<feed xmlns='http://www.w3.org/2005/Atom'>
<title>git/t/lib-httpd, branch v1.8.2.2</title>
<subtitle>Mirror of https://git.kernel.org/pub/scm/git/git.git/
</subtitle>
<id>https://git.shady.money/git/atom?h=v1.8.2.2</id>
<link rel='self' href='https://git.shady.money/git/atom?h=v1.8.2.2'/>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/'/>
<updated>2013-04-14T05:27:06Z</updated>
<entry>
<title>doc/http-backend: match query-string in apache half-auth example</title>
<updated>2013-04-14T05:27:06Z</updated>
<author>
<name>Jeff King</name>
<email>peff@peff.net</email>
</author>
<published>2013-04-13T03:33:36Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=b0808819e5806f5ff01ffcc34db2796d180ad0d9'/>
<id>urn:sha1:b0808819e5806f5ff01ffcc34db2796d180ad0d9</id>
<content type='text'>
When setting up a "half-auth" repository in which reads can
be done anonymously but writes require authentication, it is
best if the server can require authentication for both the
ref advertisement and the actual receive-pack POSTs. This
alleviates the need for the admin to set http.receivepack in
the repositories, and means that the client is challenged
for credentials immediately, instead of partway through the
push process (and git clients older than v1.7.11.7 had
trouble handling these challenges).

Since detecting a push during the ref advertisement requires
matching the query string, and this is non-trivial to do in
Apache, we have traditionally punted and instructed users to
just protect "/git-receive-pack$".  This patch provides the
mod_rewrite recipe to actually match the ref advertisement,
which is preferred.

While we're at it, let's add the recipe to our test scripts
so that we can be sure that it works, and doesn't get broken
(either by our changes or by changes in Apache).

Signed-off-by: Jeff King &lt;peff@peff.net&gt;
Acked-by: Jakub Narębski &lt;jnareb@gmail.com&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
</content>
</entry>
<entry>
<title>Verify Content-Type from smart HTTP servers</title>
<updated>2013-02-04T18:22:36Z</updated>
<author>
<name>Shawn Pearce</name>
<email>spearce@spearce.org</email>
</author>
<published>2013-01-31T21:02:07Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=4656bf47fca857df51b5d6f4b7b052192b3b2317'/>
<id>urn:sha1:4656bf47fca857df51b5d6f4b7b052192b3b2317</id>
<content type='text'>
Before parsing a suspected smart-HTTP response verify the returned
Content-Type matches the standard. This protects a client from
attempting to process a payload that smells like a smart-HTTP
server response.

JGit has been doing this check on all responses since the dawn of
time. I mistakenly failed to include it in git-core when smart HTTP
was introduced. At the time I didn't know how to get the Content-Type
from libcurl. I punted, meant to circle back and fix this, and just
plain forgot about it.

Signed-off-by: Shawn Pearce &lt;spearce@spearce.org&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
</content>
</entry>
<entry>
<title>Merge branch 'jk/maint-http-half-auth-fetch'</title>
<updated>2012-11-20T18:30:17Z</updated>
<author>
<name>Junio C Hamano</name>
<email>gitster@pobox.com</email>
</author>
<published>2012-11-20T18:30:17Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=a9bb4e55a3a552a705f8a6222e4523ed27bb7cc8'/>
<id>urn:sha1:a9bb4e55a3a552a705f8a6222e4523ed27bb7cc8</id>
<content type='text'>
Fixes fetch from servers that ask for auth only during the actual
packing phase. This is not really a recommended configuration, but it
cleans up the code at the same time.

