Mirror of https://git.kernel.org/pub/scm/git/git.git/ https://git.shady.money/git/atom?h=v2.41.2 2023-05-19T16:27:07Z 2023-05-19T16:27:07Z Junio C Hamano gitster@pobox.com 2023-05-19T16:27:07Z urn:sha1:646ca8955861b9e3d4b1d130b15fd59673c3c76b We started unconditionally testing with CGIPassAuth directive but it is unavailable in older Apache that ships with CentOS 7 that has about a year of shelf-life still left. The test has conditionally been disabled when running with an ancient Apache. This was a fix for a recent regression caught before the release, so no need to mention it in the release notes. * jk/http-test-cgipassauth-unavailable-in-older-apache: t/lib-httpd: make CGIPassAuth support conditional 2023-05-18T21:29:32Z Jeff King peff@peff.net 2023-05-18T19:21:02Z urn:sha1:eb1c42da8e21cc2a8dacd21023a179b788858887 Commit 988aad99b4 (t5563: add tests for basic and anoymous HTTP access, 2023-02-27) added tests that require Apache to support the CGIPassAuth directive, which was added in Apache 2.4.13. This is fairly old (~8 years), but recent enough that we still encounter it in the wild (e.g., RHEL/CentOS 7, which is not EOL until June 2024). We can live with skipping the new tests on such a platform. But unfortunately, since the directive is used unconditionally in our apache.conf, it means the web server fails to start entirely, and we cannot run other HTTP tests at all (e.g., the basic ones in t5551). We can fix that by making the config conditional, and only triggering it for t5563. That solves the problem for t5551 (which then ignores the directive entirely). For t5563, we'd see apache complain in start_httpd; with the default setting of GIT_TEST_HTTPD, we'd then skip the whole script. But that leaves one small problem: people may set GIT_TEST_HTTPD=1 explicitly, which instructs the tests to fail (rather than skip) when we can't start the webserver (to avoid accidentally missing some tests). This could be worked around by having the user manually set GIT_SKIP_TESTS on a platform with an older Apache. But we can be a bit friendlier by doing the version check ourselves and setting an appropriate prereq. We'll use the (lack of) prereq to then skip the rest of t5563. In theory we could use the prereq to skip individual tests, but in practice this whole script depends on it. Reported-by: Todd Zullinger <tmz@pobox.com> Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com> 2023-03-19T22:03:10Z Junio C Hamano gitster@pobox.com 2023-03-19T22:03:10Z urn:sha1:6f54213718ccd05be8a07f74d0d4e524ebccb3be Test clean-up. * ab/avoid-losing-exit-codes-in-tests: tests: don't lose misc "git" exit codes tests: don't lose exit status with "test <op> $(git ...)" tests: don't lose "git" exit codes in "! ( git ... | grep )" tests: don't lose exit status with "(cd ...; test <op> $(git ...))" t/lib-patch-mode.sh: fix ignored exit codes auto-crlf tests: don't lose exit code in loops and outside tests 2023-03-17T21:03:10Z Junio C Hamano gitster@pobox.com 2023-03-17T21:03:10Z urn:sha1:92c56da09683fa3331668adec073b6769da8f0b7 Allow information carried on the WWW-AUthenticate header to be passed to the credential helpers. * mc/credential-helper-www-authenticate: credential: add WWW-Authenticate header to cred requests http: read HTTP WWW-Authenticate response headers t5563: add tests for basic and anoymous HTTP access 2023-03-01T00:38:47Z Junio C Hamano gitster@pobox.com 2023-03-01T00:38:47Z urn:sha1:b2893ea403562f94a11edf5c3cc6beb44685d991 Various fix-ups on HTTP tests. * jk/http-test-fixes: t5559: make SSL/TLS the default t5559: fix test failures with LIB_HTTPD_SSL t/lib-httpd: enable HTTP/2 "h2" protocol, not just h2c t/lib-httpd: respect $HTTPD_PROTO in expect_askpass() t5551: drop curl trace lines without headers t5551: handle v2 protocol in cookie test t5551: simplify expected cookie file t5551: handle v2 protocol in upload-pack service test t5551: handle v2 protocol when checking curl trace t5551: stop forcing clone to run with v0 protocol t5551: handle HTTP/2 when checking curl trace t5551: lower-case headers in expected curl trace t5551: drop redundant grep for Accept-Language t5541: simplify and move "no empty path components" test t5541: stop marking "used receive-pack service" test as v0 only t5541: run "used receive-pack service" test earlier 2023-02-27T18:40:40Z Matthew John Cheetham mjcheetham@outlook.com 2023-02-27T17:20:18Z urn:sha1:988aad99b44f3fb3f04f4a75cadf0dbb7ac89ffe Add a test showing simple anoymous HTTP access to an unprotected repository, that results in no credential helper invocations. Also add a test demonstrating simple basic authentication with simple credential helper support. Leverage a no-parsed headers (NPH) CGI script so that we can directly control the HTTP responses to simulate a multitude of good, bad and ugly remote server implementations