<feed xmlns='http://www.w3.org/2005/Atom'>
<title>git/t/lib-httpd.sh, branch v1.8.2.2</title>
<subtitle>Mirror of https://git.kernel.org/pub/scm/git/git.git/
</subtitle>
<id>https://git.shady.money/git/atom?h=v1.8.2.2</id>
<link rel='self' href='https://git.shady.money/git/atom?h=v1.8.2.2'/>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/'/>
<updated>2013-02-04T18:22:36Z</updated>
<entry>
<title>Verify Content-Type from smart HTTP servers</title>
<updated>2013-02-04T18:22:36Z</updated>
<author>
<name>Shawn Pearce</name>
<email>spearce@spearce.org</email>
</author>
<published>2013-01-31T21:02:07Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=4656bf47fca857df51b5d6f4b7b052192b3b2317'/>
<id>urn:sha1:4656bf47fca857df51b5d6f4b7b052192b3b2317</id>
<content type='text'>
Before parsing a suspected smart-HTTP response verify the returned
Content-Type matches the standard. This protects a client from
attempting to process a payload that smells like a smart-HTTP
server response.

JGit has been doing this check on all responses since the dawn of
time. I mistakenly failed to include it in git-core when smart HTTP
was introduced. At the time I didn't know how to get the Content-Type
from libcurl. I punted, meant to circle back and fix this, and just
plain forgot about it.

Signed-off-by: Shawn Pearce &lt;spearce@spearce.org&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
</content>
</entry>
<entry>
<title>Merge branch 'jk/maint-http-half-auth-push'</title>
<updated>2012-09-07T18:09:50Z</updated>
<author>
<name>Junio C Hamano</name>
<email>gitster@pobox.com</email>
</author>
<published>2012-09-07T18:09:49Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=e6dd70e9bfef40d545cb0f452f082bde562e8785'/>
<id>urn:sha1:e6dd70e9bfef40d545cb0f452f082bde562e8785</id>
<content type='text'>
Pushing to smart HTTP server with recent Git fails without having
the username in the URL to force authentication, if the server is
configured to allow GET anonymously, while requiring authentication
for POST.

* jk/maint-http-half-auth-push:
  http: prompt for credentials on failed POST
  http: factor out http error code handling
  t: test http access to "half-auth" repositories
  t: test basic smart-http authentication
  t/lib-httpd: recognize */smart/* repos as smart-http
  t/lib-httpd: only route auth/dumb to dumb repos
  t5550: factor out http auth setup
  t5550: put auth-required repo in auth/dumb
</content>
</entry>
<entry>
<title>t5550: factor out http auth setup</title>
<updated>2012-08-27T17:49:04Z</updated>
<author>
<name>Jeff King</name>
<email>peff@peff.net</email>
</author>
<published>2012-08-27T13:24:31Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=e837936c7c08ac5829bc53761ecb57d18d458edd'/>
<id>urn:sha1:e837936c7c08ac5829bc53761ecb57d18d458edd</id>
<content type='text'>
The t5550 script sets up a nice askpass helper for
simulating user input and checking what git prompted for.
Let's make it available to other http scripts by migrating
it to lib-httpd.

We can use this immediately in t5540 to make our tests more
robust (previously, we did not check at all that hitting the
password-protected repo actually involved a password).
Unfortunately, we end up failing the test because the
current code erroneously prompts twice (once for
git-remote-http, and then again when the former spawns
git-http-push).

More importantly, though, it will let us easily add
smart-http authentication tests in t5541 and t5551; we
currently do not test smart-http authentication at all.

As part of making it generic, let's always look for and
store auxiliary askpass files at the top-level trash
directory; this makes it compatible with t5540, which runs
some tests from sub-repositories. We can abstract away the
ugliness with a short helper function.

Signed-off-by: Jeff King &lt;peff@peff.net&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
</content>
</entry>
<entry>
<title>t/lib-httpd: handle running under --valgrind</title>
<updated>2012-07-24T19:43:44Z</updated>
<author>
<name>Jeff King</name>
<email>peff@peff.net</email>
</author>
<published>2012-07-24T13:43:59Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=f628825481b706baa3d9bf871a081cb1285c2778'/>
<id>urn:sha1:f628825481b706baa3d9bf871a081cb1285c2778</id>
<content type='text'>
Running the http tests with valgrind does not work for two
reasons:

  1. Apache complains about following the symbolic link from
     git-http-backend to valgrind.sh.

  2. Apache does not pass through the GIT_VALGRIND variable
     to the backend CGI.

This patch fixes both problems. Unfortunately, there is a
slight hack we need to handle passing environment variables
through Apache. If we just tell it:

  PassEnv GIT_VALGRIND

then Apache will complain when GIT_VALGRIND is not set. If
we try:

  SetEnv GIT_VALGRIND ${GIT_VALGRIND}

then when GIT_VALGRIND is not set, it will pass through the
literal "${GIT_VALGRIND}". Instead, we now unconditionally
pass through GIT_VALGRIND from lib-httpd.sh into apache,
even if it is empty.

