From: R. Steve McKown Date: Tue, 4 Dec 2012 20:59:34 +0000 (-0700) Subject: Some documentation on gitweb integration X-Git-Tag: 0.8~2 X-Git-Url: https://oss.titaniummirror.com/gitweb?p=repo_shell.git;a=commitdiff_plain;h=bdafb792fd13b19c198cfd97908fde9b6dc5c29d Some documentation on gitweb integration --- diff --git a/README b/README index 22c7c90..a604542 100644 --- a/README +++ b/README @@ -181,6 +181,23 @@ examples: git clone server:my_repository.git git clone server:mirrors/tinyos/tinyos-main.git += Repository access for gitweb + +The following steps can allow gitweb to filter the available repositories +according to the authenticated user and the contents of the .gitacl file. + +- The web server must require authorization and a valid user for URI's starting + with /gitweb. Recommend using a PAM module, since repo_shell also works of + the system user credentials. +- The web server needs to pass the REMOTE_USER environment variable to + gitweb.cgi. +- The contents of the file gitweb.conf.addon must be added to the server's + gitweb.conf file, usually found in /etc. + +The contents of gitweb.conf.addon essentially define an $export_auth_hook that +uses repo_shell's test mode to validate read access for the web server +authenticated user for each repository gitweb can see. + = Repository access for other applications Local system applications, such as web based viewers, may gain read-only access diff --git a/gitweb.conf.addon b/gitweb.conf.addon new file mode 100644 index 0000000..f517d9e --- /dev/null +++ b/gitweb.conf.addon @@ -0,0 +1,13 @@ +# Add this to the bottom of your /etc/gitweb.conf file. +# When the web server can provide an authenticated remote_user, this function +# will ensure that user sees only those git repositories for which they have +# read permission according to {git_root}/.gitacls. + +$username = $cgi->remote_user; +$export_auth_hook = sub { + chomp($root = `grep git_root /etc/repo_shell.conf 2>/dev/null`); + $root =~ s|^[^=]*=\s*(.*)$|\1|; + $root =~ s|^(.*)/$|\1|; + $_[0] =~ s|^$root/(.*)|\1|; + return `repo_shell -t "$username" "$_[0]"` =~ /r/; +};