* jk/maint-http-half-auth-fetch:
  remote-curl: retry failed requests for auth even with gzip
  remote-curl: hoist gzip buffer size to top of post_rpc
</content>
</entry>
<entry>
<title>remote-curl: retry failed requests for auth even with gzip</title>
<updated>2012-10-31T11:45:13Z</updated>
<author>
<name>Jeff King</name>
<email>peff@peff.net</email>
</author>
<published>2012-10-31T11:29:16Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=2e736fd5e94c6fa44ba95d81a5b0ae407b968b78'/>
<id>urn:sha1:2e736fd5e94c6fa44ba95d81a5b0ae407b968b78</id>
<content type='text'>
Commit b81401c taught the post_rpc function to retry the
http request after prompting for credentials. However, it
did not handle two cases:

  1. If we have a large request, we do not retry. That's OK,
     since we would have sent a probe (with retry) already.

  2. If we are gzipping the request, we do not retry. That
     was considered OK, because the intended use was for
     push (e.g., listing refs is OK, but actually pushing
     objects is not), and we never gzip on push.

This patch teaches post_rpc to retry even a gzipped request.
This has two advantages:

  1. It is possible to configure a "half-auth" state for
     fetching, where the set of refs and their sha1s are
     advertised, but one cannot actually fetch objects.

     This is not a recommended configuration, as it leaks
     some information about what is in the repository (e.g.,
     an attacker can try brute-forcing possible content in
     your repository and checking whether it matches your
     branch sha1). However, it can be slightly more
     convenient, since a no-op fetch will not require a
     password at all.

  2. It future-proofs us should we decide to ever gzip more
     requests.

Signed-off-by: Jeff King &lt;peff@peff.net&gt;
</content>
</entry>
<entry>
<title>Merge branch 'jk/maint-http-half-auth-push'</title>
<updated>2012-09-07T18:09:50Z</updated>
<author>
<name>Junio C Hamano</name>
<email>gitster@pobox.com</email>
</author>
<published>2012-09-07T18:09:49Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=e6dd70e9bfef40d545cb0f452f082bde562e8785'/>
<id>urn:sha1:e6dd70e9bfef40d545cb0f452f082bde562e8785</id>
<content type='text'>
Pushing to smart HTTP server with recent Git fails without having
the username in the URL to force authentication, if the server is
configured to allow GET anonymously, while requiring authentication
for POST.

* jk/maint-http-half-auth-push:
  http: prompt for credentials on failed POST
  http: factor out http error code handling
  t: test http access to "half-auth" repositories
  t: test basic smart-http authentication
  t/lib-httpd: recognize */smart/* repos as smart-http
  t/lib-httpd: only route auth/dumb to dumb repos
  t5550: factor out http auth setup
  t5550: put auth-required repo in auth/dumb
</content>
</entry>
<entry>
<title>t: test http access to "half-auth" repositories</title>
<updated>2012-08-27T17:49:09Z</updated>
<author>
<name>Jeff King</name>
<email>peff@peff.net</email>
</author>
<published>2012-08-27T13:25:53Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=4c71009da60baee436358e84ff1057cd1c80e776'/>
<id>urn:sha1:4c71009da60baee436358e84ff1057cd1c80e776</id>
<content type='text'>
Some sites set up http access to repositories such that
fetching is anonymous and unauthenticated, but pushing is
authenticated. While there are multiple ways to do this, the
technique advertised in the git-http-backend manpage is to
block access to locations matching "/git-receive-pack$".

Let's emulate that advice in our test setup, which makes it
clear that this advice does not actually work.

Signed-off-by: Jeff King &lt;peff@peff.net&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
</content>
</entry>
<entry>
<title>t/lib-httpd: recognize */smart/* repos as smart-http</title>
<updated>2012-08-27T17:49:09Z</updated>
<author>
<name>Jeff King</name>
<email>peff@peff.net</email>
</author>
<published>2012-08-27T13:25:21Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=666aae9aed5a29019d2cd696d4258750c0dc96c7'/>
<id>urn:sha1:666aae9aed5a29019d2cd696d4258750c0dc96c7</id>
<content type='text'>
We do not currently test authentication for smart-http repos
at all. Part of the infrastructure to do this is recognizing
that auth/smart is indeed a smart-http repo.

The current apache config recognizes only "^/smart/*" as
smart-http. Let's instead treat anything with /smart/ in the
URL as smart-http. This is obviously a stupid thing to do
for a real production site, but for our test suite we know
that our repositories will not have this magic string in the
name.