Signed-off-by: Jeff King &lt;peff@peff.net&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
</content>
</entry>
<entry>
<title>Fix httpd tests that broke when non-ff push advice changed</title>
<updated>2012-04-12T20:48:52Z</updated>
<author>
<name>Christopher Tiwald</name>
<email>christiwald@gmail.com</email>
</author>
<published>2012-04-12T17:56:28Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=0aff719f489771c5e52259394d011c51317b118f'/>
<id>urn:sha1:0aff719f489771c5e52259394d011c51317b118f</id>
<content type='text'>
Signed-off-by: Christopher Tiwald &lt;christiwald@gmail.com&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
</content>
</entry>
<entry>
<title>improve httpd auth tests</title>
<updated>2011-07-20T18:38:34Z</updated>
<author>
<name>Jeff King</name>
<email>peff@peff.net</email>
</author>
<published>2011-07-18T07:49:12Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=5232586c7985e6a420ee741e19e7fd6d040d43f6'/>
<id>urn:sha1:5232586c7985e6a420ee741e19e7fd6d040d43f6</id>
<content type='text'>
These just checked that we could clone a repository when the
username and password were given in the URL; we should also
check that git will prompt when no or partial credentials
are given.

Signed-off-by: Jeff King &lt;peff@peff.net&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
</content>
</entry>
<entry>
<title>i18n: use test_i18ngrep in lib-httpd and t2019</title>
<updated>2011-04-13T22:52:47Z</updated>
<author>
<name>Junio C Hamano</name>
<email>gitster@pobox.com</email>
</author>
<published>2011-04-12T23:12:47Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=d3bd0425b21b84fbc554b24b4315bfcbc2d7a5bf'/>
<id>urn:sha1:d3bd0425b21b84fbc554b24b4315bfcbc2d7a5bf</id>
<content type='text'>
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
</content>
</entry>
<entry>
<title>i18n: git-push "prevent you from losing" message</title>
<updated>2011-03-10T07:52:56Z</updated>
<author>
<name>Ævar Arnfjörð Bjarmason</name>
<email>avarab@gmail.com</email>
</author>
<published>2011-02-22T23:42:12Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=b32227e770f6c8ade19d340118a478f8b1a8659d'/>
<id>urn:sha1:b32227e770f6c8ade19d340118a478f8b1a8659d</id>
<content type='text'>
Gettextize the "To prevent you from losing history" message. A test in
lib-httpd.sh and another in t5541-http-push.sh explicitly checked for
this message. Change them to skip under GETTEXT_POISON=YesPlease.

Signed-off-by: Ævar Arnfjörð Bjarmason &lt;avarab@gmail.com&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
</content>
</entry>
<entry>
<title>t5550: test HTTP authentication and userinfo decoding</title>
<updated>2010-11-17T21:07:43Z</updated>
<author>
<name>Gabriel Corona</name>
<email>gabriel.corona@enst-bretagne.fr</email>
</author>
<published>2010-11-14T01:51:14Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=3cf8fe1d26edd7c4cce6593d70212970f8b0bbc0'/>
<id>urn:sha1:3cf8fe1d26edd7c4cce6593d70212970f8b0bbc0</id>
<content type='text'>
Add a test for HTTP authentication and proper percent-decoding of the
userinfo (username and password) part of the URL.

Signed-off-by: Gabriel Corona &lt;gabriel.corona@enst-bretagne.fr&gt;
Acked-by: Tay Ray Chuan &lt;rctay89@gmail.com&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
</content>
</entry>
<entry>
<title>t/{t5541,lib-httpd}: replace problematic '!()' notation with test_must_fail</title>
<updated>2010-07-20T18:37:45Z</updated>
<author>
<name>Brandon Casey</name>
<email>drafnel@gmail.com</email>
</author>
<published>2010-07-20T18:27:55Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=77b5be2abab69a69618dd40a6ca8b754388b8216'/>
<id>urn:sha1:77b5be2abab69a69618dd40a6ca8b754388b8216</id>
<content type='text'>
The '!()' notation is interpreted as a pattern-list on Ksh.  The Ksh man
page describe it as follows:

   !(pattern-list)
      Matches anything except one of the given patterns.

Ksh performs a file glob using the pattern-list and then tries to execute
the first file in the list.  If a space is added between the '!' and the
open parens, then Ksh will not interpret it as a pattern list, but in this
case, it is preferred to use test_must_fail, so lets do so.

Signed-off-by: Brandon Casey &lt;casey@nrlssc.navy.mil&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
</content>
</entry>
</feed>
