Redmine

Oh, and the old DAV HTTP protocol would be OK, but it has performance problems and can corrupt the repository if you have the wrong version of curl :-/.

Antonio García-Domínguez wrote:

Oh, and the old DAV HTTP protocol would be OK, but it has performance problems and can corrupt the repository if you have the wrong version of curl :-/.

Forgot to add that smart HTTP can use hooks as well, and doesn't require a cronjob with "git update-server-info". Smart HTTP requires Git 1.6.6+ on server and client.

Antonio, your patch looks good, though it expects the paths to your repositories to start with /git/. Could you please rework it so that the path under which the repositories reside is configurable in the apache config, possibly defaulting to /git/ as that seems to be the canonical example?

Antonio García-Domínguez wrote:

Felix, there seems to be a slight typo in your patch: both lines 416 and 417 add something. I would normally expect the original line to be removed and the new line to be added.

Yeah, noticed that too today, was gonna correct that, but it seems you've done that already, thanks :-)

As for the /git/ prefix: would another Apache directive for customizing it be OK?

Well, I was thinking about how svn doesn't need that, and in fact there already is a function get_project_identifier which you should be able to get the identifier from, so no need for an additional setting.

Felix Schäfer wrote:

Yeah, noticed that too today, was gonna correct that, but it seems you've done that already, thanks :-)

No problem :-).

Well, I was thinking about how svn doesn't need that, and in fact there already is a function get_project_identifier which you should be able to get the identifier from, so no need for an additional setting.

Yeah, I saw it on the authen handler code. But that'd only get me the project ID, and not the path in the <Location> block (/git/ here), which is what I really need. However, I have fixed the patch so it won't need this prefix (see my previous comment).

Antonio García-Domínguez wrote:

Felix Schäfer wrote:

Well, I was thinking about how svn doesn't need that, and in fact there already is a function get_project_identifier which you should be able to get the identifier from, so no need for an additional setting.

Yeah, I saw it on the authen handler code. But that'd only get me the project ID, and not the path in the <Location> block (/git/ here), which is what I really need. However, I have fixed the patch so it won't need this prefix (see my previous comment).

Sorry, got that backwards, but I still don't like the regex being that lax. Anyway, from the aforementioned method, I can see you can get the location from the request object $r->location, why not just use that as a prefix to your regex as is done in said method?

Well, duh! :-D

I spent a while on the Apache site trying to find the appropriate method and I just found it after reading your post and checking that function. Here.

OK, I'll get on it :-).

Antonio García-Domínguez wrote:

The only caveat is that the path in the <Location> block cannot have a trailing slash. I have modified the documentation at the beginning of the file to mention this.

Again referencing the already existing commit, why not just m{^$location/*[^/]+/[^/]*git\-receive\-pack$}o?

Felix Schäfer wrote:

Again referencing the already existing commit

And by commit I mean function x_X

If http://myserv.er/my/location/project-identifier/info/refs?service=git-receive-pack really is the only path that git needs to read from the repo, this should work :-) I'll try to install it on my redmine later on.

Felix Schäfer wrote:

If http://myserv.er/my/location/project-identifier/info/refs?service=git-receive-pack really is the only path that git needs to read from the repo, this should work :-) I'll try to install it on my redmine later on.

And http://myserv.er/my/location/project-identifer/git-receive-pack, don't forget :-).

The patch works great, maybe the messages could be somewhat unified though: not being in a private project yields "fatal: Authentication failed" while being in the project and not having commit access yields "error: Cannot access URL https://git.fachschaften.org/sandbox-git/, return code 22 fatal: git-http-push failed".

I agree with you, but I'm not a Git developer :-/. That's why I placed those instructions in the documentation of Redmine.pm. Perhaps we could add your remarks as a small troubleshooting section?

No, it's just a minor annoyance, we can dig in back later if this really becomes a problem.

If the patch is OK, do you think it could be merged to trunk sometime in the near future? If possible, I'd like to stop having to juggle it around every time I update Redmine :-/.

That's Eric's or JPLang's call :-)

Eric, this patch floats my boat and it looks good to me, there's even some documentation to it ;-) Anything more you need to include it?

Hi,

I'm stuck by an error when trying to do anything with the last patch. I've followed the related documentation.

$ git clone http://my.hostname/test
Cloning into test...
fatal: http://my.hostname/test/info/refs not found: did you run git update-server-info on the server?

Run the command did nothing and the config.ru file looks good (checked).

• git 1.7.2.1.44.g721e7
• redmine 1.0.0

Any idea?

Nicolas Sebrecht wrote:

Any idea?

Please visit the forums (or IRC, I'm thegcat over there) for configuration help. Please also include some more information about your setup, thanks.

Felix Schäfer wrote:

Please visit the forums (or IRC, I'm thegcat over there) for configuration help. Please also include some more information about your setup, thanks.

