[Fusionforge-commits] FusionForge branch 6.0 updated. 10e8b132e0b33cf61a3cf7fdee3bd140d2f47847

Sylvain Beucler beuc-inria at fusionforge.org
Thu Feb 26 18:12:44 CET 2015


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "FusionForge".

The branch, 6.0 has been updated
       via  10e8b132e0b33cf61a3cf7fdee3bd140d2f47847 (commit)
       via  7260df05643277bea787c55a6a629bac58164f0f (commit)
       via  8aeafd566e452af7b86a209a06cb56f4defb0a97 (commit)
       via  52204315844333ab45e71fa9944be74b0ec7b06d (commit)
      from  89a197d710021f635eaad3816cc8bead73696aea (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 10e8b132e0b33cf61a3cf7fdee3bd140d2f47847
Author: Sylvain Beucler <sylvain.beucler at inria.fr>
Date:   Thu Feb 26 18:10:52 2015 +0100

    scmsvn: handle 5.3->6.0 URL redirects for checkouts under user 'anonsvn'

diff --git a/src/plugins/scmsvn/www/redirect-to-itk.php b/src/plugins/scmsvn/www/redirect-to-itk.php
index 0458a3f..dcafc1d 100644
--- a/src/plugins/scmsvn/www/redirect-to-itk.php
+++ b/src/plugins/scmsvn/www/redirect-to-itk.php
@@ -35,11 +35,18 @@ require_once $gfcommon.'include/pre.php';
 # Force authentication so we get the username
 $auth = $_SERVER['PHP_AUTH_USER'];
 if (empty($auth)) {
+	# TODO: make old/new realm configurable
+	# so users don't change realm and have to re-type their password
 	header('WWW-Authenticate: Basic realm="Document repository"');
 	header('HTTP/1.0 401 Unauthorized');
 	echo 'Authorization required [this text ignored by SVN]';
 	exit;
 }
 
-header('Location: https://' . forge_get_config('scm_host') . '/authscm/'
+if ($_SERVER['PHP_AUTH_USER'] == forge_get_config('anonsvn_login', 'scmsvn')) {
+    header('Location: https://' . forge_get_config('scm_host') . '/anonscm/'
+    . $_SERVER['REQUEST_URI'], true, 301);
+} else {
+	header('Location: https://' . forge_get_config('scm_host') . '/authscm/'
 	. $_SERVER['PHP_AUTH_USER'] . $_SERVER['REQUEST_URI'], true, 301);
+}
\ No newline at end of file

commit 7260df05643277bea787c55a6a629bac58164f0f
Author: Sylvain Beucler <sylvain.beucler at inria.fr>
Date:   Thu Feb 26 17:48:05 2015 +0100

