Upgrade to gitweb-1.8.3.1-20 on centos7 breaks git access
To
git@vger.kernel.org
From
Gaiseric Vandal
Date
2019-08-17 20:03:36 UTC
I recently applied the latest patches on centos7, including
gitweb-1.8.3.1-20.      When I try to access git repos (either via web
browser or git command line.) Repos are configured to require LDAP
authentication.


I should be able to access repo ABC via

https://myserver.domain.com/git/ABC

I get the correct user login prompt but then , after logging, get
following error

     The requested URL /git/ABC/ was not found on this server.

I don't think any of the config files got changed.

My partial config is

     # cat /etc/httpd/conf.d/git.conf
     Alias /git /var/www/git

     <Directory /var/www/git>
      Options +ExecCGI
      AddHandler cgi-script .cgi
      DirectoryIndex gitweb.cgi
     </Directory>
     #



     # cat /etc/httpd/conf.d/gitrepos.conf
     SetEnv GIT_PROJECT_ROOT /export/gitrepos
     SetEnv GIT_HTTP_EXPORT_ALL
     ScriptAlias /git/ /usr/libexec/git-core/git-http-backend/

     RewriteEngine on
     RewriteCond %{QUERY_STRING} service=git-receive-pack [OR]
     RewriteCond %{REQUEST_URI} /git-receive-pack$
     RewriteRule ^/git/ - [E=AUTHREQUIRED]

     <Files "git-http-backend">
     AuthType Basic
     AuthBasicProvider ldap
     AuthLDAPURL "ldaps://xxxxxxxxxxxxxxx)"
     AuthLDAPBindDN  "uid=xxxxxxxxxxxx"
     AuthLDAPBindPassword xxxxxxxxxxxxxxx
     AuthName "Git Access"
     Require user xxxxx xxxxx xxxxx
     Order deny,allow
     Deny from env=AUTHREQUIRED
     Satisfy any
     </Files>


     <Location /git/ABC>
     AuthType Basic
     AuthBasicProvider ldap
     AuthLDAPURL "ldaps://xxxxxxxxxxxxxxx)"
     AuthLDAPBindDN  "uid=xxxxxxxxxxxx"
     AuthLDAPBindPassword xxxxxxxxxxxxxxx
     AuthName "Git Access ABC"
     Require user xxxxx xxxxx xxxxx
     Order deny,allow
</Location>



The /var/www/git/gitweb.cgi file has the default settings.

...
our $GIT = "/usr/bin/git";

# absolute fs-path which will be prepended to the project path
our $projectroot = "/var/lib/git";
#our $projectroot = "/export/gitrepos";

...


If I set $projectroot to point to /export/gitrepos, I can see a list
of projects when I browse to https://myserver.domain.com/git-
however I wanted to minimize how much information was exposed with no
authentication.      And it didn't fix the access problem.
The "git" command is in the default OS path.   changing
      our $GIT = "/usr/bin/git";
to
     our $GIT = "git";

did not help.


The only thing in the httpd error logs that looks relevant is

[Sat Aug 17 15:39:39.826265 2019] [core:info] [pid 15870] [client
xxxxx] AH00128: File does not exist: /var/www/git/ABC/
[Sat Aug 17 15:39:44.831598 2019] [ssl:info] [pid 15870] (70007)The
timeout specified has expired: [client xxxxx] AH01991: SSL input
filter read failed.


selinux is disabled.

Since I am getting an authentication prompt with "Git Access ABC" in
the dialog box it seems clear that the project root is being picked up
from  /etc/httpd/conf.d/gitrepos.conf and that the
/usr/libexec/git-core/git-http-backend script is being run.


Appreciate any advice.

Thanks