On Sun, Aug 26, 2012 at 06:13:41AM -0400, Jeff King wrote: > No problem. I'll probably be a day or two on the patches, as the http > tests are in need of some refactoring before adding more tests. But in > the meantime, I think your config change is a sane work-around. OK, here is the series. For those just joining us, the problem is that git will not correctly prompt for credentials when pushing to a repository which allows the initial GET of ".../info/refs?service=git-receive-pack", but then gives a 401 when we try to POST the pack. This has never worked for a plain URL, but used to work if you put the username in the URL (because we would unconditionally load the credentials before making any requests). That was broken by 986bbc0, which does not do that proactive prompting for smart-http, meaning such repositories cannot be pushed to at all. Such a server-side setup is questionable in my opinion (because the client will actually create the pack before failing), but we have been advertising it for a long time in git-http-backend(1) as the right way to make repositories that are anonymous for fetching but require auth for pushing. The fix is somewhat uglier than I would like, but I think it's practical and the right thing to do (see the final patch for lots of discussion). I built this on the current tip of "master". It might make sense to backport it directly on top of 986bbc0 for the maint track. There are conflicts, but they are all textual. Another option would be to revert 986bbc0 for the maint track, as that commit is itself fixing a minor bug that is of decreasing relevance (it fixed extra password prompting when .netrc was in use, but one can work around it by dropping the username from the URL). The patches are: [1/8]: t5550: put auth-required repo in auth/dumb [2/8]: t5550: factor out http auth setup [3/8]: t/lib-httpd: only route auth/dumb to dumb repos [4/8]: t/lib-httpd: recognize */smart/* repos as smart-http [5/8]: t: test basic smart-http authentication These are all refactoring of the test scripts in preparation for 6/8 (and are where all of the conflicts lie). [6/8]: t: test http access to "half-auth" repositories This demonstrates the bug. [7/8]: http: factor out http error code handling Refactoring to support 8/8. [8/8]: http: prompt for credentials on failed POST And this one is the actual fix. I'd like to have a 9/8 which tweaks the git-http-backend documentation to provide better example apache config, but I haven't yet figured out the right incantation. Suggestions from apache gurus are welcome. -Peff -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html