Re: git-http-backend: anonymous read, authenticated write

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Apr 11, 2013 at 08:52:56AM +0200, Magnus Therning wrote:

> > The documentation should probably make the use of http.receivepack more
> > clear in this situation.
> 
> I think that'd be good.  The fact that it wasn't until several mails
> into the thread that anyone thought of the http.receivepack setting
> also suggests that its use is a bit un-intuitive (even though it
> probably makes perfect sense and is a good solution).

Yeah, I did not even think of http.receivepack because I have never had
to set it before (it was turned on in the original tests that I built
top of). I have the impression that the anonymous-read/authenticated-write
setup you are using has not been all that commonly used. The example in
the manpage dates back to 2009, but it was only in 2012 that we got a
bug report that the client-side authentication handler has problems with
it.

> > So _if_ you fixed it by setting http.receivepack (which I think is the
> > simplest thing under Apache, since matching the query string there is
> > hard), then you would need a version of git with that fix on the
> > client side to actually have git prompt for the password correctly.
> 
> Ah, so *that* is the fix that has been mentioned (I haven't bothered
> reading it myself), or are there in fact two fixes that have been
> referred to in the thread?

No, there's only the one fix in git itself (not counting improving the
documentation just now). With the Apache config given in the manual,
clients older than git v1.7.11.7 will not properly handle the 401
response they get mid-way through the push process.

But you do not have to worry about that with your configuration, as you
provide the 401 up-front.

> > But your fix under lighttpd is much better, as it asks for the
> > credentials up front (which means the client does not go to any work
> > creating a packfile just to find out that it does not have access).
> 
> Yes, I think it also helps with my particular scenario where new repos
> will be added from time to time.  This way there is no second step,
> after `git init`, that must be remembered.

Yeah, avoiding setting http.receivepack at all is helpful. Though note
that you can also set it in /etc/gitconfig for the whole system at once.

> Thank you very much for taking the time to help me out with this!
> I'll also take a look at the patches you sent, as a dumb simpler user
> I might have something to add, who knows?

You're welcome. I'm glad we got it resolved, and looking over the
documentation patch is appreciated.

-Peff
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]