git clone server:my_repository.git
git clone server:mirrors/tinyos/tinyos-main.git
+= Repository access for gitweb
+
+The following steps can allow gitweb to filter the available repositories
+according to the authenticated user and the contents of the .gitacl file.
+
+- The web server must require authorization and a valid user for URI's starting
+ with /gitweb. Recommend using a PAM module, since repo_shell also works of
+ the system user credentials.
+- The web server needs to pass the REMOTE_USER environment variable to
+ gitweb.cgi.
+- The contents of the file gitweb.conf.addon must be added to the server's
+ gitweb.conf file, usually found in /etc.
+
+The contents of gitweb.conf.addon essentially define an $export_auth_hook that
+uses repo_shell's test mode to validate read access for the web server
+authenticated user for each repository gitweb can see.
+
= Repository access for other applications
Local system applications, such as web based viewers, may gain read-only access
--- /dev/null
+# Add this to the bottom of your /etc/gitweb.conf file.
+# When the web server can provide an authenticated remote_user, this function
+# will ensure that user sees only those git repositories for which they have
+# read permission according to {git_root}/.gitacls.
+
+$username = $cgi->remote_user;
+$export_auth_hook = sub {
+ chomp($root = `grep git_root /etc/repo_shell.conf 2>/dev/null`);
+ $root =~ s|^[^=]*=\s*(.*)$|\1|;
+ $root =~ s|^(.*)/$|\1|;
+ $_[0] =~ s|^$root/(.*)|\1|;
+ return `repo_shell -t "$username" "$_[0]"` =~ /r/;
+};