https://pfspipe.ipmu.jp/jira This file is an XML representation of an issue en-us 8.3.4 803005 13-09-2019 https://pfspipe.ipmu.jp/jira/browse/INFRA-80 Software Development Infrastructure <p>Looking at the gitolite config file it appears much more repetitious and hard to maintain than the <a href="https://dev.lsstcorp.org/trac/wiki/GitDemoAndTutorial#Fullgitoliteconfigfile" class="external-link" rel="nofollow">LSST one</a>.</p> <p>We should consider simplifying it.</p> INFRA-80

Restructure gitolite permissions file

Bug Major Won't Fix Won't Fix shimono rhl Wed, 30 Jul 2014 17:49:34 +0000 Thu, 1 Dec 2016 06:58:25 +0000 Thu, 1 Dec 2016 06:58:25 +0000 0 3 <p>Wildcards in repo names are disabled. Specifically <tt>$GL_WILDCARDS=0</tt> in {{.gitolite.rc}</p> <p>I understand the security concern about turning that on, but will make the case that it is OK. a) I think you can trust the @admins, and b) the stanza we want to add to <em>all</em> repos is something like:</p> <div class="preformatted panel" style="border-width: 1px;"><div class="preformattedContent panelContent"> <pre> RW+ = @dev R = @bot RW+C = @admin RWC tickets/[0-9]+$ = @dev # Allow creating and pushing to tickets RW+C u/USER/ = @dev # Allow full control over personal branches RW+C refs/tags/u/USER/ = @dev # Allow full control over personal tags </pre> </div></div> <p>We could avoid turning wildcards on and apply those rules to <tt>repo @all</tt>, then override with:</p> <div class="preformatted panel" style="border-width: 1px;"><div class="preformattedContent panelContent"> <pre>repo gitolite-admin - = @dev repo www_publications RW+D = @all </pre> </div></div> <p>I think that'd be good. I will not test it until Shimono-san is online, as I can see myself disabling writes to gitolite-admin, and leaving all repos broken....</p> <p>In the short term, I will add the stanza to <tt>drp_stella</tt>, <tt>ics_mhs_actorcore</tt>, <tt>ics_mhs_tron</tt>, and <tt>ics_mhs_config</tt>.</p> <p>Warning: the</p> <div class="preformatted panel" style="border-width: 1px;"><div class="preformattedContent panelContent"> <pre> RW+ = @admin </pre> </div></div> <p>line allows admins to push any stupid thing (e.g. invalid branch and tag names). </p> <p>But other than that it looks like it works.</p> <p>Added </p> <div class="preformatted panel" style="border-width: 1px;"><div class="preformattedContent panelContent"> <pre> RW+ = @dev R = @bot RWC tickets/[0-9]+$ = @dev # Allow creating and pushing to tickets RW+C u/USER/ = @dev # Allow full control over personal branches RW+C refs/tags/u/USER/ = @dev # Allow full control over personal tags </pre> </div></div> <p>to the four listed products. Note that I removed the @admin rule.</p> <p>&gt; Specifically $GL_WILDCARDS=0 in {{.gitolite.rc}<br/> not a security reason, but just a default, I think.<br/> only I am afraid of is adding C to @all will make things messy and un-organized.. (ah, of course I need to trust @admin,s, heh..)</p> <p>anyway, if no strong objection, I'd file new ticket for </p> <ul class="alternate" type="square"> <li>changing $GL_WILDCARDS</li> <li>adding ics_* drp_* spt_* ets_* pfs_* (targets need to be discussed) to gitolite w/C = @admin</li> </ul> <p>closing this since we moved to github, and operation is under discussion at <a href="https://pfspipe.ipmu.jp/jira/browse/INFRA-38" title="Document coding standards and procedures" class="issue-link" data-issue-key="INFRA-38"><del>INFRA-38</del></a> or related.</p> <p>close this. (might be mis-reopened)</p> Development Rank 0|ii007j: