summaryrefslogtreecommitdiffstats
path: root/wiki/src/contribute/git.mdwn
blob: b1f5eda36b2a252e8af1a52f7c3a400684560aea (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
[[!meta title="Git repositories"]]

<div id="intro">

<p>Tails and its website are developed in numerous Git repositories.</p>

<p><span class="application">Git</span> is a distributed version control
system. It allows several people to work on the same source code and
handle changes in a distributed and efficient way.</p>

</div>

[[!toc levels=3]]

<a id="learn_Git"></a>

Learn Git
=========

<p>To learn more about <span class="application">Git</span>, refer to
its <a href="http://git-scm.com/">homepage</a>, and <a
href="http://git-scm.com/documentation">official documentation</a>.</p>

Here are a couple of links to get started with Git:

- An [interactive introduction](https://try.github.io/) to Git
- [Git basics](https://www.atlassian.com/git/tutorial/git-basics), by Atlassian
- [Git immersion](http://gitimmersion.com/), a step-by-step introduction
- Pro Git: [online](http://git-scm.com/book),
  [PDF](https://github.s3.amazonaws.com/media/progit.en.pdf), a book on Git from
  basic to advanced usage. This book is available in several languages. Among others:
  [German](http://git-scm.com/book/de), [French](http://git-scm.com/book/fr), [Português](http://git-scm.com/book/pt-br) (Brasil)
- [OpenHatch Missions: Using Git](https://openhatch.org/missions/git), concrete
  exercises to train yourself in using Git.
- [Git For Ages 4 And
  Up](http://mirror.linux.org.au/linux.conf.au/2013/mp4/Git_For_Ages_4_And_Up.mp4),
  a video on learning Git.

<a id="general-information"></a>

General information
===================

<a id="immerda"></a>

Git hosting setup at immerda
----------------------------

Documentation for our Git hosting setup at immerda:

* [main documentation](https://wiki.immerda.ch/index.php/GitRepositoriesImmerda)
* [SSL and SSH fingerprints](https://www.immerda.ch/infos/certs.html)

Merge policy
------------

See our [[contribute/merge_policy]].

Caution!
--------

If you intend to prepare Tails releases, you'll need to make
the development team signing key the default one for Git tags:

	git config user.signingkey A490D0F4D311A4153E2BB7CADBB802B258ACD84F

Repositories
============

<a id="main-repo"></a>

Main repository
---------------

This repository contains the Tails source code and the source of the website.

Anyone can check it out like this:

	git clone https://git-tails.immerda.ch/tails

Developers with write access to the repositories should instead:

	git clone boum_org_amnesia@webmasters.boum.org:wiki.git

And then, in any case, in your new Git clone's directory:

	git submodule update --init

For more information about our usage of Git submodules, see
[[the dedicated section|git#submodules]].

We have a [web interface](https://git-tails.immerda.ch/tails/)
available for the main repository.

### Configuration

Developers with write access to the repositories should:

	git config --global url.tails@git.tails.boum.org:.insteadOf \
	   https://git-tails.immerda.ch/

<a id="branches"></a>

### Branches

Tails development uses several branches modeled a bit like the
Debian development process. Here they are.

<a id="master_branch"></a>

#### master

The `master` branch is mostly used to build the website. It is
merged into `devel` and `stable` from time to time.
We merge into `master`:

- [[Documentation improvements|contribute/how/documentation]] that
  affect current Tails (e.g. not the next Tails release).
- Other changes to the website ([[news]], [[security advisories|security/]], layout, and so on).
- [[Translations|contribute/how/translate#website]] of the website.
- When [[releasing a new Tails|contribute/release_process/]], the branch
  the release was built from (`stable` or `testing`).

#### stable

The `stable` branch is intended to contain:

- the state of the code tagged for the last stable release
- fixes for security or important bugs.

Its purpose is to prepare minor releases.

#### testing

The `testing` branch is used to prepare an imminent release: at some
point of the development process, the `devel` branch code is merged
into `testing`, frozen, and endures careful testing and bug-fixing
until this branch is considered good enough to become a stable
release. The `testing` branch is then merged into the `stable` and
`master` ones, images built and shipped and we go back to code shiny
new stuff in the `devel` branch.

Please note that the `testing` branch generally has not been granted
the same testing and attention as code that has made it into a
stable release: please use it for testing purposes but do not rely
on it for anything. No guarantee, blablabla.

#### devel

Most of the development work that is done in Tails, is done in the
`devel` branch. This branch will never get released; instead, code
from it will be merged into testing and then into a real release.

Please note that the `devel` branch can be broken, have awful security
problems and so on. No guarantee, blablabla.

The `master` branch is merged into `devel` from time to time.

#### Topic branches

We use topic branches called `bugfix/*` and
`feature/*`, respectively aimed at fixing a single bug and
implementing a single new feature. Once ready, a topic branch is
merged (with `--no-ff`) into the appropriate branch (generally
`devel`). Until it has been merged, a topic branch's history may be
rewritten, e.g. it may be rebased on top of `devel`.

Unless there are good reasons to do otherwise, bugfix branches must be
forked off the latest stable release tag, while feature branches
should be forked off the devel branch.

If you intend to work on a branch not really meant to be proposed to a
merge at first, like an experimenting branch that you still want to push
to share with other developers, you can prefix its name by the keyword
`wip/`.  It will make it clear to everyone that this branch shouldn't be
merged before being renamed, and our Jenkins instance will not build nor
test it, so you won't get notifications for a branch that you know is
breaking the build and/or the test suite.

<a id="promotion-material"></a>

Promotion material
------------------

This repository contains Tails [[promotion
material|contribute/how/promote/material]].

