git-cvsserver pserver username propagation

Question

For some specific workflow issues at my company, I need to allow some users work with CVS, while main repository is under git.

I've chosen git-cvsserver as implementation for this task.

I set up git repository, enabled it for gitcvs and setup a pserver simulation on xinetd. Everything works fine, I can work with this repository from cvs client, authenticating against passwd file I created through pserver emulation.

My problem is that commits that I make through CVS are shown under user who runs xinetd, not under user I authenticate against passwd.

i.e. I commit to CVS as user 'foo', I successfully authenticate through pserver, but when I look at git history of commits for this repo, i see that commit has been made by user 'root'.

I looked through source of git-cvsserver (http://git.kernel.org/?p=git/git.git;a=blob;f=git-cvsserver.perl) and it seems that CVS login is used only for authentication, not for actual committing. Records in SQLite database contain 'root' username too, not 'foo'

Do you have any ideas how I can propagate CVS login to git username?

xref at git mailing list: http://thread.gmane.org/gmane.comp.version-control.git/169182

Answer 1

I have no specific experience with it, but git-cvsserver almost certainly invokes git-commit to do the actual work. You can get git-commit to use anything you want for the author and committer by setting environment variables like GIT_COMMITTER_EMAIL and GIT_AUTHOR_EMAIL (also ..._NAME and ..._DATE and ..._IDENT). If you have the authentication information available you could simply set it in $ENV before the actual commit. If git-cvsserver doesn't clean its environment you could actually set those from the authentication information in a wrapper before invoking it (just in case of any commit).

Answer 2

Before propagating the login, as shown in Ben Jackson's answer, with GIT_COMMITTER_NAME/EMAIL environment variables, make sure the authentication step did run properly.

Before Git 2.34 (Q4 2021), "git cvsserver"^(man) had a long-standing bug in its authentication code, which has finally been corrected (it is unclear and is a separate question if anybody is seriously using it, though).

See commit 4b81f69, commit bffcb4d, commit a7775c7 (15 Sep 2021) by Carlo Marcelo Arenas Belón (carenas).
^{(Merged by Junio C Hamano -- gitster -- in commit 1030dae, 03 Oct 2021)}

git-cvsserver: use crypt correctly to compare password hashes

^{Signed-off-by: Carlo Marcelo Arenas Belón}

c057bad ("git-cvsserver: use a password file cvsserver pserver", 2010-05-15, Git v1.7.2-rc0 -- merge) adds a way for git cvsserver^(man) to provide authenticated pserver accounts without having clear text passwords, but uses the username instead of the password to the call for crypt(3).

Correct that, and make sure the documentation correctly indicates how to obtain hashed passwords that could be used to populate this configuration, as well as correcting the hash that was used for the tests.

This change will require that any user of this feature updates the hashes in their configuration, but has the advantage of using a more similar format than cvs uses, probably also easing any migration.

git cvsserver now includes in its man page:

files, but only with the -d option (or -B if your system supports it).

git cvsserver now includes in its man page:

Preferably use the system specific utility that manages password hash creation in your platform (e.g. mkpasswd in Linux, encrypt in OpenBSD or pwhash in NetBSD) and paste it in the right location.