4

I've been using gitolite/gitweb for the past few months and have been very satisfied with the combo, but am now looking at moving towards a better-managed web front-end where I can restrict access to what visitors see. We are expanding the use of GIT beyond its current scope and want to be able to browse code that has non-public information in it. Currently, this code is NOT listed on gitweb due to its sensitivity.

I've looked at solutions such as Redmine and Indefero, but they seem to require a brand-new git repository to be generated instead of using an existing one.

Any feedback on how to proceed would be greatly appreciated.

FOLLOW-UP

I did find this link during my search this afternoon. Does anyone have experience with this method?

Larry G. Wapnitsky
  • 1,216
  • 2
  • 16
  • 35
  • 1
    http://www.redmine.org/projects/redmine/wiki/RedmineRepositories covers "Attaching an existing repository to a project" – Philip Durbin Apr 29 '11 at 13:48
  • @Philip - it's good, but what I don't like is this part: "This method will help to keep branches from the repository's origin updated and visible in Redmine's repository browser. This is really only relevant if the local copy of the repository is only being used as a read-only copy specifically for Redmine's use. For example, the project is hosted on GitHub but Redmine is being used for issue tracking." I'd like for Redmine to be the end-all/be-all if possible – Larry G. Wapnitsky Apr 29 '11 at 20:02
  • 1
    I am running 2 instances of Redmine on Ubuntu with Gitosis using this method. It works very well. – Justin Force Nov 24 '11 at 06:59

1 Answers1

2

gitolite is perfectly able to restrict what a user will see based on its username.
All you need to do is to plug gitolite to the gitweb.

Only the repos for which the user has at least 'R' read access will be visible through gitweb, or cloned through gitolite.

Since said repositories are stored in a special gitolite account with a homedir protected as 700, there is no issue of data leakage for any of our sensitive repos.

VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250
  • I've looked at this, and configuring it to authenticate properly with LDAP/AD became a complicated mess. I'd rather not have to manage multiple username databases. – Larry G. Wapnitsky Apr 29 '11 at 20:03
  • @Larry: you have multiple LDAP? I had no issue configuring mine by activating smart http and basic LDAP authentication in the Apache. – VonC Apr 29 '11 at 20:43
  • i'll see what I can do when i get a few minutes to do some testing. btw - where do i find smart http? – Larry G. Wapnitsky May 03 '11 at 18:31
  • @Larry: smart http is just a cgi script included in the msysgit or git distribution. You can make your http server calling gitolite (`ScriptAlias /git/ /var/www/gitolite-home/bin/gl-auth-command/`), which will in turn call the right cgi script (because of `$ENV{GIT_HTTP_BACKEND} = "/usr/libexec/git-core/git-http-backend";`). See https://github.com/sitaramc/gitolite/blob/pu/doc/http-backend.mkd – VonC May 03 '11 at 21:10
  • @LarryG.Wapnitsky: Excellent! Good job. – VonC Dec 15 '11 at 21:57