    scm*: URL redirections for FF 5.3->6.0

diff --git a/src/plugins/scmbzr/etc/httpd.conf.d/plugin-scmbzr.inc b/src/plugins/scmbzr/etc/httpd.conf.d/plugin-scmbzr.inc
index ee1ef85..dee40c2 100644
--- a/src/plugins/scmbzr/etc/httpd.conf.d/plugin-scmbzr.inc
+++ b/src/plugins/scmbzr/etc/httpd.conf.d/plugin-scmbzr.inc
@@ -1,3 +1,8 @@
+<Directory {scmbzr/repos_path}>
+  Include {core/config_path}/httpd.conf.d/disable-scripts.inc
+</Directory>
+Alias {core/url_prefix}anonscm/bzr {scmbzr/repos_path}
+
 Alias {core/url_prefix}scm/loggerhead/static /usr/share/loggerhead/static
 RewriteEngine On
 RewriteRule ^{core/url_prefix}scm/loggerhead$ {core/url_prefix}scm/loggerhead/ [R]
diff --git a/src/plugins/scmdarcs/etc/httpd.conf.d/plugin-scmdarcs.inc b/src/plugins/scmdarcs/etc/httpd.conf.d/plugin-scmdarcs.inc
index 2758d11..5f310ab 100644
--- a/src/plugins/scmdarcs/etc/httpd.conf.d/plugin-scmdarcs.inc
+++ b/src/plugins/scmdarcs/etc/httpd.conf.d/plugin-scmdarcs.inc
@@ -1,3 +1,8 @@
+<Directory {scmdarcs/repos_path}>
+  Include {core/config_path}/httpd.conf.d/disable-scripts.inc
+</Directory>
+Alias {core/url_prefix}anonscm/darcs {scmdarcs/repos_path}
+
 <Directory {core/plugins_path}/scmdarcs/cgi-bin>
   SetEnv DARCSWEB_CONFPATH {core/config_path}/plugins/scmdarcs/
 </Directory>
diff --git a/src/plugins/scmgit/etc/httpd.conf.d/plugin-scmgit.inc b/src/plugins/scmgit/etc/httpd.conf.d/plugin-scmgit.inc
index 7ffebaf..fd2c68e 100644
--- a/src/plugins/scmgit/etc/httpd.conf.d/plugin-scmgit.inc
+++ b/src/plugins/scmgit/etc/httpd.conf.d/plugin-scmgit.inc
@@ -1,36 +1,7 @@
-# git-http-backend
-SetEnv GIT_PROJECT_ROOT {scmgit/repos_path}
-SetEnv GIT_HTTP_EXPORT_ALL
-
-# Pass supported URLs to git-http-backend, leave the rest to Apache
-# Allows efficiency + directory	browsing (debugging)
-ScriptAliasMatch \
-  "(?x)^/anonscm/git/(.*/(HEAD | \
-                          info/refs | \
-                          objects/(info/[^/]+ | \
-                                   [0-9a-f]{2}/[0-9a-f]{38} | \
-                                   pack/pack-[0-9a-f]{40}\.(pack|idx)) | \
-                          git-(upload|receive)-pack))$" \
-  {core/plugins_path}/scmgit/libexec/git-http-backend/$1
-Alias /anonscm/git {scmgit/repos_path}
-
-ScriptAliasMatch \
-  "(?x)^/authscm/[^/]+/git/(.*/(HEAD | \
-                            info/refs | \
-                            objects/(info/[^/]+ | \
-                                     [0-9a-f]{2}/[0-9a-f]{38} | \
-                                     pack/pack-[0-9a-f]{40}\.(pack|idx)) | \
-                            git-(upload|receive)-pack))$" \
-  {core/plugins_path}/scmgit/libexec/git-http-backend/$1
-AliasMatch ^/authscm/[^/]+/git/(.*) /srv/git/$1
-
-
-# gitweb
-<Directory {core/plugins_path}/scmgit/cgi-bin>
-  SetEnv GITWEB_CONFIG {core/config_path}/plugins/scmgit/gitweb.conf
-  Require all granted
-</Directory>
-
-ScriptAlias /anonscm/gitweb {core/plugins_path}/scmgit/cgi-bin/gitweb.cgi
-
-ScriptAliasMatch ^/authscm/[^/]+/gitweb/ {core/plugins_path}/scmgit/cgi-bin/gitweb.cgi
+# Redirect URLs from FF < 6.0 (web_host -> scm_host)
+# - use_ssh=1 => {core/web_host}/anonscm/git  -> {core/scm_host}/anonscm/git
+Redirect permanent /anonscm/git https://{core/scm_host}/anonscm/git
+# - use_dav=1 => {core/web_host}/scmrepos/git -> {core/scm_host}/authscm/git
+Redirect permanent /scmrepos/git https://{core/scm_host}/authscm/git/
+# - gitweb    => still at {core/web_host}/plugins/scmgit/cgi-bin/gitweb.cgi
+#             => authenticated gitweb (for private repos) previously not supported
diff --git a/src/plugins/scmgit/etc/httpd.conf.d/plugin-scmgit.inc b/src/plugins/scmgit/etc/httpd.conf.d/vhost-scm-plugin-scmgit.inc
similarity index 69%
copy from src/plugins/scmgit/etc/httpd.conf.d/plugin-scmgit.inc
copy to src/plugins/scmgit/etc/httpd.conf.d/vhost-scm-plugin-scmgit.inc
index 7ffebaf..0aacc35 100644
--- a/src/plugins/scmgit/etc/httpd.conf.d/plugin-scmgit.inc
+++ b/src/plugins/scmgit/etc/httpd.conf.d/vhost-scm-plugin-scmgit.inc
@@ -1,9 +1,16 @@
+<Directory {scmgit/repos_path}>
+  Include {core/config_path}/httpd.conf.d/disable-scripts.inc
+</Directory>
+
 # git-http-backend
 SetEnv GIT_PROJECT_ROOT {scmgit/repos_path}
 SetEnv GIT_HTTP_EXPORT_ALL
+<Directory {core/plugins_path}/scmgit/libexec>
+  Require all granted
+</Directory>
 
