Updates on centos7 break git access via git-http-backend

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

This a is a clarification of an earlier post.     I thought gitweb was the problem.   


The actual problem appears to be with /usr/libexec/git-core/git-http-backend.

Gitweb provides a list to unauthenticated users of available repositories.  I don't need that function so I have removed that package to avoid unexpected conflicts.

I recently applied the latest patches on centos7, including git-1.8.3.1-20.      When I try to access git repos (either via web  browser or git command line.) Repos are configured to require LDAP  authentication.

The httpd ssl-error.log shows
#
[Sun Aug 18 09:22:48.113435 2019] [authz_core:debug] [pid 30167] mod_authz_core.c(809): [client x.x.x.x:35876] AH01626: authorization result of <RequireAny>: granted [Sun Aug 18 09:22:48.119012 2019] [cgi:error] [pid 30167] [client x.x.x.x:x] AH01215: Request not supported: '/export/gitrepos/ABC [Sun Aug 18 09:22:48.119069 2019] [headers:debug] [pid 30167] mod_headers.c(823): AH01502: headers: ap_headers_output_filter() [Sun Aug 18 09:22:53.124599 2019] [ssl:info] [pid 30167] (70007)The timeout specified has expired: [client x.x.x.x:35876] AH01991: SSL input filter read failed.
[Sun Aug 18 09:22:53.124723 2019] [ssl:debug] [pid 30167] ssl_engine_io.c(993): [client x.x.x.x:35876] AH02001: Connection closed to child 1 with standard shutdown (#


If I change gitrepos.conf as follows I will get an error about the script not being found - so I know it is being called.

	#ScriptAlias /git/ /usr/libexec/git-core/git-http-backend/
	ScriptAlias /git/ /usr/libexec/git-core/git-http-backend_not/



# git --version
git version 1.8.3.1


# httpd -v
Server version: Apache/2.4.6 (CentOS)
Server built:   Jul 29 2019 17:18:49
#


Partial config

       # cat /etc/httpd/conf.d/gitrepos.conf
       SetEnv GIT_PROJECT_ROOT /export/gitrepos
       SetEnv GIT_HTTP_EXPORT_ALL
       ScriptAlias /git/ /usr/libexec/git-core/git-http-backend/

       RewriteEngine on
       RewriteCond %{QUERY_STRING} service=git-receive-pack [OR]
       RewriteCond %{REQUEST_URI} /git-receive-pack$
       RewriteRule ^/git/ - [E=AUTHREQUIRED]

       <Files "git-http-backend">
       AuthType Basic
       AuthBasicProvider ldap
       AuthLDAPURL "ldaps://xxxxxxxxxxxxxxx)"
       AuthLDAPBindDN  "uid=xxxxxxxxxxxx"
       AuthLDAPBindPassword xxxxxxxxxxxxxxx
      AuthName "Git Access"
       Require user xxxxx xxxxx xxxxx
       Order deny,allow
       Deny from env=AUTHREQUIRED
       Satisfy any
       </Files>


       <Location /git/ABC>
       AuthType Basic
       AuthBasicProvider ldap
       AuthLDAPURL "ldaps://xxxxxxxxxxxxxxx)"
       AuthLDAPBindDN  "uid=xxxxxxxxxxxx"
       AuthLDAPBindPassword xxxxxxxxxxxxxxx
       AuthName "Git Access ABC"
       Require user xxxxx xxxxx xxxxx
       Order deny,allow
 </Location>


This had been working fine for several years.

Appreciate any advice

Thanks
[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]

  Powered by Linux