Upgrade to gitweb-1.8.3.1-20 on centos7 breaks git access

git@vger.kernel.org mailing list mirror (one of many)
 help / color / mirror / code / Atom feed

* Upgrade to gitweb-1.8.3.1-20 on centos7 breaks git access
@ 2019-08-17 20:03 Gaiseric Vandal
  2019-08-17 20:39 ` Gaiseric Vandal
  0 siblings, 1 reply; 2+ messages in thread
From: Gaiseric Vandal @ 2019-08-17 20:03 UTC (permalink / raw)
  To: git

I recently applied the latest patches on centos7, including
gitweb-1.8.3.1-20.      When I try to access git repos (either via web
browser or git command line.) Repos are configured to require LDAP
authentication.


I should be able to access repo ABC via

https://myserver.domain.com/git/ABC

I get the correct user login prompt but then , after logging, get
following error

     The requested URL /git/ABC/ was not found on this server.

I don't think any of the config files got changed.

My partial config is

     # cat /etc/httpd/conf.d/git.conf
     Alias /git /var/www/git

     <Directory /var/www/git>
      Options +ExecCGI
      AddHandler cgi-script .cgi
      DirectoryIndex gitweb.cgi
     </Directory>
     #



     # cat /etc/httpd/conf.d/gitrepos.conf
     SetEnv GIT_PROJECT_ROOT /export/gitrepos
     SetEnv GIT_HTTP_EXPORT_ALL
     ScriptAlias /git/ /usr/libexec/git-core/git-http-backend/

     RewriteEngine on
     RewriteCond %{QUERY_STRING} service=git-receive-pack [OR]
     RewriteCond %{REQUEST_URI} /git-receive-pack$
     RewriteRule ^/git/ - [E=AUTHREQUIRED]

     <Files "git-http-backend">
     AuthType Basic
     AuthBasicProvider ldap
     AuthLDAPURL "ldaps://xxxxxxxxxxxxxxx)"
     AuthLDAPBindDN  "uid=xxxxxxxxxxxx"
     AuthLDAPBindPassword xxxxxxxxxxxxxxx
     AuthName "Git Access"
     Require user xxxxx xxxxx xxxxx
     Order deny,allow
     Deny from env=AUTHREQUIRED
     Satisfy any
     </Files>


     <Location /git/ABC>
     AuthType Basic
     AuthBasicProvider ldap
     AuthLDAPURL "ldaps://xxxxxxxxxxxxxxx)"
     AuthLDAPBindDN  "uid=xxxxxxxxxxxx"
     AuthLDAPBindPassword xxxxxxxxxxxxxxx
     AuthName "Git Access ABC"
     Require user xxxxx xxxxx xxxxx
     Order deny,allow
</Location>



The /var/www/git/gitweb.cgi file has the default settings.

...
our $GIT = "/usr/bin/git";

# absolute fs-path which will be prepended to the project path
our $projectroot = "/var/lib/git";
#our $projectroot = "/export/gitrepos";

...


If I set $projectroot to point to /export/gitrepos, I can see a list
of projects when I browse to https://myserver.domain.com/git-
however I wanted to minimize how much information was exposed with no
authentication.      And it didn't fix the access problem.
The "git" command is in the default OS path.   changing
      our $GIT = "/usr/bin/git";
to
     our $GIT = "git";

did not help.


The only thing in the httpd error logs that looks relevant is

[Sat Aug 17 15:39:39.826265 2019] [core:info] [pid 15870] [client
xxxxx] AH00128: File does not exist: /var/www/git/ABC/
[Sat Aug 17 15:39:44.831598 2019] [ssl:info] [pid 15870] (70007)The
timeout specified has expired: [client xxxxx] AH01991: SSL input
filter read failed.


selinux is disabled.

Since I am getting an authentication prompt with "Git Access ABC" in
the dialog box it seems clear that the project root is being picked up
from  /etc/httpd/conf.d/gitrepos.conf and that the
/usr/libexec/git-core/git-http-backend script is being run.


Appreciate any advice.

