[Cryptech Tech] Some problems with the repo access

Rob Austein sra at hactrn.net
Fri Feb 14 00:49:31 UTC 2014


At Mon, 10 Feb 2014 16:51:03 -0500, Rob Austein wrote:
> At Mon, 10 Feb 2014 22:10:45 +0100, Linus Nordberg wrote:
> > 
> > Do we provide git over https?
> 
> Not yet.  I was holding off on that until we had the core services up.

I added read-only access a few days ago, forgot to announce.

https://cryptech.is/git/blarg.git should give read-only access to the
same repository as git at cryptec.is:blarg.git.

Note that neither the /git directory nor its subdirectories are
searchable.  This is sort-of deliberate (read: in a locked-down Apache
configuration I don't enable things like mod_autoindex unless there's
a real need).  Since the main web site is the Trac Wiki, this does not
strike me as a problem.  HTTP(S) access to the gitolite-admin.git
repository is blocked, on purpose.

We might want to arrange that attempts to probe the /git directory
directly land on some Wiki page of our choosing.  Let me know if
anybody wants this.

In theory, we could hack the Apache config so that attempts to peek
inside a particular git repository using HTTP(S) will instead display
that repository's "description" file.  I haven't bothered yet, nor
will I unless somebody wants this.

Basic model I'm assuming is that repositories we want the public to
know about will be listed by URL somewhere in the Wiki.   I'm not
really trying to hide the others (insert security through obscurity
rant here), just avoid airing the developers' laundry in public.

I have not yet ripped out the Mercurial support, but may do that at
some point if nobody expects to use it.



More information about the Tech mailing list