You are viewing a plain text version of this content. The canonical link for it is here.
Posted to infrastructure-issues@apache.org by "Paul Querna (JIRA)" <ji...@apache.org> on 2010/11/05 18:11:44 UTC
[jira] Created: (INFRA-3165) Config: HTTPD + git http backend
Config: HTTPD + git http backend
--------------------------------
Key: INFRA-3165
URL: https://issues.apache.org/jira/browse/INFRA-3165
Project: Infrastructure
Issue Type: New Feature
Security Level: public (Regular issues)
Components: Git
Reporter: Paul Querna
HTTPS Server setup. Configure Apache + LDAP + git-http-backend
<http://www.kernel.org/pub/software/scm/git/docs/git-http-backend.html>
Needs to allow anonymous checkout, auth only for pushes.
Auth at this level same configuration as SVN uses.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (INFRA-3165) Config: HTTPD + git http backend
Posted by "Joe Schaefer (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/INFRA-3165?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Joe Schaefer updated INFRA-3165:
--------------------------------
Priority: Trivial (was: Major)
> Config: HTTPD + git http backend
> --------------------------------
>
> Key: INFRA-3165
> URL: https://issues.apache.org/jira/browse/INFRA-3165
> Project: Infrastructure
> Issue Type: New Feature
> Security Level: public(Regular issues)
> Components: Git
> Reporter: Paul Querna
> Priority: Trivial
>
> HTTPS Server setup. Configure Apache + LDAP + git-http-backend
> <http://www.kernel.org/pub/software/scm/git/docs/git-http-backend.html>
> Needs to allow anonymous checkout, auth only for pushes.
> Auth at this level same configuration as SVN uses.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (INFRA-3165) Config: HTTPD + git http backend
Posted by "Paul Joseph Davis (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/INFRA-3165?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Paul Joseph Davis updated INFRA-3165:
-------------------------------------
Attachment: git.conf
Here's the apache configuration for Git.
A couple notes for anyone setting this up on FreeBSD:
* /usr/ports/devel/apr1 needs to be updated to include ldap support. This required a forced upgrade.
* apache22 needs to be updated to include mod_ldap and mod_authz_ldap
* /usr/ports/devel/git needs to be installed. As part of the install, it breaks www/neon29, when upgrading neon29, svn breaks, so that also requires reinstallation.
> Config: HTTPD + git http backend
> --------------------------------
>
> Key: INFRA-3165
> URL: https://issues.apache.org/jira/browse/INFRA-3165
> Project: Infrastructure
> Issue Type: New Feature
> Security Level: public(Regular issues)
> Components: Git
> Reporter: Paul Querna
> Priority: Trivial
> Attachments: git.conf
>
>
> HTTPS Server setup. Configure Apache + LDAP + git-http-backend
> <http://www.kernel.org/pub/software/scm/git/docs/git-http-backend.html>
> Needs to allow anonymous checkout, auth only for pushes.
> Auth at this level same configuration as SVN uses.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] [Commented] (INFRA-3165) Config: HTTPD + git http backend
Posted by "Paul Joseph Davis (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/INFRA-3165?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13114085#comment-13114085 ]
Paul Joseph Davis commented on INFRA-3165:
------------------------------------------
Linking this ticket to code for posterity:
The HTTPd configuration that's concerned with LDAP authentication:
https://git-wip-us.apache.org/repos/infra/asfgit-admin/blob/master/conf/httpd/git.conf
The code that gets a list of authorized committers from LDAP:
https://git-wip-us.apache.org/repos/infra/asfgit-admin/blob/master/asfgit/auth.py
This is slightly different than SVN. Authorization for Git is pulled directly from LDAP for each request instead of relying on a static file that's generated when LDAP or the template in SVN changes. There is a static file that is stored in the Git admin repo that can be used to add authorization for non-ldap entities (ie, build bots and other scripts).
The code that checks that the user pushing the update is authorized and that each commit being pushed was committed by an authorized committer for the project:
https://git-wip-us.apache.org/repos/infra/asfgit-admin/blob/master/asfgit/hooks/pre_receive.py
> Config: HTTPD + git http backend
> --------------------------------
>
> Key: INFRA-3165
> URL: https://issues.apache.org/jira/browse/INFRA-3165
> Project: Infrastructure
> Issue Type: New Feature
> Security Level: public(Regular issues)
> Components: Git
> Reporter: Paul Querna
> Priority: Trivial
> Attachments: git.conf
>
>
> HTTPS Server setup. Configure Apache + LDAP + git-http-backend
> <http://www.kernel.org/pub/software/scm/git/docs/git-http-backend.html>
> Needs to allow anonymous checkout, auth only for pushes.
