Hi all,
In order to allow concurrent SSH + HTTP(S) access to Git repositories,
I implemented a prototype using the MPM-ITK Apache2 module. It
basically runs git-http-backend as a CGI when inside a specific vhost,
under the identity of the user performing the request. So that means
that hooks and so on don't grant access to anything beyond what the user
would have through SSH, yet they can clone and push even from
restrictive networks. The authentication/authorization part is managed
by Apache with basic auth (userfile/groupfile) and a set of macros.
The patch (currently based on deb-packaging/debian/5.3 because that's
where I work) works, and allows both authenticated read-write access and
anonymous read-only access. It's not complete (in particular from the
packaging point of view), though.
On top of the possible performance penalty due to MPM-ITK, there's
another downside: since MPM-ITK performs HTTP authentication *after* the
setuid()/setgid(), the userfile needs to be readable, which exposes the
(encrypted) passwords. It may be possible to fix that, by doing the
authentication first (as the standard Apache user) then proxying the
request through an Unix socket to a different process that will perform
the setuid()/setgid() and then the Git command. I'll work on that in
the coming days.
In the meantime, please find attached the current version of the
patch. I welcome comments and suggestions.
Roland.
--
Roland Mas
Shyumiribirikku ga susunde imashyou ka ?
-- Le Schmilblick en japonais
diff --git a/src/debian/dsf-in/web-apache2.postinst b/src/debian/dsf-in/web-apache2.postinst
index e98cc07..55cebba 100644
--- a/src/debian/dsf-in/web-apache2.postinst
+++ b/src/debian/dsf-in/web-apache2.postinst
@@ -38,7 +38,7 @@ case "$1" in
ln -s /etc/ssl/private/ssl-cert-snakeoil.key @CONFIG_PATH@/ssl-cert.key
fi
- for i in secrets.inc vhost-list.inc vhost-main.inc vhost-projects.inc projects-in-mainvhost.inc vhost-scm.inc plugin-scmsvn.inc ; do
+ for i in secrets.inc vhost-list.inc vhost-main.inc vhost-projects.inc projects-in-mainvhost.inc vhost-scm.inc plugin-scmsvn.inc plugin-scmgit.inc ; do
if [ -e /etc/gforge/httpd.conf.d/$i ] ; then
sed -i -e s,/usr/share/gforge/src,/usr/share/gforge,g /etc/gforge/httpd.conf.d/$i
else
@@ -70,6 +70,8 @@ case "$1" in
DEBIAN_FRONTEND=noninteractive a2enmod alias || true
DEBIAN_FRONTEND=noninteractive a2enmod dir || true
DEBIAN_FRONTEND=noninteractive a2enmod cgi || true
+ DEBIAN_FRONTEND=noninteractive a2enmod authz_groupfile || true
+ DEBIAN_FRONTEND=noninteractive a2enmod macro || true
# Enable the @FORGENAME@ configuration
if [ -e /etc/apache2/conf.d/@oldpack...@.httpd.conf ] ; then
@@ -86,7 +88,7 @@ case "$1" in
fi
a2ensite @PACKAGE@.conf || a2ensite @PACKAGE@
fi
-
+
# Make Apache see these new changes
invoke-rc.d apache2 restart || true
;;
diff --git a/src/debian/patches/disable-dav b/src/debian/patches/disable-dav
index 030ada8..d317d2f 100644