The thread http://www.redmine.org/boards/2/topics/15962 did help me. I was missing the trailing "/public" for the DocumentRoot field in my apache virtualhost.

Thanks.

Hi,

I'm interested on this patch. However I'm confused. There 9 patch files.

Which one should I use?

Can anyone please remove the deprecated patches, or mark them somehow?

Hi Enrique,

I would love to do something about the old patches, but I can't :-(. In any case, you should use the very last one (the 2010-07-20 10:03 one).

I finally got this working, but here's the problem:

Redmine allows you to name your git repo anything, but Redmine.pm script assumes that the repo name is the same as the name of the project identifier.

So, I was trying to make it work with a project with identifier "testr" and a repo called "/repo/testrepo.git"

And I kept getting 401, and I couldn't figure out why.

Finally I figured out I needed to create a symlink /repo/testr to /repo/testrepo.git and suddenly it worked.

So, there's you're workaround if you're experiencing this problem.

I don't know if I can do a patch on my own, but here's a start:

sub get_project_identifier {
    my $r = shift;

    my $location = $r->location;
    $location =~ /http://[^/]*/(.*)/refs/;
    my $repo = $1;

#not sure how to do SQL in perl, but something like:
#select project_id from repositories where url='$repo';

    return $project_id;
}

select project_id from repositories where url='/repo/testrepo.git';

michael fox wrote:

[…] Redmine.pm script assumes that the repo name is the same as the name of the project identifier.

The svn version does, and so does the patch.

Ok. Maybe you'll like this one better.

I was having a problem where a user that was not authorized to commit was able to commit anyway.

I traced it back to this regular expression:

my $is_read_only = $uri !~ m{^$location/*[^/]+/(info/refs\?service=)?git\-receive\-pack$}o;

The problem occurs when there is an extra slash like:

"GET /repo/testr//info/refs?service=git-receive-pack HTTP/1.1" 

Then, somehow according to the logic of the script, it is okay for that person to commit.

This slight change fixes the problem (+ after the / before info):

my $is_read_only = $uri !~ m{^$location/*[^/]+/+(info/refs\?service=)?git\-receive\-pack$}o;

Hi, i think that patch works great with simple projects, but it doesn't work with nested projects, if i have a principal project called project1, and create a second project called project2 as a subproject of project1, then, in my directory's repository i use project1/project2 as a git repository but, when i do "git push origin master" from a remote host i get:

error: Cannot access URL http://user@server.example.com/git/project1/project2/, return code 22
fatal: git-http-push failed

Maybe i'm doing something wrong?

Christian Gutierrez wrote:

Maybe i'm doing something wrong?

1. you shouldn't checkout a repository into another repository,
2. the URLs must all be protocol://host/location/identifier, where identifier is the identifier of the project.

In your case, I think the authentication bit will only work if you put the repository for project2 to http://user@server.example.com/git/project2/.

Felix, thanks for your reply, it works with symbolic links.

Hello,

I am trying to apply this patch to the current latest release of Redmine (1.1.2). But the only result I get is the following message :
Only garbage was found in the patch input.
So I guess the patch is incompatible with this release. Is there a way to fix this ?

Thanks,

I get the issue that several Hunk (1 through 8) failed

Thanks Antonio. I was using "patch -p1 < the_patch_file". Using "git apply" worked for me.

Hello,

I followed the instructions for smart git http integration and applied 0001-merged-LeeF-s-patch-with-Michael-Fox-s-security-fix.patch on my redmine 1.0.1. When I try to access git.mydomain.com, I get the following message in my Apache error log:

Use of uninitialized value $identifier in substitution (s///) at /usr/lib/perl5/Apache/Redmine.pm line 486
I suppose this variable is not nicely initialized in the preceding instruction...

Could you please help me ? Thank you

Fabrice

Are you simply trying to visit http://git.mydomain.com or http://git.mydomain.com/? That won't work: the auth code expects URLs to start with something like http://git.mydomain.com/myproject, where myproject is your project's ID. By the way, you can't really browse through the URLs for smart HTTP access for Git with a regular browser, like SVN: you need to use a proper Git client.

According to the patch, the code around line 486 is this:

    my $location = $r->location;
    my ($identifier) = $r->uri =~ m{$location/*([^/]+)};
    $identifier =~ s/\.git//;
    $identifier;

If you get that error in line 486 ($identifier =~ s/\.git//;), that's because $identifier wasn't initialized in the previous line. That can only be if the URI does not match the $location/*([^/]+) regexp, and I can only think of two URLs which do not match that regexp: http://git.mydomain.com and http://git.mydomain.com/.

Hey,

I had this working for a long time. But recently i changed something and don't know exactly what i did wrong, so i tried a clean installation of redmine to test but can't seem to get it to work anymore. I followed this guide HowTo_configure_Redmine_for_advanced_git_integration and only implemented the basic access so no authentication is required but i keep getting 401 errors.

