I setup gitolite fine with Apache and a script retrieving my groups. I can effectively control who can push into a repository, but not who can read. Currently if I do not set R = @all rule on a repository nobody can read it, even people matched by other rules.

I have the following gitolite configuration:

repo testing
    R       = @git-reader-test
    R       = olivier
#    R      =   @all #Will work if I uncomment this line
    RW+     =   @developers

My wapper script calling gitolite has the following code

echo "Entering gitolite wrapper" >> /home/dev_tools/git/gitauth.log
echo "user: $REMOTE_USER" >> /home/dev_tools/git/gitauth.log
echo "groups: $HTTP_REMOTE_USER_GROUPS" >> /home/dev_tools/git/gitauth.log
exec /home/dev_tools/git/bin/gitolite-shell $REMOTE_USER 2>&1 |tee -a /home/dev_tools/git/gitauth.log

Which outputs:

Entering gitolite wrapper
user: olivier
groups: developers ...
Status: 404 Not Found
Expires: Fri, 01 Jan 1980 00:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, max-age=0, must-revalidate

Repository not exported: '/home/dev_tools/git/repositories/testing'

So my groups and even my username match a R rule but I get rejected with a 404 error, although if I uncomment the R = @all rule I will be able to fetch my repo without any problem.

The error I get on git fetch is

fatal: http://olivier@myserver/testing/info/refs not found: did you run git update-server-info on the server?

And the corresponding gitolite logs are:

2012-10-11.15:52:10 26728       access(testing, olivier, R, 'any'),-> refs/.*
2012-10-11.15:52:10 26728       trigger,Writable,access_1,ACCESS_1,testing,olivier,R,any,refs/.*
2012-10-11.15:52:10 26728   pre_git testing olivier R   any -> refs/.*
2012-10-11.15:52:10 26728       system,git,http-backend
2012-10-11.15:52:10 26728   END

Do you have any idea why this happen?

Curiously, it's not "R = gitweb" that helped you, but "R = daemon". Yes, even though you are using apache, which seems ... "webbie".

Try 'man git-http-backend' and look for 'git-daemon-export-ok'.

The gitolite documentation doesn't say you need to do this, but the configuration suggested includes

SetEnv GIT_HTTP_EXPORT_ALL

which, again according to 'man git-http-backend', is an alternative to requiring that export-ok file in every repo. Presumably you did not choose to set that for whatever reason.

None of this has anything to do with gitolite, really. If gitolite had not been there you would still have the same problem -- someone has to create those export-ok files (or you have to set the GIT_HTTP_EXPORT_ALL env var)

sitaram

As VonC pointed out, at least gitweb need to be able to read the repository. So I could fix this by adding:

repo @all
    R       =   gitweb daemon

To my repositories configuration, as given (without any details) in gitolite documentation.

I really thought until now that gitweb was really separate from gitolite, that it was just used to have a web interface for repo browsing but I must have missed something in gitolite documentation.

IMHO its not well enough stressed in linked documentation since I read it multiple time before asking and nowhere is it said that not having gitweb as reader prevents everyone from reading repos.

Edit: see Sitaram answer for the explanation.