Learn more about these different git repos.
Other Git URLs
Unfortunately, as noted in #4731, switching Pagure to the pagure internal auth method instead of using Gitolite doesn't work out of the box. Moreover, it requires making changes to sshd_config to add a user entry to have a custom AuthorizedKeysCommand to fetch and validate SSH keys.
pagure
sshd_config
AuthorizedKeysCommand
This dynamic auth method isn't necessarily bad, but it makes it difficult to configure Pagure with the pagure auth backend easily, especially since sshd_config(5) doesn't support drop-in files.
sshd_config(5)
For the Gitolite backends, we make celery tasks to regenerate the authorized_keys file. Can we also have this for the internal Pagure backend? That brings us parity and preserves the ease of setting up Pagure properly when we want to switch the default backend from Gitolite to the internal one.
authorized_keys
To be clear, I want pagure auth to work either way. There are very clear scalability advantages to making sshd ask pagure directly, including for supporting HA setups. But in simple configurations, it's too much for no gain.
sshd
This is why GitLab supports both ways for gitaly (its underlying git backend).
gitaly
Just a +1 from my side. Debian pagure currently ships with the pagure auth enabled by default, but that still requires the user to manually edit sshd_config and add the custom AuthorizedKeysCommand entry there. It'd be great if we could just flip a switch in pagure.cfg, restart things and have everything work OOTB.
pagure.cfg
This is now fixed with the pagure_authorized_keys backend in 5.10.
pagure_authorized_keys
Metadata Update from @ngompa: - Issue set to the milestone: 5.10
Metadata Update from @ngompa: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
Log in to comment on this ticket.