This is what i get on the client side:

$ git ls-remote http://git.website.com/duneinterface
error: The requested URL returned error: 401 while accessing http://git.website.com/duneinterface/info/refs

fatal: HTTP request failed

In this is what i see in the logs

ip - - [07/Apr/2011:14:17:34 +0200] "GET /duneinterface/info/refs?service=git-upload-pack HTTP/1.1" 401 283 "-" "git/1.7.0.2.msysgit.0.14.g956d7" 
ip - - [07/Apr/2011:14:17:35 +0200] "GET /duneinterface/info/refs HTTP/1.1" 401 283 "-" "git/1.7.0.2.msysgit.0.14.g956d7" 

Those URLs are read-only, according to the patch. They should only produce 401 errors if the project is private and you haven't set up the appropriate files with your credentials (see the instructions at the beginning of the patch), or if you don't have read access to the project.

Love the patch! Would really like to see this be a standard feature!!!

Hi, love this patch and works perfectly if accessing git repositories from http://git.mydomain.com/myrepo.git, but what about if i want my repos to be accessible from a subdir like http://git.mydomain.com/git/myrepo.git ?
Can anyone explain how to modify Redmine.pm to do so please ?
Thanks a lot ... :)

Loïs PUIG wrote:

Can anyone explain how to modify Redmine.pm to do so please ?
Thanks a lot ... :)

You don't need to modify Redmine.pm for it, change your apache config to say <Location /git/> instead of <Location />.

Thanks for your help :)

You don't need to modify Redmine.pm for it, change your apache config to say <Location /git/> instead of <Location />.

Well i did, and i'm allowed to access my repos with this config

SetEnv GIT_PROJECT_ROOT /srv/gitosis/repositories
SetEnv GIT_HTTP_EXPORT_ALL
AliasMatch ^/git/(.*/objects/[0-9a-f]{2}/[0-9a-f]{38})$ /srv/gitosis/repositories/$1
AliasMatch ^/git/(.*/objects/pack/pack-[0-9a-f]{40}.(pack|idx))$ /srv/gitosis/repositories/$1
ScriptAlias /git/ /usr/lib/git-core/git-http-backend/
<Location /git>
    Options All
    AllowOverride All
    Order allow,deny
    Allow from all
</location>

but not with this one

PerlLoadModule Apache::Redmine
SetEnv GIT_PROJECT_ROOT /srv/gitosis/repositories
SetEnv GIT_HTTP_EXPORT_ALL
AliasMatch ^/git/(.*/objects/[0-9a-f]{2}/[0-9a-f]{38})$ /srv/gitosis/repositories/$1
AliasMatch ^/git/(.*/objects/pack/pack-[0-9a-f]{40}.(pack|idx))$ /srv/gitosis/repositories/$1
ScriptAlias /git/ /usr/lib/git-core/git-http-backend/
<Location /git>
    Options All
    AllowOverride All
    AuthType Basic
    AuthName "Redmine git repositories" 
    Require valid-user
    PerlAccessHandler Apache::Authn::Redmine::access_handler
    PerlAuthenHandler Apache::Authn::Redmine::authen_handler
    RedmineDSN "DBI:mysql:database=redmine;host=localhost" 
    RedmineDbUser "redmine" 
    RedmineDbPass "mypassword" 
    RedmineGitSmartHttp yes
</location>

ig get

Use of uninitialized value $identifier in substitution (s///) at /usr/lib/perl5/Apache/Redmine.pm line 486.\n

Any ideas ?

Antonio García-Domínguez wrote:

the auth code expects URLs to start with something like http://git.mydomain.com/myproject, where myproject is your project's ID.

Loïs PUIG wrote:

Any ideas ?

Redmine.pm expects the path part of the URL to be $LOCATION/$PROJECT_NAME, so your stuff should work if you have a project with the identifier myrepo. If you have and it doesn't work (notice: being admin doesn't give you special rights, you must explicitly be a member of the project and have repo read rights), try <Location /git/> instead of <Location /git>.

try <Location /git/> instead of <Location /git>.

It wasn't that but i finally got it !! I needed to add the following line to the location directive

    Order allow,deny
    Allow from all

and now it works perfectly... Here is the config..

PerlLoadModule Apache::Redmine
SetEnv GIT_PROJECT_ROOT /srv/gitosis/repositories
SetEnv GIT_HTTP_EXPORT_ALL
AliasMatch ^/git/(.*/objects/[0-9a-f]{2}/[0-9a-f]{38})$ /srv/gitosis/repositories/$1
AliasMatch ^/git/(.*/objects/pack/pack-[0-9a-f]{40}.(pack|idx))$ /srv/gitosis/repositories/$1
ScriptAlias /git/ /usr/lib/git-core/git-http-backend/
<Location /git>
    Options None
    AllowOverride None
    Order allow,deny
    Allow from all
    AuthType Basic
    AuthName "Redmine git repositories" 
    Require valid-user
    PerlAccessHandler Apache::Authn::Redmine::access_handler
    PerlAuthenHandler Apache::Authn::Redmine::authen_handler
    RedmineDSN "DBI:mysql:database=redmine;host=localhost" 
    RedmineDbUser "redmine" 
    RedmineDbPass "mypassword" 
    RedmineGitSmartHttp yes
</location>

Anyway a big thanks for your bloody quick support, i really appreciated feeling being supported.. Long life to Redmine, a damn nice App!!