 # Pass supported URLs to git-http-backend, leave the rest to Apache
-# Allows efficiency + directory	browsing (debugging)
+# Allows efficiency + directory	browsing (debugging) - cf. git-http-backend(1)
 ScriptAliasMatch \
   "(?x)^/anonscm/git/(.*/(HEAD | \
                           info/refs | \
@@ -33,4 +40,11 @@ AliasMatch ^/authscm/[^/]+/git/(.*) /srv/git/$1
 
 ScriptAlias /anonscm/gitweb {core/plugins_path}/scmgit/cgi-bin/gitweb.cgi
 
-ScriptAliasMatch ^/authscm/[^/]+/gitweb/ {core/plugins_path}/scmgit/cgi-bin/gitweb.cgi
+ScriptAliasMatch ^/authscm/[^/]+/gitweb/$ {core/plugins_path}/scmgit/cgi-bin/gitweb.cgi
+
+
+# Redirect URLs from FF < 6.0 (scm_host -> scm_host)
+# - use_ssh=1 => /anonscm/git  -> /anonscm/git
+#   => OK
+# - use_dav=1 => /scmrepos/git -> /authscm/git
+Redirect permanent /scmrepos/git /authscm/git
diff --git a/src/plugins/scmsvn/etc/httpd.conf.d/plugin-scmsvn.inc b/src/plugins/scmsvn/etc/httpd.conf.d/plugin-scmsvn.inc
index 3cd8c89..98d24e4 100644
--- a/src/plugins/scmsvn/etc/httpd.conf.d/plugin-scmsvn.inc
+++ b/src/plugins/scmsvn/etc/httpd.conf.d/plugin-scmsvn.inc
@@ -1,28 +1,7 @@
-# Read-only access for public repos
-<Location /anonscm/svn/>
-  DAV svn
-  SVNParentPath {scmsvn/repos_path}
-  # allow read-only browsing
-  <LimitExcept GET PROPFIND OPTIONS REPORT>
-  </LimitExcept>
-</Location>
-
-# ViewVC
-ScriptAliasMatch ^/authscm/[^/]+/viewvc(.*) {core/plugins_path}/scmsvn/libexec/viewvc.cgi$1
-# Authentified via cookie in viewvc.php:
-<LocationMatch "^/authscm/[^/]+/viewvc">
-  Satisfy Any
-</LocationMatch>
-ScriptAlias /anonscm/viewvc {core/plugins_path}/scmsvn/libexec/viewvc.cgi
-#Alias /doc/viewvc /usr/share/viewvc/docroot
-<Directory {core/plugins_path}/scmsvn/libexec>
-  Require all granted
-</Directory>
-
-# Redirect URLs from FF < 6.0
+# Redirect URLs from FF < 6.0 (web_host -> scm_host)
 <IfModule mod_authz_svn.c>
-  Alias /svn {core/plugins_path}/scmsvn/redirect-to-itk.php
+  Alias /svn {core/source_path}/www/plugins/scmsvn/redirect-to-itk.php
 </IfModule>
 <IfModule !mod_authz_svn.c>
-  Redirect permanent /svn /anonscm/svn/
+  Redirect permanent /svn https://{core/scm_host}/anonscm/svn/
 </IfModule>
diff --git a/src/plugins/scmsvn/etc/httpd.conf.d/plugin-scmsvn.inc b/src/plugins/scmsvn/etc/httpd.conf.d/vhost-scm-plugin-scmsvn.inc
similarity index 70%
copy from src/plugins/scmsvn/etc/httpd.conf.d/plugin-scmsvn.inc
copy to src/plugins/scmsvn/etc/httpd.conf.d/vhost-scm-plugin-scmsvn.inc
index 3cd8c89..59f96aa 100644
--- a/src/plugins/scmsvn/etc/httpd.conf.d/plugin-scmsvn.inc
+++ b/src/plugins/scmsvn/etc/httpd.conf.d/vhost-scm-plugin-scmsvn.inc
@@ -1,3 +1,7 @@
+<Directory {scmsvn/repos_path}>
+  Include {core/config_path}/httpd.conf.d/disable-scripts.inc
+</Directory>
+
 # Read-only access for public repos
 <Location /anonscm/svn/>
   DAV svn
@@ -19,9 +23,10 @@ ScriptAlias /anonscm/viewvc {core/plugins_path}/scmsvn/libexec/viewvc.cgi
   Require all granted
 </Directory>
 
