* Updates on centos7 break git access via git-http-backend
[not found] <009e01d555cb$6c8ed640$45ac82c0$@gmail.com>
@ 2019-08-18 13:53 ` Gaeseric Vandal
2019-08-18 17:00 ` brian m. carlson
0 siblings, 1 reply; 2+ messages in thread
From: Gaeseric Vandal @ 2019-08-18 13:53 UTC (permalink / raw)
To: git
This a is a clarification of an earlier post. I thought gitweb was the problem.
The actual problem appears to be with /usr/libexec/git-core/git-http-backend.
Gitweb provides a list to unauthenticated users of available repositories. I don't need that function so I have removed that package to avoid unexpected conflicts.
I recently applied the latest patches on centos7, including git-1.8.3.1-20. When I try to access git repos (either via web browser or git command line.) Repos are configured to require LDAP authentication.
The httpd ssl-error.log shows
#
[Sun Aug 18 09:22:48.113435 2019] [authz_core:debug] [pid 30167] mod_authz_core.c(809): [client x.x.x.x:35876] AH01626: authorization result of <RequireAny>: granted [Sun Aug 18 09:22:48.119012 2019] [cgi:error] [pid 30167] [client x.x.x.x:x] AH01215: Request not supported: '/export/gitrepos/ABC [Sun Aug 18 09:22:48.119069 2019] [headers:debug] [pid 30167] mod_headers.c(823): AH01502: headers: ap_headers_output_filter() [Sun Aug 18 09:22:53.124599 2019] [ssl:info] [pid 30167] (70007)The timeout specified has expired: [client x.x.x.x:35876] AH01991: SSL input filter read failed.
[Sun Aug 18 09:22:53.124723 2019] [ssl:debug] [pid 30167] ssl_engine_io.c(993): [client x.x.x.x:35876] AH02001: Connection closed to child 1 with standard shutdown (#
If I change gitrepos.conf as follows I will get an error about the script not being found - so I know it is being called.
#ScriptAlias /git/ /usr/libexec/git-core/git-http-backend/
ScriptAlias /git/ /usr/libexec/git-core/git-http-backend_not/
# git --version
git version 1.8.3.1
# httpd -v
Server version: Apache/2.4.6 (CentOS)
Server built: Jul 29 2019 17:18:49
#
Partial config
# cat /etc/httpd/conf.d/gitrepos.conf
SetEnv GIT_PROJECT_ROOT /export/gitrepos
SetEnv GIT_HTTP_EXPORT_ALL
ScriptAlias /git/ /usr/libexec/git-core/git-http-backend/
RewriteEngine on
RewriteCond %{QUERY_STRING} service=git-receive-pack [OR]
RewriteCond %{REQUEST_URI} /git-receive-pack$
RewriteRule ^/git/ - [E=AUTHREQUIRED]
<Files "git-http-backend">
AuthType Basic
AuthBasicProvider ldap
AuthLDAPURL "ldaps://xxxxxxxxxxxxxxx)"
AuthLDAPBindDN "uid=xxxxxxxxxxxx"
AuthLDAPBindPassword xxxxxxxxxxxxxxx
AuthName "Git Access"
Require user xxxxx xxxxx xxxxx
Order deny,allow
Deny from env=AUTHREQUIRED
Satisfy any
</Files>
<Location /git/ABC>
AuthType Basic
AuthBasicProvider ldap
AuthLDAPURL "ldaps://xxxxxxxxxxxxxxx)"
AuthLDAPBindDN "uid=xxxxxxxxxxxx"
AuthLDAPBindPassword xxxxxxxxxxxxxxx
AuthName "Git Access ABC"
Require user xxxxx xxxxx xxxxx
Order deny,allow
</Location>
This had been working fine for several years.
Appreciate any advice
Thanks
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Updates on centos7 break git access via git-http-backend
2019-08-18 13:53 ` Updates on centos7 break git access via git-http-backend Gaeseric Vandal
@ 2019-08-18 17:00 ` brian m. carlson
0 siblings, 0 replies; 2+ messages in thread
From: brian m. carlson @ 2019-08-18 17:00 UTC (permalink / raw)
To: Gaeseric Vandal; +Cc: git
[-- Attachment #1: Type: text/plain, Size: 2117 bytes --]
On 2019-08-18 at 13:53:28, Gaeseric Vandal wrote:
>
> This a is a clarification of an earlier post. I thought gitweb was the problem.
>
>
> The actual problem appears to be with /usr/libexec/git-core/git-http-backend.
>
> Gitweb provides a list to unauthenticated users of available repositories. I don't need that function so I have removed that package to avoid unexpected conflicts.
>
> I recently applied the latest patches on centos7, including git-1.8.3.1-20. When I try to access git repos (either via web browser or git command line.) Repos are configured to require LDAP authentication.
>
> The httpd ssl-error.log shows
> #
> [Sun Aug 18 09:22:48.113435 2019] [authz_core:debug] [pid 30167] mod_authz_core.c(809): [client x.x.x.x:35876] AH01626: authorization result of <RequireAny>: granted [Sun Aug 18 09:22:48.119012 2019] [cgi:error] [pid 30167] [client x.x.x.x:x] AH01215: Request not supported: '/export/gitrepos/ABC [Sun Aug 18 09:22:48.119069 2019] [headers:debug] [pid 30167] mod_headers.c(823): AH01502: headers: ap_headers_output_filter() [Sun Aug 18 09:22:53.124599 2019] [ssl:info] [pid 30167] (70007)The timeout specified has expired: [client x.x.x.x:35876] AH01991: SSL input filter read failed.
> [Sun Aug 18 09:22:53.124723 2019] [ssl:debug] [pid 30167] ssl_engine_io.c(993): [client x.x.x.x:35876] AH02001: Connection closed to child 1 with standard shutdown (#
>
If this only breaks on upgrade from an older version of Git on CentOS,
I'd file a bug with the CentOS (or Red Hat) folks. I expect that this
is due to a patch that Red Hat applied, and not really a limitation in
Git.
As you might be aware, Git 1.8.3.1 is rather old; we've just released
2.23.0. You could try using a version of Git from Software Collections
(2.18 is available) and see if that works better for you, but I suspect
most folks on the list don't pay much attention to versions before 2.0.
Be aware that it may be Apache that's the problem here and not Git if it
was also upgraded.
--
brian m. carlson: Houston, Texas, US
OpenPGP: https://keybase.io/bk2204
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 868 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2019-08-18 17:01 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <009e01d555cb$6c8ed640$45ac82c0$@gmail.com>
2019-08-18 13:53 ` Updates on centos7 break git access via git-http-backend Gaeseric Vandal
2019-08-18 17:00 ` brian m. carlson
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).