Cern

Account

Forgotten password

Git Module

The Websys GIT module provides access to GIT source code repositories. The system provides a WEB based GIT tree browser and the ability to clone and push to the repositories. The GIT repository list is available at the "https://<siteurl)/git" URL normally linked to from the websites menus.

Access to the repositories is protected for read and/or write access to individual, logged in, users. It is also possible to make a repository publicaly readable if wanted.

As a further protection mechanism, pushes to the master or main branches can be restricted to particular users.

The system only supports GIT HTTP smart protocol access to the repositories, no SSH based access is provided.

Authentication

Uses can clone and push (if enabled) to the repositories using their website login credentials. So, for example, you can clone a GIT repository using a command like:

git clone https://<username>:<password>@portal.beam.ltd.uk/support/test/git/clone/test
Note that if there is an "@" in the Username this needs to be entered as "%40".

You can set the user name to use with a https access using:
git config credential.https://<hostname>.username <username>
You can set your GIT user name for commits with:
git config user.name <username>
The system can also accept client certificates for authentication if this feature has been enabled. Either CA signed user certificates or self signed certificates can be used depening on the system configuration. To use a self-signed certificate you can create a key and certificate with:
openssl req -x509 -newkey rsa:4096 -keyout git.key  -out git.crt -days 3650 -nodes -subj "/C=UK/O=Beam/CN=<Username>/emailAddress=<EmailAddress>"

Note that the /CN common name must be the users website Username which is normally their email address.

It is also possible to create a key/certificate that needs a password to use.

If the key and certificate are stored in the users ~/.ssh directory the local git repo can be configured to use them with:

git config --local http.sslCert ${HOME}/.ssh/git.crt

git config --local http.sslKey ${HOME}/.ssh/git.key

The user should then copy their certificate file to their User Prefferences certificate field by editing their User Prefferences on the website.

Obviously the certificate and especially the key file need to be protected so others cannot read them. Ideally the key would be stored in a protected hardware or software key repository.