around auth. Signed-off-by: Matthew John Cheetham <mjcheetham@outlook.com> Signed-off-by: Junio C Hamano <gitster@pobox.com> 2023-02-23T21:01:15Z Jeff King peff@peff.net 2023-02-23T11:05:55Z urn:sha1:9d15b1e5df56dd4409766fe8ef55752436ca9f3d When the HTTP tests are run with LIB_HTTPD_SSL in the environment, then we access the test server as https://. This causes expect_askpass to complain, because it tries to blindly match "http://" in the prompt shown to the user. We can adjust this to use $HTTPD_PROTO, which is set during the setup phase. Note that this is enough for t5551 and t5559 to pass when run with https, but there are similar problems in other scripts that will need to be fixed before the whole suite can run with LIB_HTTPD_SSL. Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com> 2023-02-17T00:24:23Z Jeff King peff@peff.net 2023-02-16T20:56:32Z urn:sha1:29ae2c9e742c167f3e46cf9a2d78f420b261e254 We do not test our http proxy functionality at all in the test suite, so this is a pretty big blind spot. Let's at least add a basic check that we can go through an authenticating proxy to perform a clone. A few notes on the implementation: - I'm using a single apache instance to proxy to itself. This seems to work fine in practice, and we can check with a test that this rather unusual setup is doing what we expect. - I've put the proxy tests into their own script, and it's the only one which loads the apache proxy config. If any platform can't handle this (e.g., doesn't have the right modules), the start_httpd step should fail and gracefully skip the rest of the script (but all the other http tests in existing scripts will continue to run). - I used a separate passwd file to make sure we don't ever get confused between proxy and regular auth credentials. It's using the antiquated crypt() format. This is a terrible choice security-wise in the modern age, but it's what our existing passwd file uses, and should be portable. It would probably be reasonable to switch both of these to bcrypt, but we can do that in a separate patch. - On the client side, we test two situations with credentials: when they are present in the url, and when the username is present but we prompt for the password. I think we should be able to handle the case that _neither_ is present, but an HTTP 407 causes us to prompt for them. However, this doesn't seem to work. That's either a bug, or at the very least an opportunity for a feature, but I punted on it for now. The point of this patch is just getting basic coverage, and we can explore possible deficiencies later. - this doesn't work with LIB_HTTPD_SSL. This probably would be valuable to have, as https over an http proxy is totally different (it uses CONNECT to tunnel the session). But adding in mod_proxy_connect and some basic config didn't seem to work for me, so I punted for now. Much of the rest of the test suite does not currently work with LIB_HTTPD_SSL either, so we shouldn't be making anything much worse here. Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com> 2023-02-06T23:30:41Z Ævar Arnfjörð Bjarmason avarab@gmail.com 2023-02-06T22:44:30Z urn:sha1:0cd1a8818db35df70c88d7864682146bf4fa8227 Rewrite tests that ran "git" inside command substitution and lost the exit status of "git" so that we notice the failing "git". Have them use modern patterns such as a "test_cmp" of the expected outputs instead. We'll fix more of these these in the subsequent commit, for now we're only converting the cases where this loss of exit code was combined with spawning a sub-shell. Signed-off-by: Ævar Arnfjörð Bjarmason <avarab@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com> 2023-02-01T18:10:34Z Jeff King peff@peff.net 2023-02-01T11:38:24Z urn:sha1:edd060dc84fb9b870df6f8344bd86b211608b5be Apache 2.4 has been out since early 2012, almost 11 years. And its predecessor, 2.2, has been out of support since its last release in 2017, over 5 years ago. The last mention on the mailing list was from around the same time, in this thread: https://lore.kernel.org/git/20171231023234.21215-1-tmz@pobox.com/ We can probably assume that 2.4 is available everywhere. And the stakes are fairly low, as the worst case is that such a platform would skip the http tests. This lets us clean up a few minor version checks in the config file, but also revert f1f2b45be0 (tests: adjust the configuration for Apache 2.2, 2016-05-09). Its technique isn't _too_ bad, but certainly required a bit more explanation than the 2.4 version it replaced. I manually confirmed that the test in t5551 still behaves as expected (if you replace "cadabra" with "foo", the server correctly rejects the request). It will also help future patches which will no longer have to deal with conditional config for this old version. Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>