On Thu, Dec 09, 2021 at 08:59:14PM +0100, Ralf Baechle wrote: > I'm hosting a number of largish repositories which being very similar > are using git's alternates feature to save disk and memory. Cloning via > git:// or ssh for users with accounts on the server works as expected but > cloning via http or https results fails as follows: > > $ git clone http://git.linux-mips.org/pub/scm/linux-mti.git > Cloning into 'linux-mti'... > warning: alternate disabled by http.followRedirects: http://git.linux-mips.org/pub/scm/ralf/linux.git/ > error: Unable to find e4add961d4aaeb19f607f6d7bea8d59e1bd39ff0 under http://git.linux-mips.org/pub/scm/linux-mti.git > Fetching objects: 11, done. > Cannot obtain needed object e4add961d4aaeb19f607f6d7bea8d59e1bd39ff0 > while processing commit 9e2bf7cf7d9003c0f06736be5218ed79234f254c. > error: fetch failed. > > Adding -c http.followRedirects=true will make the clone succeed. Question, > shouldn't the default of http.followRedirects=initial already suffice? There are security implications to allowing more redirects. See cb4d2d35c4 (http: treat http-alternates like redirects, 2016-12-06). That commit message does mention that we could be more lenient for same-server redirects here, but AFAIK this is the first time anybody cared enough to even bring it up the list. That said... > Anyway, what I'm looking for is something I can do serverside so users > cloning the repository are not bothered with this http.followRedirects > business. Is there anything I can do? Turn on smart-http support for your server. The dumb-http protocol is rather inefficient, and is what requires the client to even know about your server-side alternates in the first place. And personally, I have a lot less trust in it in general, compared to smart-http. There have been tons of fixes and improvements in the smart-http code in the past 10 years, and I don't think anybody is really paying much attention to dumb-http. -Peff
