Updates on centos7 break git access via git-http-backend

Sun, 18 Aug 2019 06:54:33 -0700 


This a is a clarification of an earlier post.     I thought gitweb was the 
problem.   


The actual problem appears to be with /usr/libexec/git-core/git-http-backend.

Gitweb provides a list to unauthenticated users of available repositories.  I 
don't need that function so I have removed that package to avoid unexpected 
conflicts.

I recently applied the latest patches on centos7, including git-1.8.3.1-20.     
 When I try to access git repos (either via web  browser or git command line.) 
Repos are configured to require LDAP  authentication.

The httpd ssl-error.log shows
#
[Sun Aug 18 09:22:48.113435 2019] [authz_core:debug] [pid 30167] 
mod_authz_core.c(809): [client x.x.x.x:35876] AH01626: authorization result of 
<RequireAny>: granted [Sun Aug 18 09:22:48.119012 2019] [cgi:error] [pid 30167] 
[client x.x.x.x:x] AH01215: Request not supported: '/export/gitrepos/ABC [Sun 
Aug 18 09:22:48.119069 2019] [headers:debug] [pid 30167] mod_headers.c(823): 
AH01502: headers: ap_headers_output_filter() [Sun Aug 18 09:22:53.124599 2019] 
[ssl:info] [pid 30167] (70007)The timeout specified has expired: [client 
x.x.x.x:35876] AH01991: SSL input filter read failed.
[Sun Aug 18 09:22:53.124723 2019] [ssl:debug] [pid 30167] ssl_engine_io.c(993): 
[client x.x.x.x:35876] AH02001: Connection closed to child 1 with standard 
shutdown (#


If I change gitrepos.conf as follows I will get an error about the script not 
being found - so I know it is being called.

        #ScriptAlias /git/ /usr/libexec/git-core/git-http-backend/
        ScriptAlias /git/ /usr/libexec/git-core/git-http-backend_not/



# git --version
git version 1.8.3.1


# httpd -v
Server version: Apache/2.4.6 (CentOS)
Server built:   Jul 29 2019 17:18:49
#


Partial config

       # cat /etc/httpd/conf.d/gitrepos.conf
       SetEnv GIT_PROJECT_ROOT /export/gitrepos
       SetEnv GIT_HTTP_EXPORT_ALL
       ScriptAlias /git/ /usr/libexec/git-core/git-http-backend/

       RewriteEngine on
       RewriteCond %{QUERY_STRING} service=git-receive-pack [OR]
       RewriteCond %{REQUEST_URI} /git-receive-pack$
       RewriteRule ^/git/ - [E=AUTHREQUIRED]

       <Files "git-http-backend">
       AuthType Basic
       AuthBasicProvider ldap
       AuthLDAPURL "ldaps://xxxxxxxxxxxxxxx)"
       AuthLDAPBindDN  "uid=xxxxxxxxxxxx"
       AuthLDAPBindPassword xxxxxxxxxxxxxxx
      AuthName "Git Access"
       Require user xxxxx xxxxx xxxxx
       Order deny,allow
       Deny from env=AUTHREQUIRED
       Satisfy any
       </Files>


       <Location /git/ABC>
       AuthType Basic
       AuthBasicProvider ldap
       AuthLDAPURL "ldaps://xxxxxxxxxxxxxxx)"
       AuthLDAPBindDN  "uid=xxxxxxxxxxxx"
       AuthLDAPBindPassword xxxxxxxxxxxxxxx
       AuthName "Git Access ABC"
       Require user xxxxx xxxxx xxxxx
       Order deny,allow
 </Location>


This had been working fine for several years.

Appreciate any advice

Thanks

Reply via email to