From 218d692b85aff2bef7e14ded18577a053dd34d6e Mon Sep 17 00:00:00 2001
From: Pierre-Yves Chibon <pingou@pingoured.fr>
Date: Mar 01 2021 12:21:25 +0000
Subject: dist-git/pagure: configure pagure to allow access via a single git user for everyone


Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>

---

diff --git a/roles/distgit/pagure/templates/pagure.cfg b/roles/distgit/pagure/templates/pagure.cfg
index 826aef9..cd7c37c 100644
--- a/roles/distgit/pagure/templates/pagure.cfg
+++ b/roles/distgit/pagure/templates/pagure.cfg
@@ -298,8 +298,6 @@ ADMIN_API_ACLS = [
 
 PROJECT_NAME_REGEX = '^[a-zA-z0-9_][a-zA-Z0-9-_\.+]*$'
 
-HTTP_REPO_ACCESS_GITOLITE = None
-
 CSP_HEADERS = (
     "default-src 'self'; "
     "script-src 'self' '{nonce_script}' https://apps.fedoraproject.org https://mdapi.fedoraproject.org; "
diff --git a/roles/distgit/pagure/templates/pagure_shared.cfg b/roles/distgit/pagure/templates/pagure_shared.cfg
index 21c2cb4..b255464 100644
--- a/roles/distgit/pagure/templates/pagure_shared.cfg
+++ b/roles/distgit/pagure/templates/pagure_shared.cfg
@@ -90,16 +90,13 @@ PDC_URL = 'https://pdc{{ env_suffix }}.fedoraproject.org/rest_api/v1/'
 SSH_KEYS_USERNAME_LOOKUP = True
 SSH_KEYS_OPTIONS = 'restrict,command="/usr/libexec/pagure/aclchecker.py %(username)s"'
 
-SSH_COMMAND_REPOSPANNER = ([
-    "/usr/libexec/repobridge",
-    "--extra", "username", "%(username)s",
-    "--extra", "repotype", "%(repotype)s",
-    "--extra", "project_name", "%(project_name)s",
-    "--extra", "project_user", "%(project_user)s",
-    "--extra", "project_namespace", "%(project_namespace)s",
-    "%(cmd)s",
-    "'pagure/%(repotype)s/%(reponame)s'",
-], {"REPOBRIDGE_CONFIG": "/etc/repobridge/rpms.json"})
+{% if env == 'staging' %}
+GIT_AUTH_BACKEND = 'pagure'
+SSH_KEYS_USERNAME_EXPECT = 'git'
+{% endif %}
+
+HTTP_REPO_ACCESS_GITOLITE = None
+
 SSH_COMMAND_NON_REPOSPANNER = ([
     "/usr/libexec/git-core/%(cmd)s",
     "%(repopath)s",