Hi,

I am running Redmine version: Redmine 1.1.3.devel.5759 from redmine trunk and git version 1.7.4.1 on ubuntu natty.
I am not using gitosis or gitolite, but creating the repositories with reposman and serving them with git-http-backend as described in http://www.redmine.org/projects/redmine/wiki/HowTo_configure_Redmine_for_advanced_git_integration.

I applied 0001-merged-LeeF-s-patch-with-Michael-Fox-s-security-fix-redminetrunk.patch on Redmine.pm.

I have the following Virtualhost configuration, inspired by the one posted by Loïs PUIG:

<VirtualHost *:80>
    ServerName git.thimios-host.thimios.com

        ErrorLog /var/log/githosting/error.log
        CustomLog /var/log/githosting/access.log combined

    PerlLoadModule Apache::Redmine
    SetEnv GIT_PROJECT_ROOT /home/thimios/Work/repositories/git
    SetEnv GIT_HTTP_EXPORT_ALL
    AliasMatch ^/git/(.*/objects/[0-9a-f]{2}/[0-9a-f]{38})$ /home/thimios/Work/repositories/git/$1
    AliasMatch ^/git/(.*/objects/pack/pack-[0-9a-f]{40}.(pack|idx))$ /home/thimios/Work/repositories/git/$1
    ScriptAlias /git/ /usr/lib/git-core/git-http-backend/
    <Location /git>
        Options None
        AllowOverride None
        Order allow,deny
        Allow from all
        AuthType Basic
        AuthName "Redmine git repositories" 
        Require valid-user
        PerlAccessHandler Apache::Authn::Redmine::access_handler
        PerlAuthenHandler Apache::Authn::Redmine::authen_handler
        RedmineDSN "DBI:mysql:database=redmine;host=localhost" 
        RedmineDbUser "redmine" 
        RedmineDbPass "r3dm1n3" 
        RedmineGitSmartHttp yes
    </location>
</VirtualHost>

But, when I try to clone a repository, I get the following error:

thimios@thimios-host:/tmp$ git clone http://git.thimios-host.thimios.com/test1
Cloning into test1...
error: The requested URL returned error: 501 while accessing http://git.thimios-host.thimios.com/test1/info/refs

fatal: HTTP request failed

There is a warning when restarting apache:

[warn] Useless use of AllowOverride in line 17 of /etc/apache2/sites-enabled/githostinghttpbackend

There is nothing in the apache logs. It shouldn't be a permissions problem, since www-data user has read-write access to the complete directory tree of the repository. Any ideas about what the problem could be or where to look for more debugging info?

thanks a lot

Sorry for the late reply :-(. Have you tried changing the LogLevel to something a bit more verbose, like "info"?

Just a quick heads up: what are the chances of integrating this patch into trunk in the near future? I've been applying it since Redmine 0.8.x, and it's worked pretty well for me. It also seems to be used by quite a few people, judging from the comments here.

Hi,
thanks a lot for this, I highly appreciate it :-)
Just did an test installation with Redmine on Ubuntu 11.10 Server and this git integration is great :)

Two Questions left:
Has someone gone a step further and automated the initialization of the git repository on creation of a new project in redmine? And wiring the repository path to the new project? That would be just perfect :)

I'm planning to use this setup with SSL . I hope it would be just activating HTTPS/SSL in Apache. Would you expect more difficulties?

Would love to see this in the main release :)
Thanks a lot for your work!

Markus Schlichting wrote:

thanks a lot for this, I highly appreciate it :-)
Just did an test installation with Redmine on Ubuntu 11.10 Server and this git integration is great :)

I'm glad you like it :-).

Two Questions left:
Has someone gone a step further and automated the initialization of the git repository on creation of a new project in redmine? And wiring the repository path to the new project? That would be just perfect :)

I think you can automate that, using reposman.rb with the proper options. Look at HowTo Automate repository creation for hints. There are a few undocumented options for reposman.rb that have to do with Git, I think. The only limitation is that you cannot generate both SVN and Git repositories automatically: you have to pick between SVN or Git.

I'm planning to use this setup with SSL . I hope it would be just activating HTTPS/SSL in Apache. Would you expect more difficulties?

Not really, but remember to disable weak ciphers and SSL 2.0. For instance, I use this in my Apache virtual host:

SSLCipherSuite HIGH:MEDIUM
SSLProtocol all -SSLv2

Make sure your ~/.netrc is only readable by your own user account and nobody else. Oh, and if you use a self-signed certificate or your CA is not in /etc/ssl/certs (or wherever your OpenSSL CA certificate store is), you'll probably have to tell Git not to verify the chain of trust of the certificate using something like git config --global http.sslVerify no.

