pagure-dist-git =============== .. split here This project implements a dynamic Git auth backend for Pagure for Dist-Git, which has a slightly different access model than regular Pagure Git systems. Configuration ============= This plugin reuses the Pagure configuration, and adds several keys to it. - ``ACL_DEBUG``: Whether to print some output with information decisions are based on. - ``ACL_PROTECTED_NAMESPACES``: List of namespaces where the extra strong protections are in place. - ``BLACKLIST_RES``: List of regular expressions with refs that can never be pushed. - ``ACL_BLOCK_UNSPECIFIED``: Whether to deny pushes to branches that aren't either RCM, SIG or supported branches. - ``UNSPECIFIED_BLACKLIST_RES``: List of regular expressions with refs that can't be used if unspecified. - ``RCM_BRANCHES``: List of regular expressions with refs that people in the RCM group can push. - ``RCM_GROUP``: The group containing RCM members - ``SUPPORTED_SIGS``: List of groups that grant access to sig_prefix-$signame-* refs. - ``SIG_PREFIXES``: List of prefixes for SIG refs. To enable this plugin, you need to either point the PAGURE_PLUGIN environment variable at the pagure_distgit_config file or use the --plugin parameter of the runserver.py script. Example configurations ====================== Fedora ------ :: ACL_DEBUG = False ACL_BLOCK_UNSPECIFIED = False ACL_PROTECTED_NAMESPACES = ['rpms', 'modules', 'container'] RCM_GROUP = 'relenggroup' RCM_BRANCHES = ['refs/heads/f[0-9]+'] # Pushing to c* stuff is never allowed BLACKLIST_RES = ['refs/heads/c[0-9]+.*'] # Pushing to (f|epel|el|olpc)(num+) that is not previously approved # (supported branches) is not allowed. UNSPECIFIED_BLACKLIST_RES = ['refs/heads/f[0-9]+', 'refs/heads/epel[0-9]+', 'refs/heads/el[0-9]+', 'refs/heads/olpc[0-9]+'] CentOS ------ :: SIG_PREFIXES = ['refs/heads/c7', 'refs/heads/c7-plus', 'refs/heads/c7-alt', ] SUPPORTED_SIGS = ['sig-atomic', 'sig-cloud', 'sig-core', 'sig-storage', ] # Branches to which *nobody* will be able to push (basically Fedora) BLACKLIST_RES = ['refs/heads/el[0-9]+.*', 'refs/heads/olpc[0-9]+.*', ] ### Specific ACO group that will have access to all protected branches with RWC rights RCM_GROUP = 'centos-rcm' RCM_BRANCHES = ['refs/heads/c[0-9]+.*', 'refs/tags/.*', ] Tests ===== The tests here require the *test suite* of pagure itself to work. You have to modify your PYTHONPATH to find them. Run with:: $ PYTHONPATH=.:/path/to/pagure/checkout nosetests dist_git_auth_tests.py or $ PYTHONPATH=.:/path/to/pagure/checkout nosetests bugzilla-override-tests.py You can use our requirements-testing.txt to install testing dependencies with pip: $ pip install -r /path/to/pagure/checkout/requirements.txt $ pip install -r /path/to/pagure/checkout/requirements-testing.txt $ pip install -r requirements-testing.txt