Patch #4905

Redmine.pm: add support for Git's smart HTTP protocol

Added by Antonio García-Domínguez over 4 years ago. Updated over 1 year ago.

Status:ClosedStart date:2010-02-23
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:SCM extra
Target version:2.1.0

Description

After much hair pulling, I found out why the default access handler in Redmine wasn't working for Git's new smart HTTP protocol .

Since it normally works with DAV, it tells apart read-only queries by their HTTP method. However, that doesn't work for Git's smart HTTP protocol, as it will use POST even for a simple clone. Instead, read-only queries must be detected using their full, unparsed URL: anything that doesn't belong to the git-receive-pack service is read-only.

This patch adds a new Apache directive to the access handler called RedmineGitSmartHttp, which enables this new mode of operation. Usage instructions are included in the patch.

I'm not sure if this is the best approach, though. Does anyone know of a better way to integrate the Git smart HTTP protocol with Redmine? I've seen plugins which integrate the SSH part in a Github-like fashion, but I can't use SSH over the firewall at $DAYJOB.

0001-Redmine.pm-add-Git-smart-HTTP-support.patch Magnifier (4.02 KB) Antonio García-Domínguez, 2010-02-23 13:36

0001-Redmine.pm-add-Git-smart-HTTP-support-v2.patch Magnifier (4.1 KB) Antonio García-Domínguez, 2010-02-24 17:59

0001-Redmine.pm-add-Git-smart-HTTP-support.patch Magnifier (5.13 KB) Antonio García-Domínguez, 2010-02-25 10:07

0001-Redmine.pm-add-Git-smart-HTTP-support-v4.patch Magnifier - Fixed wrong hunk headers (5.13 KB) Antonio García-Domínguez, 2010-03-04 11:11

0001-Redmine.pm-add-Git-smart-HTTP-support-r3840.patch Magnifier (4.92 KB) Felix Schäfer, 2010-07-13 18:31

0001-Redmine.pm-add-Git-smart-HTTP-support-redmine0.9.6.patch Magnifier - Updated patch for Redmine 0.9.6 (r3839) (5.68 KB) Antonio García-Domínguez, 2010-07-19 21:55

0001-Redmine.pm-add-Git-smart-HTTP-support-simplified.patch Magnifier - Patch with simplified path checking which does not require explicit configuration of the URL prefix for the Git repositories (5.66 KB) Antonio García-Domínguez, 2010-07-19 22:47

0001-Redmine.pm-add-Git-smart-HTTP-support-use-location.patch Magnifier - Patch which uses the path in the <Location> block as the prefix for all regexps (5.82 KB) Antonio García-Domínguez, 2010-07-19 23:55

0001-Redmine.pm-add-Git-smart-HTTP-support.patch Magnifier - Revised patch with a better regexp which allows for trailing slashes in Location block and is stricter on the service URLs (6.42 KB) Antonio García-Domínguez, 2010-07-20 10:03

LeeF-Redmine.pm.patch Magnifier - Allow repositories to end in ".git" (5.96 KB) Lee Fay, 2011-01-04 05:52

0001-merged-LeeF-s-patch-with-Michael-Fox-s-security-fix.patch Magnifier - Patch with LeeF's fix for allowing repositories to append .git after the project ID and Michael Fox's security fix (6.57 KB) Antonio García-Domínguez, 2011-03-31 12:39

0001-merged-LeeF-s-patch-with-Michael-Fox-s-security-fix-redminetrunk.patch Magnifier (6.02 KB) Ве Fio, 2011-05-13 00:16

0001-Redmine.pm-update-patch-4905-to-Redmine-1.3.0.patch Magnifier - Updated patch for Redmine 1.3.0 (5.35 KB) Antonio García-Domínguez, 2011-12-22 16:14

log - Apache log file - debug mode (39.3 KB) Miloš Kozák, 2011-12-23 19:02

0001-Redmine.pm-update-patch-4905-to-Redmine-1.3.0-fixed.patch Magnifier - Fixed patch for Redmine 1.3.0 (5.35 KB) Antonio García-Domínguez, 2011-12-28 12:57

Redmine.pm-update-patch-4905-to-Redmine-1.4.0.patch Magnifier (5.25 KB) Antonio García-Domínguez, 2012-04-17 11:40

Redmine.pm-update-patch-4905-to-Redmine-1.4.1-support-multiscm.patch Magnifier (5.56 KB) Takashi Okamoto, 2012-04-27 18:27

Redmine.pm-update-patch-4905-to-Redmine-1.4.1-support-multiscm-2.patch Magnifier (5.59 KB) Takashi Okamoto, 2012-04-28 00:30

trunk-r9557-strip-dot-git.diff Magnifier (7.29 KB) Toshi MARUYAMA, 2012-04-28 03:40

repository_git_test.rb Magnifier (7.22 KB) Lluís Vilanova, 2012-06-12 22:38

2.0-stable.diff Magnifier (8.93 KB) Toshi MARUYAMA, 2012-07-17 00:45

Redmine.pm-1.4.4-based-on-1.4.1-multiscm-2.patch Magnifier (5.6 KB) Vincent Metalhead, 2012-09-14 09:44

Redmine.pm-1.4.4-based-on-1.4.1-multiscm-2--improved.patch Magnifier - Support for Redmine 1.4.4 with similarly named bare repositories (6.1 KB) Vincent Metalhead, 2012-09-14 13:04

Redmine.pm-1.4.4-based-on-1.4.1-multiscm-2--improved2.patch Magnifier - Use the project indetifier instead of the project name (6.11 KB) Vincent Metalhead, 2012-09-14 14:23

Associated revisions

Revision 9829
Added by Jean-Philippe Lang about 2 years ago

Adds support for Git's smart HTTP protocol to Redmine.pm (#4905).

History

#1 Updated by Antonio García-Domínguez over 4 years ago

Oh, and the old DAV HTTP protocol would be OK, but it has performance problems and can corrupt the repository if you have the wrong version of curl :-/.

#2 Updated by Jean-Philippe Lang over 4 years ago

  • Category set to SCM

#3 Updated by Antonio García-Domínguez over 4 years ago

New patch which fixes a few mistakes in the POD.

#4 Updated by Antonio García-Domínguez over 4 years ago

Antonio García-Domínguez wrote:

Oh, and the old DAV HTTP protocol would be OK, but it has performance problems and can corrupt the repository if you have the wrong version of curl :-/.

Forgot to add that smart HTTP can use hooks as well, and doesn't require a cronjob with "git update-server-info". Smart HTTP requires Git 1.6.6+ on server and client.

#5 Updated by Antonio García-Domínguez over 4 years ago

Third version, this time with a sample Apache configuration and some tips on where to place the repositories and how they should be named.

#6 Updated by Antonio García-Domínguez over 4 years ago

Oops, the last patch was corrupt. Version 4 of the patch fixes this. Sorry!

#7 Updated by Felix Schäfer about 4 years ago

Antonio, your patch looks good, though it expects the paths to your repositories to start with /git/. Could you please rework it so that the path under which the repositories reside is configurable in the apache config, possibly defaulting to /git/ as that seems to be the canonical example?

#8 Updated by Felix Schäfer about 4 years ago

I Updated the patch against r3840.

#9 Updated by Antonio García-Domínguez about 4 years ago

Felix, there seems to be a slight typo in your patch: both lines 416 and 417 add something. I would normally expect the original line to be removed and the new line to be added.