Markus Schlichting wrote:

Two Questions left:
Has someone gone a step further and automated the initialization of the git repository on creation of a new project in redmine? And wiring the repository path to the new project? That would be just perfect :)

As Antonio said, you can use reposman, or the redmine_scm plugin

I'm planning to use this setup with SSL . I hope it would be just activating HTTPS/SSL in Apache. Would you expect more difficulties?

Except the "sslVerify no" part (I wouldn't set this globally…) for self-signed certificates, it should all work well.

Hi,

The last version of the patch :
0001-merged-LeeF-s-patch-with-Michael-Fox-s-security-fix-redminetrunk.patch

doesn't work on the 1.3.0 version of Redmine :

patch < ~/0001-merged-LeeF-s-patch-with-Michael-Fox-s-security-fix-redminetrunk.patch
patching file Redmine.pm
Hunk #2 succeeded at 219 with fuzz 1.
Hunk #3 succeeded at 261 (offset 1 line).
Hunk #5 succeeded at 313 (offset 1 line).
Hunk #6 FAILED at 431.
Hunk #7 FAILED at 450.
Hunk #8 succeeded at 509 with fuzz 1 (offset 25 lines).
2 out of 8 hunks FAILED -- saving rejects to file Redmine.pm.rej

expected :
- if ($hashed_password eq $salted_password && ((defined $read_only_methods{$method} && $permissions =~ /:browse_repository/) || $permissions =~ /:commit_access/) ) {
found :
if ($hashed_password eq $salted_password && (($access_mode eq "R" && $permissions =~ /:browse_repository/) || $permissions =~ /:commit_access/) ) {

for information : line 441
my $access_mode = request_is_read_only($r) ? "R" : "W";

I would suggest to update this line to :
my $access_mode = defined $read_only_methods{$r->method} ? "R" : "W";

Could anyone confirm or update the patch ?

Best,

Hervé Leroux

my mistake, you should have read the following :
for information : line 441
my $access_mode = defined $read_only_methods{$r->method} ? "R" : "W";

I would suggest to update this line to :
my $access_mode = $request_is_read_only($r) ? "R" : "W";

Thanks. It works.

Funny things is I went through the code and mislooked this type even though I remember I spot on that!

Miloš

Hi,

just installed the latest patch and started a few tests with it. Now a registered user has access to all git repositories (just needs to know the repo-name).
I played around with Redmine + Git + this patch a few weeks before and if I remember correct, then users needed to be assigned to a project + has to have a least a developer role.
Is this correct or did this change?

Cheers,
derkaan

der kaan wrote:

just installed the latest patch and started a few tests with it. Now a registered user has access to all git repositories (just needs to know the repo-name).
I played around with Redmine + Git + this patch a few weeks before and if I remember correct, then users needed to be assigned to a project + has to have a least a developer role.
Is this correct or did this change?

It depends on whether it's a public project or not. Basically, we're reusing the same logic Redmine uses for SVN repositories, but instead of looking at the HTTP method, we look at the URL to be served by the Git smart-http handler. To sum it up:

• Public projects: anyone can fetch, but only members with write access can push.

• Private projects: only members with read access can fetch, and only members with write access can push.

Do you mean that any registered user can push without having write access, and that any registered user can fetch from a private project without having read access? In that case, it'd be a regression. Could you try the same with SVN repositories?

If it happens with SVN repos as well, that'd be a regression in the original Redmine.pm, and you'd need to report it as a separate bug.

If it only happens with Git repositories, then maybe something changed in the URLs served by Git's smart-http protocol. Could you please indicate which versions of Git are you using at the client and server sides?

Thanks for the perfect info + Setting the project to private solved my issue.

I don't think the latest patch is working for Redmine v1.4.0 for multiple repos per project. But even the SVN itself is not working. I've asked about it at http://www.redmine.org/boards/2/topics/30043.

p/s: The patch is also throwing some error due to the latest changes for Redmine.pm (https://github.com/edavis10/redmine/commit/f071b39d268a52aca556782aadadef7856158d31#extra/svn/Redmine.pm)

aurorius woot wrote:

I don't think the latest patch is working for Redmine v1.4.0 for multiple repos per project. But even the SVN itself is not working. I've asked about it at http://www.redmine.org/boards/2/topics/30043.

p/s: The patch is also throwing some error due to the latest changes for Redmine.pm (https://github.com/edavis10/redmine/commit/f071b39d268a52aca556782aadadef7856158d31#extra/svn/Redmine.pm)

Have you seen this paragraph on your second link?

A projet repository must be named with the projet identifier. In case
of multiple repositories for the same project, use the project identifier
and the repository identifier separated with a dot:

  /var/svn/foo
  /var/svn/foo.otherrepo

Seems like using sample.svn1 and sample.svn2 instead of sample-svn1 and sample-svn2 should work.

