From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 111572 invoked by alias); 8 Jan 2017 23:31:34 -0000 Mailing-List: contact overseers-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: , Sender: overseers-owner@sourceware.org Received: (qmail 111556 invoked by uid 89); 8 Jan 2017 23:31:33 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-0.9 required=5.0 tests=AWL,BAYES_00,KAM_LAZY_DOMAIN_SECURITY autolearn=no version=3.3.2 spammy=browser, H*M:stream, our X-HELO: gnu.wildebeest.org Received: from wildebeest.demon.nl (HELO gnu.wildebeest.org) (212.238.236.112) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Sun, 08 Jan 2017 23:31:23 +0000 Received: from stream.wildebeest.org (herd.wildebeest.org [80.127.118.209]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by gnu.wildebeest.org (Postfix) with ESMTPSA id 2281F321366D; Mon, 9 Jan 2017 00:31:21 +0100 (CET) Received: by stream.wildebeest.org (Postfix, from userid 1000) id 86756FFA38; Mon, 9 Jan 2017 00:31:19 +0100 (CET) Date: Sun, 08 Jan 2017 23:31:00 -0000 From: Mark Wielaard To: "Frank Ch. Eigler" Cc: "Frank Ch. Eigler" , overseers@sourceware.org Subject: Re: git through http (or https) Message-ID: <20170108233119.GA3341@stream> References: <20170103212227.GK2187@stream> <20170103234052.GD412@elastic.org> <20170104124301.GL2187@stream> <20170105160316.GA23594@redhat.com> <20170105172528.GA11878@stream> <20170105202501.GB3962@elastic.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20170105202501.GB3962@elastic.org> User-Agent: Mutt/1.7.1 (2016-10-04) X-SW-Source: 2017-q1/txt/msg00013.txt.bz2 On Thu, Jan 05, 2017 at 03:25:01PM -0500, Frank Ch. Eigler wrote: > > [...] Yes, that is what the rewrite rules would fix. If you enable > > the rules in htdocs/git/.htaccess [...] > > I put you on the fileacl for /sourceware/www/sourceware/htdocs/git/.htaccess > to play (carefully) with. It may not be quite so easy due to our symlinks > and various group permissions. You are right. It isn't simple because of the symlinks inside the directory which seem to get resolved/matched/rewritten before/after any explicit rewrite rule. In the end the best I could come up with was the following. It makes sure the "advertised" http[s]://sourceware.org/git/foobar.git links resolve. But they don't result in "pretty" URLs. I do think it is better than the current Forbidden results though. # This seems to be the best we can do given directory/.htaccess rewrite rules # do get rewritten/matched themselves before/after the rewrite rules even if # we use the [L] flag. So we match on the ending '/' that comes from following # the symlink to the underlying directory. Then we do a browser [R]edirect so # that the results doesn't get rewritten/matched again. This at least rewrite # the user visible http://sourceware.org/git/foobar.git URLs to something that # isn't Forbidden (the underlying git directory). RewriteEngine on RewriteBase /git/ RewriteRule ^([a-zA-Z/_-]+\.git)/$ ?p=$1 [R,L] I believe the above is safe and keeps everything working as intended. But please feel free to revert/remove the rewrite rule if it doesn't or if you are afraid it might conflict with something. Thanks, Mark