administrator on 2012-10-23T20:28:59 (imported from GitLab project)
By Administrator on 2012-10-23T20:28:59 (imported from GitLab)
Created by: mproboeuf
I cloned Gitlab 3.0.1 stable branch, but still got the error on push through HTTP. My new repository config file is
[core] repositoryformatversion = 0 filemode = true bare = true sharedRepository = 0660
Here is groups for git and gitlab user
$ groups git git : git
$ groups gitlab gitlab : gitlab git
And my GL_GITCONFIG_KEYS is '.*'
When i push through HTTP, i got the following error ( like https://groups.google.com/forum/?fromgroups=#!topic/gitlabhq/l1wSZmULJSo )
Counting objects: 5, done. Writing objects: 100% (3/3), 302 bytes, done. Total 3 (delta 0), reused 0 (delta 0) remote: Empty compile time value given to use lib at hooks/update line 6 remote: Use of uninitialized value in require at hooks/update line 7. remote: Can't locate Gitolite/Hooks/Update.pm in @inc (@inc contains: /etc/perl /usr/local/lib/perl/5.10.1 /usr/local/share/perl/5.10.1 /usr/lib/perl5 /usr/share/perl5 /usr/lib/perl/5.10 /usr/share/perl/5.10 /usr/local/lib/site_perl .) at hooks/update line 7. remote: BEGIN failed--compilation aborted at hooks/update line 7. remote: error: hook declined to update refs/heads/master To http://git.mysite.fr/project.git ! [remote rejected] master -> master (hook declined) error: failed to push some refs to 'http://git.mysite.fr/project.git'
And objects files permissions on my repository are "gitlab:gitlab" instead of "git:git"
By Administrator on 2012-10-24T08:08:09 (imported from GitLab project)
By Administrator on 2012-10-24T08:08:09 (imported from GitLab)
Created by: SaitoWu
@mproboeuf please check out this commit.
https://github.com/SaitoWu/gitolite/commit/0acd4b1bdcbf0550a6ee63d0780a8d2dbd13012a
edit ur
/home/git/.gitolite/hooks/common/updatefile, add it in the file's header like this commit do.also,
gituser should ingitlabgroup. for read and write accesssudo usermod -a -G gitlab gitI've already updated the document.
By Administrator on 2012-10-24T08:30:02 (imported from GitLab project)
By Administrator on 2012-10-24T08:30:02 (imported from GitLab)
Created by: JirkaChadima
Is it sufficient to add
sharedRepository = 0660to existing repositories' configuration?It seems that it does not work, because after upgrading to GitLab 3.0 if we change user permissions to some projects, gitlab adds
config core.sharedRepository = 0660line to gitolite.conf and only the owner is then allowed to read/write the repository. All other users are denied by gitolite.If I manually remove
config core.sharedRepository = 0660line fromgitolite.conf, everything works for given repo.We have gitolite v2, and
$GL_GITCONFIG_KEYS = ".*";ingitolite.rcas the migration guide suggested.Am I missing something out? Thanks.
Edit: New projects are working just fine.
By Administrator on 2012-10-25T10:12:36 (imported from GitLab project)
By Administrator on 2012-10-25T10:12:36 (imported from GitLab)
Created by: SaitoWu
@jirkachadima its weird. can u show me ur gitolite logs and broken gitolite.conf file? Thanks.
By Administrator on 2012-10-25T10:43:32 (imported from GitLab project)
By Administrator on 2012-10-25T10:43:32 (imported from GitLab)
Created by: vsizov
@SaitoWu I don't think so
By Administrator on 2012-10-25T10:54:28 (imported from GitLab project)
By Administrator on 2012-10-25T10:54:28 (imported from GitLab)
Created by: dzaporozhets
what it you will try to run next commands?
sudo -u gitlab -H bundle exec rake gitlab:gitolite:update_keys RAILS_ENV=production sudo -u gitlab -H bundle exec rake gitlab:gitolite:update_repos RAILS_ENV=productionBy Administrator on 2012-10-25T10:55:59 (imported from GitLab project)
By Administrator on 2012-10-25T10:55:59 (imported from GitLab)
Created by: JirkaChadima
That's weird. I came back from lunch, tried on another repo and everything is now working as expected. Maybe the last restart of gitlab service did the trick.
Surely no duplicate keys.
gitolite log error line when trying to clone a repo:
2012-10-25.11:21:07 someone_somewhere_1348661430 10.200.200.151 Die generated at line 165 in /home/git/bin/gl-auth-command : R access for project DENIED to someone_somewhere_1348661430<<newline>>(Or there may be no repository at the given path. Did you spell it correctly?)<<newline>> <<newline>>In gitolite.conf there is nothing weird, only the
config core.sharedRepository = 0660is added when I change user permissions on the project with GitLab 3.0.@randx Both rakes finished without a problem.
I think that manually adding the
sharedRepository = 0660to a repository config did the trick after all, but it should have been done before starting the service again after upgrade. It might seem obvious, but it is hard to find such information. If that is/might be the issue, it should probably be in the migration guide.Thanks for help. You are doing a great job.
By Administrator on 2012-10-25T11:52:59 (imported from GitLab project)
By Administrator on 2012-10-25T11:52:59 (imported from GitLab)
Created by: asperling
Hi there, as btate asked before (but never got an answer), in which file am i supposed to add repo.set_git_config? Im, sorry, I'm just not able to figure it out.
By Administrator on 2012-11-17T08:21:57 (imported from GitLab project)
By Administrator on 2012-11-17T08:21:57 (imported from GitLab)
Created by: btate
The new version seems to have it fixed already. Have you upgraded?
Thanks, Brandon
On Nov 17, 2012, at 3:22 AM, asperling notifications@github.com wrote:
Hi there, as btate asked before (but never got an answer), in which file am i supposed to add repo.set_git_config? Im, sorry, I'm just not able to figure it out.
— Reply to this email directly or view it on GitHub.
By Administrator on 2012-11-17T18:09:38 (imported from GitLab project)
By Administrator on 2012-11-17T18:09:38 (imported from GitLab)
Created by: sharp
thanks @SaitoWu
edit .gitolite.rc file, GIT_CONFIG_KEYS => '.*'By Administrator on 2012-12-14T02:15:28 (imported from GitLab project)
By Administrator on 2012-12-14T02:15:28 (imported from GitLab)
