Can gitolite have repo and a clone of the same repo with different branches and, therefore, in effect have read access on per branch level?

Question

Question

I want branch level read access permission with gitolite, which I know is impossible. https://groups.google.com/forum/#!topic/gitolite/y87WpZp1BMM

Possible Solution

However, can I have a repo and a clone of that repo (still managed by gitolite) that have different read access levels and different branches (some of which would ONLY be on the private repo, so they would be private branches)? Is there any other workarounds that are well known?

Answer 1

I have this:

repo    dotfiles
    RW+CD @dev              = @ben.boeckel
    RW    refs/heads/master = @ben.boeckel
repo    priv/dotfiles
    RW+C refs/heads/non-public  = @ben.boeckel
    RW+C refs/heads/$hostname   = @ben.boeckel
    -                           = @all
    config gitolite-options.deny-repo = 1
    config core.sharedRepository = 0700

Where the $hostname line is repeated for each host-specific branch I have. This effectively ensures that any non-dev/ branch (the @dev) other than master is accessible is denied. The private repo is then locked down to just those branches.

The repositories are served over git-daemon and cgit in different jails which do not have user access to the repositories (and are mounted using ro and nullfs, so if the deny-repo option ever fails, the filesystem will deny the access as a failsafe.

Answer 2

Is there any other workarounds that are well known?

No, if you want to control read access to branches, you have to isolate them in their own repo.

You can adjust the branch remote refspec in order to memorize which branch you should push to which repo: see "How to copy a local Git branch to a remote repo".