undef/git-commit-vandalism
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
492cb394fb
git-commit-vandalism/t/lib-httpd/apache.conf
Jeff King ff6a37c99e http-backend: handle HTTP_GIT_PROTOCOL CGI variable 
When a client requests the v2 protocol over HTTP, they set the
Git-Protocol header. Webservers will generally make that available to
our CGI as HTTP_GIT_PROTOCOL in the environment. However, that's not
sufficient for upload-pack, etc, to respect it; they look in
GIT_PROTOCOL (without the HTTP_ prefix).

Either the webserver or the CGI is responsible for relaying that HTTP
header into the GIT_PROTOCOL variable. Traditionally, our tests have
configured the webserver to do so, but that's a burden on the server
admin. We can make this work out of the box by having the http-backend
CGI copy the contents of HTTP_GIT_PROTOCOL to GIT_PROTOCOL.

There are no new tests here. By removing the SetEnvIf line from our
test Apache config, we're now relying on this behavior of http-backend
to trigger the v2 protocol there (and there are numerous tests that fail
if this doesn't work).

There is one subtlety here: we copy HTTP_GIT_PROTOCOL only if there is
no existing GIT_PROTOCOL variable. That leaves the webserver admin free
to override the client's decision if they choose. This is unlikely to be
useful in practice, but is more flexible. And indeed, it allows the
v2-to-v0 fallback test added in the previous commit to continue working.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2021-09-10 15:34:59 -07:00