Anyone can check it out like this:

	git clone https://git-tails.immerda.ch/promotion-material

Developers with write access to the repositories should instead:

	git clone boum_org_amnesia@webmasters.boum.org:promotion-material.git

We have a [web interface](https://git-tails.immerda.ch/promotion-material/)
available for the promotion material repository.

<a id="puppet"></a>

Puppet modules
--------------

Those who have SSH access to these repositories must configure their
SSH client a bit, e.g.:

	Host git.puppet.tails.boum.org
		HostName d53ykjpeekuikgoq.onion
		ProxyCommand torsocks monkeysphere ssh-proxycommand %h %p

### tails

This is the main *public* Puppet module to manage Tails infrastructure,
including classes such as `tails::reprepro` and `tails::whisperback::relay`.

Anyone can check it out like this:

	git clone git://git.puppet.tails.boum.org/puppet-tails

Developers with write access to the repositories should instead:

	git clone gitolite@git.puppet.tails.boum.org:puppet-tails

### Other Puppet modules

We use and publish a lot of other Puppet modules. See the section
about our [[other repositories|git#other-repositories]].

### tails_lizard_manifests

Developers with access to the APT secrets can check it out like this:

	git clone gitolite@git.puppet.tails.boum.org:puppet-lizard-manifests

### tails_secrets_apt

Developers with access to the APT secrets can check it out like this:

	git clone gitolite@git.puppet.tails.boum.org:puppet-tails_secrets_apt

### tails_secrets_whisperback

Developers with access to the WhisperBack secrets can check it out like this:

	git clone gitolite@git.puppet.tails.boum.org:puppet-tails_secrets_whisperback

<a id="other-repositories"></a>

Other repositories
------------------

All other public Tails Git repositories are at
<https://git-tails.immerda.ch/>.

Unauthenticated access is of the form:

	git clone https://git-tails.immerda.ch/$REPOSITORY

Developers with write access to the repositories should instead:

	git clone tails@git.tails.boum.org:$REPOSITORY

<a id="submodules"></a>

Submodules
==========

We use Git submodules to track external repositories from the main
Tails source tree.

The main practical consequence thereof so far, for most Tails
contributors, is that one should generally run the following command
after checking out a branch:

	git submodule update --init

For more information, see:

* the [chapter about
  submodules](https://git-scm.herokuapp.com/book/en/v2/Git-Tools-Submodules)
  in the *Pro Git* book;
* the [`git-submodule(1)`](http://manpages.debian.org/git-submodule)
  man page.

<a id="creating-a-new-repository"></a>

Creating a new repository
=========================

In the vast majority of cases, your new repository will be hosted
at <https://git-tails.immerda.ch/>. Here is how to get it created.

1. Send your OpenPGP public key, pasted in the body of an email, to
   the [[Tails system administrators|about/contact#tails-sysadmins]].
   State that you want to establish a communication channel in order
   to eventually get a Git repository created. Do not _attach_ your
   public key, this would not work due to bugs in the mailing list
   software we use.
2. Wait for the Tails system administrators to confirm they have
   received your OpenPGP public key and imported it into the keyring
   of their mailing list.
3. Send your Git repository request in an OpenPGP-signed email to the
   [[Tails system administrators|about/contact#tails-sysadmins]];
   include the following information:
   - the name you want to publicly use in our Git repository hosting
     system (only lower-case ASCII chars and digits);
   - the preferred name of the repository you want to create
      (only lower-case ASCII chars and digits);
   - your SSH RSA public key;
   - whether the repository shall be publicly available or not;
   - who else needs read access to the repository, plus their SSH RSA
     public key;
   - who else needs write access to the repository, plus their SSH RSA
     public key.

Once your repository has been created, clone it:

* If you want to encrypt the content of your new Git repository with
  OpenPGP, go through some arcane
  [[initialization ritual|contribute/git#initialize-git-remote-gcrypt]]
  to reach wisdom, bliss and enlightenment.
* Otherwise (lucky you!), see:
  - [[addresses for Git clone and web access|contribute/git#other-repositories]]
  - [[immerda's documentation|contribute/git#immerda]].

<a id="initialize-git-remote-gcrypt"></a>

Initializing a git-remote-gcrypt repository
===========================================

Clone the new, empty repository in a way that tells Git it's going to
be encrypted:

	git clone gcrypt::tails@git-tails.immerda.ch:$REPOSITORY

Change directory into the newly cloned repository:

	cd $REPOSITORY

Decide whether you want to hide to the immerda administrators which
OpenPGP keys this repository will be encrypted for (note that this has
severe usability drawbacks). Skip to the next step if you really want
that. Otherwise:

	git config gcrypt.publish-participants true

Tell Git which OpenPGP keys the repository will be encrypted for:

	git config gcrypt.participants "LIST OF OPENPGP FINGERPRINTS"

Write some setup instructions for your team-mates, e.g. copy and
paste the `git config` command(s) you have just run:

	editor README

Add these setup instructions to the repository and commit:

	git add README && git commit -m 'Add setup documentation.'

Push:

	git push -u origin master

Troubleshooting
===============

First, check with your team-mates: in some cases they can help you
troubleshoot your problem, and confirm whether the problem is on your
side or on the server side. If that is not enough, read on.

* For repositories hosted at `git-tails.immerda.ch` (aka.
  `git.tails.boum.org`) or at `git.puppet.tails.boum.org`:  get in
  touch with
  [[Tails system administrators|about/contact#tails-sysadmins]].

* For repositories hosted at `webmasters.boum.org`: get in touch with
  <root@boum.org>.