--- a/src/debian/patches/disable-dav
+++ b/src/debian/patches/disable-dav
@@ -20,18 +20,13 @@ Index: src/plugins/scmgit/etc/scmgit.ini
===================================================================
--- src.orig/plugins/scmgit/etc/scmgit.ini
+++ src/plugins/scmgit/etc/scmgit.ini
-@@ -15,11 +15,9 @@
- scm_root = "scmrepos/git"
-
- ; this value is used when dav is set to yes. To reload httpd configuration
--httpd_reload_cmd = "service httpd reload"
--; debian specific :
--;httpd_reload_cmd = "service apache2 reload"
-+httpd_reload_cmd = "service apache2 reload"
+@@ -20,7 +20,7 @@
+ ;httpd_reload_cmd = "service apache2 reload"
; use_dav or use_ssh is exclusive. you cannot enable dav with ssh, or ssh with dav
-use_dav = yes
-use_ssh = no
+use_dav = no
+use_ssh = yes
+ use_smarthttp = yes
use_ssl = "$core/use_ssl"
diff --git a/src/debian/patches/upgrade-db-noninteractive b/src/debian/patches/upgrade-db-noninteractive
index 5aa6602..3af9bb5 100644
--- a/src/debian/patches/upgrade-db-noninteractive
+++ b/src/debian/patches/upgrade-db-noninteractive
@@ -2,7 +2,7 @@ Index: src/db/upgrade-db.php
===================================================================
--- src.orig/db/upgrade-db.php
+++ src/db/upgrade-db.php
-@@ -200,16 +200,7 @@
+@@ -212,16 +212,7 @@
if (!$res) {
show(db_error()."\n");
show("QUERY: $query\n");
diff --git a/src/etc/httpd.conf.d/05-config-macros-scmgit.conf b/src/etc/httpd.conf.d/05-config-macros-scmgit.conf
new file mode 100644
index 0000000..8d1c0ea
--- /dev/null
+++ b/src/etc/httpd.conf.d/05-config-macros-scmgit.conf
@@ -0,0 +1,31 @@
+<Macro ScmgitProjectWithAnon $project>
+<LocationMatch "^/git/$project/">
+ Require all granted
+</LocationMatch>
+
+<LocationMatch "^/authgit/[^/]+/$project/">
+ Require valid-user
+</LocationMatch>
+</Macro>
+
+<Macro ScmgitProjectWithoutAnon $project>
+<LocationMatch "^/authgit/[^/]+/$project/">
+ Require group scm_$project
+</LocationMatch>
+
+<LocationMatch "^/authgit/[^/]+/$project/.*/git-receive-pack$">
+ AuthMerging And
+ Require group scm_$project
+</LocationMatch>
+</Macro>
+
+<Macro ScmgitUser $user>
+<LocationMatch "^/authgit/$user/">
+ Require user $user
+</LocationMatch>
+
+<LocationMatch "^/authgit/[^/]/[^/]users/$user/git-receive-pack$">
+ AuthMerging And
+ Require user $user
+</LocationMatch>
+</Macro>
diff --git a/src/etc/httpd.conf.d/20-vhosts-scm.conf b/src/etc/httpd.conf.d/20-vhosts-scm.conf
new file mode 100644
index 0000000..93396e9
--- /dev/null
+++ b/src/etc/httpd.conf.d/20-vhosts-scm.conf
@@ -0,0 +1,19 @@
+#
+# Main host
+#
+
+# Used if you have a scm.$web_host domain
+# (serving SCM repos without the main web interface installed)
+
+<VirtualHost *:80>
+ Include {core/config_path}/httpd.conf.d/vhost-scm.inc
+ Include {core/config_path}/httpd.conf.d/block-trace.inc
+ Include {core/config_path}/httpd.conf.d/log.inc
+ Include {core/config_path}/httpd.conf.d/ssl-off.inc
+</VirtualHost>