270 lines
7.6 KiB
ApacheConf
Raw Blame History

ServerName dummy
PidFile httpd.pid
DocumentRoot www
LogFormat "%h %l %u %t \"%r\" %>s %b" common
CustomLog access.log common
ErrorLog error.log
<IfModule !mod_log_config.c>
LoadModule log_config_module modules/mod_log_config.so
</IfModule>
<IfModule !mod_alias.c>
LoadModule alias_module modules/mod_alias.so
</IfModule>
<IfModule !mod_cgi.c>
LoadModule cgi_module modules/mod_cgi.so
</IfModule>
<IfModule !mod_env.c>
LoadModule env_module modules/mod_env.so
</IfModule>
<IfModule !mod_rewrite.c>
LoadModule rewrite_module modules/mod_rewrite.so
</IFModule>
<IfModule !mod_version.c>
LoadModule version_module modules/mod_version.so
</IfModule>
<IfModule !mod_headers.c>
LoadModule headers_module modules/mod_headers.so
</IfModule>
<IfModule !mod_setenvif.c>
LoadModule setenvif_module modules/mod_setenvif.so
</IfModule>
<IfVersion < 2.4>
LockFile accept.lock
</IfVersion>
<IfVersion < 2.1>
<IfModule !mod_auth.c>
LoadModule auth_module modules/mod_auth.so
</IfModule>
</IfVersion>
<IfVersion >= 2.1>
<IfModule !mod_auth_basic.c>
LoadModule auth_basic_module modules/mod_auth_basic.so
</IfModule>
<IfModule !mod_authn_file.c>
LoadModule authn_file_module modules/mod_authn_file.so
</IfModule>
<IfModule !mod_authz_user.c>
LoadModule authz_user_module modules/mod_authz_user.so
</IfModule>
<IfModule !mod_authz_host.c>
LoadModule authz_host_module modules/mod_authz_host.so
</IfModule>
</IfVersion>
<IfVersion >= 2.4>
<IfModule !mod_authn_core.c>
LoadModule authn_core_module modules/mod_authn_core.so
</IfModule>
<IfModule !mod_authz_core.c>
LoadModule authz_core_module modules/mod_authz_core.so
</IfModule>
<IfModule !mod_access_compat.c>
LoadModule access_compat_module modules/mod_access_compat.so
</IfModule>
<IfModule !mod_mpm_prefork.c>
LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
</IfModule>
<IfModule !mod_unixd.c>
LoadModule unixd_module modules/mod_unixd.so
</IfModule>
</IfVersion>
PassEnv GIT_VALGRIND
PassEnv GIT_VALGRIND_OPTIONS
PassEnv GNUPGHOME
PassEnv ASAN_OPTIONS
PassEnv LSAN_OPTIONS
PassEnv GIT_TRACE
PassEnv GIT_CONFIG_NOSYSTEM
PassEnv GIT_TEST_SIDEBAND_ALL
Alias /dumb/ www/
Alias /auth/dumb/ www/auth/dumb/
<LocationMatch /smart/>
SetEnv GIT_EXEC_PATH ${GIT_EXEC_PATH}
SetEnv GIT_HTTP_EXPORT_ALL
</LocationMatch>
<LocationMatch /smart_noexport/>
SetEnv GIT_EXEC_PATH ${GIT_EXEC_PATH}
</LocationMatch>
<LocationMatch /smart_custom_env/>
SetEnv GIT_EXEC_PATH ${GIT_EXEC_PATH}
SetEnv GIT_HTTP_EXPORT_ALL
SetEnv GIT_COMMITTER_NAME "Custom User"
SetEnv GIT_COMMITTER_EMAIL custom@example.com
</LocationMatch>
<LocationMatch /smart_namespace/>
SetEnv GIT_EXEC_PATH ${GIT_EXEC_PATH}
SetEnv GIT_HTTP_EXPORT_ALL
SetEnv GIT_NAMESPACE ns
</LocationMatch>
<LocationMatch /smart_cookies/>
SetEnv GIT_EXEC_PATH ${GIT_EXEC_PATH}
SetEnv GIT_HTTP_EXPORT_ALL
Header set Set-Cookie name=value
</LocationMatch>
<LocationMatch /smart_headers/>
SetEnv GIT_EXEC_PATH ${GIT_EXEC_PATH}
SetEnv GIT_HTTP_EXPORT_ALL
</LocationMatch>
<LocationMatch /one_time_perl/>
SetEnv GIT_EXEC_PATH ${GIT_EXEC_PATH}
SetEnv GIT_HTTP_EXPORT_ALL
</LocationMatch>
<LocationMatch /smart_v0/>
SetEnv GIT_EXEC_PATH ${GIT_EXEC_PATH}
SetEnv GIT_HTTP_EXPORT_ALL
SetEnv GIT_PROTOCOL
</LocationMatch>
ScriptAlias /smart/incomplete_length/git-upload-pack incomplete-length-upload-pack-v2-http.sh/
ScriptAlias /smart/incomplete_body/git-upload-pack incomplete-body-upload-pack-v2-http.sh/
ScriptAliasMatch /error_git_upload_pack/(.*)/git-upload-pack error.sh/
ScriptAliasMatch /smart_*[^/]*/(.*) ${GIT_EXEC_PATH}/git-http-backend/$1
ScriptAlias /broken_smart/ broken-smart-http.sh/
ScriptAlias /error_smart/ error-smart-http.sh/
ScriptAlias /error/ error.sh/
ScriptAliasMatch /one_time_perl/(.*) apply-one-time-perl.sh/$1
<Directory ${GIT_EXEC_PATH}>
Options FollowSymlinks
</Directory>
<Files incomplete-length-upload-pack-v2-http.sh>
Options ExecCGI
</Files>
