commit | 8ba30f02e5c05dcc3ed11622fff5cb804e2350f3 | [log] [tgz] |
---|---|---|
author | David Ostrovsky <david@ostrovsky.org> | Wed Oct 02 00:45:25 2019 +0200 |
committer | Edwin Kempin <ekempin@google.com> | Fri Oct 11 10:02:57 2019 +0200 |
tree | 0e656a609e09c9a2e8793a6dda2385d53b9fd80a | |
parent | b8f8c60e872209b5fd0abed2674c2cb701cf9526 [diff] |
Add integration test for git protocol version 2 Start gerrit server using StandaloneSiteTest and configure git client connection using git-core client and SSH and HTTP protocols. The minimum git-core version that supports git protocol v2 is 2.18.0. Check the locally installed git version, and abort the test with assumption violation if the version is older than 2.18.0. Continue with the test and create the test project. To activate git protocol version 2 for the target repository, protocol.version = 2 config option must be set. Using Gerrit API set HTTP password for admin and non admin users, and using ssh-keygen command generate private/public keys for admin and non admin users, and using Gerrit API set the public SSH keys for admin and non admin users. Execute git ls-remote command to list the refs from the target repository, using SSH and HTTP protocols for admin and non admin users. Given that the -c protocol.version=2 git option is specified and given that the git protocol v2 is enabled unconditionally in server, git protocol v2 communication is expected to take place and can be verified. For verification the refs visibility is tested. This was the security vulnerability that was not detected during fist attempt to activate Git wire protocl v2 in Gerrit server: 1. Start a test Gerrit server 2. Enable support for git protocol v2 (not needed, as git wire protocol v2 is activated per default) 3. Create a project with two branches: refs/heads/master and refs/heads/secret 4. Remove read access for “Anonymous Users” on “refs/*” from the All-Projects project 5. Setup the following ACL on the new project to make refs/heads/secret only accessible by admins: [access "refs/heads/master"] read = group Registered Users [access "refs/heads/secret"] read = group Administrators 6. Clone repository with a non-admin user and do ‘git ls-remote origin’ -> refs/heads/secret branch is not listed Test Plan: $ bazel test javatests/com/google/gerrit/integration/git:git Change-Id: Ica7d2b57b4296e1c39f93528f17bef799d5ac824
Gerrit is a code review and project management tool for Git based projects.
Gerrit makes reviews easier by showing changes in a side-by-side display, and allowing inline comments to be added by any reviewer.
Gerrit simplifies Git based project maintainership by permitting any authorized user to submit changes to the master Git repository, rather than requiring all approved changes to be merged in by hand by the project maintainer.
For information about how to install and use Gerrit, refer to the documentation.
Our canonical Git repository is located on googlesource.com. There is a mirror of the repository on Github.
Please report bugs on the issue tracker.
Gerrit is the work of hundreds of contributors. We appreciate your help!
Please read the contribution guidelines.
Note that we do not accept Pull Requests via the Github mirror.
The Developer Mailing list is repo-discuss on Google Groups.
Gerrit is provided under the Apache License 2.0.
Install Bazel and run the following:
git clone --recurse-submodules https://gerrit.googlesource.com/gerrit cd gerrit && bazel build release
The instruction how to configure GerritForge/BinTray repositories is here
On Debian/Ubuntu run:
apt-get update & apt-get install gerrit=<version>-<release>
NOTE: release is a counter that starts with 1 and indicates the number of packages that have been released with the same version of the software.
On CentOS/RedHat run:
yum clean all && yum install gerrit-<version>[-<release>]
On Fedora run:
dnf clean all && dnf install gerrit-<version>[-<release>]
Docker images of Gerrit are available on DockerHub
To run a CentOS 7 based Gerrit image:
docker run -p 8080:8080 gerritforge/gerrit-centos7[:version]
To run a Ubuntu 15.04 based Gerrit image:
docker run -p 8080:8080 gerritforge/gerrit-ubuntu15.04[:version]
NOTE: release is optional. Last released package of the version is installed if the release number is omitted.