I want branch level read access permission with gitolite, which I know is impossible. https://groups.google.com/forum/#!topic/gitolite/y87WpZp1BMM
However, can I have a repo and a clone of that repo (still managed by gitolite) that have different read access levels and different branches (some of which would ONLY be on the private repo, so they would be private branches)? Is there any other workarounds that are well known?
I have this:
repo dotfiles
RW+CD @dev = @ben.boeckel
RW refs/heads/master = @ben.boeckel
repo priv/dotfiles
RW+C refs/heads/non-public = @ben.boeckel
RW+C refs/heads/$hostname = @ben.boeckel
- = @all
config gitolite-options.deny-repo = 1
config core.sharedRepository = 0700
Where the $hostname line is repeated for each host-specific branch I have. This effectively ensures that any non-dev/ branch (the @dev) other than master is accessible is denied. The private repo is then locked down to just those branches.
The repositories are served over git-daemon and cgit in different jails which do not have user access to the repositories (and are mounted using ro and nullfs, so if the deny-repo option ever fails, the filesystem will deny the access as a failsafe.