Hi, Jonathan Tan wrote: > When using protocol v0, upload-pack over HTTP permits a "half-auth" > configuration in which, at the web server layer, the info/refs path is > not protected by authentication but the git-upload-pack path is, so that > a user can perform fetches that do not download any objects without > authentication, but still needs authentication to download objects. > > But protocol v2 does not support this, because both ref and pack are > obtained from the git-upload-pack path. > > Mark the test verifying this behavior as protocol v0-only, with a > description of what needs to be done to make v2 support this. > > Signed-off-by: Jonathan Tan <jonathantanmy@xxxxxxxxxx> Thanks for the analysis. Makes sense. > --- a/t/t5551-http-fetch-smart.sh > +++ b/t/t5551-http-fetch-smart.sh > @@ -164,7 +164,17 @@ test_expect_success 'clone from auth-only-for-objects repository' ' > > test_expect_success 'no-op half-auth fetch does not require a password' ' > set_askpass wrong && > - git --git-dir=half-auth fetch && > + > + # NEEDSWORK: When using HTTP(S), protocol v0 supports a "half-auth" > + # configuration with authentication required only when downloading > + # objects and not refs, by having the HTTP server only require > + # authentication for the "git-upload-pack" path and not "info/refs". > + # This is not possible with protocol v2, since both objects and refs > + # are obtained from the "git-upload-pack" path. A solution to this is > + # to teach the server and client to be able to inline ls-refs requests > + # as an Extra Parameter (see pack-protocol.txt), so that "info/refs" > + # can serve refs, just like it does in protocol v0. > + GIT_TEST_PROTOCOL_VERSION=0 git --git-dir=half-auth fetch && > expect_askpass none I suspect it's fine if protocol v2 never supports this. Can we change the NEEDSWORK comment to say that the protocol v2 spec should document the lack of support for half-auth? With or without such a change, Reviewed-by: Jonathan Nieder <jrnieder@xxxxxxxxx> Thanks.