+<VirtualHost *:443>
+ Include {core/config_path}/httpd.conf.d/vhost-scm.inc
+ Include {core/config_path}/httpd.conf.d/block-trace.inc
+ Include {core/config_path}/httpd.conf.d/log.inc
+ Include {core/config_path}/httpd.conf.d/ssl-on.inc
+</VirtualHost>
diff --git a/src/etc/httpd.conf.d/50-vhosts-scm.conf b/src/etc/httpd.conf.d/50-vhosts-scm.conf
deleted file mode 100644
index 93396e9..0000000
--- a/src/etc/httpd.conf.d/50-vhosts-scm.conf
+++ /dev/null
@@ -1,19 +0,0 @@
-#
-# Main host
-#
-
-# Used if you have a scm.$web_host domain
-# (serving SCM repos without the main web interface installed)
-
-<VirtualHost *:80>
- Include {core/config_path}/httpd.conf.d/vhost-scm.inc
- Include {core/config_path}/httpd.conf.d/block-trace.inc
- Include {core/config_path}/httpd.conf.d/log.inc
- Include {core/config_path}/httpd.conf.d/ssl-off.inc
-</VirtualHost>
-<VirtualHost *:443>
- Include {core/config_path}/httpd.conf.d/vhost-scm.inc
- Include {core/config_path}/httpd.conf.d/block-trace.inc
- Include {core/config_path}/httpd.conf.d/log.inc
- Include {core/config_path}/httpd.conf.d/ssl-on.inc
-</VirtualHost>
diff --git a/src/etc/httpd.conf.d/plugin-scmgit.inc b/src/etc/httpd.conf.d/plugin-scmgit.inc
index cde6424..7b406fd 100644
--- a/src/etc/httpd.conf.d/plugin-scmgit.inc
+++ b/src/etc/httpd.conf.d/plugin-scmgit.inc
@@ -1,3 +1,16 @@
<Directory {core/source_path}/plugins/scmgit/cgi-bin>
SetEnv GITWEB_CONFIG {core/config_path}/plugins/scmgit/gitweb.conf
</Directory>
+
+SetEnv GIT_PROJECT_ROOT {scmgit/repos_path}
+SetEnv GIT_HTTP_EXPORT_ALL
+
+ScriptAlias /git/ /usr/lib/git-core/git-http-backend/
+ScriptAliasMatch ^/authgit/[^/]+/(.*) /usr/lib/git-core/git-http-backend/$1
+
+<LocationMatch "^/authgit/">
+ AuthType Basic
+ AuthName "SCM for {core/forge_name}"
+ AuthUserFile {core/data_path}/scmgit-userfile
+ AuthGroupFile {core/data_path}/scmgit-groupfile
+</LocationMatch>
diff --git a/src/etc/httpd.conf.d/vhost-scm-plugin-scmgit.inc b/src/etc/httpd.conf.d/vhost-scm-plugin-scmgit.inc
new file mode 100644
index 0000000..0b81fc4
--- /dev/null
+++ b/src/etc/httpd.conf.d/vhost-scm-plugin-scmgit.inc
@@ -0,0 +1,2 @@
+SetEnvIf Request_URI ^/authgit/([^/]+)/ ITKUID=$1
+SetEnvIf Request_URI ^/authgit/([^/]+)/([^/]+)/ ITKGID=$2
diff --git a/src/etc/httpd.conf.d/vhost-scm.inc b/src/etc/httpd.conf.d/vhost-scm.inc
index 0d2064e..7d88c20 100644
--- a/src/etc/httpd.conf.d/vhost-scm.inc
+++ b/src/etc/httpd.conf.d/vhost-scm.inc
@@ -1,8 +1,18 @@
ServerName {core/scm_host}
+SetEnvIf Request_URI . ITKUID=www-data
+SetEnvIf Request_URI . ITKGID=www-data
+
<IfVersion >= 2.3>
IncludeOptional {core/config_path}/httpd.conf.d/plugin-scm*.inc
+ IncludeOptional {core/config_path}/httpd.conf.d/vhost-scm-plugin-scm*.inc
+ IncludeOptional {core/data_path}/scmgit-auth*.inc
</IfVersion>
<IfVersion < 2.3>
Include {core/config_path}/httpd.conf.d/plugin-scm*.inc
+ Include {core/config_path}/httpd.conf.d/vhost-scm-plugin-scm*.inc
