Displaying 20 results from an estimated 37 matches for "gitolit".
Did you mean:
gitolite
2016 Jun 22
0
Problem executing VM backups
Hi everyone,
we are suddenly having a problem with executing our backup jobs. For a
long time, we have used a shell script which contains the following code
to backup all our virtual machines:
for domain in Testserver Faktura Fileserver Gitolite Jenkins
Nexus SimpleHelp VpnGateway Wiki; do
echo -n "$(date +"%Y-%m-%d %H:%M:%S") starting backup
for vm ${domain} ... " >> ${vmlog}
virsh dumpxml --security-info ${domain} >
${vmdir}/${domain}.xml
virsh undefine $...
2013 Jan 19
0
Cannot get eth0 to work on libvirt-lxc
...ost.
Everything works except ethernet.
When I boot the host,
---
# dmesg |tail
[ 8.265493] Bridge firewalling registered
[ 8.514547] IPv6: ADDRCONF(NETDEV_UP): virbr0: link is not ready
[ 8.645303] ip6_tables: (C) 2000-2006 Netfilter Core Team
---
Then I do
---
# virsh -c lxc:/// start gitolite
Domain gitolite started
# dmesg |tail
[ 348.793398] device veth0 entered promiscuous mode
[ 348.793553] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[ 348.997973] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 348.997998] virbr0: topology change detected, propagating
[ 348...
2013 Aug 18
1
Extracting client certificate information
When using client certificate authentication, is there any way to
extract the key ID from the certificate in a force command on the
server?
I would like to be able to configure Gitolite [1] with a certificate
authority key and then use the key ID as the Gitolite user ID when a
client connects. Currently I can achieve the same effect by embedding
the username in a "force-command" certificate extension, but it seems
like it would be simpler if I could just configure the...
2013 Nov 01
1
Dynamic Environments, r10k, gitolite and Non-environment Puppet Config
Hi all,
Apologies if this has been dealt with before, but I haven''t managed to find
an answer yet.
I have a working "dynamic environments" setup:
* A gitolite repository (on a dedicated host) with multiple branches - one
for each environment.
* I use r10k ro deploy the environments on the master to
$confdir/environments/$::environment.
This all works *really* well, but I would also like to get the rest of the
puppet configuration under version contr...
2016 Mar 11
2
OpenSSH Security Advisory: xauth command injection
...efault, one would assume that it is only
enabled on a case-by-case basis for users or groups who already have the
necessary privileges to run arbitrary code on the server and therefore
have nothing to gain from exploiting this bug. With X11Forwarding on by
default, it might remain enabled for e.g. gitolite users.
DES
--
Dag-Erling Sm?rgrav - des at des.no
2010 Jun 17
0
Help ME, Please
I want to login in remote server, git server, with two accounts (mars and gitolite) without password. e.g. (steps)
1. ssh-keygen? # no password
2. scp .ssh/id_rsa.pub gitolite at gitserver:/tmp/
3. ssh gitolite at gitserve
4. cat /tmp/id_rsa.pub >> .ssh/authorized_keys
5. exit
Then, do :
ssh gitolite at gitserver ls
But error message occurs:?
Permission denied (publi...
2015 Feb 21
4
[Bug 2358] New: allow sshd to "redirect" to another local user
...think it may also
be generally useful, which is why I filed it as a separate enhancement
request.
It would be nice if sshd could "redirect" a connection to user foo to
another local user bar, consider roughly the following sshd_config:
Match User foo
User bar
Let me bring again my git/gitolite use case as an example where this
could be helpful for vhosting:
Match User git LocalAddress 11.22.33.44
User git-a
Match User git LocalAddress 11.22.33.55
User git-b
So one would have e.g. two domains, pointing to different IPs, which
however both go to the same physical host (and thus sshd)...
2013 Jun 09
1
pass fingerprint to authorizedkeyscommand
Hi guys,
It might be nice if AuthorizedKeysCommand would receive the fingerprint of
the offered key as an argument, so that programs like gitolite could
implement more refined key-based identity lookup that offers better
performance than AuthorizedKeysFile's linear scan.
The following patch is untested but is the basic idea:
diff -ru openssh-6.2p1/auth2-pubkey.c openssh-6.2p1-modified/auth2-pubkey.c
--- openssh-6.2p1/auth2-pubkey.c 201...
2014 Dec 28
2
pubkey fingerprint and krb princ name in environment
Hey,
I use gitolite for git hosting on my server, and because I want to use
kerberos authentication I patched OpenSSH to put the name of the
kerberos principal name or the ssh fingerprint as environment variables
so my ForceCommand script can use them to actually authorize the user by
the principal/fingerprint....
2013 Jan 16
5
[Bug 2063] New: RFE: export principal which was used for .k5login
...W
Severity: enhancement
Priority: P5
Component: Kerberos support
Assignee: unassigned-bugs at mindrot.org
Reporter: enrico.scholz at sigma-chemnitz.de
It would be nice to have information which principal was used for log
in
via .k5login. E.g. 'gitolite' uses by default ssh public keys (where
real identity can be easily recorded by environment/commands in
~/.ssh/authorized_keys) and it will be trivial to implement a similar
mechanism for kerberos auth, when original principal is exported
somehow.
A patch is available at
http://geggus.net/sv...
