* Howto setup-git-server-over-http.txt with SSL and basic authentication?
@ 2008-10-17 16:06 Josef Wolf
0 siblings, 0 replies; only message in thread
From: Josef Wolf @ 2008-10-17 16:06 UTC (permalink / raw)
To: git
Hello folks,
I am new to git and I am trying to set up a git repository as described in
http://www.kernel.org/pub/software/scm/git/docs/howto/setup-git-server-over-http.txt
but with SSL and basic authentication.
This is what I have done:
1. Create bare git repository on the server:
root: mkdir -p /data/git/test
root: ( cd /data/git/test ; git --bare init )
root: chown -R wwwrun:www /data/git
2. Add a new DAV location to the (existing and already working) apache
config, pointing to the newly created git repository. I list only
the relevant parts here:
LoadModule dav_svn_module /usr/lib/apache2/mod_dav_svn.so
LoadModule dav_fs_module /usr/lib/apache2/mod_dav_fs.so
DAVLockDB "/data/dav/lock/DAV.lock"
Alias /git/test /data/git/test
<Location /git/test>
DAV on
Order Allow,Deny
Allow from all
AllowOverride None
AuthName "test"
AuthType Basic
AuthUserFile /m/b/httpd/passwd
AuthGroupFile /m/b/httpd/group
Require group test test-ro
SSLRequireSSL
<LimitExcept GET PROPFIND OPTIONS REPORT>
Require group test
</LimitExcept>
</Location>
3. Now it's time to test DAV access, so I go to the client:
konqueror webdavs://repo.host.org/git/test
After asking for credentials, Konqueror shows me content, and I can
read/copy/delete files to/from the DAV directory. So the server
seems to work fine.
Now I go test curl:
$ curl --cacert /etc/cacerts/myca.pem \
https://user@repo.host.org/git/test/HEAD
fails with "authentication required", but
$ curl --cacert /etc/cacerts/myca.pem --user user \
https://user@repo.host.org/git/test/HEAD
works fine. So I put this information into ~/.curlrc:
$ cat ~/.curlrc
--cacert /etc/cacerts/myca.pem
--user user
$ curl https://repo.host.org/git/test/HEAD
Enter host password for user 'user':
ref: refs/heads/master
$
this looks good now.
4. OK, now I go to the next step on the client:
$ git-config remote.upload.url https://repo.host.org/git/test/
error: could not lock config file .git/config
$
hmm, maybe I should have an empty repos here? So:
$ git init
Initialized empty Git repository in /tmp/test/.git/
$ git-config remote.upload.url https://repo.host.org/git/test/
$ git push upload master
error: Cannot access URL https://repo.host.org/git/test/, return code 60
error: failed to push some refs to 'https://repo.host.org/git/test/'
OK, from the above mentioned howto, this looks like cacert is missing.
Looks like (unlike the howto states) ~/.curlrc is ignored by git.
So I go searching for appropriate configuration options in git:
$ git-config http.sslCAPath /etc/cacerts
don't help (why?), but
$ git-config http.sslCAInfo /etc/cacerts/myca.pem
$ git push upload master
error: Cannot access URL https://repo.host.org/git/test/, return code 22
error: failed to push some refs to 'https://repo.host.org/git/test/'
Finally, that's a new error code. This is probably because the server
requires authentication. But I can't find any hints how to specify
credentials in git-config or git-push.
So now come my questions:
0. The howto says curl is used for transport. Why is my ~/.curlrc ignored?
1. Since .curlrc is ignored: How do I specify credentials for git?
2. Why don't sslCAPath work?
3. Is there a way to override credentials and sslCAPath on a per-remote
basis (as can be done with http.proxy, for example)
Any hints?
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2008-10-17 16:24 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-10-17 16:06 Howto setup-git-server-over-http.txt with SSL and basic authentication? Josef Wolf
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).