Jeff King <peff@xxxxxxxx> writes: (+cc: Shawn) > On Sun, Aug 26, 2012 at 06:13:41AM -0400, Jeff King wrote: > >> No problem. I'll probably be a day or two on the patches, as the http >> tests are in need of some refactoring before adding more tests. But in >> the meantime, I think your config change is a sane work-around. > > OK, here is the series. For those just joining us, the problem is that > git will not correctly prompt for credentials when pushing to a > repository which allows the initial GET of > ".../info/refs?service=git-receive-pack", but then gives a 401 when we > try to POST the pack. This has never worked for a plain URL, but used to > work if you put the username in the URL (because we would > unconditionally load the credentials before making any requests). That > was broken by 986bbc0, which does not do that proactive prompting for > smart-http, meaning such repositories cannot be pushed to at all. > > Such a server-side setup is questionable in my opinion (because the > client will actually create the pack before failing), but we have been > advertising it for a long time in git-http-backend(1) as the right way > to make repositories that are anonymous for fetching but require auth > for pushing. > > The fix is somewhat uglier than I would like, but I think it's practical > and the right thing to do (see the final patch for lots of discussion). > I built this on the current tip of "master". It might make sense to > backport it directly on top of 986bbc0 for the maint track. There are > conflicts, but they are all textual. Another option would be to revert > 986bbc0 for the maint track, as that commit is itself fixing a minor bug > that is of decreasing relevance (it fixed extra password prompting when > .netrc was in use, but one can work around it by dropping the username > from the URL). > > The patches are: > > [1/8]: t5550: put auth-required repo in auth/dumb > [2/8]: t5550: factor out http auth setup > [3/8]: t/lib-httpd: only route auth/dumb to dumb repos > [4/8]: t/lib-httpd: recognize */smart/* repos as smart-http > [5/8]: t: test basic smart-http authentication > > These are all refactoring of the test scripts in preparation for 6/8 > (and are where all of the conflicts lie). > > [6/8]: t: test http access to "half-auth" repositories > > This demonstrates the bug. > > [7/8]: http: factor out http error code handling > > Refactoring to support 8/8. > > [8/8]: http: prompt for credentials on failed POST > > And this one is the actual fix. > > I'd like to have a 9/8 which tweaks the git-http-backend documentation > to provide better example apache config, but I haven't yet figured out > the right incantation. Suggestions from apache gurus are welcome. > > -Peff -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html