Hello folks, I am new to git and I am trying to set up a git repository as described in http://www.kernel.org/pub/software/scm/git/docs/howto/setup-git-server-over-http.txt but with SSL and basic authentication. This is what I have done: 1. Create bare git repository on the server: root: mkdir -p /data/git/test root: ( cd /data/git/test ; git --bare init ) root: chown -R wwwrun:www /data/git 2. Add a new DAV location to the (existing and already working) apache config, pointing to the newly created git repository. I list only the relevant parts here: LoadModule dav_svn_module /usr/lib/apache2/mod_dav_svn.so LoadModule dav_fs_module /usr/lib/apache2/mod_dav_fs.so DAVLockDB "/data/dav/lock/DAV.lock" Alias /git/test /data/git/test <Location /git/test> DAV on Order Allow,Deny Allow from all AllowOverride None AuthName "test" AuthType Basic AuthUserFile /m/b/httpd/passwd AuthGroupFile /m/b/httpd/group Require group test test-ro SSLRequireSSL <LimitExcept GET PROPFIND OPTIONS REPORT> Require group test </LimitExcept> </Location> 3. Now it's time to test DAV access, so I go to the client: konqueror webdavs://repo.host.org/git/test After asking for credentials, Konqueror shows me content, and I can read/copy/delete files to/from the DAV directory. So the server seems to work fine. Now I go test curl: $ curl --cacert /etc/cacerts/myca.pem \ https://user@xxxxxxxxxxxxx/git/test/HEAD fails with "authentication required", but $ curl --cacert /etc/cacerts/myca.pem --user user \ https://user@xxxxxxxxxxxxx/git/test/HEAD works fine. So I put this information into ~/.curlrc: $ cat ~/.curlrc --cacert /etc/cacerts/myca.pem --user user $ curl https://repo.host.org/git/test/HEAD Enter host password for user 'user': ref: refs/heads/master $ this looks good now. 4. OK, now I go to the next step on the client: $ git-config remote.upload.url https://repo.host.org/git/test/ error: could not lock config file .git/config $ hmm, maybe I should have an empty repos here? So: $ git init Initialized empty Git repository in /tmp/test/.git/ $ git-config remote.upload.url https://repo.host.org/git/test/ $ git push upload master error: Cannot access URL https://repo.host.org/git/test/, return code 60 error: failed to push some refs to 'https://repo.host.org/git/test/' OK, from the above mentioned howto, this looks like cacert is missing. Looks like (unlike the howto states) ~/.curlrc is ignored by git. So I go searching for appropriate configuration options in git: $ git-config http.sslCAPath /etc/cacerts don't help (why?), but $ git-config http.sslCAInfo /etc/cacerts/myca.pem $ git push upload master error: Cannot access URL https://repo.host.org/git/test/, return code 22 error: failed to push some refs to 'https://repo.host.org/git/test/' Finally, that's a new error code. This is probably because the server requires authentication. But I can't find any hints how to specify credentials in git-config or git-push. So now come my questions: 0. The howto says curl is used for transport. Why is my ~/.curlrc ignored? 1. Since .curlrc is ignored: How do I specify credentials for git? 2. Why don't sslCAPath work? 3. Is there a way to override credentials and sslCAPath on a per-remote basis (as can be done with http.proxy, for example) Any hints? -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