I recently updated my patch for Redmine 0.9.6 (r3839), so it should be up to date (Redmine.pm's last change is from r3832). It's running smoothly on my installation.

As for the /git/ prefix: would another Apache directive for customizing it be OK?

#10 Updated by Felix Schäfer about 4 years ago

Antonio García-Domínguez wrote:

Felix, there seems to be a slight typo in your patch: both lines 416 and 417 add something. I would normally expect the original line to be removed and the new line to be added.

Yeah, noticed that too today, was gonna correct that, but it seems you've done that already, thanks :-)

As for the /git/ prefix: would another Apache directive for customizing it be OK?

Well, I was thinking about how svn doesn't need that, and in fact there already is a function get_project_identifier which you should be able to get the identifier from, so no need for an additional setting.

#11 Updated by Antonio García-Domínguez about 4 years ago

After thinking it over, I didn't like having to specify the URL prefix two times in the Apache config. It would look like this:

<Location /git>
  RedmineGitSmartHttp yes
  RedmineGitURLPrefix /git
</Location>

It just breaks DRY :-/. Instead, I have relaxed the regexp that checks whether a request is a write operation, so it will work with any prefix. I went from this:

my $is_read_only = $uri !~ /^\/git\/.*\/[^\/]*git\-receive\-pack$/o;

to this, which only checks the last path component and the query string:

my $is_read_only = $uri !~ /\/[^\/]*git\-receive\-pack$/o;

#12 Updated by Antonio García-Domínguez about 4 years ago

Felix Schäfer wrote:

Yeah, noticed that too today, was gonna correct that, but it seems you've done that already, thanks :-)

No problem :-).

Well, I was thinking about how svn doesn't need that, and in fact there already is a function get_project_identifier which you should be able to get the identifier from, so no need for an additional setting.

Yeah, I saw it on the authen handler code. But that'd only get me the project ID, and not the path in the <Location> block (/git/ here), which is what I really need. However, I have fixed the patch so it won't need this prefix (see my previous comment).

#13 Updated by Felix Schäfer about 4 years ago

Antonio García-Domínguez wrote:

Felix Schäfer wrote:

Well, I was thinking about how svn doesn't need that, and in fact there already is a function get_project_identifier which you should be able to get the identifier from, so no need for an additional setting.

Yeah, I saw it on the authen handler code. But that'd only get me the project ID, and not the path in the <Location> block (/git/ here), which is what I really need. However, I have fixed the patch so it won't need this prefix (see my previous comment).

Sorry, got that backwards, but I still don't like the regex being that lax. Anyway, from the aforementioned method, I can see you can get the location from the request object $r->location, why not just use that as a prefix to your regex as is done in said method?

#14 Updated by Antonio García-Domínguez about 4 years ago

Well, duh! :-D

I spent a while on the Apache site trying to find the appropriate method and I just found it after reading your post and checking that function. Here.

OK, I'll get on it :-).

#15 Updated by Antonio García-Domínguez about 4 years ago

OK, one more try: this patch uses $location as you suggested instead of a fixed prefix. The only caveat is that the path in the <Location> block cannot have a trailing slash. I have modified the documentation at the beginning of the file to mention this.

#16 Updated by Felix Schäfer about 4 years ago

Antonio García-Domínguez wrote:

The only caveat is that the path in the <Location> block cannot have a trailing slash. I have modified the documentation at the beginning of the file to mention this.

Again referencing the already existing commit, why not just m{^$location/*[^/]+/[^/]*git\-receive\-pack$}o?

#17 Updated by Felix Schäfer about 4 years ago

Felix Schäfer wrote:

Again referencing the already existing commit

And by commit I mean function x_X

#18 Updated by Antonio García-Domínguez about 4 years ago

Hmm, let's try and get that regexp as tight as possible. We need to watch out for these two URLs:

  • /info/refs?service=git-receive-pack: Git performs a GET on this URL before actually trying to push, and it needs the same authentication as an actual push.
  • /git-receive-pack: this is the service where Git will POST the changes to.

We can't do both with your regexp, I'm afraid. Here's a patch with a revised regexp that accepts these two cases and nothing else, and also allows for trailing slashes in the Location block.

#19 Updated by Felix Schäfer about 4 years ago

If http://myserv.er/my/location/project-identifier/info/refs?service=git-receive-pack really is the only path that git needs to read from the repo, this should work :-) I'll try to install it on my redmine later on.

#20 Updated by Antonio García-Domínguez about 4 years ago

Felix Schäfer wrote:

If http://myserv.er/my/location/project-identifier/info/refs?service=git-receive-pack really is the only path that git needs to read from the repo, this should work :-) I'll try to install it on my redmine later on.

And http://myserv.er/my/location/project-identifer/git-receive-pack, don't forget :-).

#21 Updated by Felix Schäfer about 4 years ago

The patch works great, maybe the messages could be somewhat unified though: not being in a private project yields "fatal: Authentication failed" while being in the project and not having commit access yields "error: Cannot access URL https://git.fachschaften.org/sandbox-git/, return code 22 fatal: git-http-push failed".

#22 Updated by Antonio García-Domínguez about 4 years ago

I agree with you, but I'm not a Git developer :-/. That's why I placed those instructions in the documentation of Redmine.pm. Perhaps we could add your remarks as a small troubleshooting section?

#23 Updated by Felix Schäfer about 4 years ago

No, it's just a minor annoyance, we can dig in back later if this really becomes a problem.

#24 Updated by Antonio García-Domínguez about 4 years ago

If the patch is OK, do you think it could be merged to trunk sometime in the near future? If possible, I'd like to stop having to juggle it around every time I update Redmine :-/.

#25 Updated by Felix Schäfer about 4 years ago

That's Eric's or JPLang's call :-)

Eric, this patch floats my boat and it looks good to me, there's even some documentation to it ;-) Anything more you need to include it?

#26 Updated by Nicolas Sebrecht about 4 years ago

Hi,

I'm stuck by an error when trying to do anything with the last patch. I've followed the related documentation.

$ git clone http://my.hostname/test
Cloning into test...
fatal: http://my.hostname/test/info/refs not found: did you run git update-server-info on the server?

Run the command did nothing and the config.ru file looks good (checked).

I have the following version tools in the server side:
  • git 1.7.2.1.44.g721e7
  • redmine 1.0.0

Any idea?

#27 Updated by Felix Schäfer about 4 years ago

Nicolas Sebrecht wrote:

Any idea?

Please visit the forums (or IRC, I'm thegcat over there) for configuration help. Please also include some more information about your setup, thanks.

#28 Updated by Nicolas Sebrecht about 4 years ago

Felix Schäfer wrote:

Please visit the forums (or IRC, I'm thegcat over there) for configuration help. Please also include some more information about your setup, thanks.

The thread http://www.redmine.org/boards/2/topics/15962 did help me. I was missing the trailing "/public" for the DocumentRoot field in my apache virtualhost.

Thanks.

#29 Updated by Enrique Garcia almost 4 years ago

Hi,

I'm interested on this patch. However I'm confused. There 9 patch files.

Which one should I use?

Can anyone please remove the deprecated patches, or mark them somehow?

#30 Updated by Antonio García-Domínguez almost 4 years ago

Hi Enrique,

I would love to do something about the old patches, but I can't :-(. In any case, you should use the very last one (the 2010-07-20 10:03 one).