<Files incomplete-body-upload-pack-v2-http.sh>
Options ExecCGI
</Files>
<Files broken-smart-http.sh>
Options ExecCGI
</Files>
<Files error-smart-http.sh>
Options ExecCGI
</Files>
<Files error.sh>
Options ExecCGI
</Files>
<Files apply-one-time-perl.sh>
Options ExecCGI
</Files>
<Files ${GIT_EXEC_PATH}/git-http-backend>
Options ExecCGI
</Files>
RewriteEngine on
RewriteRule ^/dumb-redir/(.*)$ /dumb/$1 [R=301]
RewriteRule ^/smart-redir-perm/(.*)$ /smart/$1 [R=301]
RewriteRule ^/smart-redir-temp/(.*)$ /smart/$1 [R=302]
RewriteRule ^/smart-redir-auth/(.*)$ /auth/smart/$1 [R=301]
RewriteRule ^/smart-redir-limited/(.*)/info/refs$ /smart/$1/info/refs [R=301]
RewriteRule ^/ftp-redir/(.*)$ ftp://localhost:1000/$1 [R=302]
RewriteRule ^/loop-redir/x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-(.*) /$1 [R=302]
RewriteRule ^/loop-redir/(.*)$ /loop-redir/x-$1 [R=302]
# redir-to/502/x?y -> really-redir-to?path=502/x&qs=y which returns 502
# redir-to/x?y -> really-redir-to?path=x&qs=y -> x?y
RewriteCond %{QUERY_STRING} ^(.*)$
RewriteRule ^/redir-to/(.*)$ /really-redir-to?path=$1&qs=%1 [R=302]
RewriteCond %{QUERY_STRING} ^path=502/(.*)&qs=(.*)$
RewriteRule ^/really-redir-to$ - [R=502,L]
RewriteCond %{QUERY_STRING} ^path=(.*)&qs=(.*)$
RewriteRule ^/really-redir-to$ /%1?%2 [R=302]
# The first rule issues a client-side redirect to something
# that _doesn't_ look like a git repo. The second rule is a
# server-side rewrite, so that it turns out the odd-looking
# thing _is_ a git repo. The "[PT]" tells Apache to match
# the usual ScriptAlias rules for /smart.
RewriteRule ^/insane-redir/(.*)$ /intern-redir/$1/foo [R=301]
RewriteRule ^/intern-redir/(.*)/foo$ /smart/$1 [PT]
# Serve info/refs internally without redirecting, but
# issue a redirect for any object requests.
RewriteRule ^/redir-objects/(.*/info/refs)$ /dumb/$1 [PT]
RewriteRule ^/redir-objects/(.*/objects/.*)$ /dumb/$1 [R=301]
# Apache 2.2 does not understand <RequireAll>, so we use RewriteCond.
# And as RewriteCond does not allow testing for non-matches, we match
# the desired case first (one has abra, two has cadabra), and let it
# pass by marking the RewriteRule as [L], "last rule, do not process
# any other matching RewriteRules after this"), and then have another
# RewriteRule that matches all other cases and lets them fail via '[F]',
# "fail the request".
RewriteCond %{HTTP:x-magic-one} =abra
RewriteCond %{HTTP:x-magic-two} =cadabra
RewriteRule ^/smart_headers/.* - [L]
RewriteRule ^/smart_headers/.* - [F]
<IfDefine SSL>
LoadModule ssl_module modules/mod_ssl.so
SSLCertificateFile httpd.pem
SSLCertificateKeyFile httpd.pem
SSLRandomSeed startup file:/dev/urandom 512
SSLRandomSeed connect file:/dev/urandom 512
SSLSessionCache none
SSLMutex file:ssl_mutex
SSLEngine On
</IfDefine>
<Location /auth/>
AuthType Basic
AuthName "git-auth"
AuthUserFile passwd
Require valid-user
</Location>
<LocationMatch "^/auth-push/.*/git-receive-pack$">
AuthType Basic
AuthName "git-auth"
AuthUserFile passwd
Require valid-user
</LocationMatch>
<LocationMatch "^/auth-fetch/.*/git-upload-pack$">
AuthType Basic
AuthName "git-auth"
AuthUserFile passwd
Require valid-user
</LocationMatch>
RewriteCond %{QUERY_STRING} service=git-receive-pack [OR]
RewriteCond %{REQUEST_URI} /git-receive-pack$
RewriteRule ^/half-auth-complete/ - [E=AUTHREQUIRED:yes]
<Location /half-auth-complete/>
Order Deny,Allow
Deny from env=AUTHREQUIRED
AuthType Basic
AuthName "Git Access"
AuthUserFile passwd
Require valid-user
Satisfy Any
</Location>
<IfDefine DAV>
LoadModule dav_module modules/mod_dav.so
LoadModule dav_fs_module modules/mod_dav_fs.so
DAVLockDB DAVLock
<Location /dumb/>
Dav on
</Location>
<Location /auth/dumb>
Dav on
</Location>
</IfDefine>
<IfDefine SVN>
LoadModule dav_svn_module modules/mod_dav_svn.so
<Location /${LIB_HTTPD_SVN}>
DAV svn
SVNPath "${LIB_HTTPD_SVNPATH}"
</Location>
</IfDefine>
Reference in New Issue View Git Blame Copy Permalink