mirror of
https://github.com/git/git.git
synced 2024-11-16 14:04:52 +01:00
0ea47f9d33
The "--signed" option received by "git push" is first passed to the transport layer, which the native transport directly uses to notice that a push certificate needs to be sent. When the transport-helper is involved, however, the option needs to be told to the helper with set_helper_option(), and the helper needs to take necessary action. For the smart-HTTP helper, the "necessary action" involves spawning the "git send-pack" subprocess with the "--signed" option. Once the above all gets wired in, the smart-HTTP transport now can use the push certificate mechanism to authenticate its pushes. Add a test that is modeled after tests for the native transport in t5534-push-signed.sh to t5541-http-push-smart.sh. Update the test Apache configuration to pass GNUPGHOME environment variable through. As PassEnv would trigger warnings for an environment variable that is not set, export it from test-lib.sh set to a harmless value when GnuPG is not being used in the tests. Note that the added test is deliberately loose and does not check the nonce in this step. This is because the stateless RPC mode is inevitably flaky and a nonce that comes back in the actual push processing is one issued by a different process; if the two interactions with the server crossed a second boundary, the nonces will not match and such a check will fail. A later patch in the series will work around this shortcoming. Signed-off-by: Junio C Hamano <gitster@pobox.com>
189 lines
4.5 KiB
ApacheConf
189 lines
4.5 KiB
ApacheConf
ServerName dummy
|
|
PidFile httpd.pid
|
|
DocumentRoot www
|
|
LogFormat "%h %l %u %t \"%r\" %>s %b" common
|
|
CustomLog access.log common
|
|
ErrorLog error.log
|
|
<IfModule !mod_log_config.c>
|
|
LoadModule log_config_module modules/mod_log_config.so
|
|
</IfModule>
|
|
<IfModule !mod_alias.c>
|
|
LoadModule alias_module modules/mod_alias.so
|
|
</IfModule>
|
|
<IfModule !mod_cgi.c>
|
|
LoadModule cgi_module modules/mod_cgi.so
|
|
</IfModule>
|
|
<IfModule !mod_env.c>
|
|
LoadModule env_module modules/mod_env.so
|
|
</IfModule>
|
|
<IfModule !mod_rewrite.c>
|
|
LoadModule rewrite_module modules/mod_rewrite.so
|
|
</IFModule>
|
|
<IfModule !mod_version.c>
|
|
LoadModule version_module modules/mod_version.so
|
|
</IfModule>
|
|
<IfModule !mod_headers.c>
|
|
LoadModule headers_module modules/mod_headers.so
|
|
</IfModule>
|
|
|
|
<IfVersion < 2.4>
|
|
LockFile accept.lock
|
|
</IfVersion>
|
|
|
|
<IfVersion < 2.1>
|
|
<IfModule !mod_auth.c>
|
|
LoadModule auth_module modules/mod_auth.so
|
|
</IfModule>
|
|
</IfVersion>
|
|
|
|
<IfVersion >= 2.1>
|
|
<IfModule !mod_auth_basic.c>
|
|
LoadModule auth_basic_module modules/mod_auth_basic.so
|
|
</IfModule>
|
|
<IfModule !mod_authn_file.c>
|
|
LoadModule authn_file_module modules/mod_authn_file.so
|
|
</IfModule>
|
|
<IfModule !mod_authz_user.c>
|
|
LoadModule authz_user_module modules/mod_authz_user.so
|
|
</IfModule>
|
|
<IfModule !mod_authz_host.c>
|
|
LoadModule authz_host_module modules/mod_authz_host.so
|
|
</IfModule>
|
|
</IfVersion>
|
|
|
|
<IfVersion >= 2.4>
|
|
<IfModule !mod_authn_core.c>
|
|
LoadModule authn_core_module modules/mod_authn_core.so
|
|
</IfModule>
|
|
<IfModule !mod_authz_core.c>
|
|
LoadModule authz_core_module modules/mod_authz_core.so
|
|
</IfModule>
|
|
<IfModule !mod_access_compat.c>
|
|
LoadModule access_compat_module modules/mod_access_compat.so
