How to push to http(s) repository with authentication?

How to push to http(s) repository with authentication?

[Josef Wolf]

Hello,

I have set up a repository as described in

  http://www.kernel.org/pub/software/scm/git/docs/howto/setup-git-server-over-http.txt

over SSL with basic authentication.  DAV access works fine with konqueror,
cadaver and and curl, using this .curlrc:

   $ cat ~/.curlrc
   --cacert /etc/cacerts/myca.pem
   --user   user
   $ curl https://repo.host.org/git/test/HEAD
   Enter host password for user 'user':
   ref: refs/heads/master
   $

But when called from git, this file seems to be ignored.  I have checked
google, but the only hint I could find was to put credentials into
~/.netrc.  IMHO, this is a bad workaround, since this implies to have
unencrypted passwords lying around on the disk.

Any hints?

PS: I have asked a similar question a couple of days ago.  Here is a link
    to my original mail with more information how I set up the server:

      http://marc.info/?l=git&m=122426078301793&w=2

Re: How to push to http(s) repository with authentication?

[Josef Wolf]

On Mon, Oct 20, 2008 at 08:25:02PM +0200, Josef Wolf wrote:

> I have set up a repository as described in
> 
>   http://www.kernel.org/pub/software/scm/git/docs/howto/setup-git-server-over-http.txt
> 
> over SSL with basic authentication.  DAV access works fine with konqueror,
> cadaver and and curl, using this .curlrc:
> [ ... ]

Is nobody interested in this topic?  Or am I in the wrong list?

Re: How to push to http(s) repository with authentication?

[Alex Riesen]

Josef Wolf, Thu, Oct 23, 2008 19:53:37 +0200:
> On Mon, Oct 20, 2008 at 08:25:02PM +0200, Josef Wolf wrote:
> 
> > I have set up a repository as described in
> > 
> >   http://www.kernel.org/pub/software/scm/git/docs/howto/setup-git-server-over-http.txt
> > 
> > over SSL with basic authentication.  DAV access works fine with konqueror,
> > cadaver and and curl, using this .curlrc:
> > [ ... ]
> 
> Is nobody interested in this topic?  Or am I in the wrong list?

       --cacert <CA certificate>
              (SSL) Tells curl to use the specified certificate file to verify
              the peer. The file may contain  multiple  CA  certificates.  The
              certificate(s) must be in PEM format.

              curl  recognizes the environment variable named ’CURL_CA_BUNDLE’
              if that is set, and uses the given path as a path to a  CA  cert
              bundle. This option overrides that variable.

              The  windows  version  of  curl will automatically look for a CA
              certs file named ´curl-ca-bundle.crt´, either in the same direc‐
              tory as curl.exe, or in the Current Working Directory, or in any
              folder along your PATH.

              If curl is built against the NSS SSL library  then  this  option
              tells  curl the nickname of the CA certificate to use within the
              NSS database defined by the environment variable SSL_DIR (or  by
              default  /etc/pki/nssdb).   If  the NSS PEM PKCS#11 module (lib‐
              nsspem.so) is available then PEM files may be loaded.

              If this option is used several times, the last one will be used.

Does this (setting $CURL_CA_BUNDLE) help?

Re: How to push to http(s) repository with authentication?

[Josef Wolf]

On Thu, Oct 23, 2008 at 09:05:44PM +0200, Alex Riesen wrote:

Thanks for your response, Alex!

[ ... ]
>        --cacert <CA certificate>
[ ... ]

> Does this (setting $CURL_CA_BUNDLE) help?

Well, as I wrote in my original mail, I already got the certificate
working.  My problem is the usage of the .netrc file.  I don't want
to store passwords in cleartext in files.

So the real question is: how do I make git-http to ask for credentials.

Sorry, I should have made more clearly what's the problem.