* Updates on centos7 break git access via git-http-backend [not found] <009e01d555cb$6c8ed640$45ac82c0$@gmail.com> @ 2019-08-18 13:53 ` Gaeseric Vandal 2019-08-18 17:00 ` brian m. carlson 0 siblings, 1 reply; 2+ messages in thread From: Gaeseric Vandal @ 2019-08-18 13:53 UTC (permalink / raw) To: git This a is a clarification of an earlier post. I thought gitweb was the problem. The actual problem appears to be with /usr/libexec/git-core/git-http-backend. Gitweb provides a list to unauthenticated users of available repositories. I don't need that function so I have removed that package to avoid unexpected conflicts. I recently applied the latest patches on centos7, including git-1.8.3.1-20. When I try to access git repos (either via web browser or git command line.) Repos are configured to require LDAP authentication. The httpd ssl-error.log shows # [Sun Aug 18 09:22:48.113435 2019] [authz_core:debug] [pid 30167] mod_authz_core.c(809): [client x.x.x.x:35876] AH01626: authorization result of <RequireAny>: granted [Sun Aug 18 09:22:48.119012 2019] [cgi:error] [pid 30167] [client x.x.x.x:x] AH01215: Request not supported: '/export/gitrepos/ABC [Sun Aug 18 09:22:48.119069 2019] [headers:debug] [pid 30167] mod_headers.c(823): AH01502: headers: ap_headers_output_filter() [Sun Aug 18 09:22:53.124599 2019] [ssl:info] [pid 30167] (70007)The timeout specified has expired: [client x.x.x.x:35876] AH01991: SSL input filter read failed. [Sun Aug 18 09:22:53.124723 2019] [ssl:debug] [pid 30167] ssl_engine_io.c(993): [client x.x.x.x:35876] AH02001: Connection closed to child 1 with standard shutdown (# If I change gitrepos.conf as follows I will get an error about the script not being found - so I know it is being called. #ScriptAlias /git/ /usr/libexec/git-core/git-http-backend/ ScriptAlias /git/ /usr/libexec/git-core/git-http-backend_not/ # git --version git version 1.8.3.1 # httpd -v Server version: Apache/2.4.6 (CentOS) Server built: Jul 29 2019 17:18:49 # Partial config # cat /etc/httpd/conf.d/gitrepos.conf SetEnv GIT_PROJECT_ROOT /export/gitrepos SetEnv GIT_HTTP_EXPORT_ALL ScriptAlias /git/ /usr/libexec/git-core/git-http-backend/ RewriteEngine on RewriteCond %{QUERY_STRING} service=git-receive-pack [OR] RewriteCond %{REQUEST_URI} /git-receive-pack$ RewriteRule ^/git/ - [E=AUTHREQUIRED] <Files "git-http-backend"> AuthType Basic AuthBasicProvider ldap AuthLDAPURL "ldaps://xxxxxxxxxxxxxxx)" AuthLDAPBindDN "uid=xxxxxxxxxxxx" AuthLDAPBindPassword xxxxxxxxxxxxxxx AuthName "Git Access" Require user xxxxx xxxxx xxxxx Order deny,allow Deny from env=AUTHREQUIRED Satisfy any </Files> <Location /git/ABC> AuthType Basic AuthBasicProvider ldap AuthLDAPURL "ldaps://xxxxxxxxxxxxxxx)" AuthLDAPBindDN "uid=xxxxxxxxxxxx" AuthLDAPBindPassword xxxxxxxxxxxxxxx AuthName "Git Access ABC" Require user xxxxx xxxxx xxxxx Order deny,allow </Location> This had been working fine for several years. Appreciate any advice Thanks ^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Updates on centos7 break git access via git-http-backend 2019-08-18 13:53 ` Updates on centos7 break git access via git-http-backend Gaeseric Vandal @ 2019-08-18 17:00 ` brian m. carlson 0 siblings, 0 replies; 2+ messages in thread From: brian m. carlson @ 2019-08-18 17:00 UTC (permalink / raw) To: Gaeseric Vandal; +Cc: git [-- Attachment #1: Type: text/plain, Size: 2117 bytes --] On 2019-08-18 at 13:53:28, Gaeseric Vandal wrote: > > This a is a clarification of an earlier post. I thought gitweb was the problem. > > > The actual problem appears to be with /usr/libexec/git-core/git-http-backend. > > Gitweb provides a list to unauthenticated users of available repositories. I don't need that function so I have removed that package to avoid unexpected conflicts. > > I recently applied the latest patches on centos7, including git-1.8.3.1-20. When I try to access git repos (either via web browser or git command line.) Repos are configured to require LDAP authentication. > > The httpd ssl-error.log shows > # > [Sun Aug 18 09:22:48.113435 2019] [authz_core:debug] [pid 30167] mod_authz_core.c(809): [client x.x.x.x:35876] AH01626: authorization result of <RequireAny>: granted [Sun Aug 18 09:22:48.119012 2019] [cgi:error] [pid 30167] [client x.x.x.x:x] AH01215: Request not supported: '/export/gitrepos/ABC [Sun Aug 18 09:22:48.119069 2019] [headers:debug] [pid 30167] mod_headers.c(823): AH01502: headers: ap_headers_output_filter() [Sun Aug 18 09:22:53.124599 2019] [ssl:info] [pid 30167] (70007)The timeout specified has expired: [client x.x.x.x:35876] AH01991: SSL input filter read failed. > [Sun Aug 18 09:22:53.124723 2019] [ssl:debug] [pid 30167] ssl_engine_io.c(993): [client x.x.x.x:35876] AH02001: Connection closed to child 1 with standard shutdown (# > If this only breaks on upgrade from an older version of Git on CentOS, I'd file a bug with the CentOS (or Red Hat) folks. I expect that this is due to a patch that Red Hat applied, and not really a limitation in Git. As you might be aware, Git 1.8.3.1 is rather old; we've just released 2.23.0. You could try using a version of Git from Software Collections (2.18 is available) and see if that works better for you, but I suspect most folks on the list don't pay much attention to versions before 2.0. Be aware that it may be Apache that's the problem here and not Git if it was also upgraded. -- brian m. carlson: Houston, Texas, US OpenPGP: https://keybase.io/bk2204 [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 868 bytes --] ^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2019-08-18 17:01 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <009e01d555cb$6c8ed640$45ac82c0$@gmail.com>
2019-08-18 13:53 ` Updates on centos7 break git access via git-http-backend Gaeseric Vandal
2019-08-18 17:00 ` brian m. carlson
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.