Note that we will route /foo/smart/bar.git directly to
git-http-backend/bar.git; in other words, everything before
the "/smart/" is irrelevant to finding the repo on disk (but
may impact apache config, for example by triggering auth
checks).

Signed-off-by: Jeff King &lt;peff@peff.net&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
</content>
</entry>
<entry>
<title>t/lib-httpd: only route auth/dumb to dumb repos</title>
<updated>2012-08-27T17:49:08Z</updated>
<author>
<name>Jeff King</name>
<email>peff@peff.net</email>
</author>
<published>2012-08-27T13:24:42Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=05b577107dda131d46f93aa9bb7817c80bc30ee9'/>
<id>urn:sha1:05b577107dda131d46f93aa9bb7817c80bc30ee9</id>
<content type='text'>
Our test apache config points all of auth/ directly to the
on-disk repositories via an Alias directive. This works fine
because everything authenticated is currently in auth/dumb,
which is a subset.  However, this would conflict with a
ScriptAlias for auth/smart (which will come in future
patches), so let's narrow the Alias.

Signed-off-by: Jeff King &lt;peff@peff.net&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
</content>
</entry>
<entry>
<title>t/lib-httpd: handle running under --valgrind</title>
<updated>2012-07-24T19:43:44Z</updated>
<author>
<name>Jeff King</name>
<email>peff@peff.net</email>
</author>
<published>2012-07-24T13:43:59Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=f628825481b706baa3d9bf871a081cb1285c2778'/>
<id>urn:sha1:f628825481b706baa3d9bf871a081cb1285c2778</id>
<content type='text'>
Running the http tests with valgrind does not work for two
reasons:

  1. Apache complains about following the symbolic link from
     git-http-backend to valgrind.sh.

  2. Apache does not pass through the GIT_VALGRIND variable
     to the backend CGI.

This patch fixes both problems. Unfortunately, there is a
slight hack we need to handle passing environment variables
through Apache. If we just tell it:

  PassEnv GIT_VALGRIND

then Apache will complain when GIT_VALGRIND is not set. If
we try:

  SetEnv GIT_VALGRIND ${GIT_VALGRIND}

then when GIT_VALGRIND is not set, it will pass through the
literal "${GIT_VALGRIND}". Instead, we now unconditionally
pass through GIT_VALGRIND from lib-httpd.sh into apache,
even if it is empty.

Signed-off-by: Jeff King &lt;peff@peff.net&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
</content>
</entry>
<entry>
<title>http-backend: respect existing GIT_COMMITTER_* variables</title>
<updated>2012-03-30T16:13:02Z</updated>
<author>
<name>Jeff King</name>
<email>peff@peff.net</email>
</author>
<published>2012-03-30T07:01:30Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=e32a4581bcbf1cf43cd5069a0d19df07542d612a'/>
<id>urn:sha1:e32a4581bcbf1cf43cd5069a0d19df07542d612a</id>
<content type='text'>
The http-backend program sets default GIT_COMMITTER_NAME and
GIT_COMMITTER_EMAIL variables based on the REMOTE_USER and
REMOTE_ADDR variables provided by the webserver. However, it
unconditionally overwrites any existing GIT_COMMITTER
variables, which may have been customized by site-specific
code in the webserver (or in a script wrapping http-backend).

Let's leave those variables intact if they already exist,
assuming that any such configuration was intentional. There
is a slight chance of a regression if somebody has set
GIT_COMMITTER_* for the entire webserver, not intending it
to leak through http-backend. We could protect against this
by passing the information in alternate variables.  However,
it seems unlikely that anyone will care about that
regression, and there is value in the simplicity of using
the common variable names that are used elsewhere in git.

While we're tweaking the environment-handling in
http-backend, let's switch it to use argv_array to handle
the list of variables. That makes the memory management much
simpler.

Signed-off-by: Jeff King &lt;peff@peff.net&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
</content>
</entry>
</feed>