> Auth at this level same configuration as SVN uses.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (INFRA-3165) Config: HTTPD + git http backend
Posted by "Paul Joseph Davis (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/INFRA-3165?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12966991#action_12966991 ]
Paul Joseph Davis commented on INFRA-3165:
------------------------------------------
Basic HTTP access for Git is now configured on http://tyr.zones.apache.org
Pushing with Git will require GIt >= 1.6.6. Cloning should be supported for older versions.
I've got things configured so that there's anonymous read access from http:// and read/write access on https://. The read/write access is validated against the LDAP servers which is not quite the same as the SVN auth that I found in the infrastructure repository.
I've pulled over the couchdb and httpd repositories from git.apache.org. If anyone wants to see other repositories up there as go through the various config bits let me know.
> Config: HTTPD + git http backend
> --------------------------------
>
> Key: INFRA-3165
> URL: https://issues.apache.org/jira/browse/INFRA-3165
> Project: Infrastructure
> Issue Type: New Feature
> Security Level: public(Regular issues)
> Components: Git
> Reporter: Paul Querna
> Priority: Trivial
>
> HTTPS Server setup. Configure Apache + LDAP + git-http-backend
> <http://www.kernel.org/pub/software/scm/git/docs/git-http-backend.html>
> Needs to allow anonymous checkout, auth only for pushes.
> Auth at this level same configuration as SVN uses.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (INFRA-3165) Config: HTTPD + git http backend
Posted by "Paul Joseph Davis (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/INFRA-3165?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Paul Joseph Davis updated INFRA-3165:
-------------------------------------
Attachment: git.conf
Updated version of the config file.
This includes the fancy AliasMatch directives so that httpd serves the static files directly.
I've also added support for gitweb.cgi which you can see at [1].
gitweb is installed into /usr/local/share/examples/git/gitweb/. As part of the setup I copied those over to /usr/local/www/tyr.zones.apache.org/ so they can be modified as necessary.
[1] http://tyr.zones.apache.org/git/
> Config: HTTPD + git http backend
> --------------------------------
>
> Key: INFRA-3165
> URL: https://issues.apache.org/jira/browse/INFRA-3165
> Project: Infrastructure
> Issue Type: New Feature
> Security Level: public(Regular issues)
> Components: Git
> Reporter: Paul Querna
> Priority: Trivial
> Attachments: git.conf
>
>
> HTTPS Server setup. Configure Apache + LDAP + git-http-backend
> <http://www.kernel.org/pub/software/scm/git/docs/git-http-backend.html>
> Needs to allow anonymous checkout, auth only for pushes.
> Auth at this level same configuration as SVN uses.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] [Closed] (INFRA-3165) Config: HTTPD + git http backend
Posted by "#asfinfra IRC Bot (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/INFRA-3165?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
#asfinfra IRC Bot closed INFRA-3165.
------------------------------------
> Config: HTTPD + git http backend
> --------------------------------
>
> Key: INFRA-3165
> URL: https://issues.apache.org/jira/browse/INFRA-3165
> Project: Infrastructure
> Issue Type: New Feature
> Security Level: public(Regular issues)
> Components: Git
> Reporter: Paul Querna
> Priority: Trivial
> Attachments: git.conf
>
>
> HTTPS Server setup. Configure Apache + LDAP + git-http-backend
> <http://www.kernel.org/pub/software/scm/git/docs/git-http-backend.html>
> Needs to allow anonymous checkout, auth only for pushes.
> Auth at this level same configuration as SVN uses.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (INFRA-3165) Config: HTTPD + git http backend
Posted by "Jukka Zitting (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/INFRA-3165?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12972299#action_12972299 ]
Jukka Zitting commented on INFRA-3165:
--------------------------------------
Can we keep the various config bits and scripts in svn at https://svn.apache.org/repos/infra/infrastructure/trunk/projects/git/, or do they need to be in a Git repository?
If I understood correctly, the current setup is managed in the asfgit-admin.git repository. I can browse it at http://tyr.zones.apache.org/git?p=asfgit-admin.git, but what's the URL for cloning the repository?
I'd like to start playing with the Oak lab I proposed earlier as a live test project that's managed natively in Git. How do I get started with this?
I believe I'll have a few spare moments to help set things up over the upcoming holidays. Can someone set me up with an account on tyr.zones and grant me enough karma to do something?
> Config: HTTPD + git http backend
> --------------------------------
>
> Key: INFRA-3165
> URL: https://issues.apache.org/jira/browse/INFRA-3165
> Project: Infrastructure
> Issue Type: New Feature
> Security Level: public(Regular issues)
> Components: Git
> Reporter: Paul Querna
> Priority: Trivial
> Attachments: git.conf
>
>
> HTTPS Server setup. Configure Apache + LDAP + git-http-backend
> <http://www.kernel.org/pub/software/scm/git/docs/git-http-backend.html>
> Needs to allow anonymous checkout, auth only for pushes.
