Re: gitosis-lite

["Shawn O. Pearce" <spearce@spearce.org>]

Sitaram Chamarty <sitaramc@gmail.com> wrote:
> On Mon, Aug 24, 2009 at 6:43 PM, Jakub Narebski<jnareb@gmail.com> wrote:
> > Why not contrib/hooks/update-paranoid (which is written in Perl)?
> 
> Hmmm several reasons.  To start with, it appears to me that
> update-paranoid assumes each user has his own ACL file, and
> I'm going the other way -- you'll notice I have exactly one
> file as a single ACL source for many *projects*, leave alone
> users.

That is true, update-paranoid uses an ACL file per user, because
we approached it from the perspective of "what can this user do"
rather than "what is allowed in this project".

We later ran into needing groups, which meant that in practice the
per-user ACL files really just enumerated what groups they were
a member of, and the group ACL files enumerated what they were
allowed to do in projects.

I can certainly see how this might be backwards, and someone would
prefer the other direction, a per-project listing or something.
 
> Secondly, I want to stick to the gitosis philosophy -- it
> has served very well, and I'm not sure how "in use"
> update-paranoid is.

Well, my prior job used it heavily, and I think is still using it,
a year after I left.  My current job would use it, except that we
went and wrote Gerrit Code Review instead.  :-)
 
> Thirdly, I'm not comfortable having a hook be so complex.
> The whole thing is 10 lines shorter than all my code put
> together :)

Yes, update-paranoid is a big script.  It does a lot.  It not only
checks "can you write in this repository, on this branch" but it
also checks that every commit matches your own email address(es),
and it can also check file path edits, to see if you can modify
the files that were changed.
 
> And finally, it's far too complex for me, leave alone some
> of my users.  I count 6 pipe opens in there,

Not surprised, it needs to read a lot of data from git to do its
job correctly.  It has to enumerate all new commits, any commits
which may be discarded by the update (non-fast-forward), as well
as scan the diff to see which paths were affected.

> and the ACLs
> are read by git cat-file or something

Because I didn't want to check out a copy of the ACLs to the local
disk just to read them into the hook.  The hook pulls them directly
out of a bare "admin" repository, making it easier to push changes
into the repository and have them take effect immediately.

I know Gitosis handles this by having a magic hook in the admin
repository that copies the file out.  update-paranoid just reads
it from git.

> I'll be honest: I
> came away feeling very stupid after trying to read and
> understand that program.  It was... humbling :(

*sigh* That's not good, the hook is meant as a practical example,
if it was too complex to understand, I did a poor job of writing it.
 
-- 
Shawn.