gitgitwebapparmor

Problem with `git instaweb` on OpenSUSE Tumbleweed: /etc/gitweb-common.conf is not being read


git instaweb is a very convenient command to browse a repository. But several interesting features are disabled by default.

The main configuration file (.git/gitweb/gitweb_config.perl) is rewritten every time git instaweb is ran, so it is not possible to store configuration there.

I tried to enable some of the wanted features by creating a global configuration file.

Initially I tried creating /etc/gitweb.conf, with the following two lines:

$feature{'highlight'}{'default'} = [1];
$feature{'blame'}{'default'} = [1];

But it did not work. Then I tried to create the file /etc/gitweb-common.conf. It also did not work.

These lines have no effect on the resulting web interface, I keep receiving 403 - Blame view not allowed.


Solution

  • Inspecting the source code of /usr/share/gitweb/gitweb.cgi, I noticed that if the global configuration is read from the file in the variable $GITWEB_CONFIG, which is our particular repository freshly generated configuration file, then the script will never try to read the file in $GITWEB_CONFIG_SYSTEM (/etc/gitweb.conf), returning before that happend. So, in this case, using this file does not apply.

    But there was no explanation for not reading $GITWEB_CONFIG_COMMON (/etc/gitweb-common.conf), which is read before $GITWEB_CONFIG.

    After some research, I tried to debug the CGI script in /usr/share/gitweb/gitweb.cgi using rudimentary print statements. Eventually I converged to the following subroutine:

    # read and parse gitweb config file given by its parameter.
    # returns true on success, false on recoverable error, allowing
    # to chain this subroutine, using first file that exists.
    # dies on errors during parsing config file, as it is unrecoverable.
    sub read_config_file {
        my $filename = shift;
        return unless defined $filename;
        # die if there are errors parsing config file
        if (-e $filename) {
            do $filename;
            die $@ if $@;
            return 1;
        }
        return;
    }
    

    Perl uses two different variables to manage errors from a do. One is $@, which is set in this case when do is unable to compile the file. The other is $!, which is set in case do cannot read the file. By printing the value of $! I found out that it was set to Permission denied. Since the script does not currently test for $!, the error goes unnoticed. (Perl do block documentation)

    To fix the problem, the following line must be added to /etc/apparmor.d/usr.share.git-web.gitweb.cgi:

    /etc/gitweb-common.conf r,
    

    EDIT: A patch has been sent to the git team and now gitweb.cgi does test for $!.