| commit | 1a9187102f85a3b854d60c3c9c16acb4c6719919 | [log] [tgz] |
|---|---|---|
| author | Luca Milanesio <luca.milanesio@gmail.com> | Thu May 06 20:20:48 2021 +0100 |
| committer | Luca Milanesio <luca.milanesio@gmail.com> | Mon May 10 17:32:49 2021 +0000 |
| tree | 9aaf1c6ce495b45e9ae7b70f50d3e171124919be | |
| parent | 9d642b8549483be03203a2b0d754b6ca8cb546f2 [diff] |
Allow GerritAccount Cookie authentication for Git/HTTP Since the introduction of basic auth with Change-Id: Ibe589ab2b0, the mechanism of keeping a session (it was a digest before) across calls has not been preserved and the basic-auth implementation resulted in multiple authentications with the configured realm. Triggering a full authentication handshake could be an issue when using potentially expensive authentication backends like LDAP. Allow to create a Gerrit session from the GerritAccount cookie set on the Git client, so that only the first HTTP call will actually authenticate and create a session whilst all the others would just reuse the existing cookie. The Git client needs to have HTTP cookies enabled by setting the http.cookieFile in Git config pointing to a local file. For keeping HTTP cookies across Git/HTTP commands, the extra http.saveCookie Git config variable needs to be set to true. Previously all Git/HTTP requests were ignored for parsing the GerritAccount cookie whilst now they are excluded only when the account token is passed as URL parameter. This problem was there since the very beginning of the introduction of Git/HTTP basic auth. NOTE: Gerrit does not generate HTTP cookies when using password-based authentication against the external-ids rather than using the realm: that is expected because it would not be correct to allocate a cookie when a real authentication against the realm has not been performed, therefore the cookie-based authentication for Git/HTTP would not be available. Bug: Issue 14508 Change-Id: I2a56197ee0dad479f0973192157e5970d9deac25
Gerrit is a code review and project management tool for Git based projects.
Gerrit makes reviews easier by showing changes in a side-by-side display, and allowing inline comments to be added by any reviewer.
Gerrit simplifies Git based project maintainership by permitting any authorized user to submit changes to the master Git repository, rather than requiring all approved changes to be merged in by hand by the project maintainer.
For information about how to install and use Gerrit, refer to the documentation.
Our canonical Git repository is located on googlesource.com. There is a mirror of the repository on Github.
Please report bugs on the issue tracker.
Gerrit is the work of hundreds of contributors. We appreciate your help!
Please read the contribution guidelines.
Note that we do not accept Pull Requests via the Github mirror.
The Developer Mailing list is repo-discuss on Google Groups.
Gerrit is provided under the Apache License 2.0.
Install Bazel and run the following:
git clone --recurse-submodules https://gerrit.googlesource.com/gerrit
cd gerrit && bazel build release
The instruction how to configure GerritForge/BinTray repositories is here
On Debian/Ubuntu run:
apt-get update & apt-get install gerrit=<version>-<release>
NOTE: release is a counter that starts with 1 and indicates the number of packages that have been released with the same version of the software.
On CentOS/RedHat run:
yum clean all && yum install gerrit-<version>[-<release>]
On Fedora run:
dnf clean all && dnf install gerrit-<version>[-<release>]
Docker images of Gerrit are available on DockerHub
To run a CentOS 7 based Gerrit image:
docker run -p 8080:8080 gerritforge/gerrit-centos7[:version]
To run a Ubuntu 15.04 based Gerrit image:
docker run -p 8080:8080 gerritforge/gerrit-ubuntu15.04[:version]
NOTE: release is optional. Last released package of the version is installed if the release number is omitted.