-1

I want to ask about how to configure access list on specific branch in git? I configured git to be accessed by http using DAV in apache. gitolite version is 1.9.1 operating system ubuntu 14.04/ thnx in advanced

apache2 configuration

<virtualhost *:80>
ServerName git.example.com
ErrorLog ${APACHE_LOG_DIR}/git_error.log
CustomLog ${APACHE_LOG_DIR}/git_access.log combined

SetEnv GIT_PROJECT_ROOT /home/git/repositories
SetEnv GIT_HTTP_EXPORT_ALL
SetEnv REMOTE_USER=$REDIRECT_REMOTE_USER
ScriptAlias /hgit/ /home/git/bin/gitolite-shell
SetEnv GIT_HTTP_BACKEND "/usr/lib/git-core/git-http-backend"


 <Location /hgit>
 Options +ExecCGI +FollowSymLinks +SymLinksIfOwnerMatch
    #AllowOverride All
 order allow,deny
 Allow from all

 AuthType Basic
 AuthName "git repository"
 AuthUserFile /etc/apache2/passwd.git 
 Require valid-user
 </Location>
 </virtualhost>
Community
  • 1
  • 1
Eman Mohamed
  • 39
  • 5

1 Answers1

0

gitolite version is not 1.9.1. It should be 3.6.4.
It is an authorization layer which allows access to git repo based on an authentication managed by a listened like Apache or sshd.

1.9.1 is the default version of git core on trusty (Ubuntu 14.04), which does not mean you can not upgrade it to a more recent version (currently 2.6.4)

You should not be using DAV on Apache for Git, not since 2011 and smart https.
You actually can call gitolite from Apache: it will call the git-http-backend script itself if the access is granted.

Finally, to configure the access list (against push) for a specific branch, see "Gitolite restrict access to branch".
Note that you can not restrict read access to a branch: if you can read (ie clone) a repo, you have access to all its branches.

Community
  • 1
  • 1
VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250
  • I can clone using http when i configured DAV but i can't configure gitolite to be compatible with http. please help me – Eman Mohamed Dec 22 '15 at 16:19
  • @EmanMohamed Don't use DAV: make you Apache call gitolite which will call git: http://stackoverflow.com/questions/14104759/how-to-set-up-git-server-without-ssh-auth/14105149#14105149 – VonC Dec 22 '15 at 16:23
  • I'm so sorry but I don't understand how to configure gitolite to use http credential.i followed steps in this link http://www.tikalk.com/devops/setup-git-gitweb-git-http-backend-smart-http-ubuntu-1204/ .please explain in more details how to configure it. thanks in advanced – Eman Mohamed Dec 23 '15 at 21:10
  • @EmanMohamed no configuration needed: gitolite looks for the environment variable `REMOTE_USER` set by Apache once Apache has done the authentication (https://github.com/sitaramc/gitolite/blob/24171564e63d4072b2eeeb3e4dad7d2b231b31ec/src/gitolite-shell#L78) – VonC Dec 23 '15 at 21:15
  • ScriptAliasMatch \ "(?x)^/(.*/(HEAD | \ info/refs | \ objects/(info/[^/]+ | \ [0-9a-f]{2}/[0-9a-f]{38} | \ pack/pack-[0-9a-f]{40}\.(pack|idx)) | \ git-(upload|receive)-pack))$" \ /usr/lib/git-core/git-http-backend/$1 SetEnv GIT_PROJECT_ROOT /home/git/repositories SetEnv GIT_HTTP_EXPORT_ALL SetEnv REMOTE_USER=$REDIRECT_REMOTE_USER scriptAlias /hgit/ /home/git/gitolite/src/gitolite-shell/ SetEnv GIT_HTTP_BACKEND "/usr/lib/git-core/git-http-backend" AuthType Digest AuthName "Shared Repo" AuthUserFile Require valid-user – Eman Mohamed Dec 24 '15 at 16:20
  • Can you edit your question and properly the Apache2 config in it? I am not able to easily read it from your comment alone. – VonC Dec 24 '15 at 16:31
  • please can you tell me what is the problem? – Eman Mohamed Dec 26 '15 at 01:23
  • @EmanMohamed You seem to be mixing two approaches (one using git directly, one calling gitolite when the url includes hgit). If you are calling gitolite, you don't need the all ScriptAliasMatch. And you need to have your bare repos in GIT_PROJECT_ROOT/repositories. – VonC Dec 26 '15 at 06:07
  • I edited the post again to add new configuration as you said but when try http://git.example.com/testing.git this error appear http://git.example.com/testing.git/' not found – Eman Mohamed Dec 27 '15 at 14:37
  • @EmanMohamed With your config, that would be http://git.example.com/hgit/testing.git – VonC Dec 27 '15 at 15:37
  • I tried git clone http://git.example.com/hgit/testing.git give the same result not found ? what is the problem ? – Eman Mohamed Dec 27 '15 at 15:50
  • @EmanMohamed double-check https://github.com/VonC/compileEverything/blob/3fb31b840b6d03e28125ffccb69122c07cd63837/apache/env.conf.tpl#L234-L270: that is the model I follow to clone while calling gitolite. – VonC Dec 27 '15 at 15:53
  • why do you use ssl ? I want use http not https ? please can you explain what is this mean REMOTE_USER=$REDIRECT_REMOTE_USER ScriptAlias /hgit/ /home/git/bin/gitolite-shell – Eman Mohamed Dec 27 '15 at 16:12
  • @EmanMohamed in your case, ignore any SSL directive (this is for https, in order to send the password through an encrypted connexion from point to point) – VonC Dec 27 '15 at 16:13
  • @EmanMohamed and I do not use REMOTE_USER=$REDIRECT_REMOTE_USER. – VonC Dec 27 '15 at 16:20
  • I am so sorry I ask alot but I need help can you tell me what do you substitute @h@ in each line ? i know it change but i need clear example and I want to ask if i need change owner /home/git/repositories from git user to www-date? thanks in advanced – Eman Mohamed Dec 27 '15 at 16:34
  • @EmanMohamed in your case: `/home/git`. My file is a template file with placeholder values. – VonC Dec 27 '15 at 16:35
  • @EmanMohamed no need for chown www-date: those are bare repos, managed by user git. – VonC Dec 27 '15 at 16:36