问题
I need an application to be able to fetch from a git repository but not push to it, so, that's the read-only part. That could easily be done with git daemon.
On top of that, I need access to said repository to be password-protected, including for reading it. So before any fetching can happen, the application will need to authenticate.
Is it doable? with git daemon? something else? http + auth maybe?
回答1:
HTTP authentication will not protect the pack being transmitted over the wire, so if you are worried about eavesdroppers HTTP authentication will not suffice. Also, git is much more efficient using the git protocol than the HTTP protocol. git-daemon, however, does not do authentication for you.
Probably the best solution is to use gitosis which will allow you to protect the repository using ssh--cryptographically strong authentication, and confidentiality over the wire--and control access to the repository as well (e.g., have some users read-write and some users read-only). This will use the efficient git protocol over your ssh connection.
If you are willing to outsource this, github is perhaps the best approach. They have plans at different price points to meet many needs.
回答2:
The easiest way is to setup HTTP authentication on top of gitweb. See there.
回答3:
You can fetch via SSH, which is both authenticated and encrypted channel. I don't know if gitosis would help you to manage SSH acces in lieu of setting up shell accounts with git-shell as shell.
回答4:
To create an authenticated "read only" repository, provide SSH access to the repository for all applicable parties but only allow push requests (write access) to a sub-set of the parties by using an update-hook as exampled here.
回答5:
Use gitolite. That's just the best: easy to setup (if you already know SSH key management), complete control on user access and transport security (SSH).
回答6:
I like having a combination out of git + gitolite + gitweb
where gitweb gives a very lean and fast webfrontend
and gitolite is doing all authorization tasks, so you can give permissions to read or write on a (ssh) user-level (even the configuration of gitolite is handeled as a plain git repository, that means, authorization/configuration changes are trackable)
来源:https://stackoverflow.com/questions/533658/can-i-run-a-password-protected-read-only-git-server