Merge branch 'teemu-contrib' into pu

This commit is contained in:
Sitaram Chamarty 2010-05-14 22:22:40 +05:30
commit 689ff7464b
3 changed files with 59 additions and 43 deletions

View file

@ -0,0 +1,15 @@
# gitolite-tools
gitolite-tools is a collection of external git commands to work with
gitolite server and repositories:
* git gl-info - Display gitolite server information
* git gl-ls - List accessible gitolite repositories
* git gl-desc - Display or edit description of gitolite wildcard repositories
* git gl-perms - Display or edit permissions of gitolite wildcard repositories
* git gl-htpasswd - Set password for gitweb/apache
## Homepage
The project in GitHub:
[http://github.com/tmatilai/gitolite-tools](http://github.com/tmatilai/gitolite-tools)

View file

@ -0,0 +1,40 @@
# --------------------------------------------
# Per-repo authorization based on gitolite ACL
# Include this in gitweb.conf
# See doc/3-faq-tips-etc.mkd for more info
# HOME of the gitolite user
my $gl_home = "/home/git";
# environment variables needed by gitolite.pm
$ENV{GL_RC} = "$gl_home/.gitolite.rc";
$ENV{GL_USER} = $cgi->remote_user;
# variables from the RC file
our ($REPO_BASE, $GL_ADMINDIR);
# set HOME temporarily for RC parsing
my $orig_home = $ENV{HOME};
$ENV{HOME} = $gl_home;
do $ENV{GL_RC}
or die_error(500, "Failed to parse $ENV{GL_RC}: " . ($! or $@));
$ENV{HOME} = $orig_home;
# set project root etc. absolute paths
$ENV{GL_REPO_BASE_ABS} = ( $REPO_BASE =~ m(^/) ? $REPO_BASE : "$gl_home/$REPO_BASE" );
$projects_list = $projectroot = $ENV{GL_REPO_BASE_ABS};
# load gitolite helper routines
require "$GL_ADMINDIR/src/gitolite.pm"
or die_error(500, "Failed to parse gitolite.pm: " . ($! or $@));
$export_auth_hook = sub {
my $repo = shift;
# gitweb passes us the full repo path; so we strip the beginning
# and the end, to get the repo name as it is specified in gitolite conf
return unless $repo =~ s/^\Q$projectroot\E\/?(.+)\.git$/$1/;
# check for (at least) "R" permission
my ($perm, $creator) = &repo_rights($repo);
return ($perm =~ /R/);
};

View file

@ -588,51 +588,12 @@ the users *manage their own HTTP passwords*. Here's how:
* tell your users to type in `ssh git@server htpasswd` to set or change * tell your users to type in `ssh git@server htpasswd` to set or change
their HTTP passwords their HTTP passwords
Here's the rest of how it hangs together. Of course some other authentication method can be used (e.g. `mod_ldap`) as
long as the usernames match.
Gitweb allows you to specify a subroutine to decide on access. We use that Gitweb allows you to specify a subroutine to decide on access. We use that
feature and tie it to gitolite. Sample code (untested by me, but others do feature and tie it to gitolite. Configuration example can be found in
use it, munged from something I saw [here][leho]) is given below. `contrib/gitweb/`.
Note the **utter simplicity** of the actual check (just 1 line!). This is an
unexpected piece of luck coming from the decision to keep the config parse
separate from the actual access control. The config parser puts a pure perl
hash in that file named below as `$gl_conf_compiled`, so all the parsing is
already done and we just use it!
# completely untested... but the basic idea should work fine
# change these as needed
# projectroot should be the same as gitolite's REPO_BASE, but converted to
# an absolute path
$projectroot = '/home/git/repositories/';
my $gl_conf_compiled = '/home/git/.gitolite/conf/gitolite.conf-compiled.pm';
# I am told this gives us the HTTP auth username
my $username = $cgi->remote_user;
# ----------
# parse the config file; updates %repos hash
our %repos;
die "parse $gl_conf_compiled failed: " . ($! or $@) unless do $gl_conf_compiled;
# this is gitweb's mechanism; it calls whatever sub is pointed at by this
# variable to decide access yes/no. Gitweb calls it with one argument
# containing the full path of the repo being accessed
$export_auth_hook = sub {
my $reponame = shift;
# take the full path provided, strip the beginning...
$reponame =~ s/\Q$projectroot\E\/?//;
# ...and the end, to get the repo name as it is specified in gitolite conf
$reponame =~ s/\.git$//;
return exists $repos{$reponame}{R}{$username}
|| exists $repos{$reponame}{R}{'@all'};
};
[leho]: http://leho.kraav.com/news/2009/10/27/using-apache-authentication-with-gitweb-gitosis-repository-access-control/
### advanced features ### advanced features