test smart http mode, update docs (including mob mode)

- allow a mob username to be defined; all unauthenticated access will
    look to gitolite like this user (if you setup apache also properly)

  - update doc with more details (some repeat stuff from `man
    git-http-backend` but it's probably worth having everything in one
    place

conf/example.gitolite.rc

@@ -53,6 +53,7 @@ $SVNSERVE = "";
 # $ADMIN_POST_UPDATE_CHAINS_TO = "hooks/post-update.secondary";
 # $GL_ADC_PATH = "";
 # $GL_GET_MEMBERSHIPS_PGM = "/usr/local/bin/expand-ldap-user-to-groups"
+# $GL_HTTP_ANON_USER = "mob";
 
 # ------------------------------------------------------------------------------
 # less used/changed variables

doc/developer-notes.mkd

@@ -40,8 +40,8 @@ suite.  The following exceptions exist:
 
   * basic, manual, testing only
       * most admin defined commands
-  * not yet tested
       * smart http
+  * not yet tested
       * mirroring
       * mob branches
   * things which I have no easy way to test

doc/gitolite.rc.mkd

@@ -250,6 +250,14 @@ on feedback from my users to find or fix issues.
 
     Example: `$GL_GET_MEMBERSHIPS_PGM = "/usr/local/bin/expand-ldap-user-to-groups"`
 
+  * `$GL_HTTP_ANON_USER`, string, default undef
+
+    Analogous to running mob branches over ssh (as described in
+    [doc/mob-branches.mkd][mob], this variable -- combined with appropriate
+    setup described in [doc/http-backend.mkd][smart] -- lets you pretend to
+    gitolite that unauthenticated HTTP users are actually authenticated as
+    this user.
+
 <a name="_less_used_changed_variables"></a>
 
 ### less used/changed variables
@@ -336,3 +344,5 @@ on feedback from my users to find or fix issues.
 [faq]: http://github.com/sitaramc/gitolite/blob/pu/doc/3-faq-tips-etc.mkd
 [adc]: http://github.com/sitaramc/gitolite/blob/pu/doc/admin-defined-commands.mkd
 [mirr]: http://github.com/sitaramc/gitolite/blob/pu/doc/mirroring.mkd
+[mob]: http://github.com/sitaramc/gitolite/blob/pu/doc/mob-branches.mkd
+[smart]: http://github.com/sitaramc/gitolite/blob/pu/doc/http-backend.mkd

doc/http-backend.mkd

@@ -12,8 +12,9 @@ In this document:
   * <a href="#_additional_requirements">additional requirements</a>
   * <a href="#_detailed_instructions">detailed instructions</a>
       * <a href="#_install_gitolite_under_apache_">install gitolite under "apache"</a>
-      * <a href="#_setup_the_http_backend">setup the http-backend</a>
+      * <a href="#_setup_apache">setup apache</a>
   * <a href="#_usage">usage</a>
+  * <a href="#_allowing_anonymous_access">allowing anonymous access</a>
 
 ----
 
@@ -34,7 +35,7 @@ In this document:
     `HOME=$GITOLITE_HTTP_HOME` and hope for the best.  Luckily most of them
     have to do with sshkeys so this may not matter.  YMMV.
 
-  * tested on stock Fedora 13; if you test on other environments please let me
+  * tested on stock Fedora 14; if you test on other environments please let me
     know how it worked out and if we need to adjust this document
 
   * tested https with dummy certs and `GIT_SSL_NO_VERIFY`; no reason why it
@@ -66,56 +67,74 @@ if it does not.  Similarly for "/var/www" and other file names/locations.
 
 #### install gitolite under "apache"
 
-  * follow the "non-root" method, but since you can't even "su - apache", make
+Follow the "non-root" method, but since you can't even "su - apache", make the
-    the following variations when doing this as root:
+following variations when doing this as root:
 
-      * `cd ~apache` first; this is `/var/www` on Fedora 13
+  * `cd ~apache` first; this is `/var/www` on Fedora 14
 
-      * do this in the shell
+  * do this in the shell
 
-            mkdir gitolite-home
+        mkdir gitolite-home
-            export GITOLITE_HTTP_HOME
+        export GITOLITE_HTTP_HOME
-            GITOLITE_HTTP_HOME=/var/www/gitolite-home
+        GITOLITE_HTTP_HOME=/var/www/gitolite-home
-            PATH=$PATH:$GITOLITE_HTTP_HOME/bin
+        PATH=$PATH:$GITOLITE_HTTP_HOME/bin
 
-      * now run the first 3 install steps for "non-root" method (clone, mkdir,
+  * now run the first 3 install steps for "non-root" method (clone, mkdir, and
-        and gl-system-install), but **substitute `GITOLITE_HTTP_HOME` in place of
+    gl-system-install), but **substitute** `GITOLITE_HTTP_HOME` in place of
-        `HOME`** in the mkdir and gl-system-install steps.
+    `HOME` in the mkdir and gl-system-install steps.
 
-        **Do NOT run the gl-setup step yet**.
+    **Do NOT run the gl-setup step yet**.
 
