summaryrefslogtreecommitdiffstats
path: root/conf
diff options
context:
space:
mode:
authorLukas Fleischer <archlinux@cryptocrack.de>2014-06-04 22:11:43 +0200
committerLukas Fleischer <archlinux@cryptocrack.de>2014-12-27 12:42:12 +0100
commitad17b9e2b4bebcf744129ed5a1a2c6e544d42739 (patch)
tree791ee08db4c1759d89660bc1c90dd867e2662d91 /conf
parent253e76d8cc718acef6bab802c76c4a70623b59cc (diff)
downloadaurweb-ad17b9e2b4bebcf744129ed5a1a2c6e544d42739.tar.xz
Add basic Git authentication/authorization scripts
This adds two scripts to be used together with Git over SSH: * git-auth.py is supposed to be used as AuthorizedKeysCommand. It checks whether the public key belongs to any AUR user and invokes git-serve.py, passing the name of the corresponding user as a command line argument, if any. * git-serve.py is a wrapper around git-shell(1) that checks whether the user passed as command line argument has access to the Git repository that a push operation writes to. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Diffstat (limited to 'conf')
-rw-r--r--conf/config.proto11
1 files changed, 11 insertions, 0 deletions
diff --git a/conf/config.proto b/conf/config.proto
index f00b352..13cafe0 100644
--- a/conf/config.proto
+++ b/conf/config.proto
@@ -26,3 +26,14 @@ max_rpc_results = 5000
aur_request_ml = aur-requests@archlinux.org
request_idle_time = 1209600
auto_orphan_age = 15552000
+
+[auth]
+key-prefixes = ssh-rsa ssh-dss ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521 ssh-ed25519
+username-regex = [a-zA-Z0-9]+[.\-_]?[a-zA-Z0-9]+$
+git-serve-cmd = /srv/http/aur/scripts/git-integration/git-serve.py
+ssh-options = no-port-forwarding,no-X11-forwarding,no-pty
+
+[serve]
+repo-base = /pub/git/
+repo-regex = [a-z0-9][a-z0-9.+_-]*$
+git-shell-cmd = /usr/bin/git-shell