Re: Upgrade to gitweb-1.8.3.1-20 on centos7 breaks git access
To
git@vger.kernel.org
From
Gaiseric Vandal
See Also
Prev
Date
2019-08-17 20:39:36 UTC
If I remove /etc/httpd/conf.d/git.conf then I just get  blank page in 
the browser.

the ssl_error log shows

[Sat Aug 17 16:17:08.926093 2019] [cgi:error] [pid 18299] [client 
x.x.x.x:25050] AH01215: Request not supported: '/export/gitrepos/ABC/'


On 8/17/2019 4:03 PM, Gaiseric Vandal wrote:
> I recently applied the latest patches on centos7, including
> gitweb-1.8.3.1-20.      When I try to access git repos (either via web
> browser or git command line.) Repos are configured to require LDAP
> authentication.
>
>
> I should be able to access repo ABC via
>
> https://myserver.domain.com/git/ABC
>
> I get the correct user login prompt but then , after logging, get
> following error
>
>       The requested URL /git/ABC/ was not found on this server.
>
> I don't think any of the config files got changed.
>
> My partial config is
>
>       # cat /etc/httpd/conf.d/git.conf
>       Alias /git /var/www/git
>
>       <Directory /var/www/git>
>        Options +ExecCGI
>        AddHandler cgi-script .cgi
>        DirectoryIndex gitweb.cgi
>       </Directory>
>       #
>
>
>
>       # cat /etc/httpd/conf.d/gitrepos.conf
>       SetEnv GIT_PROJECT_ROOT /export/gitrepos
>       SetEnv GIT_HTTP_EXPORT_ALL
>       ScriptAlias /git/ /usr/libexec/git-core/git-http-backend/
>
>       RewriteEngine on
>       RewriteCond %{QUERY_STRING} service=git-receive-pack [OR]
>       RewriteCond %{REQUEST_URI} /git-receive-pack$
>       RewriteRule ^/git/ - [E=AUTHREQUIRED]
>
>       <Files "git-http-backend">
>       AuthType Basic
>       AuthBasicProvider ldap
>       AuthLDAPURL "ldaps://xxxxxxxxxxxxxxx)"
>       AuthLDAPBindDN  "uid=xxxxxxxxxxxx"
>       AuthLDAPBindPassword xxxxxxxxxxxxxxx
>       AuthName "Git Access"
>       Require user xxxxx xxxxx xxxxx
>       Order deny,allow
>       Deny from env=AUTHREQUIRED
>       Satisfy any
>       </Files>
>
>
>       <Location /git/ABC>
>       AuthType Basic
>       AuthBasicProvider ldap
>       AuthLDAPURL "ldaps://xxxxxxxxxxxxxxx)"
>       AuthLDAPBindDN  "uid=xxxxxxxxxxxx"
>       AuthLDAPBindPassword xxxxxxxxxxxxxxx
>       AuthName "Git Access ABC"
>       Require user xxxxx xxxxx xxxxx
>       Order deny,allow
> </Location>
>
>
>
> The /var/www/git/gitweb.cgi file has the default settings.
>
> ...
> our $GIT = "/usr/bin/git";
>
> # absolute fs-path which will be prepended to the project path
> our $projectroot = "/var/lib/git";
> #our $projectroot = "/export/gitrepos";
>
> ...
>
>
> If I set $projectroot to point to /export/gitrepos, I can see a list
> of projects when I browse to https://myserver.domain.com/git-
> however I wanted to minimize how much information was exposed with no
> authentication.      And it didn't fix the access problem.
> The "git" command is in the default OS path.   changing
>        our $GIT = "/usr/bin/git";
> to
>       our $GIT = "git";
>
> did not help.
>
>
> The only thing in the httpd error logs that looks relevant is
>
> [Sat Aug 17 15:39:39.826265 2019] [core:info] [pid 15870] [client
> xxxxx] AH00128: File does not exist: /var/www/git/ABC/
> [Sat Aug 17 15:39:44.831598 2019] [ssl:info] [pid 15870] (70007)The
> timeout specified has expired: [client xxxxx] AH01991: SSL input
> filter read failed.
>
>
> selinux is disabled.
>
> Since I am getting an authentication prompt with "Git Access ABC" in
> the dialog box it seems clear that the project root is being picked up
> from  /etc/httpd/conf.d/gitrepos.conf and that the
> /usr/libexec/git-core/git-http-backend script is being run.
>
>
> Appreciate any advice.
>
> Thanks