git + davfs2, is it safe?

git.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* git + davfs2, is it safe?
@ 2010-02-09 16:39 Gábor Farkas
  2010-02-09 17:57 ` Shawn O. Pearce
  0 siblings, 1 reply; 2+ messages in thread
From: Gábor Farkas @ 2010-02-09 16:39 UTC (permalink / raw)
  To: git

hi,

for various reasons our git repositories are hosted using https (webdav),
which is http-auth and client-certificate authenticated.

(linux on both the server and the client)

it's possible to somehow persuade git to push/fetch from such repositories,
but it's very annoying because either you have to enter your
username+password+cert_password
on every fetch and twice on every push, or you have to write them down
in $HOME/.netrc .

an alternative that seems to work is to mount the webdav directory using davfs2,
and then use it with git as a normal mounted filesystem.

it seems to work ok (a little slow, but usable), but i'm a little
worried about possible corner-cases.
for example, will it be ok if two people are trying to push into it at
the same time, etc?

so generally, is it safe/recommended to use git in such a deployment, or not?

p.s: or, does anyone know about a better way to handle the
username/password/cert_password
when accessing the webdav-repo directly (without davfs2)?

thanks,
gabor

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: git + davfs2, is it safe?
  2010-02-09 16:39 git + davfs2, is it safe? Gábor Farkas
@ 2010-02-09 17:57 ` Shawn O. Pearce
  0 siblings, 0 replies; 2+ messages in thread
From: Shawn O. Pearce @ 2010-02-09 17:57 UTC (permalink / raw)
  To: G?bor Farkas; +Cc: git

G?bor Farkas <gabor@nekomancer.net> wrote:
> for various reasons our git repositories are hosted using https (webdav),
> which is http-auth and client-certificate authenticated.
> 
> (linux on both the server and the client)
> 
> it's possible to somehow persuade git to push/fetch from such repositories,
> but it's very annoying because either you have to enter your
> username+password+cert_password
> on every fetch and twice on every push, or you have to write them down
> in $HOME/.netrc .

This is why I prefer SSH.  You have ssh-agent around to retain your
key for you.

A more modern Git (1.6.6 or later IIRC) should avoid prompting for
the password twice, because the HTTP client should actually reuse
the connection for the subsequent requests.  But I haven't tested it.

You might also want to consider upgrading your server to post-1.6.6
and stop using WebDAV... but instead use smart HTTP for push.
That should only need one authentication cycle to perform the push.

It sounds like its time for a proper curl-agent for libcurl though.
Users and applications shouldn't have to keep implementing their
password stores as text files...

-- 
Shawn.

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2010-02-09 17:57 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-02-09 16:39 git + davfs2, is it safe? Gábor Farkas
2010-02-09 17:57 ` Shawn O. Pearce

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).