Gitolite Integration

Added by Joshua n/a almost 7 years ago

Hey guys, I'm currently working on a redmine+git integration using gitolite. Gitolite is a more up to date, saner syntaxed version of gitosis with features like per branch permissions. To this end, im adapting the existing redmine-gitosis plugin into a redmine-gitolite plugin. You can follow my progress, what little there is, here: https://github.com/jhogendorn/redmine-gitolite

The roadmap for what needs to happen is something along these lines:

- Add in extra repository permission flags
- Rewrite the code that writes the gitolite config file
- Cut out all the unnecessary settings gitolite doesnt need

So, any help anyone can offer would be great. At the moment im completely stuck as to how to add in extra permissions that a role can have, so a pointer would be great.

Replies (13)

RE: Gitolite Integration - Added by Davide Galletti almost 7 years ago

The plugin tutorial tells something about adding new permissions

/projects/redmine/wiki/Plugin_Tutorial

RE: Gitolite Integration - Added by warden (warden) over 6 years ago

Is this in any usable state right now?

RE: Gitolite Integration - Added by Eric Bishop over 6 years ago

The version in the jhogendorn repo still doesn't work, but a couple of other github users including, Zsolt Parragi, Yunsang Choe, danomatika and DFYX got this working reasonably well, but not perfect. For example, in the DFYX version, the config will be written wrong if a user has more than one public key and git daemon support isn't there.

However, I merged these changes into my own version, and added some more changes so that this plugin will actually completely control git hosting (e.g. creating repos automatically) and can handle configuration of both git daemon and git smart http. I renamed the plugin "redmine_git_hosting", and it can be found here: https://github.com/ericpaulbishop/redmine_git_hosting

RE: Gitolite Integration - Added by S Reid over 6 years ago

That's great news. I've a couple of questions before I install it. Is this the best forum to ask ?

Normal redmine git repository browsing access uses a directory path, and only works for local repositories. Does redmine browsing now use SSH or "smart http" access instead ?

If "smart http" is supported (which I've not used), how does user authentication work ? Does a user still need keys, or are redmine username/passwords used for cloning etc. ? Is SSH access still allowed ?

What is "Git User" needed for, the gitolite user should be able to set up authentication/public keys/new repositories ?

Can the 2 private keys be passphrase protected ?

RE: Gitolite Integration - Added by Eric Bishop over 6 years ago

All git commands, including those that fetch the new changesets, are run over SSH. Let me answer your question about the Git User key vs the Gitolite key here, since this relates to your first question: You don't want to clone a repo every time you fetch the latest changesets. You could theoretically do it that way, by adding the gitolite user as having read access to every repo and then cloning before loading in the new changesets, but it would take a lot longer since you'd have to copy everything which might be a lot in large repos. The gitolite userhas permission to clone the gitolite-admin repo which contols how new repos are set up and what permissions each user has and what their public keys are. However, this second git user doesn't have permission to just clone a repo -- it has permission to login as the system git user. This key allows the web server to run and execute commands -- particularly git -- as the git user, i.e. the user that owns the repositories. So, by running a command as the git user, you can fetch changesets from either a local or remote system without cloning the whole repo and without setting permissions that are too lenient on the repositories.

The keys for gitolite/git user should NOT be password protected, since the web server won't be able to enter a password. However, the private keys never have to leave the server they were generated on, and should have very strict permissions (600) -- which is a good rule of thumb for all SSH private keys, actually.

User authentication is via Basic HTTP auth with username/password. The username/password is the Redmine username/password, and if the individual does not have write access, always getes a 401 if he tries to push to the repository. Since by default the username/password is sent in plaintext, there is an option to use smart http over https only (though you will need to get a valid cert and set https up if you choose that option). You can also completely disable it, if you don't want this as an option.

SSH access is absolutely allowed, and is the preferred method of pushing code to a repository. The git daemon support and the smart http support are just nice extras.

RE: Gitolite Integration - Added by Anonymous over 6 years ago

This sounds very promising, is there any howto available? I tried to install the listed gems, clone the repo, run migrations and restart redmine as I would for any plugin, but now I am getting a blank page instead of redmine, and no error in the logs anywhere. The Configuration section in README.rdoc seems to explain very generally how it works, but I am looking for more step instructions on what I have to do to get it running.
Can someone help me out?

RE: Gitolite Integration - Added by Anonymous over 6 years ago

Today I simply retried and it worked, but I have a few questions left:

1. What is this about http access? How is authorization done there? Do I have to set anything up manually to make it work? If clone a repo using the http url, I am asked for my password, but the one I am using in redmine does not work.

2. When I add a new developer to one of my projects, instead of this user, daemon is added to the corresponding repository in gitolite. I am guessing this is because this user does not have a public key associated with him - but I cannot find such an option in redmine - do I still have to upload the public keys manually, using the gitolite-admin repository?

3. Should not all my public projects have their repositories changed to allow read access by daemon? Do I have to do that manually or am I overlooking something?

Thanks for this plugin!

Ole

RE: Gitolite Integration - Added by Timur Elzhov over 5 years ago

Hi guys,

I'd like to try this project, however the repo at the pointed URL is unavailable for now. Where could I find the code?

Thanks!

Cheers,
Timur.

RE: Gitolite Integration - Added by Genadi Saltikov about 5 years ago

Joining the question - where can I find the code now?
And preferably a small how-to (or large!)

RE: Gitolite Integration - Added by Anonymous about 5 years ago

Unfortunately, my setup broke with the last major redmine upgrade. I looked around on Github, but it seems that no one will patch this any time soon. If I am wrong, please correct me and point me to it. I would really like to get it working again.

RE: Gitolite Integration - Added by Tommaso Visconti over 4 years ago

Seems this repo works with trunk (2.2.2 / 2.1.6 at this time): https://github.com/ivyl/redmine-gitolite

RE: Gitolite Integration - Added by Nicolas Rodriguez over 4 years ago

Hi there!

I've updated Redmine Git Hosting from Kubitron's

You can check out it here http://jbox-web.github.io/redmine_git_hosting/

This one is compatible with Redmine 1.x and 2.x.

(1-13/13)