1 # ----------------------------------------------------------------------
3 # Per-repo authorization for gitweb using gitolite v3 access rules
4 # Read comments, modify code as needed, and include in gitweb.conf
6 # Please also see "https://gitolite.com/gitolite/perf" (or search for
7 # "performance" in the search box at https://gitolite.com/) for some additional
8 # tips that may help you.
10 # Please note that the author does not have personal experience with gitweb
11 # and does not use it. Some testing may be required. Patches welcome but
12 # please make sure they are tested against a "github" version of gitolite and
13 # not an RPM or a DEB, for obvious reasons.
15 # ----------------------------------------------------------------------
17 # First, run 'gitolite query-rc -a' (as the gitolite hosting user) to find the
18 # values for GL_BINDIR and GL_LIBDIR in your installation. Then use those
19 # values in the code below:
22 $ENV{HOME} = "/home/git"; # or whatever is the hosting user's $HOME
23 $ENV{GL_BINDIR} = "/full/path/to/gitolite/src";
24 $ENV{GL_LIBDIR} = "/full/path/to/gitolite/src/lib";
27 # Pull in gitolite's perl API module. Among other things, this also sets the
28 # GL_REPO_BASE environment variable.
29 use lib $ENV{GL_LIBDIR};
32 # Set projectroot for gitweb. If you already set it earlier in gitweb.conf
33 # you don't need this but please make sure the path you used is the same as
34 # the value of GL_REPO_BASE in the 'gitolite query-rc -a' output above.
35 $projectroot = $ENV{GL_REPO_BASE};
37 # Now get the user name. Unauthenticated clients will be deemed to be the
38 # 'gitweb' user so make sure gitolite's conf file does not allow that user to
39 # see anything sensitive.
40 $ENV{GL_USER} = $cgi->remote_user || "gitweb";
42 $export_auth_hook = sub {
44 # gitweb passes us the full repo path; we need to strip the beginning and
45 # the end, to get the repo name as it is specified in gitolite conf
46 return unless $repo =~ s/^\Q$projectroot\E\/?(.+)\.git$/$1/;
48 # call Easy.pm's 'can_read' function
49 return can_read($repo);