Rules of use
- it is forbidden to change your name even though GitLab allows it
- it is forbidden to change the group path
- repositories are not designed to embed very large files
- the size of one repository has a hard limit of 3 GiB, after exceeding 2 GiB in total, a notification e-mail will be sent automatically
( Project → Settings → Housekeeping can reduce the size of individual repositories)
- pay attention to compliance operating rules
If you have an active account at the Faculty of Informatics, you can log in using LDAP authentication at the following URL:
Enter your faculty login and password, the account will be created automatically after the first login.
GitLab allows you to create a type of account that you cannot own or create projects with. They can only contribute to projects to which they are given explicit access. These accounts are referred to as external . They can be used to make projects accessible to researchers and colleagues from other institutions, opponents or consultants of final theses, etc.
It is not possible to create external accounts directly in GitLab FI, FI employees (members of the group
fi-int ) can, however, create, manage and block external accounts in
external account management application in the Faculty Administration. Documentation and help can be found directly in the application.
The GitLab account associated with the faculty account is valid only if the faculty account is active and unblocked. If the faculty account is blocked or expired, access to GitLab, including SSH keys , will also be blocked.
If you want to work with the repository from your computer without having to enter the password every time, you can upload a public SSH key to your profile. Follow the instructions , here are only tips especially for UN * X systems.
Creating an SSH key
ssh-keygen may ask for a password while creating the key. It is not mandatory, using a key without a password is then easier, however, a key with a password is more secure.
Use a key without a password
You can test the functionality of the key with the command
ssh -i $cesta_k_PRIVATNIMU_klici email@example.com
The output of the command should be similar to the following:
Welcome to GitLab, (Jmeno, Prijmeni) Connection to gitlab.fi.muni.cz closed.
Add the following lines to
~/.ssh/config (file may not already exist):
Host gitlab gitlab.fi.muni.cz HostName gitlab.fi.muni.cz IdentityFile cesta_k_PRIVATNIMU_klici
The meaning of individual lines see
ssh_config(5) . Try that command
ssh git@gitlab has the same output as above without explicit key specification.
Using a password key
If you use this type of key as if it were without a password, every operation with GitLab will require a password to the key, which brings almost no advantages over normal login. With the help of the SSH agent, the key can be unlocked only once and then used repeatedly:
ssh-agent $SHELL ssh-add ~/.ssh/id_gitlab
The first command starts the agent, which then starts a
new shell from the variable
$SHELL . If your shell does not set this variable, enter the path to the program instead (e.g.
/bin/sh ). Exiting the shell also terminates the agent. For more information on commands, see the manual pages for
Please note that in the older version of this documentation and in the various discussion forums, you can find the procedure that uses the command
eval $(ssh-agent -c) or similar. We do not recommend using this procedure because it does not guarantee the correct termination of the agent.
GitLab allows you to log in to the interface and clone repositories using Kerberos tickets .
Use on Nymph stations
After logging in to the graphical environment of the computers
nymfe* the user automatically receives a Kerberos ticket, which can be verified by a command
login@nymfe01:~$ klist Ticket cache: FILE:/tmp/krb5cc_15291 Default principal: login@FI.MUNI.CZ Valid starting Expires Service principal 12/17/2019 16:16:56 12/18/2019 16:16:51 krbtgt/FI.MUNI.CZ@FI.MUNI.CZ
LoginWhen logging in to Mozilla Firefox and Google Chrome (or Chromium), you can use the Kerberos Spnego button instead of entering a password with a valid ticket.
CloningWhen cloning a repository, use the address from Clone with KRB5 .
git pushthey will also work without a password with a valid ticket.
You can request a ticket explicitly by order
kinit . This can be useful for remote SSH access with SSH key authentication (eg on Aisa), where the ticket is not created automatically.
Setting up your own computer
KerberosTo use Kerberos authentication on your own computer, you must have the tools for this authentication mechanism installed, such as from packages
krb5-user(Ubuntu, Debian) or
krb5-workstation(RHEL, CentOS, Fedora). To obtain a ticket, use the command:
user@machine:~$ kinit login@FI.MUNI.CZ
GitGit may require a password during cloning and synchronization, which will result in an error when authenticating with Kerberos
HTTP Basic: Access denied.
This can be solved with the following command:
# nastavení pro uživatele user@machine:~$ git config --global http.emptyAuth true # nastavení pro celý systém user@machine:~$ sudo git config --system http.emptyAuth true
Mozilla FirefoxEnter in the address bar
about:config. Locate the key in the configuration
network.negotiate-auth.trusted-urisand add value
ChromiumLaunch the browser with the parameter
--auth-server-whitelist=*.fi.muni.cz. It may be helpful to create your own script that will run Chromium with this parameter and place it in
Basics of use
For documentation on GitLab features, see help . We especially recommend
If you want to access the repository to other people beyond the "visibility" project (Private, Public or Internal), you can set them as members (members) of the project, see adding members .
If you want to make a private or internal project available to a person without a faculty account and that person only needs access to download the project (ie does not need access to Issues, wikis, etc.), you can use Deploy keys (basically read-only access to the project using an SSH key). If access to other services or the opportunity to contribute to the project is requested, the project must be published or an external account must be created for the person (ask the administrators).
Faculty GitLab has the Reply by E-mail feature enabled, which allows you to reply to comments, "issues" and "milestones" directly by e-mail. However, for proper operation, it is important to follow a few rules:
- reply directly to incoming email using the feature
Reply, do not write a new e-mail
- write your answer only above the citation or preferably delete the citation, as GitLab may not delete the citation correctly
- if you digitally sign your e-mails, it is better not to add a signature to the reply to GitLab
Markdown can be used in e-mail and attachments can be added, which will then appear as attachments in the reply in GitLab.