#31 Updated by Lee Fay over 3 years ago

Hello, I've made a very minor addition to the patch, it allows the repositories to have ".git" at the end, like when served from gitosis. I haven't tested it extensively, but it's worked for everything I've done so far. This patch should also not break compatibility with SVN authentication.

Please let me know if there is something wrong with I have done.

#32 Updated by michael fox over 3 years ago

I finally got this working, but here's the problem:

Redmine allows you to name your git repo anything, but Redmine.pm script assumes that the repo name is the same as the name of the project identifier.

So, I was trying to make it work with a project with identifier "testr" and a repo called "/repo/testrepo.git"

And I kept getting 401, and I couldn't figure out why.

Finally I figured out I needed to create a symlink /repo/testr to /repo/testrepo.git and suddenly it worked.

So, there's you're workaround if you're experiencing this problem.

I don't know if I can do a patch on my own, but here's a start:

sub get_project_identifier {
    my $r = shift;

    my $location = $r->location;
    $location =~ /http://[^/]*/(.*)/refs/;
    my $repo = $1;

#not sure how to do SQL in perl, but something like:
#select project_id from repositories where url='$repo';

    return $project_id;
}

select project_id from repositories where url='/repo/testrepo.git';

#33 Updated by Felix Schäfer over 3 years ago

michael fox wrote:

[…] Redmine.pm script assumes that the repo name is the same as the name of the project identifier.

The svn version does, and so does the patch.

#34 Updated by michael fox over 3 years ago

Ok. Maybe you'll like this one better.

I was having a problem where a user that was not authorized to commit was able to commit anyway.

I traced it back to this regular expression:

my $is_read_only = $uri !~ m{^$location/*[^/]+/(info/refs\?service=)?git\-receive\-pack$}o;

The problem occurs when there is an extra slash like:

"GET /repo/testr//info/refs?service=git-receive-pack HTTP/1.1" 

Then, somehow according to the logic of the script, it is okay for that person to commit.

This slight change fixes the problem (+ after the / before info):

my $is_read_only = $uri !~ m{^$location/*[^/]+/+(info/refs\?service=)?git\-receive\-pack$}o;

#35 Updated by warden (warden) over 3 years ago

  • Assignee set to Jean-Philippe Lang

As this is waiting for input from JP I am assigning it to you to get the attention :-)
This patch looks good and I think it should be merged into the current branch. Jean-Philippe, any thoughts on that?

#36 Updated by Christian Gutierrez over 3 years ago

Hi, i think that patch works great with simple projects, but it doesn't work with nested projects, if i have a principal project called project1, and create a second project called project2 as a subproject of project1, then, in my directory's repository i use project1/project2 as a git repository but, when i do "git push origin master" from a remote host i get:

error: Cannot access URL http://user@server.example.com/git/project1/project2/, return code 22
fatal: git-http-push failed

Maybe i'm doing something wrong?

#37 Updated by Felix Schäfer over 3 years ago

Christian Gutierrez wrote:

Maybe i'm doing something wrong?

  1. you shouldn't checkout a repository into another repository,
  2. the URLs must all be protocol://host/location/identifier, where identifier is the identifier of the project.

In your case, I think the authentication bit will only work if you put the repository for project2 to http://user@server.example.com/git/project2/.

#38 Updated by Christian Gutierrez over 3 years ago

Felix, thanks for your reply, it works with symbolic links.

#39 Updated by Toshi MARUYAMA over 3 years ago

  • Category changed from SCM to SCM extra
  • Assignee deleted (Jean-Philippe Lang)

#40 Updated by Julien Mellerin over 3 years ago

Hello,

I am trying to apply this patch to the current latest release of Redmine (1.1.2). But the only result I get is the following message :
Only garbage was found in the patch input.
So I guess the patch is incompatible with this release. Is there a way to fix this ?

Thanks,

#41 Updated by Dieter Blomme over 3 years ago

I get the issue that several Hunk (1 through 8) failed

#42 Updated by Antonio García-Domínguez over 3 years ago

Dieter, Julien: that's odd, because my latest patch applied cleanly (with "git apply (patch)") on top of the 1.1.2 tag of the Git mirror of the Redmine code repository. LeeF's also worked, except you had to be inside extra and it added trailing whitespace to line 138.

In any case, here's a new patch. This patch applies cleanly with "git apply" on top of the 1.1.2 tag in the Redmine Git clone. The patch is based on LeeF's patch, but removes some trailing whitespace in line 138 and adds Michael Fox's security fix in message #34. Please try it out :-).

#43 Updated by Julien Mellerin over 3 years ago

Thanks Antonio. I was using "patch -p1 < the_patch_file". Using "git apply" worked for me.

#44 Updated by Fabrice Estiévenart over 3 years ago

Hello,

I followed the instructions for smart git http integration and applied 0001-merged-LeeF-s-patch-with-Michael-Fox-s-security-fix.patch on my redmine 1.0.1. When I try to access git.mydomain.com, I get the following message in my Apache error log:

Use of uninitialized value $identifier in substitution (s///) at /usr/lib/perl5/Apache/Redmine.pm line 486
I suppose this variable is not nicely initialized in the preceding instruction...

Could you please help me ? Thank you

Fabrice

#45 Updated by Antonio García-Domínguez over 3 years ago

Are you simply trying to visit http://git.mydomain.com or http://git.mydomain.com/? That won't work: the auth code expects URLs to start with something like http://git.mydomain.com/myproject, where myproject is your project's ID. By the way, you can't really browse through the URLs for smart HTTP access for Git with a regular browser, like SVN: you need to use a proper Git client.

According to the patch, the code around line 486 is this:

    my $location = $r->location;
    my ($identifier) = $r->uri =~ m{$location/*([^/]+)};
    $identifier =~ s/\.git//;
    $identifier;

If you get that error in line 486 ($identifier =~ s/\.git//;), that's because $identifier wasn't initialized in the previous line. That can only be if the URI does not match the $location/*([^/]+) regexp, and I can only think of two URLs which do not match that regexp: http://git.mydomain.com and http://git.mydomain.com/.

#46 Updated by Marcel Eeken over 3 years ago

Hey,

I had this working for a long time. But recently i changed something and don't know exactly what i did wrong, so i tried a clean installation of redmine to test but can't seem to get it to work anymore. I followed this guide HowTo_configure_Redmine_for_advanced_git_integration and only implemented the basic access so no authentication is required but i keep getting 401 errors.

This is what i get on the client side:

$ git ls-remote http://git.website.com/duneinterface
error: The requested URL returned error: 401 while accessing http://git.website.com/duneinterface/info/refs

fatal: HTTP request failed

In this is what i see in the logs

ip - - [07/Apr/2011:14:17:34 +0200] "GET /duneinterface/info/refs?service=git-upload-pack HTTP/1.1" 401 283 "-" "git/1.7.0.2.msysgit.0.14.g956d7" 
ip - - [07/Apr/2011:14:17:35 +0200] "GET /duneinterface/info/refs HTTP/1.1" 401 283 "-" "git/1.7.0.2.msysgit.0.14.g956d7" 

#47 Updated by Antonio García-Domínguez over 3 years ago

Those URLs are read-only, according to the patch. They should only produce 401 errors if the project is private and you haven't set up the appropriate files with your credentials (see the instructions at the beginning of the patch), or if you don't have read access to the project.

#48 Updated by Ве Fio over 3 years ago

Love the patch! Would really like to see this be a standard feature!!!