> Auth at this level same configuration as SVN uses.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (INFRA-3165) Config: HTTPD + git http backend
Posted by "Paul Joseph Davis (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/INFRA-3165?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Paul Joseph Davis updated INFRA-3165:
-------------------------------------
Attachment: (was: git.conf)
> Config: HTTPD + git http backend
> --------------------------------
>
> Key: INFRA-3165
> URL: https://issues.apache.org/jira/browse/INFRA-3165
> Project: Infrastructure
> Issue Type: New Feature
> Security Level: public(Regular issues)
> Components: Git
> Reporter: Paul Querna
> Priority: Trivial
>
> HTTPS Server setup. Configure Apache + LDAP + git-http-backend
> <http://www.kernel.org/pub/software/scm/git/docs/git-http-backend.html>
> Needs to allow anonymous checkout, auth only for pushes.
> Auth at this level same configuration as SVN uses.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (INFRA-3165) Config: HTTPD + git http backend
Posted by "Paul Joseph Davis (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/INFRA-3165?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12966995#action_12966995 ]
Paul Joseph Davis commented on INFRA-3165:
------------------------------------------
Note to self, add the fancy regexp rule so that httpd serves static files directly as suggested by pquerna
> Config: HTTPD + git http backend
> --------------------------------
>
> Key: INFRA-3165
> URL: https://issues.apache.org/jira/browse/INFRA-3165
> Project: Infrastructure
> Issue Type: New Feature
> Security Level: public(Regular issues)
> Components: Git
> Reporter: Paul Querna
> Priority: Trivial
> Attachments: git.conf
>
>
> HTTPS Server setup. Configure Apache + LDAP + git-http-backend
> <http://www.kernel.org/pub/software/scm/git/docs/git-http-backend.html>
> Needs to allow anonymous checkout, auth only for pushes.
> Auth at this level same configuration as SVN uses.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (INFRA-3165) Config: HTTPD + git http backend
Posted by "Paul Joseph Davis (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/INFRA-3165?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12993243#comment-12993243 ]
Paul Joseph Davis commented on INFRA-3165:
------------------------------------------
Its not entirely impossible to keep this in SVN. When I started I just didn't have karma for committing to SVN so I just started it as a Git project on the host I was configuring. This also let me hook up a hook (bad phrase) so that committing to the repository updates quite a bit of configuration and running code (pretty much everything but the httpd config at this point).
You can clone anything from https://git-wip-us.apache.org/git/reponame.git for now. I have it on my todo list to revisit this url scheme to more closely match the current svn scheme of /repos/asf/projectname and so on.
I also haven't gotten to going through documenting creation of a new process as that would require me to start bugging people about adding ldap groups and so on. The amount of testing so far is pretty light. One of my goals is to create a thing that will log errors in my hooks as well as a tool that will allow me to replay those actions for testing.
If someone gives you an account on tyr.zones.a.o, there's nothing in place to prevent you from starting to add anything as you see fit.
> Config: HTTPD + git http backend
> --------------------------------
>
> Key: INFRA-3165
> URL: https://issues.apache.org/jira/browse/INFRA-3165
> Project: Infrastructure
> Issue Type: New Feature
> Security Level: public(Regular issues)
> Components: Git
> Reporter: Paul Querna
> Priority: Trivial
> Attachments: git.conf
>
>
> HTTPS Server setup. Configure Apache + LDAP + git-http-backend
> <http://www.kernel.org/pub/software/scm/git/docs/git-http-backend.html>
> Needs to allow anonymous checkout, auth only for pushes.
> Auth at this level same configuration as SVN uses.
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Resolved] (INFRA-3165) Config: HTTPD + git http backend
Posted by "Paul Joseph Davis (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/INFRA-3165?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Paul Joseph Davis resolved INFRA-3165.
--------------------------------------
Resolution: Fixed
I now have karma to resolve issues. My last comment points to the relevant implementation for this issue.
> Config: HTTPD + git http backend
> --------------------------------
>
> Key: INFRA-3165
> URL: https://issues.apache.org/jira/browse/INFRA-3165
> Project: Infrastructure
> Issue Type: New Feature
> Security Level: public(Regular issues)
> Components: Git
> Reporter: Paul Querna
> Priority: Trivial
> Attachments: git.conf
>
>
> HTTPS Server setup. Configure Apache + LDAP + git-http-backend
> <http://www.kernel.org/pub/software/scm/git/docs/git-http-backend.html>
> Needs to allow anonymous checkout, auth only for pushes.
> Auth at this level same configuration as SVN uses.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira