gitosis and gitolite should support git-annex being used to send/receive files from the repositories they manage. Users with read-only access could only get files, while users with write access could also put and drop files.
Doing this right requires modifying both programs, to add git-annex-shell to the list of things they can run, and only allow through appropriate git-annex-shell subcommands to read-only users.
I have posted an RFC for modifying gitolite to the gitolite mailing list.
I have not developed a patch yet, but all that git-annex needs is a way to ssh to the server and run the git-annex-shell command there. git-annex-shell is very similar to git-shell. So, one way to enable it is simply to set GL_ADC_PATH to a directory containing git-annex-shell.
But, that's not optimal, since git-annex-shell will send off receive-pack commands to git, which would bypass gitolite's permissions checking. Also, it makes sense to limit readonly users to only download, not upload/delete files from git-annex. Instead, I suggest adding something like this to gitolite's config:
# If set, users with W access can write file contents into the git-annex,
# and users with R access can read file contents from the git-annex.
$GL_GIT_ANNEX = 0;
If this makes sense, I'm sure I can put a patch together for your review. It would involve modifying gl-auth-command so it knows how to run git-annex-shell, and how to parse out the "verb" from a git-annex-shell command line, and modifying R_COMMANDS and W_COMMANDS.
As I don't write python, someone else is needed to work on gitosis. --Joey
done; support for gitolite is in its
pu
branch, and some changes made to git-annefor gitolite is in itspu
branch, and some changes made to git-annex. Word is gitosis is not being maintained so I won't worry about try to support it. --Joey