-# Redirect URLs from FF < 6.0
+# Redirect URLs from FF < 6.0 (scm_host -> scm_host)
+# Note: ViewVC URLs are backward-compatible through proxying in viewvc.php
 <IfModule mod_authz_svn.c>
-  Alias /svn {core/plugins_path}/scmsvn/redirect-to-itk.php
+  Alias /svn {core/source_path}/www/plugins/scmsvn/redirect-to-itk.php
 </IfModule>
 <IfModule !mod_authz_svn.c>
   Redirect permanent /svn /anonscm/svn/
diff --git a/src/templates/httpd.conf.d/disable-scripts.inc b/src/templates/httpd.conf.d/disable-scripts.inc
new file mode 100644
index 0000000..0e50c9c
--- /dev/null
+++ b/src/templates/httpd.conf.d/disable-scripts.inc
@@ -0,0 +1,22 @@
+Require all granted
+
+# Enable directory index listing, but disable symlinks and CGI
+Options Indexes
+
+# Permit HTTP Auth for somewhat private projects (mechanism
+# other than the SCM anon bit in the forge)
+AllowOverride AuthConfig
+
+# Prevent cookie theft in case a script does manage to execute
+RequestHeader unset Cookie
+
+# Disable all scripting engines (taken from Savannah)
+# except for empty filenames == directory index
+<Files "?*">
+  SetHandler default
+</Files>
+
+# Disable PHP5 explicitly for security (CVE-2014-0468)
+<IfModule mod_php5.c>
+  php_admin_flag engine off
+</IfModule>
diff --git a/src/templates/httpd.conf.d/plugin-generic.inc b/src/templates/httpd.conf.d/plugin-generic.inc
index 1086358..4d67b6d 100644
--- a/src/templates/httpd.conf.d/plugin-generic.inc
+++ b/src/templates/httpd.conf.d/plugin-generic.inc
@@ -2,31 +2,3 @@ ScriptAliasMatch ^/plugins/([^/]*)/cgi-bin/(.*) {core/plugins_path}/$1/cgi-bin/$
 <DirectoryMatch {core/plugins_path}/[^/]*/cgi-bin/>
   Include {core/config_path}/httpd.conf.d/auth-main.inc
 </DirectoryMatch>
-
-Alias {core/url_prefix}anonscm/ {core/data_path}/chroot/scmrepos/
-
-<DirectoryMatch {core/data_path}/chroot/scmrepos/[^/]*>
-  Options -Indexes
-</DirectoryMatch>
-<DirectoryMatch {core/data_path}/chroot/scmrepos/[^/]*/.*>
-  # Enable directory index listing, but disable symlinks and CGI
-  Options Indexes
-
-  # Permit HTTP Auth for somewhat private projects (mechanism
-  # other than the SCM anon bit in the forge)
-  AllowOverride AuthConfig
-
-  # Prevent cookie theft in case a script does manage to execute
-  RequestHeader unset Cookie
-
-  # Disable all scripting engines (taken from Savannah)
-  # except for empty filenames == directory index
-  <Files "?*">
-    SetHandler default
-  </Files>
-
-  # Disable PHP5 explicitly for security (CVE-2014-0468)
-  <IfModule mod_php5.c>
-    php_admin_flag engine off
-  </IfModule>
-</DirectoryMatch>
diff --git a/src/templates/httpd.conf.d/vhost-main.inc b/src/templates/httpd.conf.d/vhost-main.inc
index bacacfa..a1de41b 100644
--- a/src/templates/httpd.conf.d/vhost-main.inc
+++ b/src/templates/httpd.conf.d/vhost-main.inc
@@ -25,12 +25,7 @@ SetEnv FORGE_CONFIG_PATH "{core/config_path}"
   ForceType application/x-httpd-php
 </Location>
 