I'll try to update the patch in a bit :-).

Oh my, I didn't read about it properly, I'm too focus on the changes at the 410th line. It's actually working right now. Thanks a lot for the fast reply.

Antonio García-Domínguez wrote:

In any case, here is an updated patch :-). If you could try it out on a fresh Redmine install, it'd be great. I don't have any Redmine 1.4.0 installations over here.

That's fast, lol. BTW, I don't a fresh Redmine installation at the moment, sorry about that. But the good news is that the patch does work for my current Redmine v1.4.0. Things that I've tested:

1. git clone http://git.server/myrepo.git
2. git pull and push are working correctly
3. git clone http://username@git.server/myrepo.git also works
4. svn checkout and commit is also working
5. also works for a project with one svn and one git repo under the project
6. all authentications come from the Redmine itself.

This is my httpd-vhosts.conf, maybe it can help someone in the future:

<VirtualHost *:80>
  ServerName git.myserver
  DocumentRoot /opt/git

  SetEnv GIT_PROJECT_ROOT /opt/git
  SetEnv GIT_HTTP_EXPORT_ALL
  SetEnv REMOTE_USER=$REDIRECT_REMOTE_USER

  ScriptAlias / /usr/libexec/git-core/git-http-backend/
  AliasMatch ^/(.*/objects/[0-9a-f]{2}/[0-9a-f]{38})$          /opt/git/$1
  AliasMatch ^/(.*/objects/pack/pack-[0-9a-f]{40}.(pack|idx))$ /opt/git/$1

  PerlLoadModule Apache::Redmine

  ScriptAliasMatch \
    "(?x)^/(.*/(HEAD | \
    info/refs | \
    objects/(info/[^/]+ | \
        [0-9a-f]{2}/[0-9a-f]{38} | \
        pack/pack-[0-9a-f]{40}\.(pack|idx)) | \
    git-(upload|receive)-pack))$" \
    /usr/libexec/git-core/git-http-backend/$1

  <Directory /usr/libexec/git-core/>
    Options +ExecCGI
    Allow From All
  </Directory>

  <Location "/">
    AuthType Basic
    AuthName "Redmine Git repositories" 
    Require valid-user

    PerlAccessHandler Apache::Authn::Redmine::access_handler
    PerlAuthenHandler Apache::Authn::Redmine::authen_handler

    RedmineDSN "DBI:mysql:database=redmine;host=localhost" 

    RedmineDbUser "redmine" 
    #RedmineDbPass "password" 
    RedmineGitSmartHttp yes
  </Location>
</VirtualHost>

I'm planning to write a full tutorial for this implementation (when I have the time). Anyway, thanks a lot for the fast reply (again) XD

Edwin Mckain wrote:

Hey everyone!

I'm still a newbie with Redmine, and I want to patch my Redmine.pm file, I'm using Redmine 1.4.1.

I already downloaded the last path (Redmine.pm-update-patch-4905-to-Redmine-1.4.0.patch) I put it into my /redmine folder (where the test, extra folders are).

I'm trying to patch it using the following command:

patch -p1 <Redmine.pm-update-patch-4905-to-Redmine-1.4.0.patch

but it is not working these are the messages that I receive:

patching file extra/svn/Redmine.pm
Hunk #1 FAILED at 102.
Hunk #2 FAILED at 151.
Hunk #3 FAILED at 188.
Hunk #4 FAILED at 204.
Hunk #5 FAILED at 212.
Hunk #6 FAILED at 338.
6 out of 6 hunks FAILED -- saving rejects to file extra/svn/Redmine.pm.rej

What am I doing wrong?

Thanks in advance!

BTW I'm following this tutorial in order to automated Git with Redmine on CentOS 6.2, here is the link:

http://www.dreu.info/blog/install-redmine-with-automated-git-on-centos-redhat/

My patch is based on Redmine.pm-update-patch-4905-to-Redmine-1.4.0.patch.
At least, it doesn't work with git sub repositories.

This issues is discussed long time. I wonder why you don't apply
git-http-backend feature. I always confused git-http-backend when
every upgrade. Maybe all of the users who use git-http-backend are same.

Takashi Okamoto wrote:

At least, it doesn't work with git sub repositories.

Did you read note-72 ?

This issues is discussed long time. I wonder why you don't apply
git-http-backend feature. I always confused git-http-backend when
every upgrade. Maybe all of the users who use git-http-backend are same.

Because I don't use git mainly.
And there is no test of Redmine.pm.
source:trunk/test

ChiliProject imported this issue patch.
https://www.chiliproject.org/issues/245
But, there is a few feedback to ChiliProject.

If many uses want to import this patch, it maybe to able to import it.
But I don't know that JPL wants it.