+ Include {core/data_path}/scmgit-auth*.inc
</IfVersion>
+
+AssignUserIDExpr %{reqenv:ITKUID}
+AssignGroupIDExpr %{reqenv:ITKGID}
diff --git a/src/packaging/control/030web-apache2 b/src/packaging/control/030web-apache2
index e0916e2..cfa1397 100644
--- a/src/packaging/control/030web-apache2
+++ b/src/packaging/control/030web-apache2
@@ -1,6 +1,6 @@
Package: @OLDPACKAGE@-web-apache2
Architecture: all
-Depends: @OLDPACKAGE@-common, @OLDPACKAGE@-db-postgresql | @OLDPACKAGE@-db, libapache2-mod-php5, php5-cgi, php5-pgsql, php5-gd, perl, libdbi-perl, libdbd-pg-perl, debianutils (>= 1.7), debconf (>= 1.0.32) | debconf-2.0, ucf, cronolog, python, ssl-cert, libnusoap-php, libphp-simplepie, php-http, libjs-jquery, libjs-jquery-tipsy, libjs-jquery-ui, libjs-jquery-ui-theme-overcast, javascript-common, ${misc:Depends}
+Depends: @OLDPACKAGE@-common, @OLDPACKAGE@-db-postgresql | @OLDPACKAGE@-db, libapache2-mpm-itk | apache2-mpm-itk, libapache2-mod-php5, php5-cgi, php5-pgsql, php5-gd, perl, libdbi-perl, libdbd-pg-perl, debianutils (>= 1.7), debconf (>= 1.0.32) | debconf-2.0, ucf, cronolog, python, ssl-cert, libnusoap-php, libphp-simplepie, php-http, libjs-jquery, libjs-jquery-tipsy, libjs-jquery-ui, libjs-jquery-ui-theme-overcast, javascript-common, ${misc:Depends}
Recommends: locales | locales-all
Provides: @OLDPACKAGE@-web
Conflicts: @OLDPACKAGE@-web
diff --git a/src/plugins/scmgit/common/GitPlugin.class.php b/src/plugins/scmgit/common/GitPlugin.class.php
index 9572d80..5ba8aa3 100644
--- a/src/plugins/scmgit/common/GitPlugin.class.php
+++ b/src/plugins/scmgit/common/GitPlugin.class.php
@@ -97,6 +97,14 @@ class GitPlugin extends SCMPlugin {
for ($i=0; $i<$rows; $i++) {
$repo_list[] = db_result($result,$i,'repo_name');
}
+ $clone_commands = array();
+ foreach ($repo_list as $repo_name) {
+ $clone_commands[] = 'git clone '.util_make_url('/anonscm/git/'.$project->getUnixName().'/'.$repo_name.'.git');
+ if (forge_get_config('use_smarthttp', 'scmgit')) {
+ $protocol = forge_get_config('use_ssl', 'scmgit')? 'https' : 'http';
+ $clone_commands[] = 'git clone '.$protocol.'://'.forge_get_config('scm_host').'/git/'.$project->getUnixName().'/'.$repo_name.'.git';
+ }
+ }
$b = '<h2>' . ngettext('Anonymous Access to the Git repository',
'Anonymous Access to the Git repositories',
@@ -109,9 +117,9 @@ class GitPlugin extends SCMPlugin {
$b .= '</p>';
- foreach ($repo_list as $repo_name) {
+ foreach ($clone_commands as $cmd) {
$b .= '<p>';
- $b .= '<tt>git clone '.util_make_url('/anonscm/git/'.$project->getUnixName().'/'.$repo_name.'.git').'</tt><br />';
+ $b .= '<tt>'.$cmd.'</tt><br />';
$b .= '</p>';
}
@@ -157,12 +165,13 @@ class GitPlugin extends SCMPlugin {
$repo_list[] = db_result($result,$i,'repo_name');
}
+ $b = '';
if (session_loggedin()) {
$u = user_get_object(user_getid());
$d = $u->getUnixName();
if (forge_get_config('use_ssh', 'scmgit')) {
- $b = '<h2>';