2015 Nov 17
4
[Bug 2496] New: sshd hangs when using AuthorizedKeysCommand
...h-lookup-key-git
Relevant server debug output:
debug3: subprocess: AuthorizedKeysCommand command
"/usr/local/sbin/ssh-lookup-key-git git" running as sshkeys
debug3: subprocess: AuthorizedKeysCommand pid 86183
debug2: user_key_allowed: check options:
'command="/usr/local/git/bin/gitolite-shell
tom at torchbox.com",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty
ssh-dss
AAAAB3NzaC1kc3MAAACBALtPYyEOw+gvvWvW45iTR7SAkdH8FIML+4SBFPeXBp4ntT0JaRrkaTwm2C2PkZUaOShvFHCcTc7muNBMB/qmLYuWAcbCeKoxv08RMruGheGp6BB/9sByGjPfHssYNk4qxCqHTL6ZRjPRgApV5qz+OP8cTNlT0YXi2WA5Ubact4DhAA...
2015 Feb 20
18
[Bug 2355] New: general protection / segfaults when PermitOpen=none
...f84523e666
sp 00007fff2cc1d908 error 4 in libc-2.19.so[7f845236a000+19f000]
[537088.405962] traps: sshd[27582] general protection ip:7f349cde6664
sp:7fffaf183ee8 error:0 in libc-2.19.so[7f349cd6a000+19f000]
What I do is basically the following:
Having sshd running (my sshd_config is attached), and gitolite3
(from sid) installed.
Gitolite (which I use with the "git" username) in turn has entries
like these:
command="/usr/share/gitolite3/gitolite-shell
admin",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty
ssh-ed25519 ...
in its authorized_key files
Then I repeat...
2016 Feb 25
2
RFC: Move the test-suite LLVM project to GitHub?
...po is set up, nothing that's up for decision right now.
> The main reason to move to GitHub/Lab is one of cost: storage,
> bandwidth and uptime, not one of tools.
For that, public git hosting services are a no-brainer.
You need to look at permissions because you can't simply set up
gitolite, you have to live with whatever the service offers.
> Even if we end up using the
> GitHub interface in the future, I think we should consider a less
> radical move first.
The opportunities will be there from day one.
Whether they are being used, or useful, is something to explore.
&g...
2016 Feb 25
0
RFC: Move the test-suite LLVM project to GitHub?
...I was wondering if
you had some technical issues with git not being suitable. It seems
there isn't anything particularly broken, that some hooks can't fix.
> For that, public git hosting services are a no-brainer.
> You need to look at permissions because you can't simply set up gitolite,
> you have to live with whatever the service offers.
That's a small cost, I'd say. And we can always move providers later
on, which is a lot simpler with git than SVN.
> The GitHub "flow" isn't the right one for every project, so the tooling does
> matter.
As a...
2015 Feb 06
2
Re: Creating users "on - the - fly"
This is a good suggestion - and maybe I'm not totally clear on the
restrictions...
So - in these situations gitolite will actually append things to your
authorized_keys file. Which can get very long. And after a while - it
gets *very* long. I think I saw comments that it should be limited to
about 20k or so. And around 20k the look up times are in the seconds.
So that wouldn't be enough for me. I have anot...
2015 Feb 06
4
Creating users "on - the - fly"
I guess I didn't want to litter the users table either - it just seems
"wrong" to be actually adding things to the host when it is really so
transient. It feels like it should be LDAP-ish. Just ask the server
for the keys and do a one-off authentication. But I've seen even LDAP
creates the user directories.
I see that 2.6 kernels can have some 4B users, which should last me a
2016 Feb 25
2
RFC: Move the test-suite LLVM project to GitHub?
...h write access to completely wipe out the repo.
This depends very much on repo configuration.
For git itself, write access is roughly equivalent to svn administrator
access. However, all public-writable repos have an authorization layer
that prevents history from ever being wiped. Take a look at gitolite,
that's the standard tool for managing such a layer.
> If anyone with more git experience than me can come up with a safe way
> to have 100s of committers pushing to master, I'd be happy to know.
Nobody is allowing 100s of committers to push to master, that would be
silly.
You pu...
2016 Mar 11
2
OpenSSH Security Advisory: xauth command injection
Nico Kadel-Garcia <nkadel at gmail.com> writes:
> I'm just trying to figure out under what normal circumstances a
> connection with X11 forwarding enabled wouldn't be owned by a user who
> already has normal system privileges for ssh, sftp, and scp access.
Some OS distributions (FreeBSD, RHEL / CentOS, probably Fedora) have
X11Forwarding enabled by default.
DES
--
2010 Jan 23
0
Git: help sought
...;m running a Centos server on machine B.
I'd like to "publish" the project on machine B
(mainly for my own use, so I can access it from various sites).
I've asked about this on a Git mailing list,
but haven't understood the replies.
In particular, a couple of people suggested gitolite,
but when I examined this I couldn't make out what it did.
As will be obvious I am a Git newbie,
having been reared on SVN.
But I thought some CentOS users might have met this problem
and come to a simple solution.
--
Timothy Murphy
e-mail: gayleard /at/ eircom.net
tel: +353-86-2336090, +...
2012 Apr 06
1
Feature request config entry for `-T'
Hi,
AFAICT, there is no .ssh/config option for disabling pseudo-tty
allocation. It would be nice to have one.
Context: we're using gitolite in our project, and it sets things up
to run a command with "no-pty". Every once in a while, users will try
to ssh to the machine to see that things are working, and when they
see the "PTY allocation request failed on channel 0" warning, they
assume that something is broken....