#49 Updated by Ве Fio over 3 years ago

Updated the patch for Redmine trunk

#50 Updated by Loïs PUIG over 3 years ago

Hi, love this patch and works perfectly if accessing git repositories from http://git.mydomain.com/myrepo.git, but what about if i want my repos to be accessible from a subdir like http://git.mydomain.com/git/myrepo.git ?
Can anyone explain how to modify Redmine.pm to do so please ?
Thanks a lot ... :)

#51 Updated by Felix Schäfer over 3 years ago

Loïs PUIG wrote:

Can anyone explain how to modify Redmine.pm to do so please ?
Thanks a lot ... :)

You don't need to modify Redmine.pm for it, change your apache config to say <Location /git/> instead of <Location />.

#52 Updated by Loïs PUIG over 3 years ago

Thanks for your help :)

You don't need to modify Redmine.pm for it, change your apache config to say <Location /git/> instead of <Location />.

Well i did, and i'm allowed to access my repos with this config

SetEnv GIT_PROJECT_ROOT /srv/gitosis/repositories
SetEnv GIT_HTTP_EXPORT_ALL
AliasMatch ^/git/(.*/objects/[0-9a-f]{2}/[0-9a-f]{38})$ /srv/gitosis/repositories/$1
AliasMatch ^/git/(.*/objects/pack/pack-[0-9a-f]{40}.(pack|idx))$ /srv/gitosis/repositories/$1
ScriptAlias /git/ /usr/lib/git-core/git-http-backend/
<Location /git>
    Options All
    AllowOverride All
    Order allow,deny
    Allow from all
</location>

but not with this one

PerlLoadModule Apache::Redmine
SetEnv GIT_PROJECT_ROOT /srv/gitosis/repositories
SetEnv GIT_HTTP_EXPORT_ALL
AliasMatch ^/git/(.*/objects/[0-9a-f]{2}/[0-9a-f]{38})$ /srv/gitosis/repositories/$1
AliasMatch ^/git/(.*/objects/pack/pack-[0-9a-f]{40}.(pack|idx))$ /srv/gitosis/repositories/$1
ScriptAlias /git/ /usr/lib/git-core/git-http-backend/
<Location /git>
    Options All
    AllowOverride All
    AuthType Basic
    AuthName "Redmine git repositories" 
    Require valid-user
    PerlAccessHandler Apache::Authn::Redmine::access_handler
    PerlAuthenHandler Apache::Authn::Redmine::authen_handler
    RedmineDSN "DBI:mysql:database=redmine;host=localhost" 
    RedmineDbUser "redmine" 
    RedmineDbPass "mypassword" 
    RedmineGitSmartHttp yes
</location>

ig get

Use of uninitialized value $identifier in substitution (s///) at /usr/lib/perl5/Apache/Redmine.pm line 486.\n
in the log file

Any ideas ?

#53 Updated by Loïs PUIG over 3 years ago

Antonio García-Domínguez wrote:

the auth code expects URLs to start with something like http://git.mydomain.com/myproject, where myproject is your project's ID.

#54 Updated by Felix Schäfer over 3 years ago

Loïs PUIG wrote:

Any ideas ?

Redmine.pm expects the path part of the URL to be $LOCATION/$PROJECT_NAME, so your stuff should work if you have a project with the identifier myrepo. If you have and it doesn't work (notice: being admin doesn't give you special rights, you must explicitly be a member of the project and have repo read rights), try <Location /git/> instead of <Location /git>.

#55 Updated by Loïs PUIG over 3 years ago

try <Location /git/> instead of <Location /git>.

It wasn't that but i finally got it !! I needed to add the following line to the location directive

    Order allow,deny
    Allow from all

and now it works perfectly... Here is the config..

PerlLoadModule Apache::Redmine
SetEnv GIT_PROJECT_ROOT /srv/gitosis/repositories
SetEnv GIT_HTTP_EXPORT_ALL
AliasMatch ^/git/(.*/objects/[0-9a-f]{2}/[0-9a-f]{38})$ /srv/gitosis/repositories/$1
AliasMatch ^/git/(.*/objects/pack/pack-[0-9a-f]{40}.(pack|idx))$ /srv/gitosis/repositories/$1
ScriptAlias /git/ /usr/lib/git-core/git-http-backend/
<Location /git>
    Options None
    AllowOverride None
    Order allow,deny
    Allow from all
    AuthType Basic
    AuthName "Redmine git repositories" 
    Require valid-user
    PerlAccessHandler Apache::Authn::Redmine::access_handler
    PerlAuthenHandler Apache::Authn::Redmine::authen_handler
    RedmineDSN "DBI:mysql:database=redmine;host=localhost" 
    RedmineDbUser "redmine" 
    RedmineDbPass "mypassword" 
    RedmineGitSmartHttp yes
</location>

Anyway a big thanks for your bloody quick support, i really appreciated feeling being supported.. Long life to Redmine, a damn nice App!!

#56 Updated by Thimios Dimopulos about 3 years ago

Hi,

I am running Redmine version: Redmine 1.1.3.devel.5759 from redmine trunk and git version 1.7.4.1 on ubuntu natty.
I am not using gitosis or gitolite, but creating the repositories with reposman and serving them with git-http-backend as described in http://www.redmine.org/projects/redmine/wiki/HowTo_configure_Redmine_for_advanced_git_integration.

I applied 0001-merged-LeeF-s-patch-with-Michael-Fox-s-security-fix-redminetrunk.patch on Redmine.pm.

I have the following Virtualhost configuration, inspired by the one posted by Loïs PUIG:


<VirtualHost *:80>
    ServerName git.thimios-host.thimios.com

        ErrorLog /var/log/githosting/error.log
        CustomLog /var/log/githosting/access.log combined

    PerlLoadModule Apache::Redmine
    SetEnv GIT_PROJECT_ROOT /home/thimios/Work/repositories/git
    SetEnv GIT_HTTP_EXPORT_ALL
    AliasMatch ^/git/(.*/objects/[0-9a-f]{2}/[0-9a-f]{38})$ /home/thimios/Work/repositories/git/$1
    AliasMatch ^/git/(.*/objects/pack/pack-[0-9a-f]{40}.(pack|idx))$ /home/thimios/Work/repositories/git/$1
    ScriptAlias /git/ /usr/lib/git-core/git-http-backend/
    <Location /git>
        Options None
        AllowOverride None
        Order allow,deny
        Allow from all
        AuthType Basic
        AuthName "Redmine git repositories" 
        Require valid-user
        PerlAccessHandler Apache::Authn::Redmine::access_handler
        PerlAuthenHandler Apache::Authn::Redmine::authen_handler
        RedmineDSN "DBI:mysql:database=redmine;host=localhost" 
        RedmineDbUser "redmine" 
        RedmineDbPass "r3dm1n3" 
        RedmineGitSmartHttp yes
    </location>
</VirtualHost>

But, when I try to clone a repository, I get the following error:

thimios@thimios-host:/tmp$ git clone http://git.thimios-host.thimios.com/test1
Cloning into test1...
error: The requested URL returned error: 501 while accessing http://git.thimios-host.thimios.com/test1/info/refs

fatal: HTTP request failed

There is a warning when restarting apache:

[warn] Useless use of AllowOverride in line 17 of /etc/apache2/sites-enabled/githostinghttpbackend

There is nothing in the apache logs. It shouldn't be a permissions problem, since www-data user has read-write access to the complete directory tree of the repository. Any ideas about what the problem could be or where to look for more debugging info?

thanks a lot

#57 Updated by Antonio García-Domínguez about 3 years ago

Sorry for the late reply :-(. Have you tried changing the LogLevel to something a bit more verbose, like "info"?

