Few Questions

Few Questions

[Arya, Manish Kumar]

Hi,

   I am new to Git. Earlier I have configured svn with LDAP auth and svnwebclient.

I want to have following with Git

- LDAP and ssh authentication.

- checkin and checkout using web interface and ssh

- when ever someone checkin something then a email should be send to a email address (a mailing list)

please let me know how to do this with Git

-Manish 


      

Re: Few Questions

[Matthieu Moy]

"Arya, Manish Kumar" <m.arya@yahoo.com> writes:

> Hi,
>
>    I am new to Git. Earlier I have configured svn with LDAP auth and svnwebclient.
>
> I want to have following with Git
>
> - LDAP and ssh authentication.

AFAIK, there isn't any authentication mechanism built into Git.
Instead, Git relies on existing (proven, reliable, ...) mechanisms.
SSH authentication is what you get when accessing a repository with
e.g. git clone ssh://host.com/path/to/repo (either you have a full
ssh shell access on the server, or you can restrict the access with
git-shell to allow only basic git operations on the server).

There's probably a way to let your server use LDAP for authentication
when using SSH, but that's independant from Git (and I'm helpless
here).

> - checkin and checkout using web interface and ssh

Gitweb for the web interface. "checkin" and "checkout" have different
meanings depending on the tool, so I'm not sure I understand the
question correctly.

In Git, the equivalent of "checkout" for centralized VCS would be
"clone" (i.e. get a local working tree for a remote repository, but
Git also duplicates the history), see above, it works straigtforwardly
through SSH. I don't think you can do it from a web interface, but I
don't understand what would be the point in doing it.

> - when ever someone checkin something then a email should be send to
> a email address (a mailing list)

With a hook. You probably don't want to have this as the commit hook,
since the advantage of Git is to make "commit" a local, somehow
private operation, and to distinguish it from "push" (which somehow
means "publish", "show to the rest of the world"). So sending email
when some server receives the new revisions is sensible, this is the
post-receive hook.

These can help:

http://git.kernel.org/?p=git/git.git;a=blob;f=contrib/hooks/post-receive-email;h=28a3c0e46ecf9951f3f42a025a288a65c70e0424;hb=HEAD
http://source.winehq.org/git/tools.git/?a=blob;f=git-notify;hb=HEAD

-- 
Matthieu

Re: Few Questions

[Jakub Narebski]

"Arya, Manish Kumar" <m.arya@yahoo.com> writes:

> Hi,
> 
> I am new to Git. Earlier I have configured svn with LDAP auth and
> svnwebclient.
> 
> I want to have following with Git
> 
> - LDAP and ssh authentication.
> 

Instead of inventing (and failing) its own protocol and its own
authentication git uses established solutions for authentication: SSH
for "smart" server, and WebDAV for push via (currently only "dumb")
HTTPS protocol.

There exist solutions that help with setting up SSH for git:
git-shell, ssh_acl, and I think most commonly used Gitosis (see
seminal reference about Gitosis on http://git.or.cz/gitwiki/BlogPosts).

> - checkin and checkout using web interface and ssh
> 

Git is distributed version control system: checkin (named 'commit' in
git) and checkout are _local_ operations.  Fetch (getting new changes
from remote repository) and clone (creating new local repository
following or forking specified remote repository) can be done via
local filesystem, via git:// protocol, via "dumb" HTTP, and via SSH.
Push (sending changes to remote repository) needs autheticated
channel: most common used is SSH, but you can also use WebDAV with
HTTPS.

There are web interfaces for Git, something like SVN::Web or ViewVC,
like gitweb (in Perl, developed in git.git repository) and cgit (in C).
See also "Web interfaces" section on InterfacesFrontendsAndTools page
on git wiki.

> - when ever someone checkin something then a email should be send to
>   a email address (a mailing list)

If by 'checkin' you mean publishing changes to a server (i.e. push in
git terminology), see for example contrib/hooks/post-receive-email
hook.
 
> please let me know how to do this with Git

Please learn that Git is _different_ from Subversion, and not try to
follow your SVN workflow and expectations blindly.

-- 
Jakub Narebski
Poland
ShadeHawk on #git

Re: Few Questions

[Shawn O. Pearce]

Jakub Narebski <jnareb@gmail.com> wrote:
> "Arya, Manish Kumar" <m.arya@yahoo.com> writes:
> > 
> > I want to have following with Git
> > 
> > - LDAP and ssh authentication.
> > 
> 
> Instead of inventing (and failing) its own protocol and its own
> authentication git uses established solutions for authentication: SSH
> for "smart" server, and WebDAV for push via (currently only "dumb")
> HTTPS protocol.
> 
> There exist solutions that help with setting up SSH for git:
> git-shell, ssh_acl, and I think most commonly used Gitosis (see
> seminal reference about Gitosis on http://git.or.cz/gitwiki/BlogPosts).
 
Yup.  Gitosis is very popular for this.

At my last job I rolled my own Gitosis-lite, but in Perl, because
they are a Perl based shop.  It also uses the update-paranoid hook
for access controls, as its more flexible (and easier to confuse
the heck out of yourself) than Gitosis.  But if you can get along
with Gitosis, its a good choice.  Unfortunately its authentication
is limited to public keys registered in the authorized keys file
of the "git" user.

<plug type="not-quite-ready-but-will-be-soon">

Gerrit2 is also likely to enter this "market" soon.  I'm trying to
get it production ready and live for one major project before the
end of this month.  It embeds its own SSH daemon on a non-standard
port, completely disconnected from the OS authentication.  This may
make it slightly more palatable in some enviroments then Gitosis,
as you don't need a huge authorized_keys file, and you don't have
to worry quite so much about attack vectors.

Unlike with Gitosis, public key management is placed on end-users
by using web authentication to identify the user, and letting the
user manage their own "authorized key list".  It also has a full
blown web based code review system built in.  Which right now a
project must use if it is hosted by Gerrit2.  :-)

</plug>

-- 
Shawn.

Re: Few Questions

[R. Tyler Ballance]

On Tue, 2009-01-20 at 08:04 -0800, Shawn O. Pearce wrote:
> <plug type="not-quite-ready-but-will-be-soon">
> 
> Gerrit2 is also likely to enter this "market" soon.  I'm trying to
> get it production ready and live for one major project before the
> end of this month.  It embeds its own SSH daemon on a non-standard
> port, completely disconnected from the OS authentication.  This may
> make it slightly more palatable in some enviroments then Gitosis,
> as you don't need a huge authorized_keys file, and you don't have
> to worry quite so much about attack vectors.

> </plug>
> 

<plug type="not-really-existent-yet-but-gee-golly-i-wish-it-were"
variant="mildly-offtopic" unnecessary:attribute="is-unnecessary">

I talked with Chris Wanstrath (defunkt) of Git Hub once upon a time
about them open sourcing their additions onto the openSSH sshd(8) to
work public key lookup into a MySQL database instead of simply reading a
flat file. 

It'd be nice to add some peer pressure to get them to release it
already ;)

</plug>

I read your thread(s) on groups.google.com regarding Gerrit2 and it
seems quite promising as well. Looking forward to it being ready ;)

Cheers
-- 
-R. Tyler Ballance
Slide, Inc.