- $b = ngettext('Developer Access to the Git repository via SSH',
+ $b .= '<h2>';
+ $b .= ngettext('Developer Access to the Git repository via SSH',
'Developer Access to the Git repositories via SSH',
count($repo_list));
$b .= '</h2>';
@@ -178,10 +187,29 @@ class GitPlugin extends SCMPlugin {
foreach ($repo_list as $repo_name) {
$b .= '<p><tt>git clone git+ssh://'.$d.'@' . $project->getSCMBox() . '/'. forge_get_config('repos_path', 'scmgit') .'/'. $project->getUnixName() .'/'. $repo_name .'.git</tt></p>';
}
- } elseif (forge_get_config('use_dav', 'scmgit')) {
+ }
+ if (forge_get_config('use_smarthttp', 'scmgit')) {
+ $b .= '<h2>';
+ $b .= ngettext('Developer Access to the Git repository via “smart HTTP”',
+ 'Developer Access to the Git repositories via “smart HTTP”',
+ count($repo_list));
+ $b .= '</h2>';
+ $b .= '<p>';
+ $b .= ngettext('Only project developers can access the Git repository via this method.',
+ 'Only project developers can access the Git repositories via this method.',
+ count($repo_list));
+ $b .= ' ';
+ $b .= _('Enter your site password when prompted.');
+ $b .= '</p>';
+ $protocol = forge_get_config('use_ssl', 'scmgit')? 'https' : 'http';
+ foreach ($repo_list as $repo_name) {
+ $b .= '<p><tt>git clone '.$protocol.'://'.$d.'@' . forge_get_config('scm_host').'/authgit/'.$d.'/'.$project->getUnixName() .'/'. $repo_name .'.git</tt></p>';
+ }
+ }
+ if (forge_get_config('use_dav', 'scmgit')) {
$protocol = forge_get_config('use_ssl', 'scmgit')? 'https' : 'http';
- $b = '<h2>';
- $b = ngettext('Developer Access to the Git repository via HTTP',
+ $b .= '<h2>';
+ $b .= ngettext('Developer Access to the Git repository via HTTP',
'Developer Access to the Git repositories via HTTP',
count($repo_list));
$b .= '</h2>';
@@ -217,9 +245,28 @@ class GitPlugin extends SCMPlugin {
foreach ($repo_list as $repo_name) {
$b .= '<p><tt>git clone git+ssh://<i>'._('developername').'</i>@' . $project->getSCMBox() . '/'. forge_get_config('repos_path', 'scmgit') .'/'. $project->getUnixName() .'/'. $repo_name .'.git</tt></p>';
}
- } elseif (forge_get_config('use_dav', 'scmgit')) {
- $protocol = forge_get_config('use_ssl', 'scmgit')? 'https' : 'http';
+ }
+ if (forge_get_config('use_smarthttp', 'scmgit')) {
$b = '<h2>';
+ $b = ngettext('Developer Access to the Git repository via “smart HTTP”',
+ 'Developer Access to the Git repositories via “smart HTTP”',
+ count($repo_list));
+ $b .= '</h2>';
+ $b .= '<p>';
+ $b .= ngettext('Only project developers can access the Git repository via this method.',
+ 'Only project developers can access the Git repositories via this method.',
+ count($repo_list));
+ $b .= ' ';
+ $b .= _('Enter your site password when prompted.');
+ $b .= '</p>';
+ $protocol = forge_get_config('use_ssl', 'scmgit')? 'https' : 'http';
+ foreach ($repo_list as $repo_name) {
