1085991 – Git service should be disabled by default

Bug 1085991 - Git service should be disabled by default

Summary: Git service should be disabled by default

Keywords:
Status:	CLOSED EOL
Alias:	None
Product:	JBoss BPMS Platform 6
Classification:	Retired
Component:	Business Central
Sub Component:
Version:	6.0.2
Hardware:	All
OS:	All
Priority:	medium
Severity:	medium
Target Milestone:	ER4
Target Release:	6.1.0
Assignee:	Alexandre Porcelli
QA Contact:	Lukáš Petrovický
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1100097
TreeView+	depends on / blocked

Reported:	2014-04-09 20:13 UTC by Adam Baxter
Modified:	2020-03-27 20:12 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Clones:	1100097 (view as bug list)
Environment:
Last Closed:	2020-03-27 20:12:15 UTC
Type:	Enhancement
Embargoed:

Attachments	(Terms of Use)

Description Adam Baxter 2014-04-09 20:13:26 UTC

Description of problem:
Cloning from git locally (URL starts with git://) works correctly. However, the user is unable to push for security reasons. By default, this should be disabled as it will be frustrating for users who just successfully cloned to now be unable to using the exact same URL.

Version-Release number of selected component (if applicable):
6.0.0+

How reproducible:
Consistent

Actual results:
User cannot push using git://

Expected results:
User cannot clone using git://, either

Additional info:

Comment 2 Alexandre Porcelli 2014-04-16 17:49:38 UTC

UberFire master updated to disable git daemon by default:

(master) http://github.com/uberfire/uberfire/commit/7aa4fc359

Comment 3 Maciej Swiderski 2014-05-21 16:36:13 UTC

although I understand that it might be confusing to some users who by mistake clone over git instead of ssh but the change reveled another (rather serious) issue - cluster synchronization will not work at all as ssh requires authentication and background tasks are not able to do so.

I would vote for reverting this commit to keep the same behavior for cluster as in 6.0. Thoughts?

Comment 4 Adam Baxter 2014-05-21 22:05:36 UTC

Would we be able to use a configurable shared ssh login, one that only background processes use? 

I wouldn't be against enabling the git daemon again as an implementation detail, but I'd rather the user not be directed to clone from it if they can't push. That means removing the options to copy the git address from the UI.

Comment 5 Maciej Swiderski 2014-05-22 13:41:35 UTC

I guess if we provide information for the user that git is read only and ssh is read/write that should provide enough information to choose the right one. wdyt?

not sure I understand your question about ssh - behavior should not change for ssh at all.

Comment 6 Adam Baxter 2014-05-22 13:58:19 UTC

Specifying git as read only would be sufficient.

Comment 7 Pavel Kralik 2014-12-03 15:49:20 UTC

BPMS 6.1.0 ER2:
Cloned git://git.app.eng.bos.redhat.com/bpms-assets.git from UI. No warning or sign that it is readonly.

Comment 8 Ryan Zhang 2014-12-17 04:02:33 UTC

If this failed QA, please move it to ASSIGN, otherwise developer won't notice this.
(In reply to Pavel Kralik from comment #7)
> BPMS 6.1.0 ER2:
> Cloned git://git.app.eng.bos.redhat.com/bpms-assets.git from UI. No warning
> or sign that it is readonly.

Comment 9 Alexandre Porcelli 2014-12-29 14:00:09 UTC

If you clone the any repo from UI it won't be readonly. The readonly mentioned here is related to git daemon.

Comment 10 Pavel Kralik 2015-03-06 17:47:18 UTC

BPMS 6.1.0.ER6

Note You need to log in before you can comment on or make changes to this bug.