-<IfVersion >= 2.3>
-  IncludeOptional {core/config_path}/httpd.conf.d/plugin-*.inc
-</IfVersion>
-<IfVersion < 2.3>
-  Include {core/config_path}/httpd.conf.d/plugin-*.inc
-</IfVersion>
+IncludeOptional {core/config_path}/httpd.conf.d/plugin-*.inc
 
 Alias /images/ {core/source_path}/www/images/
 Alias /scripts/coolfieldset/ {core/source_path}/vendor/coolfieldset/
diff --git a/src/templates/httpd.conf.d/vhost-scm.inc b/src/templates/httpd.conf.d/vhost-scm.inc
index 42daea8..ad3a518 100644
--- a/src/templates/httpd.conf.d/vhost-scm.inc
+++ b/src/templates/httpd.conf.d/vhost-scm.inc
@@ -3,7 +3,7 @@ ServerName {core/scm_host}
 SetEnvIf Request_URI . ITKUID={core/apache_user}
 SetEnvIf Request_URI . ITKGID={core/apache_group}
 
-IncludeOptional {core/config_path}/httpd.conf.d/plugin-scm*.inc
+IncludeOptional {core/config_path}/httpd.conf.d/vhost-scm-plugin-scm*.inc
 IncludeOptional {core/data_path}/scm*-auth*.inc
 
 # Run programs under a specific uid:

commit 8aeafd566e452af7b86a209a06cb56f4defb0a97
Author: Sylvain Beucler <sylvain.beucler at inria.fr>
Date:   Thu Feb 26 16:41:09 2015 +0100

    scmsvn: don't expose viewvc.cgi directly

diff --git a/src/plugins/scmsvn/etc/httpd.conf.d/plugin-scmsvn.inc b/src/plugins/scmsvn/etc/httpd.conf.d/plugin-scmsvn.inc
index 9fcf5ff..3cd8c89 100644
--- a/src/plugins/scmsvn/etc/httpd.conf.d/plugin-scmsvn.inc
+++ b/src/plugins/scmsvn/etc/httpd.conf.d/plugin-scmsvn.inc
@@ -8,14 +8,14 @@
 </Location>
 
 # ViewVC
-ScriptAliasMatch ^/authscm/[^/]+/viewvc(.*) {core/plugins_path}/scmsvn/cgi-bin/viewvc.cgi$1
+ScriptAliasMatch ^/authscm/[^/]+/viewvc(.*) {core/plugins_path}/scmsvn/libexec/viewvc.cgi$1
 # Authentified via cookie in viewvc.php:
 <LocationMatch "^/authscm/[^/]+/viewvc">
   Satisfy Any
 </LocationMatch>
-ScriptAlias /anonscm/viewvc {core/plugins_path}/scmsvn/cgi-bin/viewvc.cgi
+ScriptAlias /anonscm/viewvc {core/plugins_path}/scmsvn/libexec/viewvc.cgi
 #Alias /doc/viewvc /usr/share/viewvc/docroot
-<Directory {core/plugins_path}/scmsvn/cgi-bin>
+<Directory {core/plugins_path}/scmsvn/libexec>
   Require all granted
 </Directory>
 
diff --git a/src/plugins/scmsvn/cgi-bin/viewvc.cgi b/src/plugins/scmsvn/libexec/cgi-bin/viewvc.cgi
similarity index 100%
rename from src/plugins/scmsvn/cgi-bin/viewvc.cgi
rename to src/plugins/scmsvn/libexec/cgi-bin/viewvc.cgi

commit 52204315844333ab45e71fa9944be74b0ec7b06d
Author: Sylvain Beucler <sylvain.beucler at inria.fr>
Date:   Thu Feb 26 16:38:39 2015 +0100