+ $b .= '<p><tt>git clone '.$protocol.'://<i>'._('developername').'</i>@' . forge_get_config('scm_host').'/authgit/<i>'._('developername').'</i>/'.$project->getUnixName() .'/'. $repo_name .'.git</tt></p>';
+ }
+ }
+ if (forge_get_config('use_dav', 'scmgit')) {
+ $protocol = forge_get_config('use_ssl', 'scmgit')? 'https' : 'http';
+ $b .= '<h2>';
$b .= ngettext('Developer Access to the Git repository via HTTP',
'Developer Access to the Git repositories via HTTP',
count($repo_list));
@@ -237,8 +284,8 @@ class GitPlugin extends SCMPlugin {
}
}
- if (!isset($b)) {
- $b = '<h2>'._('Developer Git Access').'</h2>';
+ if ($b == '') {
+ $b .= '<h2>'._('Developer Git Access').'</h2>';
$b .= '<p class="error">Error: No access protocol has been allowed for the Git plugin in scmgit.ini: : use_ssh and use_dav are disabled</p>';
}
@@ -401,6 +448,7 @@ class GitPlugin extends SCMPlugin {
system("git clone --bare --quiet $main_repo $repodir");
system("chown -R $user_name $repodir");
system("GIT_DIR=\"$repodir\" git update-server-info");
+ system("GIT_DIR=\"$repodir\" git config http.receivepack true");
if (is_file("$repodir/hooks/post-update.sample")) {
rename("$repodir/hooks/post-update.sample",
"$repodir/hooks/post-update");
@@ -454,6 +502,7 @@ class GitPlugin extends SCMPlugin {
$output .= join("<br />", $result);
$result = '';
exec("GIT_DIR=\"$tmp_repo\" git update-server-info", $result);
+ exec("GIT_DIR=\"$tmp_repo\" git config http.receivepack true", $result);
$output .= join("<br />", $result);
if (is_file("$tmp_repo/hooks/post-update.sample")) {
rename("$tmp_repo/hooks/post-update.sample",
@@ -531,6 +580,7 @@ class GitPlugin extends SCMPlugin {
system("GIT_DIR=\"$repodir\" git init --quiet --bare --shared=group");
}
system("GIT_DIR=\"$repodir\" git update-server-info");
+ system("GIT_DIR=\"$repodir\" git config http.receivepack true");
if (is_file("$repodir/hooks/post-update.sample")) {
rename("$repodir/hooks/post-update.sample",
"$repodir/hooks/post-update");
@@ -628,26 +678,25 @@ class GitPlugin extends SCMPlugin {
mkdir($config_dir, 0755, true);
}
$fname = $config_dir . '/gitweb.conf';
- $config_f = fopen($fname.'.new', 'w');
+ $f = fopen($fname.'.new', 'w');
$rootdir = forge_get_config('repos_path', 'scmgit');
- fwrite($config_f, "\$projectroot = '$rootdir';\n");
- fwrite($config_f, "\$projects_list = '$config_dir/gitweb.list';\n");
- fwrite($config_f, "@git_base_url_list = ('". util_make_url('/anonscm/git') . "');\n");
- fwrite($config_f, "\$logo = '". util_make_url('/plugins/scmgit/git-logo.png') . "';\n");
- fwrite($config_f, "\$favicon = '". util_make_url('/plugins/scmgit/git-favicon.png')."';\n");
- fwrite($config_f, "\$stylesheet = '". util_make_url('/plugins/scmgit/gitweb.css')."';\n");
- fwrite($config_f, "\$javascript = '". util_make_url('/plugins/scmgit/gitweb.js')."';\n");
- fwrite($config_f, "\$prevent_xss = 'true';\n");
- fwrite($config_f, "\$feature{'actions'}{'default'} = [('project home', '" .
- util_make_url('/plugins/scmgit/?func=grouppage/%n') .