#58 Updated by Antonio García-Domínguez almost 3 years ago

Just a quick heads up: what are the chances of integrating this patch into trunk in the near future? I've been applying it since Redmine 0.8.x, and it's worked pretty well for me. It also seems to be used by quite a few people, judging from the comments here.

#59 Updated by Markus Schlichting almost 3 years ago

Hi,
thanks a lot for this, I highly appreciate it :-)
Just did an test installation with Redmine on Ubuntu 11.10 Server and this git integration is great :)

Two Questions left:
Has someone gone a step further and automated the initialization of the git repository on creation of a new project in redmine? And wiring the repository path to the new project? That would be just perfect :)

I'm planning to use this setup with SSL . I hope it would be just activating HTTPS/SSL in Apache. Would you expect more difficulties?

Would love to see this in the main release :)
Thanks a lot for your work!

#60 Updated by Antonio García-Domínguez almost 3 years ago

Markus Schlichting wrote:

thanks a lot for this, I highly appreciate it :-)
Just did an test installation with Redmine on Ubuntu 11.10 Server and this git integration is great :)

I'm glad you like it :-).

Two Questions left:
Has someone gone a step further and automated the initialization of the git repository on creation of a new project in redmine? And wiring the repository path to the new project? That would be just perfect :)

I think you can automate that, using reposman.rb with the proper options. Look at HowTo Automate repository creation for hints. There are a few undocumented options for reposman.rb that have to do with Git, I think. The only limitation is that you cannot generate both SVN and Git repositories automatically: you have to pick between SVN or Git.

I'm planning to use this setup with SSL . I hope it would be just activating HTTPS/SSL in Apache. Would you expect more difficulties?

Not really, but remember to disable weak ciphers and SSL 2.0. For instance, I use this in my Apache virtual host:

SSLCipherSuite HIGH:MEDIUM
SSLProtocol all -SSLv2

Make sure your ~/.netrc is only readable by your own user account and nobody else. Oh, and if you use a self-signed certificate or your CA is not in /etc/ssl/certs (or wherever your OpenSSL CA certificate store is), you'll probably have to tell Git not to verify the chain of trust of the certificate using something like git config --global http.sslVerify no.

#61 Updated by Felix Schäfer almost 3 years ago

Markus Schlichting wrote:

Two Questions left:
Has someone gone a step further and automated the initialization of the git repository on creation of a new project in redmine? And wiring the repository path to the new project? That would be just perfect :)

As Antonio said, you can use reposman, or the redmine_scm plugin

I'm planning to use this setup with SSL . I hope it would be just activating HTTPS/SSL in Apache. Would you expect more difficulties?

Except the "sslVerify no" part (I wouldn't set this globally…) for self-signed certificates, it should all work well.

#62 Updated by Herve Leroux over 2 years ago

Hi,

The last version of the patch :
0001-merged-LeeF-s-patch-with-Michael-Fox-s-security-fix-redminetrunk.patch

doesn't work on the 1.3.0 version of Redmine :

patch < ~/0001-merged-LeeF-s-patch-with-Michael-Fox-s-security-fix-redminetrunk.patch
patching file Redmine.pm
Hunk #2 succeeded at 219 with fuzz 1.
Hunk #3 succeeded at 261 (offset 1 line).
Hunk #5 succeeded at 313 (offset 1 line).
Hunk #6 FAILED at 431.
Hunk #7 FAILED at 450.
Hunk #8 succeeded at 509 with fuzz 1 (offset 25 lines).
2 out of 8 hunks FAILED -- saving rejects to file Redmine.pm.rej

expected :
- if ($hashed_password eq $salted_password && ((defined $read_only_methods{$method} && $permissions =~ /:browse_repository/) || $permissions =~ /:commit_access/) ) {
found :
if ($hashed_password eq $salted_password && (($access_mode eq "R" && $permissions =~ /:browse_repository/) || $permissions =~ /:commit_access/) ) {

for information : line 441
my $access_mode = request_is_read_only($r) ? "R" : "W";

I would suggest to update this line to :
my $access_mode = defined $read_only_methods{$r->method} ? "R" : "W";

Could anyone confirm or update the patch ?

Best,

Hervé Leroux

#63 Updated by Herve Leroux over 2 years ago

my mistake, you should have read the following :
for information : line 441
my $access_mode = defined $read_only_methods{$r->method} ? "R" : "W";

I would suggest to update this line to :
my $access_mode = $request_is_read_only($r) ? "R" : "W";

#64 Updated by Antonio García-Domínguez over 2 years ago

Herve Leroux wrote:

my mistake, you should have read the following :
for information : line 441
my $access_mode = defined $read_only_methods{$r->method} ? "R" : "W";

I would suggest to update this line to :
my $access_mode = $request_is_read_only($r) ? "R" : "W";

Thanks for the information! I have updated the patch according to your instructions. It looks good, but I don't have a Redmine 1.3.0 installation around here to test it on. Could you try it, please?

#65 Updated by Miloš Kozák over 2 years ago

  • File log added

Hello,
First of all Thank you for you work. I am running Redmine 1.3 and your recent 1.3 patch but I am getting an error line:

[error] [client PUBLIC_IP] Undefined subroutine &Apache::Authn::Redmine::request_is_ready_only called at /usr/lib/perl5/Apache/Redmine.pm line 441.\n

Which affects even my SVN repositories.. I have Debian 6.0 and all software is from apt or gem. Anyone has an idea how to fix this situation? If any one wanted more informations drop me a line..

I offer a benefit for getting this bug down.. :)

Miloš

#66 Updated by Antonio García-Domínguez over 2 years ago

Hi Milos,

Sorry about that! There was a typo in the original patch. Could you try this one?

Antonio

#67 Updated by Miloš Kozák over 2 years ago

Thanks. It works.

Funny things is I went through the code and mislooked this type even though I remember I spot on that!

Miloš

#68 Updated by der kaan over 2 years ago

Hi,

just installed the latest patch and started a few tests with it. Now a registered user has access to all git repositories (just needs to know the repo-name).
I played around with Redmine + Git + this patch a few weeks before and if I remember correct, then users needed to be assigned to a project + has to have a least a developer role.
Is this correct or did this change?

Cheers,
derkaan

#69 Updated by Antonio García-Domínguez over 2 years ago

der kaan wrote:

just installed the latest patch and started a few tests with it. Now a registered user has access to all git repositories (just needs to know the repo-name).
I played around with Redmine + Git + this patch a few weeks before and if I remember correct, then users needed to be assigned to a project + has to have a least a developer role.
Is this correct or did this change?

It depends on whether it's a public project or not. Basically, we're reusing the same logic Redmine uses for SVN repositories, but instead of looking at the HTTP method, we look at the URL to be served by the Git smart-http handler. To sum it up:

  • Public projects: anyone can fetch, but only members with write access can push.
  • Private projects: only members with read access can fetch, and only members with write access can push.

Do you mean that any registered user can push without having write access, and that any registered user can fetch from a private project without having read access? In that case, it'd be a regression. Could you try the same with SVN repositories?

If it happens with SVN repos as well, that'd be a regression in the original Redmine.pm, and you'd need to report it as a separate bug.