-      * after the gl-system-install step, add these to the **top** of
+        cd gitolite-home
-        /var/www/gitolite-home/share/gitolite/conf/example.gitolite.rc
+        git clone /tmp/gitolite.git gitolite-source
 
-            $ENV{GIT_HTTP_BACKEND} = "/usr/libexec/git-core/git-http-backend";
+        cd gitolite-source
-                # or wherever you have that file; not NO trailing slash
+        GHH=$GITOLITE_HTTP_HOME     # just for convenience in next 2 commands
-            $ENV{PATH} .= ":$ENV{GITOLITE_HTTP_HOME}/bin";
+        mkdir -p              $GHH/bin $GHH/share/gitolite/conf $GHH/share/gitolite/hooks
-                # note the ".=" here, not "="
+        src/gl-system-install $GHH/bin $GHH/share/gitolite/conf $GHH/share/gitolite/hooks
 
-      * run gl-setup with the name of your admin user
+  * after the gl-system-install step, add these to the **top** of
+    /var/www/gitolite-home/share/gitolite/conf/example.gitolite.rc
 
-            gl-setup sitaram
+        $ENV{GIT_HTTP_BACKEND} = "/usr/libexec/git-core/git-http-backend";
+            # or wherever you have that file; not NO trailing slash
+        $ENV{PATH} .= ":$ENV{GITOLITE_HTTP_HOME}/bin";
+            # note the ".=" here, not "="
 
-      * IMPORTANT: fix up ownerships
+  * run gl-setup with the name of your admin user
 
-            chown -R apache.apache $GITOLITE_HTTP_HOME
+        gl-setup sitaram
 
-<a name="_setup_the_http_backend"></a>
+  * IMPORTANT: fix up ownerships
 
-#### setup the http-backend
+        chown -R apache.apache $GITOLITE_HTTP_HOME
 
-  * when you setup the apache config according to "man git-http-backend",
+<a name="_setup_apache"></a>
-    change these two as below (please note the trailing slash on the
-    ScriptAlias line):
 
-        SetEnv GIT_PROJECT_ROOT /var/www/gitolite-home/repositories
+#### setup apache
-        ScriptAlias /git/ /var/www/gitolite-home/bin/gl-auth-command/
 
-    You also need this new variable:
+You will need to setup certain values in the httpd conf, as given in `man
+git-http-backend`.  You can put all them into, for instance,
+`/etc/httpd/conf.d/gitolite.conf` and apache [at least on Fedora 14] will pick
+it up.  These are the values to use; note that these are somewhat different
+from those in the manpage cited above, plus we have one extra variable:
 
-        SetEnv GITOLITE_HTTP_HOME /var/www/gitolite-home
+    SetEnv GIT_PROJECT_ROOT /var/www/gitolite-home/repositories
+    SetEnv GIT_HTTP_EXPORT_ALL
+    ScriptAlias /git/ /var/www/gitolite-home/bin/gl-auth-command/
+        # note trailing slash
 
-And that's it... you're done for the setup!
+    SetEnv GITOLITE_HTTP_HOME /var/www/gitolite-home
+
+    <Location /git>
+        AuthType Basic
+        AuthName "Private Git Access"
+        Require valid-user
+        AuthUserFile /path/to/some/passwdfile
+    </Location>
+
+Now create/update the password file in `/path/to/some/passwdfile` using the
+`htpasswd` command, and you're all done for the setup!
 
 <a name="_usage"></a>
 
@@ -144,4 +163,28 @@ following works and I'm leaving it at that:
 With a few nice shell aliases, you won't even notice the horrible convolutions
 here ;-)
 
+<a name="_allowing_anonymous_access"></a>
+
+### allowing anonymous access
+
+Like [mob branches][mob] with ssh, you can allow completely
+**un**-authenticated users to still have some rights specified in gitolite.
+Briefly, here's how:
+
+  * specify a ScriptAlias in apache config for unauthenticated access also.  I
+    prefer something like
+
+        ScriptAlias /gitmob/ /var/www/gitolite-home/bin/gl-auth-command/
+
+  * set `$GL_HTTP_ANON_USER` to some name, like 'mob' or 'anon' in the rc file
+
+  * give rights to this user ('mob' or 'anon' or whatever you used) in the
+    gitolite config file and push the change
+
+URLs (in this example) will then look like `http://server/gitmob/reponame.git`
+-- we lose the userid:passwd part and change 'git' to 'gitmob'.
+
 Enjoy!
+
+[mob]: http://github.com/sitaramc/gitolite/blob/pu/doc/mob-branches.mkd
+

src/gitolite_rc.pm

@@ -22,6 +22,8 @@ use Exporter 'import';
     $GL_SLAVE_MODE $GL_WILDREPOS $GL_WILDREPOS_DEFPERMS
     $GL_WILDREPOS_PERM_CATS $HTPASSWD_FILE $PROJECTS_LIST $REPO_BASE
     $REPO_UMASK $RSYNC_BASE $SVNSERVE $UPDATE_CHAINS_TO
+
+    $GL_HTTP_ANON_USER
 );
 
 # ------------------------------------------------------------------------------

src/gl-auth-command

@@ -74,6 +74,7 @@ if ($ENV{REQUEST_URI}) {
     # so the rest of the code stays the same (except the exec at the end).
     simulate_ssh_connection();
 
+    $ENV{REMOTE_USER} ||= $GL_HTTP_ANON_USER;   # see doc/http-backend.mkd
     $user = $ENV{GL_USER} = $ENV{REMOTE_USER};
 } else {
     # no (more) arguments given in ssh mode?  default user is $USER