Some documentation on gitweb integration

diff --git a/README b/README
index 22c7c903c6126751979696720c68a1f97d2edf35..a6045429a50f923d00617843e30e50bb242cad2b 100644 (file)
--- a/README
+++ b/README
@@ -181,6 +181,23 @@ examples:
     git clone server:my_repository.git
     git clone server:mirrors/tinyos/tinyos-main.git
 
+= Repository access for gitweb
+
+The following steps can allow gitweb to filter the available repositories
+according to the authenticated user and the contents of the .gitacl file.
+
+- The web server must require authorization and a valid user for URI's starting
+  with /gitweb.  Recommend using a PAM module, since repo_shell also works of
+  the system user credentials.
+- The web server needs to pass the REMOTE_USER environment variable to
+  gitweb.cgi.
+- The contents of the file gitweb.conf.addon must be added to the server's
+  gitweb.conf file, usually found in /etc.
+
+The contents of gitweb.conf.addon essentially define an $export_auth_hook that
+uses repo_shell's test mode to validate read access for the web server
+authenticated user for each repository gitweb can see.
+
 = Repository access for other applications
 
 Local system applications, such as web based viewers, may gain read-only access

diff --git a/gitweb.conf.addon b/gitweb.conf.addon
new file mode 100644 (file)
index 0000000..f517d9e
--- /dev/null
+++ b/gitweb.conf.addon
@@ -0,0 +1,13 @@
+# Add this to the bottom of your /etc/gitweb.conf file.
+# When the web server can provide an authenticated remote_user, this function
+# will ensure that user sees only those git repositories for which they have
+# read permission according to {git_root}/.gitacls.
+
+$username = $cgi->remote_user;
+$export_auth_hook = sub {
+    chomp($root = `grep git_root /etc/repo_shell.conf 2>/dev/null`);
+    $root =~ s|^[^=]*=\s*(.*)$|\1|;
+    $root =~ s|^(.*)/$|\1|;
+    $_[0] =~ s|^$root/(.*)|\1|;
+    return `repo_shell -t "$username" "$_[0]"` =~ /r/;
+};