|
|
</IfModule>
|
|
<IfModule !mod_mpm_prefork.c>
|
|
LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
|
|
</IfModule>
|
|
</IfVersion>
|
|
|
|
PassEnv GIT_VALGRIND
|
|
PassEnv GIT_VALGRIND_OPTIONS
|
|
PassEnv GNUPGHOME
|
|
|
|
Alias /dumb/ www/
|
|
Alias /auth/dumb/ www/auth/dumb/
|
|
|
|
<LocationMatch /smart/>
|
|
SetEnv GIT_EXEC_PATH ${GIT_EXEC_PATH}
|
|
SetEnv GIT_HTTP_EXPORT_ALL
|
|
</LocationMatch>
|
|
<LocationMatch /smart_noexport/>
|
|
SetEnv GIT_EXEC_PATH ${GIT_EXEC_PATH}
|
|
</LocationMatch>
|
|
<LocationMatch /smart_custom_env/>
|
|
SetEnv GIT_EXEC_PATH ${GIT_EXEC_PATH}
|
|
SetEnv GIT_HTTP_EXPORT_ALL
|
|
SetEnv GIT_COMMITTER_NAME "Custom User"
|
|
SetEnv GIT_COMMITTER_EMAIL custom@example.com
|
|
</LocationMatch>
|
|
<LocationMatch /smart_namespace/>
|
|
SetEnv GIT_EXEC_PATH ${GIT_EXEC_PATH}
|
|
SetEnv GIT_HTTP_EXPORT_ALL
|
|
SetEnv GIT_NAMESPACE ns
|
|
</LocationMatch>
|
|
<LocationMatch /smart_cookies/>
|
|
SetEnv GIT_EXEC_PATH ${GIT_EXEC_PATH}
|
|
SetEnv GIT_HTTP_EXPORT_ALL
|
|
Header set Set-Cookie name=value
|
|
</LocationMatch>
|
|
ScriptAliasMatch /smart_*[^/]*/(.*) ${GIT_EXEC_PATH}/git-http-backend/$1
|
|
ScriptAlias /broken_smart/ broken-smart-http.sh/
|
|
ScriptAlias /error/ error.sh/
|
|
<Directory ${GIT_EXEC_PATH}>
|
|
Options FollowSymlinks
|
|
</Directory>
|
|
<Files broken-smart-http.sh>
|
|
Options ExecCGI
|
|
</Files>
|
|
<Files error.sh>
|
|
Options ExecCGI
|
|
</Files>
|
|
<Files ${GIT_EXEC_PATH}/git-http-backend>
|
|
Options ExecCGI
|
|
</Files>
|
|
|
|
RewriteEngine on
|
|
RewriteRule ^/smart-redir-perm/(.*)$ /smart/$1 [R=301]
|
|
RewriteRule ^/smart-redir-temp/(.*)$ /smart/$1 [R=302]
|
|
RewriteRule ^/smart-redir-auth/(.*)$ /auth/smart/$1 [R=301]
|
|
RewriteRule ^/smart-redir-limited/(.*)/info/refs$ /smart/$1/info/refs [R=301]
|
|
|
|
<IfDefine SSL>
|
|
LoadModule ssl_module modules/mod_ssl.so
|
|
|
|
SSLCertificateFile httpd.pem
|
|
SSLCertificateKeyFile httpd.pem
|
|
SSLRandomSeed startup file:/dev/urandom 512
|
|
SSLRandomSeed connect file:/dev/urandom 512
|
|
SSLSessionCache none
|
|
SSLMutex file:ssl_mutex
|
|
SSLEngine On
|
|
</IfDefine>
|
|
|
|
<Location /auth/>
|
|
AuthType Basic
|
|
AuthName "git-auth"
|
|
AuthUserFile passwd
|
|
Require valid-user
|
|
</Location>
|
|
|
|
<LocationMatch "^/auth-push/.*/git-receive-pack$">
|
|
AuthType Basic
|
|
AuthName "git-auth"
|
|
AuthUserFile passwd
|
|
Require valid-user
|
|
</LocationMatch>
|
|
|
|
<LocationMatch "^/auth-fetch/.*/git-upload-pack$">
|
|
AuthType Basic
|
|
AuthName "git-auth"
|
|
AuthUserFile passwd
|
|
Require valid-user
|
|
</LocationMatch>
|
|
|
|
RewriteCond %{QUERY_STRING} service=git-receive-pack [OR]
|
|
RewriteCond %{REQUEST_URI} /git-receive-pack$
|
|
RewriteRule ^/half-auth-complete/ - [E=AUTHREQUIRED:yes]
|
|
|
|
<Location /half-auth-complete/>
|
|
Order Deny,Allow
|
|
Deny from env=AUTHREQUIRED
|
|
|
|
AuthType Basic
|
|
AuthName "Git Access"
|
|
AuthUserFile passwd
|
|
Require valid-user
|
|
Satisfy Any
|
|
</Location>
|
|
|
|
<IfDefine DAV>
|
|
LoadModule dav_module modules/mod_dav.so
|
|
LoadModule dav_fs_module modules/mod_dav_fs.so
|
|
|
|
DAVLockDB DAVLock
|
|
<Location /dumb/>
|
|
Dav on
|
|
</Location>
|
|
<Location /auth/dumb>
|
|
Dav on
|
|
</Location>
|
|
</IfDefine>
|
|
|
|
<IfDefine SVN>
|
|
LoadModule dav_svn_module modules/mod_dav_svn.so
|
|
|
|
<Location /svn>
|
|
DAV svn
|
|
SVNPath svnrepo
|
|
</Location>
|
|
</IfDefine>
|