Thanks

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: Upgrade to gitweb-1.8.3.1-20 on centos7 breaks git access
  2019-08-17 20:03 Upgrade to gitweb-1.8.3.1-20 on centos7 breaks git access Gaiseric Vandal
@ 2019-08-17 20:39 ` Gaiseric Vandal
  0 siblings, 0 replies; 2+ messages in thread
From: Gaiseric Vandal @ 2019-08-17 20:39 UTC (permalink / raw)
  To: git

If I remove /etc/httpd/conf.d/git.conf then I just get  blank page in 
the browser.

the ssl_error log shows

[Sat Aug 17 16:17:08.926093 2019] [cgi:error] [pid 18299] [client 
x.x.x.x:25050] AH01215: Request not supported: '/export/gitrepos/ABC/'


On 8/17/2019 4:03 PM, Gaiseric Vandal wrote:
> I recently applied the latest patches on centos7, including
> gitweb-1.8.3.1-20.      When I try to access git repos (either via web
> browser or git command line.) Repos are configured to require LDAP
> authentication.
>
>
> I should be able to access repo ABC via
>
> https://myserver.domain.com/git/ABC
>
> I get the correct user login prompt but then , after logging, get
> following error
>
>       The requested URL /git/ABC/ was not found on this server.
>
> I don't think any of the config files got changed.
>
> My partial config is
>
>       # cat /etc/httpd/conf.d/git.conf
>       Alias /git /var/www/git
>
>       <Directory /var/www/git>
>        Options +ExecCGI
>        AddHandler cgi-script .cgi
>        DirectoryIndex gitweb.cgi
>       </Directory>
>       #
>
>
>
>       # cat /etc/httpd/conf.d/gitrepos.conf
>       SetEnv GIT_PROJECT_ROOT /export/gitrepos
>       SetEnv GIT_HTTP_EXPORT_ALL
>       ScriptAlias /git/ /usr/libexec/git-core/git-http-backend/
>
>       RewriteEngine on
>       RewriteCond %{QUERY_STRING} service=git-receive-pack [OR]
>       RewriteCond %{REQUEST_URI} /git-receive-pack$
>       RewriteRule ^/git/ - [E=AUTHREQUIRED]
>
>       <Files "git-http-backend">
>       AuthType Basic
>       AuthBasicProvider ldap
>       AuthLDAPURL "ldaps://xxxxxxxxxxxxxxx)"
>       AuthLDAPBindDN  "uid=xxxxxxxxxxxx"
>       AuthLDAPBindPassword xxxxxxxxxxxxxxx
>       AuthName "Git Access"
>       Require user xxxxx xxxxx xxxxx
>       Order deny,allow
>       Deny from env=AUTHREQUIRED
>       Satisfy any
>       </Files>
>
>
>       <Location /git/ABC>
>       AuthType Basic
>       AuthBasicProvider ldap
>       AuthLDAPURL "ldaps://xxxxxxxxxxxxxxx)"
>       AuthLDAPBindDN  "uid=xxxxxxxxxxxx"
>       AuthLDAPBindPassword xxxxxxxxxxxxxxx
>       AuthName "Git Access ABC"
>       Require user xxxxx xxxxx xxxxx
>       Order deny,allow
> </Location>
>
>
>
> The /var/www/git/gitweb.cgi file has the default settings.
>
> ...
> our $GIT = "/usr/bin/git";
>
> # absolute fs-path which will be prepended to the project path
> our $projectroot = "/var/lib/git";
> #our $projectroot = "/export/gitrepos";
>
> ...
>
>
> If I set $projectroot to point to /export/gitrepos, I can see a list
> of projects when I browse to https://myserver.domain.com/git-
> however I wanted to minimize how much information was exposed with no
> authentication.      And it didn't fix the access problem.
> The "git" command is in the default OS path.   changing
>        our $GIT = "/usr/bin/git";
> to
>       our $GIT = "git";
>
> did not help.
>
>
> The only thing in the httpd error logs that looks relevant is
>
> [Sat Aug 17 15:39:39.826265 2019] [core:info] [pid 15870] [client
> xxxxx] AH00128: File does not exist: /var/www/git/ABC/
> [Sat Aug 17 15:39:44.831598 2019] [ssl:info] [pid 15870] (70007)The
> timeout specified has expired: [client xxxxx] AH01991: SSL input
> filter read failed.
>
>
> selinux is disabled.
>
> Since I am getting an authentication prompt with "Git Access ABC" in
> the dialog box it seems clear that the project root is being picked up
> from  /etc/httpd/conf.d/gitrepos.conf and that the
> /usr/libexec/git-core/git-http-backend script is being run.
>
>
> Appreciate any advice.
>
> Thanks

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2019-08-17 20:39 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-08-17 20:03 Upgrade to gitweb-1.8.3.1-20 on centos7 breaks git access Gaiseric Vandal
2019-08-17 20:39 ` Gaiseric Vandal

Code repositories for project(s) associated with this public inbox

	https://80x24.org/mirrors/git.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).