axel.ml@xxxxxxxxxxx writes:
> Jakub Narebski wrote:
> > Axel writes:
> >
> > > I set up a git server with HTTP authentication with Apache through
> > > LDAP (Debian Squeeze + Apache 2.2 + mod_authnz_ldap).
> > >
> > > I m using gitweb for browsing the repositories. At this moment, the
> > > commiter name appears to be the local user who called "git push".
The comitter name is local user who created a commit (as specified in
his/her configuration file, fallback to GECOS).
> > > The username used for HTTP authentication is not used as
> > > commiter name, though the REMOTE_USER environment variable is
> > > defined.
> > >
> > > After a quick look at http-backend.c it looks like the
> > > GIT_COMMITER_NAME variable should have been defined with the
> > > REMOTE_USER variable. Is this right ?
No, it isn't.
> > > In Apache access logs, the REMOTE_USER appears to be defined in the
> > > last request of the push :
> > >
> > > 127.0.1.1 - - [13/Apr/2011:11:45:08 +0200] "GET
> > > /git/sandbox/info/refs?service=git-receive-pack HTTP/1.1" 200 467 "-"
> > > "git/1.7.2.5"
> > > 127.0.1.1 - - [13/Apr/2011:11:45:08 +0200] "POST
> > > /git/sandbox/git-receive-pack HTTP/1.1" 401 618 "-" "git/1.7.2.5"
> > > 127.0.1.1 - ldapuser [13/Apr/2011:11:45:08 +0200] "POST
> > > /git/sandbox/git-receive-pack HTTP/1.1" 200 353 "-" "git/1.7.2.5"
> > >
> > > Is this behaviour expected ?
> >
> > I don't quite understand.
> >
> > With push over _any_ transport you transfer commits from your
> > repository to remote repository *without changing them*. Committer is
> > a person who created a commit, i.e. did "git commit" (or "git am", or
> > "git rebase", or "git merge").
> >
> > The only place where user who did "git push" can appear in is _reflogs_
> > (I don't know if it appears or not)... but gitweb doesn't show wny
> > reflog information. That of course can be improved...
> >
>
> Indeed I wrongly used the "commit" word. I'm switching from
> SVN/WebDAV, and the HTTP authentication name is usually used as the
> commiter name in the SVN repository. This name was informative only
> but useful when browsing repository and logs.
This is because Subversion is CENTRALIZED version control system:
creating a commit involves contacting central server that holds
repository. If you use HTTP(S) to contact this central server, then
of course HTTP authentication name will be used for "committer" name
(IIRC Subversion has only _author_ name, not separate author and
committer names like in Git[1]).
Git on the other hand is DISTRIBUTED version control system. Here the
act of creating a commit is decoupled from the act of publishing[2].
User creates commit in his/her local clone (copy) of repository, using
their local configuration, and then push to some distribution point
(depending on workflow).
For git-aware push transports (ssh, "smart" http, IIRC also file) you
can configure git via hook mechanism to check comitter and reject
pushes if there are commits that were not made by the person who is
doing the push. See e.g. update-paranoid in contrib/hooks/ area of
git.git repository, Gitosis and Gitolite git repository management
solutions.
[1] Author is usually the same as committer -- it can be different
if for example you are applying (with "git am") patch from somebody
else you got e.g. via email.
[2] Credentials used for authentication when pushing doesn't need to
have anything in comon with configured user identity.
>
> I would have enjoy to reproduce this behavior with git/http, since
> it's common (in our organisation at least) that the commiter is the
> pusher. In fact until today the authentication was almost only used
> as tracing commiters in logs and not really for security
> considerations.
>
> So I assume that it s cannot be done for the moment :)
> Thanks for your answer !
Could you explain in more detail _what_ behavior would you like to
see? Gitweb does display author and comitter (though in 'log' and
'shortlog' only author is visible).
--
Jakub Narebski
Poland
ShadeHawk on #git
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html