    scmgit: allow browsing git bare repos

diff --git a/src/plugins/scmgit/etc/httpd.conf.d/plugin-scmgit.inc b/src/plugins/scmgit/etc/httpd.conf.d/plugin-scmgit.inc
index 05b6f1e..7ffebaf 100644
--- a/src/plugins/scmgit/etc/httpd.conf.d/plugin-scmgit.inc
+++ b/src/plugins/scmgit/etc/httpd.conf.d/plugin-scmgit.inc
@@ -2,9 +2,27 @@
 SetEnv GIT_PROJECT_ROOT {scmgit/repos_path}
 SetEnv GIT_HTTP_EXPORT_ALL
 
-ScriptAlias /anonscm/git/ {core/plugins_path}/scmgit/libexec/git-http-backend/
+# Pass supported URLs to git-http-backend, leave the rest to Apache
+# Allows efficiency + directory	browsing (debugging)
+ScriptAliasMatch \
+  "(?x)^/anonscm/git/(.*/(HEAD | \
+                          info/refs | \
+                          objects/(info/[^/]+ | \
+                                   [0-9a-f]{2}/[0-9a-f]{38} | \
+                                   pack/pack-[0-9a-f]{40}\.(pack|idx)) | \
+                          git-(upload|receive)-pack))$" \
+  {core/plugins_path}/scmgit/libexec/git-http-backend/$1
+Alias /anonscm/git {scmgit/repos_path}
 
-ScriptAliasMatch ^/authscm/[^/]+/git/(.*) {core/plugins_path}/scmgit/libexec/git-http-backend/$1
+ScriptAliasMatch \
+  "(?x)^/authscm/[^/]+/git/(.*/(HEAD | \
+                            info/refs | \
+                            objects/(info/[^/]+ | \
+                                     [0-9a-f]{2}/[0-9a-f]{38} | \
+                                     pack/pack-[0-9a-f]{40}\.(pack|idx)) | \
+                            git-(upload|receive)-pack))$" \
+  {core/plugins_path}/scmgit/libexec/git-http-backend/$1
+AliasMatch ^/authscm/[^/]+/git/(.*) /srv/git/$1
 
 
 # gitweb

-----------------------------------------------------------------------

Summary of changes:
 .../scmbzr/etc/httpd.conf.d/plugin-scmbzr.inc      |    5 ++
 .../scmdarcs/etc/httpd.conf.d/plugin-scmdarcs.inc  |    5 ++
 .../scmgit/etc/httpd.conf.d/plugin-scmgit.inc      |   25 +++-------
 .../etc/httpd.conf.d/vhost-scm-plugin-scmgit.inc   |   50 ++++++++++++++++++++
 .../scmsvn/etc/httpd.conf.d/plugin-scmsvn.inc      |   27 ++---------
 ...ugin-scmsvn.inc => vhost-scm-plugin-scmsvn.inc} |   15 ++++--
 .../scmsvn/{ => libexec}/cgi-bin/viewvc.cgi        |    0
 src/plugins/scmsvn/www/redirect-to-itk.php         |    9 +++-
 src/templates/httpd.conf.d/disable-scripts.inc     |   22 +++++++++
 src/templates/httpd.conf.d/plugin-generic.inc      |   28 -----------
 src/templates/httpd.conf.d/vhost-main.inc          |    7 +--
 src/templates/httpd.conf.d/vhost-scm.inc           |    2 +-
 12 files changed, 112 insertions(+), 83 deletions(-)
 create mode 100644 src/plugins/scmgit/etc/httpd.conf.d/vhost-scm-plugin-scmgit.inc
 copy src/plugins/scmsvn/etc/httpd.conf.d/{plugin-scmsvn.inc => vhost-scm-plugin-scmsvn.inc} (57%)
 rename src/plugins/scmsvn/{ => libexec}/cgi-bin/viewvc.cgi (100%)
 create mode 100644 src/templates/httpd.conf.d/disable-scripts.inc


hooks/post-receive
-- 
FusionForge



More information about the Fusionforge-commits mailing list