我想为所有人提供对我的 GIT 存储库的只读访问权限(即不需要用户名/密码),但需要身份验证才能写入。git-http-backend
手册页建议通过匹配位置来实现这一点^/git/.*/git-receive-pack$
。对于 Apache 2.x,它看起来像这样:
<LocationMatch "^/git/.*/git-receive-pack$">
AuthType Basic
AuthName "Git Access"
Require group committers
...
</LocationMatch>
现在,我正在使用 lighttpd,但翻译上述内容不会造成问题。只是我的访问日志表明上述内容无论如何都行不通。这是我执行以下命令时看到的内容git push
:
192.168.1.84 tracsrv.local - [06/Apr/2013:20:00:20 +0200] "GET /git/foo.git/info/refs?service=git-receive-pack HTTP/1.1" 403 5 "-" "git/1.8.2"
因此,看来我需要匹配查询字符串。对于 lighty,我尝试了以下方法:
$HTTP["querystring"] =~ "service=git-receive-pack" {
$HTTP["url"] =~ "^/git" {
cgi.assign = ( "" => "" )
setenv.add-environment = (
"GIT_PROJECT_ROOT" => "/srv/git",
"GIT_HTTP_EXPORT_ALL" => ""
)
auth.backend = "plain"
auth.backend.plain.userfile = "/srv/tracprjs/trac.plain"
auth.require = (
"/" => (
"method" => "basic",
"realm" => "trac",
"require" => "valid-user"
)
)
}
}
$HTTP["url"] =~ "^/git" {
cgi.assign = ( "" => "" )
setenv.add-environment = (
"GIT_PROJECT_ROOT" => "/srv/git",
"GIT_HTTP_EXPORT_ALL" => ""
)
}
不需要密码git fetch
,而需要密码git push
。但是,git push
实际上并没有成功。有什么关于如何实现这一点的指示吗?
答案1
在 git 邮件列表人员的帮助下,我找到了一个可行的配置:http://www.spinics.net/lists/git/msg203744.html