- "', 'summary')];\n");
- fclose($config_f);
+ fwrite($f, "\$projectroot = '$rootdir';\n");
+ fwrite($f, "\$projects_list = '$config_dir/gitweb.list';\n");
+ fwrite($f, "@git_base_url_list = ('". util_make_url('/anonscm/git') . "');\n");
+ fwrite($f, "\$logo = '". util_make_url('/plugins/scmgit/git-logo.png') . "';\n");
+ fwrite($f, "\$favicon = '". util_make_url('/plugins/scmgit/git-favicon.png')."';\n");
+ fwrite($f, "\$stylesheet = '". util_make_url('/plugins/scmgit/gitweb.css')."';\n");
+ fwrite($f, "\$javascript = '". util_make_url('/plugins/scmgit/gitweb.js')."';\n");
+ fwrite($f, "\$prevent_xss = 'true';\n");
+ fwrite($f, "\$feature{'actions'}{'default'} = [('project home', '" .
+ util_make_url('/plugins/scmgit/?func=grouppage/%n') .
+ "', 'summary')];\n");
+ fclose($f);
chmod($fname.'.new', 0644);
rename($fname.'.new', $fname);
$fname = $config_dir . '/gitweb.list';
$f = fopen($fname.'.new', 'w');
-
$engine = RBACEngine::getInstance();
foreach ($list as $project) {
$repos = $this->getRepositories($rootdir . "/" . $project->getUnixName());
@@ -670,6 +719,74 @@ class GitPlugin extends SCMPlugin {
fclose($f);
chmod($fname.'.new', 0644);
rename($fname.'.new', $fname);
+
+ if (forge_get_config('use_smarthttp', 'scmgit')) {
+ $gitusers = array();
+
+ $config_fname = forge_get_config('data_path').'/scmgit-auth.inc';
+ $config_f = fopen($config_fname.'.new', 'w');
+
+ $user_fname = forge_get_config('data_path').'/scmgit-userfile';
+ $user_f = fopen($user_fname.'.new', 'w');
+
+ $group_fname = forge_get_config('data_path').'/scmgit-groupfile';
+ $group_f = fopen($group_fname.'.new', 'w');
+
+ fwrite($config_f, '');
+
+ foreach ($groups as $project) {
+ if ( !$project->isActive()) {
+ continue;
+ }
+ if ( !$project->usesSCM()) {
+ continue;
+ }
+ $rusers = $engine->getUsersByAllowedAction('scm',$project->getID(),'read');
+ fwrite($group_f, $project->getUnixName().':');
+ foreach ($rusers as $user) {
+ $gitusers[$user->getID()] = $user;
+ fwrite($group_f, ' '.$user->getUnixName());
+ }
+ fwrite($group_f, "\n");
+
+ $wusers = $engine->getUsersByAllowedAction('scm',$project->getID(),'write');
+ fwrite($group_f, 'scm_'.$project->getUnixName().':');
+ foreach ($wusers as $user) {
+ fwrite($group_f, ' '.$user->getUnixName());
+ }
+ fwrite($group_f, "\n");
+
+
+ if ($project->enableAnonSCM()) {
+ fwrite($config_f, 'Use ScmgitProjectWithAnon '.$project->getUnixName().'
+');
+ } else {
+ fwrite($config_f, 'Use ScmgitProjectWithoutAnon '.$project->getUnixName().'
+');
+ }
+
+ fwrite($config_f, "\n");
+ }
+ $password_data = '';
+ foreach ($gitusers as $user) {
+ $password_data .= $user->getUnixName().':'.$user->getUnixPasswd()."\n";
+ fwrite($config_f, 'Use ScmgitUser '.$user->getUnixName().'