If it only happens with Git repositories, then maybe something changed in the URLs served by Git's smart-http protocol. Could you please indicate which versions of Git are you using at the client and server sides?

#70 Updated by der kaan over 2 years ago

Thanks for the perfect info + Setting the project to private solved my issue.

#71 Updated by Anonymous over 2 years ago

I don't think the latest patch is working for Redmine v1.4.0 for multiple repos per project. But even the SVN itself is not working. I've asked about it at http://www.redmine.org/boards/2/topics/30043.

p/s: The patch is also throwing some error due to the latest changes for Redmine.pm (https://github.com/edavis10/redmine/commit/f071b39d268a52aca556782aadadef7856158d31#extra/svn/Redmine.pm)

#72 Updated by Antonio García-Domínguez over 2 years ago

aurorius woot wrote:

I don't think the latest patch is working for Redmine v1.4.0 for multiple repos per project. But even the SVN itself is not working. I've asked about it at http://www.redmine.org/boards/2/topics/30043.

p/s: The patch is also throwing some error due to the latest changes for Redmine.pm (https://github.com/edavis10/redmine/commit/f071b39d268a52aca556782aadadef7856158d31#extra/svn/Redmine.pm)

Have you seen this paragraph on your second link?

A projet repository must be named with the projet identifier. In case
of multiple repositories for the same project, use the project identifier
and the repository identifier separated with a dot:

  /var/svn/foo
  /var/svn/foo.otherrepo

Seems like using sample.svn1 and sample.svn2 instead of sample-svn1 and sample-svn2 should work.

I'll try to update the patch in a bit :-).

#73 Updated by Anonymous over 2 years ago

Oh my, I didn't read about it properly, I'm too focus on the changes at the 410th line. It's actually working right now. Thanks a lot for the fast reply.

#74 Updated by Antonio García-Domínguez over 2 years ago

In any case, here is an updated patch :-). If you could try it out on a fresh Redmine install, it'd be great. I don't have any Redmine 1.4.0 installations over here.

#75 Updated by Anonymous over 2 years ago

Antonio García-Domínguez wrote:

In any case, here is an updated patch :-). If you could try it out on a fresh Redmine install, it'd be great. I don't have any Redmine 1.4.0 installations over here.

That's fast, lol. BTW, I don't a fresh Redmine installation at the moment, sorry about that. But the good news is that the patch does work for my current Redmine v1.4.0. Things that I've tested:

  1. git clone http://git.server/myrepo.git
  2. git pull and push are working correctly
  3. git clone http://username@git.server/myrepo.git also works
  4. svn checkout and commit is also working
  5. also works for a project with one svn and one git repo under the project
  6. all authentications come from the Redmine itself.

This is my httpd-vhosts.conf, maybe it can help someone in the future:

<VirtualHost *:80>
  ServerName git.myserver
  DocumentRoot /opt/git

  SetEnv GIT_PROJECT_ROOT /opt/git
  SetEnv GIT_HTTP_EXPORT_ALL
  SetEnv REMOTE_USER=$REDIRECT_REMOTE_USER

  ScriptAlias / /usr/libexec/git-core/git-http-backend/
  AliasMatch ^/(.*/objects/[0-9a-f]{2}/[0-9a-f]{38})$          /opt/git/$1
  AliasMatch ^/(.*/objects/pack/pack-[0-9a-f]{40}.(pack|idx))$ /opt/git/$1

  PerlLoadModule Apache::Redmine

  ScriptAliasMatch \
    "(?x)^/(.*/(HEAD | \
    info/refs | \
    objects/(info/[^/]+ | \
        [0-9a-f]{2}/[0-9a-f]{38} | \
        pack/pack-[0-9a-f]{40}\.(pack|idx)) | \
    git-(upload|receive)-pack))$" \
    /usr/libexec/git-core/git-http-backend/$1

  <Directory /usr/libexec/git-core/>
    Options +ExecCGI
    Allow From All
  </Directory>

  <Location "/">
    AuthType Basic
    AuthName "Redmine Git repositories" 
    Require valid-user

    PerlAccessHandler Apache::Authn::Redmine::access_handler
    PerlAuthenHandler Apache::Authn::Redmine::authen_handler

    RedmineDSN "DBI:mysql:database=redmine;host=localhost" 

    RedmineDbUser "redmine" 
    #RedmineDbPass "password" 
    RedmineGitSmartHttp yes
  </Location>
</VirtualHost>

I'm planning to write a full tutorial for this implementation (when I have the time). Anyway, thanks a lot for the fast reply (again) XD

#76 Updated by Edwin Mckain over 2 years ago

  • Assignee set to Antonio García-Domínguez

Hey everyone!

I'm still a newbie with Redmine, and I want to patch my Redmine.pm file, I'm using Redmine 1.4.1.

I already downloaded the last path (Redmine.pm-update-patch-4905-to-Redmine-1.4.0.patch) I put it into my /redmine folder (where the test, extra folders are).

I'm trying to patch it using the following command:

patch -p1 <Redmine.pm-update-patch-4905-to-Redmine-1.4.0.patch

but it is not working these are the messages that I receive:

patching file extra/svn/Redmine.pm
Hunk #1 FAILED at 102.
Hunk #2 FAILED at 151.
Hunk #3 FAILED at 188.
Hunk #4 FAILED at 204.
Hunk #5 FAILED at 212.
Hunk #6 FAILED at 338.
6 out of 6 hunks FAILED -- saving rejects to file extra/svn/Redmine.pm.rej

What am I doing wrong?

Thanks in advance!

#77 Updated by Edwin Mckain over 2 years ago

Edwin Mckain wrote:

Hey everyone!

I'm still a newbie with Redmine, and I want to patch my Redmine.pm file, I'm using Redmine 1.4.1.

I already downloaded the last path (Redmine.pm-update-patch-4905-to-Redmine-1.4.0.patch) I put it into my /redmine folder (where the test, extra folders are).

I'm trying to patch it using the following command:

patch -p1 <Redmine.pm-update-patch-4905-to-Redmine-1.4.0.patch

but it is not working these are the messages that I receive:

patching file extra/svn/Redmine.pm
Hunk #1 FAILED at 102.
Hunk #2 FAILED at 151.
Hunk #3 FAILED at 188.
Hunk #4 FAILED at 204.
Hunk #5 FAILED at 212.
Hunk #6 FAILED at 338.
6 out of 6 hunks FAILED -- saving rejects to file extra/svn/Redmine.pm.rej

What am I doing wrong?

Thanks in advance!

BTW I'm following this tutorial in order to automated Git with Redmine on CentOS 6.2, here is the link:

http://www.dreu.info/blog/install-redmine-with-automated-git-on-centos-redhat/

#78 Updated by Takashi Okamoto over 2 years ago

I added support the multi-repositories.

#79 Updated by Takashi Okamoto over 2 years ago

I fixed the bug by a name including underscore.
My patch is based on Redmine.pm-update-patch-4905-to-Redmine-1.4.0.patch.

#80 Updated by Toshi MARUYAMA over 2 years ago

Redmine trunk r9557 supports multiple scms.
I don't know why note-79 patch uses SQL "like".
DOT is confused with bare repository ".git".
This is a patch to strip ".git".

#81 Updated by Takashi Okamoto over 2 years ago

My patch is based on Redmine.pm-update-patch-4905-to-Redmine-1.4.0.patch.
At least, it doesn't work with git sub repositories.

