How can I give read Access to everybody with gitolite

Question

in my gitolite.conf i can set

repo    COOL_REPOSITORY
        RW+     =   me
        R       =   @all

This gives me writing access, and all other REGISTERED users have read access to my repository. Now my question is, can i give read access to everybody, not only to users which i have registered by storing their ssh-keys in my keydir?

Answer 1

Gitolite uses ssh, and I do not think ssh should be used to give access to unregistered users.

Git implements git-daemon and git-http-backend to allow anonymous access via the git:// or http:// protocols, respectively.

Answer 2

You can call gitolite from an http VirtualHost configuration, like I do in my project.

# GitHttp on @PORT_HTTP_HGIT@
Listen @PORT_HTTP_HGIT@
<VirtualHost @FQN@:@PORT_HTTP_HGIT@>
  ServerName @FQN@
  ServerAlias @HOSTNAME@
  SetEnv GIT_PROJECT_ROOT @H@/repositories
  SetEnv GIT_HTTP_EXPORT_ALL
  SetEnv GITOLITE_HTTP_HOME @H@
  ScriptAlias /hgit/ @H@/sbin/gitolite-shell/
  SetEnv GIT_HTTP_BACKEND "@H@/usr/local/apps/git/libexec/git-core/git-http-backend"
  <Location /hgit>
    ...

Gitolite doesn't require users to register ssh keys: it is only an authorization layer.

But still calling gitolite through http ensure that you keep other Gitolite features active, like:

• audit trail (in .gitolite/logs: you still know at least which IP address did clone/pull/push your repo)
• control access (in case you need to remove the @all rule at any moment)

Using directly git-daemon or a direct http access, without using Gitolite at all, would mean renouncing to any control access.