How do you define many? Git is gaining significant users over the past few years especially with the pricy Github. I'd really love (maybe others too), to see this patch to be made official without having to reply to this thread everytime a new version is released. But of course, I'm not good enough to develop it, if there's anything a normal dev can do about ths feature, just post it.

aurorius woot wrote:

How do you define many?

#61 had many feedback and many watchers.
This issue is lesser than #61.

Toshi MARUYAMA wrote:

Redmine trunk r9557 supports multiple scms.
I don't know why note-79 patch uses SQL "like".
DOT is confused with bare repository ".git".
This is a patch to strip ".git".

I had assumed that the regexp in line 411 already did that:

my ($identifier) = $r->uri =~ m{$location/*([^/.]+)};

Shouldn't that implicitly strip anything after the first dot? The character class is negated, so /foo.something/bar or /foo.git/bar should be both matched to the "foo" identifier cleanly. That's why I dropped the line that stripped the ".git" suffix.

According to note 75, the patch from note 74 worked as-is (and worked on the 1.4.0 sources at the time).

Takashi Okamoto: why did you switch to using a SQL query? Wouldn't that retrieve the project's name (and not its short ID)? I'm a bit confused.

Edwin Mckain wrote:

BTW I'm following this tutorial in order to automated Git with Redmine on CentOS 6.2, here is the link:

http://www.dreu.info/blog/install-redmine-with-automated-git-on-centos-redhat/

I'm sorry to hear that, but I can't seem to reproduce the issue :-/. I just applied the patch from note 74 cleanly on top of Redmine 1.4.1, using

patch -p1 < Redmine.pm-update-patch-4905-to-Redmine-1.4.0.patch

Toshi MARUYAMA wrote:

aurorius woot wrote:

How do you define many?

#61 had many feedback and many watchers.
This issue is lesser than #61.

But there are issues such as #3831 and others with low feedbacks that has been accepted into the trunk. Maybe put this issue as a candidate for the next major release?

aurorius woot wrote:

Toshi MARUYAMA wrote:

aurorius woot wrote:

How do you define many?

#61 had many feedback and many watchers.
This issue is lesser than #61.

But there are issues such as #3831 and others with low feedbacks that has been accepted into the trunk. Maybe put this issue as a candidate for the next major release?

• source:tags/1.4.1/test/unit/lib/redmine/scm/adapters/git_adapter_test.rb
• source:tags/1.4.1/lib/redmine/scm/adapters/git_adapter.rb#L393

PDF plugin is not maintained, but Redmine contains all sources.
source:tags/1.4.1/vendor/plugins/rfpdf
And many patches are posted to redmine.org.

If git smart http protocol changes behavior,
who can maintain without test?

Hi,
I follow all this "tutorial". But when I am trying login server is request it again and again. Seems like bad login/pass, but I am sure that login and pass are correct.
I have redmine 1.3.3, patch for redmine.pm v1.3.0 - maybe this is error.

Can you help me?

AndzinSan Dono wrote:

I follow all this "tutorial". But when I am trying login server is request it again and again. Seems like bad login/pass, but I am sure that login and pass are correct.
I have redmine 1.3.3, patch for redmine.pm v1.3.0 - maybe this is error.

Can you help me?

Sorry for the delay, I was off on a trip. Have you checked that you're a member of the project with the appropriate access level, and that the repository is available at /svn/short_project_id? To avoid leaking unwanted information, the authentication hook will not report any of these problems, but simply reject your authentication attempt.

Antonio García-Domínguez wrote:

Sorry for the delay, I was off on a trip. Have you checked that you're a member of the project with the appropriate access level, and that the repository is available at /svn/short_project_id? To avoid leaking unwanted information, the authentication hook will not report any of these problems, but simply reject your authentication attempt.

I fix it, but now I dont remember how :D

Toshi MARUYAMA wrote:

Redmine core feature has test.
So, we can maintain if git changes behavior.

• source:tags/1.4.1/test/unit/lib/redmine/scm/adapters/git_adapter_test.rb
• source:tags/1.4.1/lib/redmine/scm/adapters/git_adapter.rb#L393

[...]

If git smart http protocol changes behavior,
who can maintain without test?

But does Redmine.pm have tests for other SCMs? (e.g., subversion). For that you would need to actually execute the external SCM client applications to perform queries against a test server properly configured with apache, redmine and Redmine.pm. After a quick look at the project, I couldn't find such tests.

What I mean is that adding git smart-server support into Redmine.pm has the same amount of tests than the current Redmine.pm for subversion (as far as I could see). Of course, I can understand that the main developers of Redmine could feel uncomfortable by accepting a patch for a feature that none of them is using and that has no regression test.

I've started writing automated tests for Redmine.pm (r9826). They run against a running Apache+mod_perl+mod_dav_svn. They're not yet part of the CI server but they should be as soon as possible.

Could someone have a look at these tests and provide similar tests for git (at least one that do read operations like #test_read_commands and one that writes like #test_write_commands) so that this patch could finally get merged. No matter if you're not able to actually run them, a draft will be fine.

