aboutsummaryrefslogtreecommitdiffstats
path: root/cmd/git-lfs-authenticate/main.c
diff options
context:
space:
mode:
authorLibravatar Rutger Broekhoff2023-12-29 20:29:22 +0100
committerLibravatar Rutger Broekhoff2023-12-29 20:29:22 +0100
commit77f852e06d3be7cb558be73d6edc98d30cb52d65 (patch)
treed217dc9faf144cc188340c9ce6324fd3f862e765 /cmd/git-lfs-authenticate/main.c
parent0b2fb488e1ccb877f16bad2f413494824f43d9c8 (diff)
downloadgitolfs3-77f852e06d3be7cb558be73d6edc98d30cb52d65.tar.gz
gitolfs3-77f852e06d3be7cb558be73d6edc98d30cb52d65.zip
Write basic read-only public Git LFS server
The 'integration' with Gitolite is honestly pretty bad and should not be taken very seriously: it runs the 'gitolite access' command to check if some user (e.g., daemon/nobody) should be able to read from the repository. Based on this, it grants access to objects stored in S3, by generating Presigned GetObject URLs using the S3 API. Of course, this integration with Gitolite (especially when using the daemon user to check if the user should be able to read) is not very 'high-value': 1. If we already make use of the daemon pseudo-user to control access to public repositories, we may as well check for the existence of git-daemon-export-ok files. In case they exist, we simply assume that the repository is meant to be shown on the public internet and that therefore the LFS archive should also be considered 'open to the public'. 2. The way that Gitolite commands are currently run, this program breaks when not running under the git user without extra configuration; Gitolite decides where repositories are based on the HOME environment variable. This program currently does not set this. This could be set by the CGI server (or fcgiwrap) and would unbreak the system. There's no support for any more advanced kind of authn/authz. Uploading is also not supported yet. That's still to come.
Diffstat (limited to 'cmd/git-lfs-authenticate/main.c')
0 files changed, 0 insertions, 0 deletions