Merge branch 'teemu-contrib' into pu
This commit is contained in:
commit
689ff7464b
15
contrib/gitolite-tools.mkd
Normal file
15
contrib/gitolite-tools.mkd
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
# gitolite-tools
|
||||||
|
|
||||||
|
gitolite-tools is a collection of external git commands to work with
|
||||||
|
gitolite server and repositories:
|
||||||
|
|
||||||
|
* git gl-info - Display gitolite server information
|
||||||
|
* git gl-ls - List accessible gitolite repositories
|
||||||
|
* git gl-desc - Display or edit description of gitolite wildcard repositories
|
||||||
|
* git gl-perms - Display or edit permissions of gitolite wildcard repositories
|
||||||
|
* git gl-htpasswd - Set password for gitweb/apache
|
||||||
|
|
||||||
|
## Homepage
|
||||||
|
|
||||||
|
The project in GitHub:
|
||||||
|
[http://github.com/tmatilai/gitolite-tools](http://github.com/tmatilai/gitolite-tools)
|
40
contrib/gitweb/gitweb.conf
Normal file
40
contrib/gitweb/gitweb.conf
Normal file
|
@ -0,0 +1,40 @@
|
||||||
|
# --------------------------------------------
|
||||||
|
# Per-repo authorization based on gitolite ACL
|
||||||
|
# Include this in gitweb.conf
|
||||||
|
# See doc/3-faq-tips-etc.mkd for more info
|
||||||
|
|
||||||
|
# HOME of the gitolite user
|
||||||
|
my $gl_home = "/home/git";
|
||||||
|
|
||||||
|
# environment variables needed by gitolite.pm
|
||||||
|
$ENV{GL_RC} = "$gl_home/.gitolite.rc";
|
||||||
|
$ENV{GL_USER} = $cgi->remote_user;
|
||||||
|
|
||||||
|
# variables from the RC file
|
||||||
|
our ($REPO_BASE, $GL_ADMINDIR);
|
||||||
|
|
||||||
|
# set HOME temporarily for RC parsing
|
||||||
|
my $orig_home = $ENV{HOME};
|
||||||
|
$ENV{HOME} = $gl_home;
|
||||||
|
do $ENV{GL_RC}
|
||||||
|
or die_error(500, "Failed to parse $ENV{GL_RC}: " . ($! or $@));
|
||||||
|
$ENV{HOME} = $orig_home;
|
||||||
|
|
||||||
|
# set project root etc. absolute paths
|
||||||
|
$ENV{GL_REPO_BASE_ABS} = ( $REPO_BASE =~ m(^/) ? $REPO_BASE : "$gl_home/$REPO_BASE" );
|
||||||
|
$projects_list = $projectroot = $ENV{GL_REPO_BASE_ABS};
|
||||||
|
|
||||||
|
# load gitolite helper routines
|
||||||
|
require "$GL_ADMINDIR/src/gitolite.pm"
|
||||||
|
or die_error(500, "Failed to parse gitolite.pm: " . ($! or $@));
|
||||||
|
|
||||||
|
$export_auth_hook = sub {
|
||||||
|
my $repo = shift;
|
||||||
|
# gitweb passes us the full repo path; so we strip the beginning
|
||||||
|
# and the end, to get the repo name as it is specified in gitolite conf
|
||||||
|
return unless $repo =~ s/^\Q$projectroot\E\/?(.+)\.git$/$1/;
|
||||||
|
|
||||||
|
# check for (at least) "R" permission
|
||||||
|
my ($perm, $creator) = &repo_rights($repo);
|
||||||
|
return ($perm =~ /R/);
|
||||||
|
};
|
|
@ -588,51 +588,12 @@ the users *manage their own HTTP passwords*. Here's how:
|
||||||
* tell your users to type in `ssh git@server htpasswd` to set or change
|
* tell your users to type in `ssh git@server htpasswd` to set or change
|
||||||
their HTTP passwords
|
their HTTP passwords
|
||||||
|
|
||||||
Here's the rest of how it hangs together.
|
Of course some other authentication method can be used (e.g. `mod_ldap`) as
|
||||||
|
long as the usernames match.
|
||||||
|
|
||||||
Gitweb allows you to specify a subroutine to decide on access. We use that
|
Gitweb allows you to specify a subroutine to decide on access. We use that
|
||||||
feature and tie it to gitolite. Sample code (untested by me, but others do
|
feature and tie it to gitolite. Configuration example can be found in
|
||||||
use it, munged from something I saw [here][leho]) is given below.
|
`contrib/gitweb/`.
|
||||||
|
|
||||||
Note the **utter simplicity** of the actual check (just 1 line!). This is an
|
|
||||||
unexpected piece of luck coming from the decision to keep the config parse
|
|
||||||
separate from the actual access control. The config parser puts a pure perl
|
|
||||||
hash in that file named below as `$gl_conf_compiled`, so all the parsing is
|
|
||||||
already done and we just use it!
|
|
||||||
|
|
||||||
# completely untested... but the basic idea should work fine
|
|
||||||
|
|
||||||
# change these as needed
|
|
||||||
# projectroot should be the same as gitolite's REPO_BASE, but converted to
|
|
||||||
# an absolute path
|
|
||||||
$projectroot = '/home/git/repositories/';
|
|
||||||
my $gl_conf_compiled = '/home/git/.gitolite/conf/gitolite.conf-compiled.pm';
|
|
||||||
|
|
||||||
# I am told this gives us the HTTP auth username
|
|
||||||
my $username = $cgi->remote_user;
|
|
||||||
|
|
||||||
# ----------
|
|
||||||
|
|
||||||
# parse the config file; updates %repos hash
|
|
||||||
our %repos;
|
|
||||||
die "parse $gl_conf_compiled failed: " . ($! or $@) unless do $gl_conf_compiled;
|
|
||||||
|
|
||||||
# this is gitweb's mechanism; it calls whatever sub is pointed at by this
|
|
||||||
# variable to decide access yes/no. Gitweb calls it with one argument
|
|
||||||
# containing the full path of the repo being accessed
|
|
||||||
$export_auth_hook = sub {
|
|
||||||
my $reponame = shift;
|
|
||||||
# take the full path provided, strip the beginning...
|
|
||||||
$reponame =~ s/\Q$projectroot\E\/?//;
|
|
||||||
# ...and the end, to get the repo name as it is specified in gitolite conf
|
|
||||||
$reponame =~ s/\.git$//;
|
|
||||||
|
|
||||||
return exists $repos{$reponame}{R}{$username}
|
|
||||||
|| exists $repos{$reponame}{R}{'@all'};
|
|
||||||
};
|
|
||||||
|
|
||||||
|
|
||||||
[leho]: http://leho.kraav.com/news/2009/10/27/using-apache-authentication-with-gitweb-gitosis-repository-access-control/
|
|
||||||
|
|
||||||
### advanced features
|
### advanced features
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue