[Sorry this has taken so long. Work was been eating my time.]

Here is my list of current outstanding issues with Gitosis.  I do not have fixes for these at the moment, but people and web indexes should be aware of the problems. The author of Gitosis seems to have been taken off-line. (The list may not be complete. I may have forgotten something.)

1. Multiple duplicate keys parsing problem

This can happen when you have multiple people administering a repository. (Especially when those people are responsible for separate projects on the same server.

You have a.pub and b.pub. These are both the public key for "Bob". (The same exact key in two files.)  Any group that a.pub is added to Bob will have access to. Any group that b.pub is added to that does not contain a.pub Bob will not have access to.  (It seems to sort the keys and only sees the first occurrence of the key, not all occurrences. 

2. Trees with working directories kills Gitosis

If any of the repositories in the repository have a working directory, Gitosis will fail on a push to gitosis-admin with a bunch of Python barfage.  (I don't have an example at hand, but if you look at the code, it is looking at ".git".) This usually happens when someone tries to shortcut the process by cloning code into the repo on the local machine.

3. Gitosis needs to have access to everything.

If your mount point for the repository is /repo you have to create a directory under this, else /repo/lost+found prevents Gitosis for initializing correctly. It is a permissions issue.

4. Typos are deadly.

If you push a gitosis.conf file to gitosis-admin that has a non-parseable typo, gitosis will have problems. The immediate effect is that the authorized-keys file does not get updated. (New keys do not get added to the file, but existing ones work up except for the typo areas.) The only way to fix this is to hand-correct the copy on the server. Rerunning the gitosis-init script on the server will fix a lot of problems and does not overwrite existing ...
[ message continues ]

For completeness (but I think you know it already): gitolite is an
alternative to gitosis, and it is maintained.

-- 
Matthieu Moy
http://www-verimag.imag.fr/~moy/
--

[ message continues ]

Does gitolite play well with Gerrit? I note in the docs that it does not react well to files under its control being messed with.
--

[ message continues ]

For the real reason I added that into the docs, see
http://github.com/sitaramc/gitolite/commit/10289c6d6494e7aa4204dfe29afec7535c1aa1a2

If <any other software> wants to add *other* files into repos that
gitolite does not need, that is perfectly fine.  Gitolite does not
expect to be "sole control", but just "don't mess with my stuff and
we'll get along fine".

However, I wasn't aware that it is even *possible* to run gerrit and
gitolite together.  Gerrit has its own customised ssh daemon, its own
customised "git", and so on.

I also fail to understand why you need gitolite if you're using
gerrit.  I believe gerrit can do all the access control that gitolite
can do.  See http://github.com/sitaramc/gitolite/blob/pu/contrib/gerrit.mkd
for a comparision

regards

sitaram
--

[ message continues ]

We use gitosis currently for back-end management.

Gerrit does not add existing projects well. Pushing the kernel project into Gerrit causes one entry to approve per commit. That swamps the server. Gerrit does not have a way of handling rebases very well.  (We have projects that have a regular consolidation on the end of the development trees.)

There are also some people (me for example) who loath the Repo command and prefer to work using git.

I am hoping we can migrate to Gitolite. I am going to set up a test server to see if I can identify problems.

[ message continues ]

Don't push to refs/for/master.  Grant yourself Push Branch +1
(or +2 if you need to create the branch) and push directly to
refs/heads/master like you would with Gitolite, Gitosis or any
other Git repository.  Gerrit won't create a change record, and

I think it handles rebases about as well as any other Git tool, you
need to enable Push +3 to permit force push/rewind of the relevant
branches, and then actually do the force push.  Any pending commit
will need to be rebased.  Which is also true for just about any
workflow except the classic Linux kernel "format-patch and email"
model.  Switching to gitolite probably won't easy the rebase pain.

FWIW, the Google kernel developers have their Gerrit instance
configured to use the cherry-pick submit type on their kernel
repositories, which makes changes submittable across rebases,
because its emulating the format-patch->email->am workflow that

I'm also among those people, as are many of Google's kernel
developers.  We just use git push to talk to Gerrit... and
that is one of the primary reasons it embeds its own SSHD.

-- 
Shawn.
--

[ message continues ]

I can't speak for gitosis -- I thank my stars every day that
the gitosis author did not reply to my emails back then,
because otherwise there may not have been a gitolite.

But I will try and address a couple of points which strike
me as important, especially ones that affect gitolite also,
just for completeness.



Gitolite will do the same thing.  This is an artifact of the
fact that neither of them is looking *inside* the key and
comparing with others, coupled with the fact that sshd does
a linear scan, and when it finds a match it goes with it.

I can tell you that in gitolite, I have no intention of
adding that check by comparing the contents of the keys.

However, gitolite does have "sshkeys-lint" which will catch
the problem and tell you that second key will be ignored by

Good.  A server side repo has no business having a working
tree ;-)

Gitolite was modelled after gitosis, although it's hard to
imagine that now, seeing how far apart they are today.

Server side repos == bare repos.  Bare repos == .git suffix
as a convention in git-land.  This convention becomes
"standard" in gitolite.

"cloning code into the repo on the local machine" -- if I


What I found more problematic was it would silently ignore
typos such as "member" instead of "members".

Gitolite will show you lots of errors.

You can still push up a botched-config (syntactically
correct but you managed to lock yourself out by typoing your
own name!), but you don't have to throw in the towel --
there is "gl-dont-panic" (written 2 months after "towel
day", to my eternal regret ;-)

Sitaram
--

[ message continues ]