Repo option to override (or ignore) gerrit/ssh_info for https URLs
97 views
Skip to first unread message
Timo Lotterbach
Jul 14, 2016, 8:18:44 AM7/14/16
to Repo and Gerrit Discussion
Hi everyone,
we're currently setting up a large project with many repositories hosted on gerrit.
For a convenient workflow we plan to introduce repo as default tool for our developers.
Unfortunately the setup our centralized gerrit server is a little more sophisticated.
It is available using different URLs in different (company internal + external) networks.
ssh access is only allowed from some networks, while https is possible for everyone.
Problematic workflow (for user without ssh access):
1. repo init -u https://<GERRIT_URL_WITHOUT_SSH>/path/to/repo
2. repo start branch <component>
3. user created patch in <component> branch
4. repo upload
- repo will query https://<GERRIT_URL_WITHOUT_SSH>/ssh_info
- since ssh support in gerrit is enabled, response is "<GERRIT_URL_WITHOUT_SSH> <PORT>"
- repo will use ssh on URL where ssh not not available
- error
From what I see, both, gerrit and repo, work correctly. Unfortunately our setup is currently not supported.
We are interested in solving that issue (that other companies might also have)
and contribute the solution to the upstream code base.
Our proposal:
* add an option to repo, to ignore ssh_info for https URLs.
* could be a setting in "remote"-part of manifest
* or just a flag to "repo upload"
I would be very happy to hear you opinions & suggestions.
Would this something that is interesting to be integrated upstream?
Best regards,
Timo Lotterbach
Sven Selberg
Jul 15, 2016, 3:40:26 AM7/15/16
to Repo and Gerrit Discussion
Couldn't this be solved in (f.i.) the Apache configurations.
Only allow access to <server>/ssh_info for the networks that can use ssh.
/Sven
Timo Lotterbach
Jul 15, 2016, 5:25:35 AM7/15/16
to Repo and Gerrit Discussion
Hi Sven,
thanks for your proposal. Unfortunately the gerrit server setup
is the only part of the system that is not in our control.
It is managed by a central department, but our issue will
never have a high-enough priority to be implemented :-/
I don't say it's impossible, but it'll take a (very) long time.
Best regards,
Timo
Timo Lotterbach
Jul 15, 2016, 10:07:17 AM7/15/16
to Repo and Gerrit Discussion
Hi everyone,
I had a deeper look into the repo implementation to understand repo's behaviour.
My current problems can be solved by improving error detection in repo.
My current problems can be solved by improving error detection in repo.
I have two patch proposals, I'll propose them in separate threads for discussion.
Thanks guys!
Timo
Reply all
Reply to author
Forward
0 new messages