Google Git
Sign in
gerrit / gerrit / 8ba30f02e5c05dcc3ed11622fff5cb804e2350f3
commit8ba30f02e5c05dcc3ed11622fff5cb804e2350f3[log] [tgz]
authorDavid Ostrovsky <david@ostrovsky.org>Wed Oct 02 00:45:25 2019 +0200
committerEdwin Kempin <ekempin@google.com>Fri Oct 11 10:02:57 2019 +0200
tree0e656a609e09c9a2e8793a6dda2385d53b9fd80a
parentb8f8c60e872209b5fd0abed2674c2cb701cf9526 [diff]
Add integration test for git protocol version 2

Start gerrit server using StandaloneSiteTest and configure git client
connection using git-core client and SSH and HTTP protocols. The minimum
git-core version that supports git protocol v2 is 2.18.0. Check the
locally installed git version, and abort the test with assumption
violation if the version is older than 2.18.0.

Continue with the test and create the test project. To activate git
protocol version 2 for the target repository, protocol.version = 2
config option must be set.

Using Gerrit API set HTTP password for admin and non admin users, and
using ssh-keygen command generate private/public keys for admin and non
admin users, and using Gerrit API set the public SSH keys for admin and
non admin users. Execute git ls-remote command to list the refs from the
target repository, using SSH and HTTP protocols for admin and non admin
users. Given that the -c protocol.version=2 git option is specified and
given that the git protocol v2 is enabled unconditionally in server, git
protocol v2 communication is expected to take place and can be verified.

For verification the refs visibility is tested. This was the security
vulnerability that was not detected during fist attempt to activate Git
wire protocl v2 in Gerrit server:

1. Start a test Gerrit server
2. Enable support for git protocol v2 (not needed, as git wire protocol
   v2 is activated per default)
3. Create a project with two branches: refs/heads/master and
   refs/heads/secret
4. Remove read access for “Anonymous Users” on “refs/*” from the
   All-Projects project
5. Setup the following ACL on the new project to make refs/heads/secret
   only accessible by admins:
[access "refs/heads/master"]
        read = group Registered Users
[access "refs/heads/secret"]
        read = group Administrators
6. Clone repository with a non-admin user and do
    ‘git ls-remote origin’ -> refs/heads/secret branch is not listed

Test Plan:

  $ bazel test javatests/com/google/gerrit/integration/git:git

Change-Id: Ica7d2b57b4296e1c39f93528f17bef799d5ac824
5 files changed
tree: 0e656a609e09c9a2e8793a6dda2385d53b9fd80a
  1. .settings/
  2. antlr3/
  3. contrib/
  4. Documentation/
  5. e2e-tests/
  6. java/
  7. javatests/
  8. lib/
  9. plugins/
  10. polygerrit-ui/
  11. prolog/
  12. prologtests/
  13. proto/
  14. resources/
  15. tools/
  16. webapp/
  17. .bazelproject
  18. .bazelrc
  19. .bazelversion
  20. .editorconfig
  21. .git-blame-ignore-revs
  22. .gitignore
  23. .gitmodules
  24. .gitreview
  25. .mailmap
  26. .pydevproject
  27. BUILD
  28. COPYING
  29. INSTALL
  30. package.json
  31. README.md
  32. SUBMITTING_PATCHES
  33. version.bzl
  34. WORKSPACE
README.md

Gerrit Code Review

Gerrit is a code review and project management tool for Git based projects.

Build Status

Objective

Gerrit makes reviews easier by showing changes in a side-by-side display, and allowing inline comments to be added by any reviewer.

Gerrit simplifies Git based project maintainership by permitting any authorized user to submit changes to the master Git repository, rather than requiring all approved changes to be merged in by hand by the project maintainer.

Documentation

For information about how to install and use Gerrit, refer to the documentation.

Source

Our canonical Git repository is located on googlesource.com. There is a mirror of the repository on Github.

Reporting bugs

Please report bugs on the issue tracker.

Contribute

Gerrit is the work of hundreds of contributors. We appreciate your help!

Please read the contribution guidelines.

Note that we do not accept Pull Requests via the Github mirror.

Getting in contact

The Developer Mailing list is repo-discuss on Google Groups.

License

Gerrit is provided under the Apache License 2.0.

Build

Install Bazel and run the following:

    git clone --recurse-submodules https://gerrit.googlesource.com/gerrit
    cd gerrit && bazel build release

Install binary packages (Deb/Rpm)

The instruction how to configure GerritForge/BinTray repositories is here

On Debian/Ubuntu run:

    apt-get update & apt-get install gerrit=<version>-<release>

NOTE: release is a counter that starts with 1 and indicates the number of packages that have been released with the same version of the software.

On CentOS/RedHat run:

    yum clean all && yum install gerrit-<version>[-<release>]

On Fedora run:

    dnf clean all && dnf install gerrit-<version>[-<release>]

Use pre-built Gerrit images on Docker

Docker images of Gerrit are available on DockerHub

To run a CentOS 7 based Gerrit image:

    docker run -p 8080:8080 gerritforge/gerrit-centos7[:version]

To run a Ubuntu 15.04 based Gerrit image:

    docker run -p 8080:8080 gerritforge/gerrit-ubuntu15.04[:version]

NOTE: release is optional. Last released package of the version is installed if the release number is omitted.