This issues is discussed long time. I wonder why you don't apply
git-http-backend feature. I always confused git-http-backend when
every upgrade. Maybe all of the users who use git-http-backend are same.

#82 Updated by Toshi MARUYAMA over 2 years ago

Takashi Okamoto wrote:

At least, it doesn't work with git sub repositories.

Did you read note-72 ?

This issues is discussed long time. I wonder why you don't apply
git-http-backend feature. I always confused git-http-backend when
every upgrade. Maybe all of the users who use git-http-backend are same.

Because I don't use git mainly.
And there is no test of Redmine.pm.
source:trunk/test

ChiliProject imported this issue patch.
https://www.chiliproject.org/issues/245
But, there is a few feedback to ChiliProject.

If many uses want to import this patch, it maybe to able to import it.
But I don't know that JPL wants it.

#83 Updated by Anonymous over 2 years ago

How do you define many? Git is gaining significant users over the past few years especially with the pricy Github. I'd really love (maybe others too), to see this patch to be made official without having to reply to this thread everytime a new version is released. But of course, I'm not good enough to develop it, if there's anything a normal dev can do about ths feature, just post it.

#84 Updated by Toshi MARUYAMA over 2 years ago

aurorius woot wrote:

How do you define many?

#61 had many feedback and many watchers.
This issue is lesser than #61.

#85 Updated by Antonio García-Domínguez over 2 years ago

Toshi MARUYAMA wrote:

Redmine trunk r9557 supports multiple scms.
I don't know why note-79 patch uses SQL "like".
DOT is confused with bare repository ".git".
This is a patch to strip ".git".

I had assumed that the regexp in line 411 already did that:

my ($identifier) = $r->uri =~ m{$location/*([^/.]+)};

Shouldn't that implicitly strip anything after the first dot? The character class is negated, so /foo.something/bar or /foo.git/bar should be both matched to the "foo" identifier cleanly. That's why I dropped the line that stripped the ".git" suffix.

According to note 75, the patch from note 74 worked as-is (and worked on the 1.4.0 sources at the time).

Takashi Okamoto: why did you switch to using a SQL query? Wouldn't that retrieve the project's name (and not its short ID)? I'm a bit confused.

#86 Updated by Antonio García-Domínguez over 2 years ago

Edwin Mckain wrote:

BTW I'm following this tutorial in order to automated Git with Redmine on CentOS 6.2, here is the link:

http://www.dreu.info/blog/install-redmine-with-automated-git-on-centos-redhat/

I'm sorry to hear that, but I can't seem to reproduce the issue :-/. I just applied the patch from note 74 cleanly on top of Redmine 1.4.1, using

patch -p1 < Redmine.pm-update-patch-4905-to-Redmine-1.4.0.patch

#87 Updated by Anonymous over 2 years ago

Toshi MARUYAMA wrote:

aurorius woot wrote:

How do you define many?

#61 had many feedback and many watchers.
This issue is lesser than #61.

But there are issues such as #3831 and others with low feedbacks that has been accepted into the trunk. Maybe put this issue as a candidate for the next major release?

#88 Updated by Toshi MARUYAMA over 2 years ago

aurorius woot wrote:

Toshi MARUYAMA wrote:

aurorius woot wrote:

How do you define many?

#61 had many feedback and many watchers.
This issue is lesser than #61.

But there are issues such as #3831 and others with low feedbacks that has been accepted into the trunk. Maybe put this issue as a candidate for the next major release?

Redmine core feature has test.
So, we can maintain if git changes behavior.

PDF plugin is not maintained, but Redmine contains all sources.
source:tags/1.4.1/vendor/plugins/rfpdf
And many patches are posted to redmine.org.

If git smart http protocol changes behavior,
who can maintain without test?

#89 Updated by AndzinSan Dono over 2 years ago

Hi,
I follow all this "tutorial". But when I am trying login server is request it again and again. Seems like bad login/pass, but I am sure that login and pass are correct.
I have redmine 1.3.3, patch for redmine.pm v1.3.0 - maybe this is error.

Can you help me?

#90 Updated by Antonio García-Domínguez over 2 years ago

AndzinSan Dono wrote:

I follow all this "tutorial". But when I am trying login server is request it again and again. Seems like bad login/pass, but I am sure that login and pass are correct.
I have redmine 1.3.3, patch for redmine.pm v1.3.0 - maybe this is error.

Can you help me?

Sorry for the delay, I was off on a trip. Have you checked that you're a member of the project with the appropriate access level, and that the repository is available at /svn/short_project_id? To avoid leaking unwanted information, the authentication hook will not report any of these problems, but simply reject your authentication attempt.

#91 Updated by AndzinSan Dono over 2 years ago

Antonio García-Domínguez wrote:

Sorry for the delay, I was off on a trip. Have you checked that you're a member of the project with the appropriate access level, and that the repository is available at /svn/short_project_id? To avoid leaking unwanted information, the authentication hook will not report any of these problems, but simply reject your authentication attempt.

I fix it, but now I dont remember how :D

#92 Updated by Lluís Vilanova about 2 years ago

Toshi MARUYAMA wrote:

Redmine core feature has test.
So, we can maintain if git changes behavior.

[...]

If git smart http protocol changes behavior,
who can maintain without test?

But does Redmine.pm have tests for other SCMs? (e.g., subversion). For that you would need to actually execute the external SCM client applications to perform queries against a test server properly configured with apache, redmine and Redmine.pm. After a quick look at the project, I couldn't find such tests.

What I mean is that adding git smart-server support into Redmine.pm has the same amount of tests than the current Redmine.pm for subversion (as far as I could see). Of course, I can understand that the main developers of Redmine could feel uncomfortable by accepting a patch for a feature that none of them is using and that has no regression test.

#93 Updated by Jean-Philippe Lang about 2 years ago

I've started writing automated tests for Redmine.pm (r9826). They run against a running Apache+mod_perl+mod_dav_svn. They're not yet part of the CI server but they should be as soon as possible.

Could someone have a look at these tests and provide similar tests for git (at least one that do read operations like #test_read_commands and one that writes like #test_write_commands) so that this patch could finally get merged. No matter if you're not able to actually run them, a draft will be fine.

#94 Updated by Lluís Vilanova about 2 years ago

This should be something to begin with.

#95 Updated by Jean-Philippe Lang about 2 years ago

I guess I have to install the git-http-backend CGI to actually run tests with the smart HTTP protocol?

#96 Updated by Lluís Vilanova about 2 years ago

This is the snippet for the apache configuration I have for my VirtualHost:

    SetEnv GIT_PROJECT_ROOT /home/code/git
    SetEnv GIT_HTTP_EXPORT_ALL 1
        ScriptAliasMatch \
                "(?x)^/git/(.*/(HEAD | \
                                info/refs | \
                                objects/(info/[^/]+ | \
                                         [0-9a-f]{2}/[0-9a-f]{38} | \
                                         pack/pack-[0-9a-f]{40}\.(pack|idx)) | \
                                git-(upload|receive)-pack))$" \
                /usr/lib/git-core/git-http-backend/$1
    ScriptAlias /git/ /usr/lib/cgi-bin/gitweb.cgi/
    AliasMatch ^/gitweb/$ /dev/null

    <Location /git>
        AuthType Basic
        AuthName "Project membership authentication" 
        Require valid-user

        PerlAccessHandler Apache::Authn::Redmine::access_handler
        PerlAuthenHandler Apache::Authn::Redmine::authen_handler
        RedmineDSN "DBI:mysql:database=redmine_default;host=127.0.0.1" 
        RedmineDbUser "redmine" 
        RedmineDbPass "..." 
        RedmineCacheCredsMax 50
        RedmineGitSmartHttp yes
    </Location>

The ScriptAlias line is just to divert all non-git operations to the gitweb CGI, and the previous ScriptAliasMatch diverts relevant operations to the smart server (which comes with the git package itself in Debian). I'm not sure if this setup is exactly the same as shown in the current Redmine docs.

