5

I was wondering if it was possible to configure gitolite to let anybody clone a repository without having to do the whole public key song and dance.

Obviously I don't want people to be able to change the repo without a key first.

Chris
  • 240
  • 3
  • 6

1 Answers1

4

There are two options for public Git access:

  1. Git protocol, handled by git daemon:

    git daemon --base-path /srv/git

    If you run git daemon with --base-path /srv/git on example.com, then if you later try to pull git://example.com/hello.git, git daemon will interpret the path as /srv/git/hello.git.

    For multiple "vhosts", --interpolated-path /srv/git/%H/%D would map the same to /srv/git/example.com/hello.git.

    The --user-path option gives "userdir"-like translation of git://example.com/~user/hello.git to /home/user/hello.git.

    You can run git daemon from xinetd, or as a background daemon using the --detach option (sudo -u nobody git daemon --detach <other options>).

  2. Smart HTTP, which requires a web server: instructions on Pro Git

    This is a bit more complicated to set up, but crosses proxies and firewalls more easily (which may be an advantage in certain environments).

    It is possible to push over HTTP too – make sure you don't accidentally enable that.

u1686_grawity
  • 426,297
  • 64
  • 894
  • 966
  • and this wont interfere with the fact that the repo is already managed by gitolite? What happens if somebody is cloning with the public access and another person pushes with ssh at the same time? – Chris May 19 '11 at 19:08
  • @Chris: In Git, such operations are atomic, as in most modern VCSs. Besides, Gitolite doesn't deal with the inner structure, it mostly manages user access. It is *very* common usage to have the same repository served over Gitproto, SSH (sometimes Gitolite, more often just user@host:path), and even HTTP. – u1686_grawity May 19 '11 at 20:54
  • 3
    Also, you can use the [special `daemon` user in the Gitolite configuration](http://sitaramc.github.com/gitolite/doc/2-admin.html#gwd) to automatically create the special `git-daemon-export-ok` file that `git daemon` looks for before allowing access through `git://` URLs. – Chris Johnsen May 20 '11 at 04:54
  • Possible third option: How about making a read-only private key and put it up for download on a Web-site, then install the public key in Gitolite's keys directory ? -Would this be a security issue, or would Gitolite be able to handle it ? –  Apr 30 '15 at 01:04