The Shibboleth's project's Git repositories are hosted at Codeberg. Active repositories are mirrored to git.shibboleth.net for internal use by the project.

Anonymous Access

Public access to most repositories may be performed anonymously in one of two ways:

• git clone using "smart HTTPS"

• using a web browser to browse the repository

The decentralised nature of Git means that as a non-committer, you can still work with a copy of the repository and develop on a local branch. This does not need to be a fork hosted on Codeberg, although that can be a convenient approach. Use techniques such as git rebase to keep your branch up to date with the upstream repository. See this section of the Pro Git book for tips.

If you develop code as a non-committer and would like to contribute it back to the project, please start a discussion on the development list. You will need to agree to the contribution policy before we can accept a contribution. You can then git rebase your branch one final time and submit changes using git request-pull or git format-patch/send-email. Alternatively, ask us about enabling pull requests for the repository in question.

Smart HTTPS Access

You can clone a repository using Smart HTTPS as follows:

The Codeberg user interface provides this URL in a box at the top-right of the main page.

This access method supports git clone, git fetch and git pull. Making changes to the repository is not permitted.

Committer Access

Making changes directly to any of the Shibboleth project Git repositories can only be done by project committers. Full repository access is performed using the ssh protocol:

Codeberg documents how to verify your SSH connection using SSH fingerprints. As of 2025-11-28, their keys are:

The current administrators of the Shibboleth organization on Codeberg are Ian Young and Scott Cantor. You need to have a Codeberg account with 2FA enabled, and be added to the Committers team in the organization before you will be able to push commits to any of the project’s repositories.

Gitolite Personal Repositories

As well as using their personal Codeberg accounts, committers may also create personal repositories in our non-public Gitolite instance in a directory named after their gitolite identifier. These are initially only visible to their creator.

Personal repositories are never visible through gitweb, but can be made available to other committers or the general public by setting their permissions appropriately. Anonymous access is enabled by granting read permission to the user daemon.

One use of personal repositories is for long-running feature development which for one reason or another you don't want to make public. For example, you may wish the final feature commit to compress the work you have done on a private feature branch, so that the public repository only shows the final changes required. To do this, you'd can use a local repository and tools such as git rebase and git merge --squash, but using a personal repository allows that workflow to be extended with limited sharing and, of course, security against loss of the local repository.

To create a personal repository, just perform a clone operation and the repository will be created on the server side at the same time:

For more details about this facility, see the gitolite documentation.

Personal Repositories and Jenkins

To grant Jenkins permission to read a personal repository :

The Repository URL in the Jenkins job configuration should then be :  git@git.shibboleth.net:iay/my-personal-repo

Personal Repositories and Jenkins Windows Nodes

Because the Windows Jenkins node does not have an SSH client installed, to test personal repositories :

• grant anonymous access to read the personal repository :

  ssh git@git.shibboleth.net perms iay/my-personal-repo + READERS daemon

• and use a Smart HTTPS URL in the Jenkins job configuration : https://git.shibboleth.net/git/iay/my-personal-repo