Authentication for git push over http

apache-2.2git

I've set up apache to use git-http-backend as per the instructions in the pro git book, and its manpage.
My apache config now looks like:

SetEnv GIT_PROJECT_ROOT /var/www/git SetEnv GIT_HTTP_EXPORT_ALL ScriptAlias /git/ /usr/lib/git-core/git-http-backend/ <LocationMatch "^/git/.*/git-receive-pack$"> AuthType Basic AuthName "Git Access" Require group committers </LocationMatch>

I can clone a repo using git clone http: //user@url/git/repo.git
which prompts me for the password for 'user', then continues.
However, when I attempt to push, I'm prompted for my password twice, and then get an error:

Cannot access URL http: //user@url/git/repo.git/, return code 22

(I've inserted a space into the URLs, because the spam prevention mechanism won't let me post otherwise)

When I look at my apache log, I see:
192.168.1.151 - - [12/Sep/2010:20:11:22 +0100] "GET /git/repo.git/info/refs?service=git-receive-pack HTTP/1.1" 403 - "-" "git/1.7.2.3" 192.168.1.151 - - [12/Sep/2010:20:11:23 +0100] "GET /git/repo.git/info/refs HTTP/1.1" 200 59 "-" "git/1.7.2.3" 192.168.1.151 - - [12/Sep/2010:20:11:23 +0100] "GET /git/repo.git/HEAD HTTP/1.1" 200 23 "-" "git/1.7.2.3" 192.168.1.151 - - [12/Sep/2010:20:11:26 +0100] "PROPFIND /git/repo.git/ HTTP/1.1" 404 - "-" "git/1.7.2.3"

I've added 'user' to the 'committers' group on the server (seemed easiest to just follow the instructions), and my local .netrc (chmodded 600) looks like this:

machine address login user password pass

Every instruction I've found seems slightly unclear as to whether I have to enable DAV for the dir in question (I thought that was the old way to do it, though).
I could just use gitolite, but I'd like to get to the bottom of this first…

Best Answer

PROPFIND is a non-standard webdav HTTP method.
You'll need to enable webdav for the location of your repository. Enable mod_dav in httpd.conf and add this to your vhost LocationMatch block:

<LocationMatch "^/git/.*/git-receive-pack$">
  #...
  Dav on
</LocationMatch>

Then make sure your Apache user has write access to your repository.

Related Solutions

Apache Logs – Not Showing Requested URL or User IP

It's because it really is coming from the localhost -- it's Apache talking to itself.

See http://wiki.apache.org/httpd/InternalDummyConnection

Manage http access to git repositories using gitosis

Gitosis uses gitweb for http publishing of repositories.

You need to have gitweb running.

Please ensure that gitweb is installed. Your gitweb.conf should look like:

# Location of the git binary
$GIT = "/usr/bin/git";

# Project root for gitweb
$projectroot = "/srv/git/repositories";

$stylesheet = "/gitweb.css";
$logo = "/git-logo.png";
$favicon = "/git-favicon.png";

# Site name
$site_name = "My site";

# URL formatting
#$my_uri = "http://git.somewhere.net/";
#$home_link = $my_uri;

# Base URL for project trees
@git_base_url_list = ("ssh://git\@somewhere.net");

# Length of the project description column in the webpage.
$projects_list_description_width = 50;

# Which repos are allowed to export
$export_ok = "git-daemon-export-ok";

# Enable PATH_INFO so the server can produce URLs of the
# form: http://git.hokietux.net/project.git/xxx/xxx
$feature{'pathinfo'}{'default'} = [1];

# Enable blame, pickaxe search, snapshop, search, and grep
$feature{'blame'}{'default'} = [1];
$feature{'blame'}{'override'} = [1];

$feature{'pickaxe'}{'default'} = [1];
$feature{'pickaxe'}{'override'} = [1];

$feature{'snapshot'}{'default'} = [1];
$feature{'snapshot'}{'override'} = [1];

$feature{'search'}{'default'} = [1];

$feature{'grep'}{'default'} = [1];
$feature{'grep'}{'override'} = [1];

Example gitweb config in apache:

Alias /gitweb/gitweb.css /usr/share/gitweb/gitweb.css
Alias /gitweb/git-logo.png /usr/share/gitweb/git-logo.png
Alias /gitweb/git-favicon.png /usr/share/gitweb/git-favicon.png
ScriptAlias /gitweb /usr/lib/cgi-bin/gitweb.cgi
<Directory /usr/share/gitweb>
  Options FollowSymLinks +ExecCGI
  AddHandler cgi-script .cgi
</Directory>
<Location /gitweb>
    Order allow,deny
    Allow from all
    #AuthType Basic
    #AuthName "GITOLITE"
    #AuthUserFile /etc/apache2/gitweb.htpasswd
    #Require valid-user
</Location>
# Securing with users example
<Location /gitweb/SomethingToHide.git>
        Require user myusername
</Location>

I've switched to gitolite because...

it is easier to use
it has more options (security, grouping etc.)

Related Topic