Re: REMOTE_USER value propagation through http push

[Jakub Narebski <jnareb@gmail.com>]

On Wed, 13 Apr 2011, Axel wrote:
> 
> > Could you explain in more detail _what_ behavior would you like to
> > see? Gitweb does display author and comitter (though in 'log' and
> > 'shortlog' only author is visible).
> > 
> 
> I understand well your explanations about git mechanisms.
> 
> Though git is decentralized, we still use a "central" repository on
> which gitweb is installed, mainly for pratical reasons (you may tell
> "then you don't need git!" :) ) because not only developers browse the
> commits history.

That is quite common in many workflows to have one "central" 
by-convention repository where everybody can view history and get 
latest version of a project.

Note however that there are other possible workflows than SVN-like
one where everybody publish to single "central" repository.  Quite 
common at least for open source project is workflow where one person 
(maintainer) is responsible for getting contributions from other 
developers (via pull, via email, etc.) and pushing them to this 
"central" repository.

I recommend reading chapters "Distributed Git" (for description of 
possible workflows) and "Git on the Server" (among others describing 
configuring access and logging) of free CC-BY-NC-SA  "Pro Git" book:

  http://progit.org/book/

> At this moment we use HTTP authentication more for tracing purposes
> (knowing who pushed data to the repo) than for allowing or not push
> access.  

I'm not sure if it is a best solution.  HTTP authentication is decoupled 
from git itself.  I don't know if you are using older "dumb" HTTP 
transport, or new "smart" HTTP transport (the latter requires git to be 
installed on server), but any git-aware transport can log updates to 
repository via hooks mechanism.

See for example "better logging" issue in Gitolite FAQ:

http://sitaramc.github.com/gitolite/doc/3-faq-tips-etc.html#_better_logging

Gitolite is one of tools to manage git repositories.
 
> If i m not wrong, the AUTHOR field displayed in gitweb comes from the
> git client configuration ($GIT_AUTHOR_NAME). 

Yes it does, though actually modern way is to put

  [user]
  	name  = Joe R. Hacker
  	email = J.Hacker@example.com

in $HOME/.gitconfigure file for user (client).
 
> I would go further : HTTP authentication (for in-house organisation
> of course, not internet-wide access) usefulness is unclear since the
> credentials do not pop up anywhere in git repository. We have to trust
> the client-side configuration. The way to know who pushed something is
> to browse Apache access.log and cross the date/time with the git log.    
> 
> What I'd like to see is that the push authentication credentials
> overwrite an eventually defined author name at the client side in
> order to be displayed while browsing git log.  

This is not possible, and I don't see that it would be changed.  
Changing credentials would require (because of SHA-1 based addressing) 
changing commits.  Note that one is usually pushing more than one 
commit at once with push.
 
What you can do is the REVERSE.  Check on push if committer info matches 
authentication credentials used for publishing, and refuse push if it 
is not true.  But that requires git-aware transport; I think Gitolite
can be configured to do that, and that update-paranoid hook example also
can do this.

> Even better, in the case of LDAP authentication (I m not sure if it
> would be possible for htaccess authentication), email and fullname
> could be extracted from LDAP directory, stored in environment
> variables by Apache, and given to git-http-backend (as is the
> REMOTE_USER variable).    

Because commits are created on client side, in client repository, you 
cannot trust committer and author stored in git commits.

If user.name is not set, and neither are GIT_AUTHOR_NAME / 
GIT_COMMITTER_NAME environmental variables, git tries to take name from 
login information.  I think operating system can be configured to take 
it from LDAP, but git itself doesn't do this -- but it could.
 
> Though I don't know if this request is relevant, I guess that if
> git-http-backend was looking for GIT_AUTHOR_NAME & GIT_AUTHOR_EMAIL
> environment variables that Apache could have defined, it could replace
> the client-side values defined. (Note that I absolutly don't know if
> it would be technically possible to overwrite those variables or even
> if their values are in the push payload).     

Nope, at the time of push commits are already created, and author and 
committer info are already set in stone, and not possible to change 
without rewriting commits.
 
HTH
-- 
Jakub Narebski
Poland