I guess I have to install the git-http-backend CGI to actually run tests with the smart HTTP protocol?

This is the snippet for the apache configuration I have for my VirtualHost:

    SetEnv GIT_PROJECT_ROOT /home/code/git
    SetEnv GIT_HTTP_EXPORT_ALL 1
        ScriptAliasMatch \
                "(?x)^/git/(.*/(HEAD | \
                                info/refs | \
                                objects/(info/[^/]+ | \
                                         [0-9a-f]{2}/[0-9a-f]{38} | \
                                         pack/pack-[0-9a-f]{40}\.(pack|idx)) | \
                                git-(upload|receive)-pack))$" \
                /usr/lib/git-core/git-http-backend/$1
    ScriptAlias /git/ /usr/lib/cgi-bin/gitweb.cgi/
    AliasMatch ^/gitweb/$ /dev/null

    <Location /git>
        AuthType Basic
        AuthName "Project membership authentication" 
        Require valid-user

        PerlAccessHandler Apache::Authn::Redmine::access_handler
        PerlAuthenHandler Apache::Authn::Redmine::authen_handler
        RedmineDSN "DBI:mysql:database=redmine_default;host=127.0.0.1" 
        RedmineDbUser "redmine" 
        RedmineDbPass "..." 
        RedmineCacheCredsMax 50
        RedmineGitSmartHttp yes
    </Location>

The ScriptAlias line is just to divert all non-git operations to the gitweb CGI, and the previous ScriptAliasMatch diverts relevant operations to the smart server (which comes with the git package itself in Debian). I'm not sure if this setup is exactly the same as shown in the current Redmine docs.

I also have the configs for Bazaar and Mercurial (and Subversion) if you want to try.

I also have Redmine 2.0.3 and I tried many patches for Git's smart HTTP protocol but none works.

I noticed that my Redmine.pm file is empty!

I have the following errors:

patching file Redmine.pm
Hunk # 1 FAILED at 93.
Hunk # 2 FAILED at 142.
Hunk # 3 FAILED at 179.
Hunk # 4 FAILED at 195.
Hunk # 5 FAILED at 203.
Hunk # 6 FAILED at 329.
Hunk # 7 FAILED at 400.
7 out of 7 hunks FAILED - saving rejects to file Redmine.pm.rej

What does it mean "You need to cherry-pick all related revisions from trunk to 2.0-stable."?

which patch file is suitable for version 1.4.4? I've tried Redmine.pm-update-patch-4905-to-Redmine-1.4.1-support-multiscm-2.patch but this one doesn't seems to work (constant authentication failed)

I have tested Redmine.pm-1.4.4-based-on-1.4.1-multiscm-2--improved2.patch and seems to be broken sometimes with multiple repositories per project.

The apache logs show this:

DBD::Pg::st execute failed: ERROR:  more than one row returned by a subquery used as an expression at /usr/lib/perl5/Apache2/Redmine.pm line 533.
DBD::Pg::st fetchrow_array failed: no statement executing at /usr/lib/perl5/Apache2/Redmine.pm line 537.

The repositories actually in my project are those:

SCM         Identifier Main repository Repository
Mercurial   eraikin     *              /var/local/hg/eraikin
Git         eraikingit                 /var/local/git/eraikin

It works fine for projects with only one repository :-)

Works for my configuration:

Git  wizzan                /var/lib/gitolite/repositories/wizzan.git/ 
Git  wizzan-external-code  /var/lib/gitolite/repositories/wizzan-external-code.git/

But you can try the following: Change line 530 of your Redmine.pm from

SELECT identifier FROM projects WHERE id = (SELECT project_id FROM repositories WHERE url LIKE ? OR url LIKE ? OR url LIKE ? OR url LIKE ?);

to

SELECT identifier FROM projects WHERE id IN (SELECT project_id FROM repositories WHERE url LIKE ? OR url LIKE ? OR url LIKE ? OR url LIKE ?);

Turn the = into an IN.

If that fixes your problem. I'll update the patch.

I have tested again and works.

It seems the patch was fine from the start, I just misunderstood and tried to access the repositories using the identifier, not the url :-/

Thanks for the fast response!

After updating redmine from 1.4.7 to 2.3.1 i can't access (clone) my git repos.

error: The requested URL returned error: 500 while accessing https://<user>@<server>/git/<projectid>/info/refs
fatal: HTTP request failed

The Apache log shows

[Mon May 06 14:26:27 2013] [error] [client <ip>] No Authn provider configured
[Mon May 06 14:26:27 2013] [error] [client <ip>] No Authn provider configured

The apache/git config meets the requirements described in the header of Redmine.pm.

Is anybody out there running a working Redmine.pm(from V2.3) with Git?
Any ideas/recommendation?

Thanks a lot

Replacing DECLINED with AUTH_REQUIRED seems to solve the problem

#11475 gave me the hint ....