Jeff King <p...@peff.net> writes:
> On Sun, Aug 26, 2012 at 06:13:41AM -0400, Jeff King wrote:
>> No problem. I'll probably be a day or two on the patches, as the http
>> tests are in need of some refactoring before adding more tests. But in
>> the meantime, I think your config change is a sane work-around.
> OK, here is the series. For those just joining us, the problem is that
> git will not correctly prompt for credentials when pushing to a
> repository which allows the initial GET of
> ".../info/refs?service=git-receive-pack", but then gives a 401 when we
> try to POST the pack. This has never worked for a plain URL, but used to
> work if you put the username in the URL (because we would
> unconditionally load the credentials before making any requests). That
> was broken by 986bbc0, which does not do that proactive prompting for
> smart-http, meaning such repositories cannot be pushed to at all.
> Such a server-side setup is questionable in my opinion (because the
> client will actually create the pack before failing), but we have been
> advertising it for a long time in git-http-backend(1) as the right way
> to make repositories that are anonymous for fetching but require auth
> for pushing.
> The fix is somewhat uglier than I would like, but I think it's practical
> and the right thing to do (see the final patch for lots of discussion).
> I built this on the current tip of "master". It might make sense to
> backport it directly on top of 986bbc0 for the maint track. There are
> conflicts, but they are all textual. Another option would be to revert
> 986bbc0 for the maint track, as that commit is itself fixing a minor bug
> that is of decreasing relevance (it fixed extra password prompting when
> .netrc was in use, but one can work around it by dropping the username
> from the URL).
> The patches are:
> [1/8]: t5550: put auth-required repo in auth/dumb
> [2/8]: t5550: factor out http auth setup
> [3/8]: t/lib-httpd: only route auth/dumb to dumb repos
> [4/8]: t/lib-httpd: recognize */smart/* repos as smart-http
> [5/8]: t: test basic smart-http authentication
> These are all refactoring of the test scripts in preparation for 6/8
> (and are where all of the conflicts lie).
> [6/8]: t: test http access to "half-auth" repositories
> This demonstrates the bug.
> [7/8]: http: factor out http error code handling
> Refactoring to support 8/8.
> [8/8]: http: prompt for credentials on failed POST
> And this one is the actual fix.
> I'd like to have a 9/8 which tweaks the git-http-backend documentation
> to provide better example apache config, but I haven't yet figured out
> the right incantation. Suggestions from apache gurus are welcome.
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html