Merge branch 'teemu-contrib' into pu
This commit is contained in:
commit
689ff7464b
15
contrib/gitolite-tools.mkd
Normal file
15
contrib/gitolite-tools.mkd
Normal file
|
@ -0,0 +1,15 @@
|
|||
# gitolite-tools
|
||||
|
||||
gitolite-tools is a collection of external git commands to work with
|
||||
gitolite server and repositories:
|
||||
|
||||
* git gl-info - Display gitolite server information
|
||||
* git gl-ls - List accessible gitolite repositories
|
||||
* git gl-desc - Display or edit description of gitolite wildcard repositories
|
||||
* git gl-perms - Display or edit permissions of gitolite wildcard repositories
|
||||
* git gl-htpasswd - Set password for gitweb/apache
|
||||
|
||||
## Homepage
|
||||
|
||||
The project in GitHub:
|
||||
[http://github.com/tmatilai/gitolite-tools](http://github.com/tmatilai/gitolite-tools)
|
40
contrib/gitweb/gitweb.conf
Normal file
40
contrib/gitweb/gitweb.conf
Normal file
|
@ -0,0 +1,40 @@
|
|||
# --------------------------------------------
|
||||
# Per-repo authorization based on gitolite ACL
|
||||
# Include this in gitweb.conf
|
||||
# See doc/3-faq-tips-etc.mkd for more info
|
||||
|
||||
# HOME of the gitolite user
|
||||
my $gl_home = "/home/git";
|
||||
|
||||
# environment variables needed by gitolite.pm
|
||||
$ENV{GL_RC} = "$gl_home/.gitolite.rc";
|
||||
$ENV{GL_USER} = $cgi->remote_user;
|
||||
|
||||
# variables from the RC file
|
||||
our ($REPO_BASE, $GL_ADMINDIR);
|
||||
|
||||
# set HOME temporarily for RC parsing
|
||||
my $orig_home = $ENV{HOME};
|
||||
$ENV{HOME} = $gl_home;
|
||||
do $ENV{GL_RC}
|
||||
or die_error(500, "Failed to parse $ENV{GL_RC}: " . ($! or $@));
|
||||
$ENV{HOME} = $orig_home;
|
||||
|
||||
# set project root etc. absolute paths
|
||||
$ENV{GL_REPO_BASE_ABS} = ( $REPO_BASE =~ m(^/) ? $REPO_BASE : "$gl_home/$REPO_BASE" );
|
||||
$projects_list = $projectroot = $ENV{GL_REPO_BASE_ABS};
|
||||
|
||||
# load gitolite helper routines
|
||||
require "$GL_ADMINDIR/src/gitolite.pm"
|
||||
or die_error(500, "Failed to parse gitolite.pm: " . ($! or $@));
|
||||
|
||||
$export_auth_hook = sub {
|
||||
my $repo = shift;
|
||||
# gitweb passes us the full repo path; so we strip the beginning
|
||||
# and the end, to get the repo name as it is specified in gitolite conf
|
||||
return unless $repo =~ s/^\Q$projectroot\E\/?(.+)\.git$/$1/;
|
||||
|
||||
# check for (at least) "R" permission
|
||||
my ($perm, $creator) = &repo_rights($repo);
|
||||
return ($perm =~ /R/);
|
||||
};
|
|
@ -588,51 +588,12 @@ the users *manage their own HTTP passwords*. Here's how:
|
|||
* tell your users to type in `ssh git@server htpasswd` to set or change
|
||||
their HTTP passwords
|
||||
|
||||
Here's the rest of how it hangs together.
|
||||
Of course some other authentication method can be used (e.g. `mod_ldap`) as
|
||||
long as the usernames match.
|
||||
|
||||
Gitweb allows you to specify a subroutine to decide on access. We use that
|
||||
feature and tie it to gitolite. Sample code (untested by me, but others do
|
||||
use it, munged from something I saw [here][leho]) is given below.
|
||||
|
||||
Note the **utter simplicity** of the actual check (just 1 line!). This is an
|
||||
unexpected piece of luck coming from the decision to keep the config parse
|
||||
separate from the actual access control. The config parser puts a pure perl
|
||||
hash in that file named below as `$gl_conf_compiled`, so all the parsing is
|
||||
already done and we just use it!
|
||||
|
||||
# completely untested... but the basic idea should work fine
|
||||
|
||||
# change these as needed
|
||||
# projectroot should be the same as gitolite's REPO_BASE, but converted to
|
||||
# an absolute path
|
||||
$projectroot = '/home/git/repositories/';
|
||||
my $gl_conf_compiled = '/home/git/.gitolite/conf/gitolite.conf-compiled.pm';
|
||||
|
||||
# I am told this gives us the HTTP auth username
|
||||
my $username = $cgi->remote_user;
|
||||
|
||||
# ----------
|
||||
|
||||
# parse the config file; updates %repos hash
|
||||
our %repos;
|
||||
die "parse $gl_conf_compiled failed: " . ($! or $@) unless do $gl_conf_compiled;
|
||||
|
||||
# this is gitweb's mechanism; it calls whatever sub is pointed at by this
|
||||
# variable to decide access yes/no. Gitweb calls it with one argument
|
||||
# containing the full path of the repo being accessed
|
||||
$export_auth_hook = sub {
|
||||
my $reponame = shift;
|
||||
# take the full path provided, strip the beginning...
|
||||
$reponame =~ s/\Q$projectroot\E\/?//;
|
||||
# ...and the end, to get the repo name as it is specified in gitolite conf
|
||||
$reponame =~ s/\.git$//;
|
||||
|
||||
return exists $repos{$reponame}{R}{$username}
|
||||
|| exists $repos{$reponame}{R}{'@all'};
|
||||
};
|
||||
|
||||
|
||||
[leho]: http://leho.kraav.com/news/2009/10/27/using-apache-authentication-with-gitweb-gitosis-repository-access-control/
|
||||
feature and tie it to gitolite. Configuration example can be found in
|
||||
`contrib/gitweb/`.
|
||||
|
||||
### advanced features
|
||||
|
||||
|
|
Loading…
Reference in a new issue