+');
+ }
+ fwrite($user_f, $password_data);
+
+ fclose($config_f);
+ chmod($config_fname.'.new', 0644);
+ rename($config_fname.'.new', $config_fname);
+
+ fclose($group_f);
+ chmod($group_fname.'.new', 0644);
+ rename($group_fname.'.new', $group_fname);
+
+ fclose($user_f);
+ chmod($user_fname.'.new', 0644);
+ rename($user_fname.'.new', $user_fname);
+ }
}
function getRepositories($path) {
diff --git a/src/plugins/scmgit/etc/scmgit.ini b/src/plugins/scmgit/etc/scmgit.ini
index 13db5cd..b27291f 100644
--- a/src/plugins/scmgit/etc/scmgit.ini
+++ b/src/plugins/scmgit/etc/scmgit.ini
@@ -22,4 +22,5 @@ httpd_reload_cmd = "service httpd reload"
; use_dav or use_ssh is exclusive. you cannot enable dav with ssh, or ssh with dav
use_dav = yes
use_ssh = no
+use_smarthttp = yes
use_ssl = "$core/use_ssl"
diff --git a/src/plugins/scmgit/packaging/control/133plugin-scmgit b/src/plugins/scmgit/packaging/control/133plugin-scmgit
index cf8a3c5..654f091 100644
--- a/src/plugins/scmgit/packaging/control/133plugin-scmgit
+++ b/src/plugins/scmgit/packaging/control/133plugin-scmgit
@@ -1,6 +1,6 @@
Package: @PACKAGE@-plugin-scmgit
Architecture: all
-Depends: @OLDPACKAGE@-common, @OLDPACKAGE@-db-postgresql | @OLDPACKAGE@-db, @OLDPACKAGE@-web-apache2 | @OLDPACKAGE@-web, @OLDPACKAGE@-shell-postgresql | @OLDPACKAGE@-shell, git (>= 1:1.7) | git-core, gitweb (>= 1:1.7.4.1), php5-cli, ${misc:Depends}
+Depends: @OLDPACKAGE@-common, @OLDPACKAGE@-db-postgresql | @OLDPACKAGE@-db, @OLDPACKAGE@-web-apache2 | @OLDPACKAGE@-web, @OLDPACKAGE@-shell-postgresql | @OLDPACKAGE@-shell, git (>= 1:1.7) | git-core, gitweb (>= 1:1.7.4.1), php5-cli, acl, ${misc:Depends}
Provides: @PACKAGE@-plugin-scm, @OLDPACKAGE@-plugin-scmgit
Conflicts: @OLDPACKAGE@-plugin-scmgit (<< 5.0.51-2)
Replaces: @OLDPACKAGE@-plugin-scmgit (<< 5.0.51-2)
diff --git a/src/plugins/scmsvn/packaging/control/131plugin-scmsvn b/src/plugins/scmsvn/packaging/control/131plugin-scmsvn
index 1f56f1e..18fa19b 100644
--- a/src/plugins/scmsvn/packaging/control/131plugin-scmsvn
+++ b/src/plugins/scmsvn/packaging/control/131plugin-scmsvn
@@ -1,6 +1,6 @@
Package: @PACKAGE@-plugin-scmsvn
Architecture: all
-Depends: @OLDPACKAGE@-common, @OLDPACKAGE@-db-postgresql | @OLDPACKAGE@-db, @OLDPACKAGE@-shell-postgresql | @OLDPACKAGE@-shell, subversion, subversion-tools, python-subversion, python (>= 2.3), php5-cli, openbsd-inetd | inet-superserver, update-inetd, ${misc:Depends}
+Depends: @OLDPACKAGE@-common, @OLDPACKAGE@-db-postgresql | @OLDPACKAGE@-db, @OLDPACKAGE@-shell-postgresql | @OLDPACKAGE@-shell, subversion, subversion-tools, python-subversion, python (>= 2.3), php5-cli, openbsd-inetd | inet-superserver, update-inetd, acl, ${misc:Depends}
Recommends: libapache2-svn, @OLDPACKAGE@-web-apache2 | @OLDPACKAGE@-web
Provides: @PACKAGE@-plugin-scm, @OLDPACKAGE@-plugin-scmsvn
Conflicts: @OLDPACKAGE@-plugin-scmsvn
_______________________________________________
Fusionforge-general mailing list
Fusionforge-general@lists.fusionforge.org
http://lists.fusionforge.org/cgi-bin/mailman/listinfo/fusionforge-general
