ACO is running https://git.acc.gsi.de
installation for controls related software.
The server is only available inside the GSI Network. No internet service.
Gitea is attached to the ACO Identity Management
. To apply for an account see UserAccount
For git protocol access https (with username/password) and ssh (with public private keys, see also SshAgent
) is available.
Access permissions for repositories are administrated by their respective owners.
Note: kerberos authentication is not possible. It collides with giteas cookie based authentication mechanisms.
Any user has his own organization (equals username). Additional organizations can be created.
The names of organizations may not collide with usernames.
Each organization has a special team "Owners". This team can't be deleted or renamed and has full access to all repositories in the organization.
Additional teams can be created by the organization owners.
Repositories must be assigned to teams to apply permissions.
Teams can be synchronized with ldap groups. For this add ldap=GROUP to the teams description. Multiple groups can be merged (ldap=GROUP1 ldap=GROUP2).
Ldap synchronizations happens asynchronous. Manual changes to a synchronized team are possible (for example to grant immediate access), but will be overwritten on the next sync.
for protected/private projects that should be accessed by jenkins grant permissions to the user cibuild. Jenkins projects should then be configured use the https url and the credentials for cibuild.
Wiki and Bugtracker
There has been no decision if bugzilla will be replaced with the gitea bugtracker.
If we ever migrate to a different git management system only git repositories will be migrated.
Git Server SSH Hostkey
Recent openssh version (archlinux, rhel9, etc) will prevent access to legacy ciphers. Until we replace the gitea config modify you need to modify local ssh config (
and once we replace the gitea config everyone will get a changed-ssh-key error.
Git Client SSH key
ssh rsa keys won't work with el9 clients. Time to switch to a newer crypto.
ssh-keygen -t ed25519
- 20 Feb 2019