allura-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From brond...@apache.org
Subject [allura] 01/01: [#8317] different way to run git-http-backend as root that works with git 2.11+
Date Thu, 11 Jul 2019 17:33:16 GMT
This is an automated email from the ASF dual-hosted git repository.

brondsem pushed a commit to branch db/8317
in repository https://gitbox.apache.org/repos/asf/allura.git

commit 12f1d68cc5cab2b3e2faf75a5c8cd8ff04b63b5e
Author: Dave Brondsema <dave@brondsema.net>
AuthorDate: Thu Jul 11 13:33:03 2019 -0400

    [#8317] different way to run git-http-backend as root that works with git 2.11+
---
 scm_config/git-http/Dockerfile                  |  8 +++++---
 scm_config/git-http/git-http-backend-wrapper.sh | 13 +++++++++++++
 scm_config/git-http/git-http.conf               |  2 +-
 3 files changed, 19 insertions(+), 4 deletions(-)

diff --git a/scm_config/git-http/Dockerfile b/scm_config/git-http/Dockerfile
index 1bca3a1..9673421 100644
--- a/scm_config/git-http/Dockerfile
+++ b/scm_config/git-http/Dockerfile
@@ -26,7 +26,8 @@ RUN apt-get update && apt-get install -y \
     apache2 \
     libapache2-mod-python \
     git \
-    curl
+    curl \
+    sudo
 
 
 ENV APACHE_RUN_USER www-data
@@ -46,7 +47,8 @@ ADD ./git-http.conf /etc/apache2/sites-available/
 RUN a2dissite 000-default.conf
 RUN a2ensite git-http.conf
 
-# so that git operations run as root, and can modify the scm repo files
-RUN chmod u+s /usr/lib/git-core/git-http-backend
+ADD git-http-backend-wrapper.sh /usr/lib/git-core
+RUN adduser www-data sudo
+RUN echo '%sudo  ALL=(ALL) NOPASSWD:ALL' > /etc/sudoers.d/sudo_group_passwordless
 
 CMD ["/usr/sbin/apache2", "-D", "FOREGROUND"]
\ No newline at end of file
diff --git a/scm_config/git-http/git-http-backend-wrapper.sh b/scm_config/git-http/git-http-backend-wrapper.sh
new file mode 100755
index 0000000..1daa8de
--- /dev/null
+++ b/scm_config/git-http/git-http-backend-wrapper.sh
@@ -0,0 +1,13 @@
+#!/usr/bin/env bash
+
+# This is so that git operations run as root, and can modify the scm repo files
+#
+# Up until git 2.11 and https://git.kernel.org/pub/scm/git/git.git/commit/?id=722ff7f876c8a2ad99c42434f58af098e61b96e8
+# it was sufficient to `chmod u+s git-http-backend` so it ran as root, but that no longer
works.
+#
+# A better fix would be to have files/dirs group owned by www-data but I tried that manually
and didn't work
+# maybe could put a "strace" within this command and hunt through all the files/dirs it writes
to, to see what it
+# writes to that www-data can't write to currently
+# https://stackoverflow.com/a/46676868 or similar needed for strace to work thoguh
+
+sudo --preserve-env /usr/lib/git-core/git-http-backend
diff --git a/scm_config/git-http/git-http.conf b/scm_config/git-http/git-http.conf
index 6919ed7..7ac0acf 100644
--- a/scm_config/git-http/git-http.conf
+++ b/scm_config/git-http/git-http.conf
@@ -24,7 +24,7 @@ ErrorLog /dev/stderr
     # /git/ requests go to the git backend binary
     SetEnv GIT_PROJECT_ROOT /allura-data/scm/git
     SetEnv GIT_HTTP_EXPORT_ALL
-    ScriptAlias /git/ /usr/lib/git-core/git-http-backend/
+    ScriptAlias /git/ /usr/lib/git-core/git-http-backend-wrapper.sh/
 
     # disable access to default web content
     <Directory /var/www>


Mime
View raw message