I also have the configs for Bazaar and Mercurial (and Subversion) if you want to try.

#97 Updated by Jean-Philippe Lang about 2 years ago

  • Status changed from New to Closed
  • Assignee changed from Antonio García-Domínguez to Jean-Philippe Lang
  • Target version set to 2.1.0

Committed in r9829, thanks.

#98 Updated by Vasily Bezruchkin about 2 years ago

  • Status changed from Closed to Reopened
  • Assignee deleted (Jean-Philippe Lang)

Greetings,

Do you have any ideas how to patch redmine 2.0.3 version? I tried to apply patch but it looks it didn't go well.

Any advice?

Thanks in advance.

#99 Updated by Toshi MARUYAMA about 2 years ago

  • Status changed from Reopened to Closed

Do not reopen with unrelated matters.

You need to cherry-pick all related revisions from trunk to 2.0-stable.

#100 Updated by Sebastien B about 2 years ago

I also have Redmine 2.0.3 and I tried many patches for Git's smart HTTP protocol but none works.

I noticed that my Redmine.pm file is empty!

I have the following errors:

patching file Redmine.pm
Hunk # 1 FAILED at 93.
Hunk # 2 FAILED at 142.
Hunk # 3 FAILED at 179.
Hunk # 4 FAILED at 195.
Hunk # 5 FAILED at 203.
Hunk # 6 FAILED at 329.
Hunk # 7 FAILED at 400.
7 out of 7 hunks FAILED - saving rejects to file Redmine.pm.rej

What does it mean "You need to cherry-pick all related revisions from trunk to 2.0-stable."?

#101 Updated by Toshi MARUYAMA about 2 years ago

Sebastien B wrote:

What does it mean "You need to cherry-pick all related revisions from trunk to 2.0-stable."?

$ hg clone -U https://bitbucket.org/redmine/redmine
$ cd redmine
$ hg update 2.0-stable
$ hg pare
changeset:   8800:1d5a579f92e1
branch:      2.0-stable
user:        jplang
date:        Sun Jul 15 15:56:23 2012 +0000
summary:     Merged r9984 from trunk.
$ hg log -r 660939a6e6fd
changeset:   8548:660939a6e6fd
user:        jplang
date:        Thu Jun 14 08:13:53 2012 +0000
summary:     Adds support for Git's smart HTTP protocol to Redmine.pm (#4905).
$ hg trans 660939a6e6fd             
applying 660939a6e6fd
660939a6e6fd transplanted to 0f66bfa74dcf
$ hg export -r tip > ~/Desktop/2.0-stable.diff

#102 Updated by Wojtek … about 2 years ago

which patch file is suitable for version 1.4.4? I've tried Redmine.pm-update-patch-4905-to-Redmine-1.4.1-support-multiscm-2.patch but this one doesn't seems to work (constant authentication failed)

#103 Updated by Vincent Metalhead almost 2 years ago

  • Status changed from Closed to Reopened

I'm running 1.4.4 too and I've got the exact same problem.

#104 Updated by Etienne Massip almost 2 years ago

  • Status changed from Reopened to Closed

This feature will be part of 2.1.0.

#105 Updated by Vincent Metalhead almost 2 years ago

OK, looking forward to 2.1.0

But in the meantime allow me to add my four chars to the patch for those who are using 1.4.4 now. :-)

-    $sth->execute('%/'.$identifier);
+    $sth->execute('%/'.$identifier.'%');

One of the SQL queries didn't take bare repositories into account.

---
/edit: The correct RedmineDbWhereClause is something along the lines of

RedmineDbWhereClause "AND roles.id IN (1,4)" 

This is a really thoughtful and mighty feature. :-)

#106 Updated by Vincent Metalhead almost 2 years ago

After further testing I found some limitations of my version of the patch.

This improved version of the patch can handle similarly named repository identifiers.
(i.e. project and project-subproject)

#107 Updated by Vincent Metalhead almost 2 years ago

Found a bug. (Is it really a bug?)

In Line 530 the project name is used instead of the project identifier. (SELECT name FROM projects ...)
Which means that a project's name must match the (main) repositories identifier.

This (hopefully last) patch corrects that. Sorry for the noise.

#108 Updated by Ales Zabala Alava almost 2 years ago

I have tested Redmine.pm-1.4.4-based-on-1.4.1-multiscm-2--improved2.patch and seems to be broken sometimes with multiple repositories per project.

The apache logs show this:

DBD::Pg::st execute failed: ERROR:  more than one row returned by a subquery used as an expression at /usr/lib/perl5/Apache2/Redmine.pm line 533.
DBD::Pg::st fetchrow_array failed: no statement executing at /usr/lib/perl5/Apache2/Redmine.pm line 537.

The repositories actually in my project are those:

SCM         Identifier Main repository Repository
Mercurial   eraikin     *              /var/local/hg/eraikin
Git         eraikingit                 /var/local/git/eraikin

It works fine for projects with only one repository :-)

#109 Updated by Vincent Metalhead almost 2 years ago

Works for my configuration:

Git  wizzan                /var/lib/gitolite/repositories/wizzan.git/ 
Git  wizzan-external-code  /var/lib/gitolite/repositories/wizzan-external-code.git/

But you can try the following: Change line 530 of your Redmine.pm from

SELECT identifier FROM projects WHERE id = (SELECT project_id FROM repositories WHERE url LIKE ? OR url LIKE ? OR url LIKE ? OR url LIKE ?);

to

SELECT identifier FROM projects WHERE id IN (SELECT project_id FROM repositories WHERE url LIKE ? OR url LIKE ? OR url LIKE ? OR url LIKE ?);

Turn the = into an IN.

If that fixes your problem. I'll update the patch.

#110 Updated by Ales Zabala Alava almost 2 years ago

I have tested again and works.

It seems the patch was fine from the start, I just misunderstood and tried to access the repositories using the identifier, not the url :-/

Thanks for the fast response!

#111 Updated by Peter Panther over 1 year ago

After updating redmine from 1.4.7 to 2.3.1 i can't access (clone) my git repos.

error: The requested URL returned error: 500 while accessing https://<user>@<server>/git/<projectid>/info/refs
fatal: HTTP request failed

Subversion checkout with the same user works without any problem.

The Apache log shows

[Mon May 06 14:26:27 2013] [error] [client <ip>] No Authn provider configured
[Mon May 06 14:26:27 2013] [error] [client <ip>] No Authn provider configured

The apache/git config meets the requirements described in the header of Redmine.pm.

Is anybody out there running a working Redmine.pm(from V2.3) with Git?
Any ideas/recommendation?

Thanks a lot

#112 Updated by Peter Panther over 1 year ago

Replacing DECLINED with AUTH_REQUIRED seems to solve the problem

#11475 gave me the hint ....

Also available in: Atom PDF