From: Junio C Hamano <gitster@pobox•com>
To: "Shawn O. Pearce" <spearce@spearce•org>
Cc: Jeff King <peff@peff•net>, Iain Paton <ipaton0@gmail•com>,
git@vger•kernel.org
Subject: Re: [PATCH 0/8] fix password prompting for "half-auth" servers
Date: Mon, 27 Aug 2012 10:14:35 -0700 [thread overview]
Message-ID: <7vbohws1dw.fsf@alter.siamese.dyndns.org> (raw)
In-Reply-To: <20120827132145.GA17265@sigill.intra.peff.net> (Jeff King's message of "Mon, 27 Aug 2012 09:21:45 -0400")
Jeff King <peff@peff•net> writes:
(+cc: Shawn)
> On Sun, Aug 26, 2012 at 06:13:41AM -0400, Jeff King wrote:
>
>> No problem. I'll probably be a day or two on the patches, as the http
>> tests are in need of some refactoring before adding more tests. But in
>> the meantime, I think your config change is a sane work-around.
>
> OK, here is the series. For those just joining us, the problem is that
> git will not correctly prompt for credentials when pushing to a
> repository which allows the initial GET of
> ".../info/refs?service=git-receive-pack", but then gives a 401 when we
> try to POST the pack. This has never worked for a plain URL, but used to
> work if you put the username in the URL (because we would
> unconditionally load the credentials before making any requests). That
> was broken by 986bbc0, which does not do that proactive prompting for
> smart-http, meaning such repositories cannot be pushed to at all.
>
> Such a server-side setup is questionable in my opinion (because the
> client will actually create the pack before failing), but we have been
> advertising it for a long time in git-http-backend(1) as the right way
> to make repositories that are anonymous for fetching but require auth
> for pushing.
>
> The fix is somewhat uglier than I would like, but I think it's practical
> and the right thing to do (see the final patch for lots of discussion).
> I built this on the current tip of "master". It might make sense to
> backport it directly on top of 986bbc0 for the maint track. There are
> conflicts, but they are all textual. Another option would be to revert
> 986bbc0 for the maint track, as that commit is itself fixing a minor bug
> that is of decreasing relevance (it fixed extra password prompting when
> .netrc was in use, but one can work around it by dropping the username
> from the URL).
>
> The patches are:
>
> [1/8]: t5550: put auth-required repo in auth/dumb
> [2/8]: t5550: factor out http auth setup
> [3/8]: t/lib-httpd: only route auth/dumb to dumb repos
> [4/8]: t/lib-httpd: recognize */smart/* repos as smart-http
> [5/8]: t: test basic smart-http authentication
>
> These are all refactoring of the test scripts in preparation for 6/8
> (and are where all of the conflicts lie).
>
> [6/8]: t: test http access to "half-auth" repositories
>
> This demonstrates the bug.
>
> [7/8]: http: factor out http error code handling
>
> Refactoring to support 8/8.
>
> [8/8]: http: prompt for credentials on failed POST
>
> And this one is the actual fix.
>
> I'd like to have a 9/8 which tweaks the git-http-backend documentation
> to provide better example apache config, but I haven't yet figured out
> the right incantation. Suggestions from apache gurus are welcome.
>
> -Peff
next prev parent reply other threads:[~2012-08-27 17:14 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-08-24 20:19 git no longer prompting for password Iain Paton
2012-08-24 21:25 ` Jeff King
[not found] ` <5038E781.1090008@gmail.com>
2012-08-25 20:39 ` Jeff King
2012-08-26 9:57 ` Iain Paton
2012-08-26 10:13 ` Jeff King
2012-08-26 14:18 ` Iain Paton
2012-08-27 13:21 ` [PATCH 0/8] fix password prompting for "half-auth" servers Jeff King
2012-08-27 13:23 ` [PATCH 1/8] t5550: put auth-required repo in auth/dumb Jeff King
2012-08-27 13:24 ` [PATCH 2/8] t5550: factor out http auth setup Jeff King
2012-08-27 13:24 ` [PATCH 3/8] t/lib-httpd: only route auth/dumb to dumb repos Jeff King
2012-08-27 13:25 ` [PATCH 4/8] t/lib-httpd: recognize */smart/* repos as smart-http Jeff King
2012-08-27 13:25 ` [PATCH 5/8] t: test basic smart-http authentication Jeff King
2012-08-27 13:25 ` [PATCH 6/8] t: test http access to "half-auth" repositories Jeff King
2012-08-27 13:26 ` [PATCH 7/8] http: factor out http error code handling Jeff King
2012-08-28 18:06 ` Junio C Hamano
2012-08-27 13:27 ` [PATCH 8/8] http: prompt for credentials on failed POST Jeff King
2012-08-27 17:48 ` Junio C Hamano
2012-08-27 21:49 ` Jeff King
2012-08-27 23:29 ` Junio C Hamano
2012-08-27 17:14 ` Junio C Hamano [this message]
2012-08-27 8:28 ` git no longer prompting for password Iain Paton
2012-08-27 13:33 ` BJ Hargrave
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7vbohws1dw.fsf@alter.siamese.dyndns.org \
--to=gitster@pobox$(echo .)com \
--cc=git@vger$(echo .)kernel.org \
--cc=ipaton0@gmail$(echo .)com \
--cc=peff@peff$(echo .)net \
--cc=spearce@spearce$(echo .)org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox