* [BUG 2.41.0] t/lib-httpd/apache.conf incompatible with RHEL/CentOS 7
@ 2023-05-17 19:06 Todd Zullinger
2023-05-18 18:45 ` Jeff King
0 siblings, 1 reply; 11+ messages in thread
From: Todd Zullinger @ 2023-05-17 19:06 UTC (permalink / raw)
To: git; +Cc: Matthew John Cheetham, Jeff King
After applying the imap-send.c patch¹ on RHEL/CentOS 7, I
noticed the http tests fail because the Apache httpd config
is not valid with httpd-2.4.6² on CentOS 7.
The tests fail with:
Parse errors: No plan found in TAP output
The problem is that CGIPassAuth, added in 988aad99b4 (t5563:
add tests for basic and anoymous HTTP access, 2023-02-27) is
not supported by httpd < 2.4.13:
Starting httpd on port 10410
[Wed May 17 17:06:52.184409 2023] [core:warn] [pid 477886] AH00111: Config variable ${LIB_HTTPD_SVN} is not defined
[Wed May 17 17:06:52.184495 2023] [core:warn] [pid 477886] AH00111: Config variable ${LIB_HTTPD_SVNPATH} is not defined
AH00526: Syntax error on line 149 of /builddir/build/BUILD/git-2.41.0.rc0/t/lib-httpd/apache.conf:
Invalid command 'CGIPassAuth', perhaps misspelled or defined by a module not included in the server configuration
error: web server setup failed
Since edd060dc84 (t/lib-httpd: bump required apache version
to 2.4, 2023-02-01), we require httpd-2.4 and no longer have
any <IfVersion> conditions. I'm not sure if this a reason
to add some again (nor am I certain if httpd's IfVersion
supports minor versions).
Perhaps there's a more elegant way to fix this? (I haven't
thought of anything in patch form yet, apologies.)
I'd like to still build git for CentOS 7 and not skip all
the http tests, but if it's time to say it is not worth
supporting, I can understand. RHEL/CentOS 7 has a little
over a year left before it is EOL³.
¹ <20230517070632.71884-1-list@eworm.de>
² https://httpd.apache.org/docs/2.4/mod/core.html#cgipassauth
³ https://blog.centos.org/2023/04/end-dates-are-coming-for-centos-stream-8-and-centos-linux-7/#centos-linux-7-end-of-life-june-30-2024
Thanks,
--
Todd
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [BUG 2.41.0] t/lib-httpd/apache.conf incompatible with RHEL/CentOS 7
2023-05-17 19:06 [BUG 2.41.0] t/lib-httpd/apache.conf incompatible with RHEL/CentOS 7 Todd Zullinger
@ 2023-05-18 18:45 ` Jeff King
2023-05-18 19:14 ` Todd Zullinger
2023-05-18 19:21 ` Jeff King
0 siblings, 2 replies; 11+ messages in thread
From: Jeff King @ 2023-05-18 18:45 UTC (permalink / raw)
To: Todd Zullinger; +Cc: git, Matthew John Cheetham
On Wed, May 17, 2023 at 03:06:18PM -0400, Todd Zullinger wrote:
> The problem is that CGIPassAuth, added in 988aad99b4 (t5563:
> add tests for basic and anoymous HTTP access, 2023-02-27) is
> not supported by httpd < 2.4.13:
Thanks for reporting. I don't think we dug into version requirements for
that (obviously CGI stuff goes back forever, so it's just that
particular option). That version of Apache is "only" 8 years old. Which
is old, but we often go back that far for dependencies.
> Since edd060dc84 (t/lib-httpd: bump required apache version
> to 2.4, 2023-02-01), we require httpd-2.4 and no longer have
> any <IfVersion> conditions. I'm not sure if this a reason
> to add some again (nor am I certain if httpd's IfVersion
> supports minor versions).
I don't think an IfVersion would be sufficient, because we need to also
tell the script making use of that config that it should skip its tests.
So I think we want something more like the HTTP/2 tests have: a separate
script which enables the extra config, and bails if the web server setup
fails.
Something like this:
diff --git a/t/lib-httpd.sh b/t/lib-httpd.sh
index 6805229dcb..4b6d9a5817 100644
--- a/t/lib-httpd.sh
+++ b/t/lib-httpd.sh
@@ -191,6 +191,10 @@ enable_http2 () {
test_set_prereq HTTP2
}
+enable_cgipassauth () {
+ HTTPD_PARA="$HTTPD_PARA -DUSE_CGIPASSAUTH"
+}
+
start_httpd() {
prepare_httpd >&3 2>&4
diff --git a/t/lib-httpd/apache.conf b/t/lib-httpd/apache.conf
index 9e6892970d..a22d138605 100644
--- a/t/lib-httpd/apache.conf
+++ b/t/lib-httpd/apache.conf
@@ -146,7 +146,9 @@ SetEnv PERL_PATH ${PERL_PATH}
<LocationMatch /custom_auth/>
SetEnv GIT_EXEC_PATH ${GIT_EXEC_PATH}
SetEnv GIT_HTTP_EXPORT_ALL
+ <IfDefine USE_CGIPASSAUTH>
CGIPassAuth on
+ </IfDefine>
</LocationMatch>
ScriptAlias /smart/incomplete_length/git-upload-pack incomplete-length-upload-pack-v2-http.sh/
ScriptAlias /smart/incomplete_body/git-upload-pack incomplete-body-upload-pack-v2-http.sh/
diff --git a/t/t5563-simple-http-auth.sh b/t/t5563-simple-http-auth.sh
index f45a43b4b5..0f23f45572 100755
--- a/t/t5563-simple-http-auth.sh
+++ b/t/t5563-simple-http-auth.sh
@@ -5,6 +5,7 @@ test_description='test http auth header and credential helper interop'
. ./test-lib.sh
. "$TEST_DIRECTORY"/lib-httpd.sh
+enable_cgipassauth
start_httpd
test_expect_success 'setup_credential_helper' '
And then the theory is that t5551 works as before (it does not try to
use that config), and t5563 will either work out of the box (for recent
versions), or web server setup will fail, and we'll skip all tests.
BUT. That won't work if you have set GIT_TEST_HTTPD=1, rather than the
default of "auto". Because then it is instructed to complain about
webserver setup failing, so t5563 will fail rather than skip. So we have
a few options there:
1. You use the looser value of GIT_TEST_HTTPD for CentOS tests, which
would do the right thing. The downside is that if server setup
failed for other reasons, we wouldn't notice and would silently
skip the HTTP tests.
2. We do some kind of version check in enable_cgipassauth(),
and skip tests manually if it doesn't pass.
3. You just skip the test manually on that platform with
GIT_SKIP_TESTS=t5563.
Obviously (1) and (3) are the least work for us upstream, but I don't
think (2) would be too hard to do.
-Peff
^ permalink raw reply related [flat|nested] 11+ messages in thread
* Re: [BUG 2.41.0] t/lib-httpd/apache.conf incompatible with RHEL/CentOS 7
2023-05-18 18:45 ` Jeff King
@ 2023-05-18 19:14 ` Todd Zullinger
2023-05-18 19:22 ` Jeff King
2023-05-18 19:21 ` Jeff King
1 sibling, 1 reply; 11+ messages in thread
From: Todd Zullinger @ 2023-05-18 19:14 UTC (permalink / raw)
To: Jeff King; +Cc: git, Matthew John Cheetham
Jeff King wrote:
> On Wed, May 17, 2023 at 03:06:18PM -0400, Todd Zullinger wrote:
>
>> The problem is that CGIPassAuth, added in 988aad99b4 (t5563:
>> add tests for basic and anoymous HTTP access, 2023-02-27) is
>> not supported by httpd < 2.4.13:
>
> Thanks for reporting. I don't think we dug into version requirements for
> that (obviously CGI stuff goes back forever, so it's just that
> particular option). That version of Apache is "only" 8 years old. Which
> is old, but we often go back that far for dependencies.
Indeed, thanks. I don't imagine there are too many people
looking to support the latest git auth mechanisms via http
who are also running CentOS 7. But it's nice to not have to
disable all the other http tests.
>> Since edd060dc84 (t/lib-httpd: bump required apache version
>> to 2.4, 2023-02-01), we require httpd-2.4 and no longer have
>> any <IfVersion> conditions. I'm not sure if this a reason
>> to add some again (nor am I certain if httpd's IfVersion
>> supports minor versions).
>
> I don't think an IfVersion would be sufficient, because we need to also
> tell the script making use of that config that it should skip its tests.
> So I think we want something more like the HTTP/2 tests have: a separate
> script which enables the extra config, and bails if the web server setup
> fails.
>
> Something like this:
[...]
I'll try to apply this and see how it goes, skipping t5563,
a little later in the day.
> And then the theory is that t5551 works as before (it does not try to
> use that config), and t5563 will either work out of the box (for recent
> versions), or web server setup will fail, and we'll skip all tests.
>
> BUT. That won't work if you have set GIT_TEST_HTTPD=1, rather than the
> default of "auto". Because then it is instructed to complain about
> webserver setup failing, so t5563 will fail rather than skip. So we have
> a few options there:
>
> 1. You use the looser value of GIT_TEST_HTTPD for CentOS tests, which
> would do the right thing. The downside is that if server setup
> failed for other reasons, we wouldn't notice and would silently
> skip the HTTP tests.
>
> 2. We do some kind of version check in enable_cgipassauth(),
> and skip tests manually if it doesn't pass.
>
> 3. You just skip the test manually on that platform with
> GIT_SKIP_TESTS=t5563.
>
> Obviously (1) and (3) are the least work for us upstream, but I don't
> think (2) would be too hard to do.
Yeah, the path of least effort seems ideal here. If the
tests are split I can easily skip them for CentOS 7. For
something that's going away in little over a year, it's good
to put at least some of the onus on folks packaging for it.
And that's less cruft in the test suite after CentOS 7 is
gone (or any other ancient httpd's git may wish to support).
Thanks Peff! I'm really glad you know your way around the
test suite so well. It'd take me far longer to figure out a
good plan for something like this.
--
Todd
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [BUG 2.41.0] t/lib-httpd/apache.conf incompatible with RHEL/CentOS 7
2023-05-18 18:45 ` Jeff King
2023-05-18 19:14 ` Todd Zullinger
@ 2023-05-18 19:21 ` Jeff King
2023-05-18 19:50 ` Todd Zullinger
` (2 more replies)
1 sibling, 3 replies; 11+ messages in thread
From: Jeff King @ 2023-05-18 19:21 UTC (permalink / raw)
To: Todd Zullinger; +Cc: Junio C Hamano, git, Matthew John Cheetham
On Thu, May 18, 2023 at 02:45:32PM -0400, Jeff King wrote:
> 2. We do some kind of version check in enable_cgipassauth(),
> and skip tests manually if it doesn't pass.
> [...]
> Obviously (1) and (3) are the least work for us upstream, but I don't
> think (2) would be too hard to do.
It indeed was pretty easy. So here's a patch. I'm adding Junio to the cc
before any review, as this is a change in the v2.41 cycle. So I think
we'd want to address this before the release.
-- >8 --
Subject: [PATCH] t/lib-httpd: make CGIPassAuth support conditional
Commit 988aad99b4 (t5563: add tests for basic and anoymous HTTP access,
2023-02-27) added tests that require Apache to support the CGIPassAuth
directive, which was added in Apache 2.4.13. This is fairly old (~8
years), but recent enough that we still encounter it in the wild (e.g.,
RHEL/CentOS 7, which is not EOL until June 2024).
We can live with skipping the new tests on such a platform. But
unfortunately, since the directive is used unconditionally in our
apache.conf, it means the web server fails to start entirely, and we
cannot run other HTTP tests at all (e.g., the basic ones in t5551).
We can fix that by making the config conditional, and only triggering it
for t5563. That solves the problem for t5551 (which then ignores the
directive entirely). For t5563, we'd see apache complain in start_httpd;
with the default setting of GIT_TEST_HTTPD, we'd then skip the whole
script.
But that leaves one small problem: people may set GIT_TEST_HTTPD=1
explicitly, which instructs the tests to fail (rather than skip) when we
can't start the webserver (to avoid accidentally missing some tests).
This could be worked around by having the user manually set
GIT_SKIP_TESTS on a platform with an older Apache. But we can be a bit
friendlier by doing the version check ourselves and setting an
appropriate prereq. We'll use the (lack of) prereq to then skip the rest
of t5563. In theory we could use the prereq to skip individual tests, but
in practice this whole script depends on it.
Reported-by: Todd Zullinger <tmz@pobox.com>
Signed-off-by: Jeff King <peff@peff.net>
---
I tested this manually by mutilating the config directive to "FooBar",
which would fail even on recent versions. And then tweaking the "13"
in the version check up to "60" to make sure it properly skips even with
recent Apache. But testing on real CentOS 7 would be very much
appreciated.
t/lib-httpd.sh | 14 ++++++++++++++
t/lib-httpd/apache.conf | 2 ++
t/t5563-simple-http-auth.sh | 6 ++++++
3 files changed, 22 insertions(+)
diff --git a/t/lib-httpd.sh b/t/lib-httpd.sh
index 6805229dcb..2fb1b2ae56 100644
--- a/t/lib-httpd.sh
+++ b/t/lib-httpd.sh
@@ -191,6 +191,20 @@ enable_http2 () {
test_set_prereq HTTP2
}
+enable_cgipassauth () {
+ # We are looking for 2.4.13 or more recent. Since we only support
+ # 2.4 and up, no need to check for older major/minor.
+ if test "$HTTPD_VERSION_MAJOR" = 2 &&
+ test "$HTTPD_VERSION_MINOR" = 4 &&
+ test "$(echo $HTTPD_VERSION | cut -d. -f3)" -lt 13
+ then
+ echo >&4 "apache $HTTPD_VERSION too old for CGIPassAuth"
+ return
+ fi
+ HTTPD_PARA="$HTTPD_PARA -DUSE_CGIPASSAUTH"
+ test_set_prereq CGIPASSAUTH
+}
+
start_httpd() {
prepare_httpd >&3 2>&4
diff --git a/t/lib-httpd/apache.conf b/t/lib-httpd/apache.conf
index 9e6892970d..a22d138605 100644
--- a/t/lib-httpd/apache.conf
+++ b/t/lib-httpd/apache.conf
@@ -146,7 +146,9 @@ SetEnv PERL_PATH ${PERL_PATH}
<LocationMatch /custom_auth/>
SetEnv GIT_EXEC_PATH ${GIT_EXEC_PATH}
SetEnv GIT_HTTP_EXPORT_ALL
+ <IfDefine USE_CGIPASSAUTH>
CGIPassAuth on
+ </IfDefine>
</LocationMatch>
ScriptAlias /smart/incomplete_length/git-upload-pack incomplete-length-upload-pack-v2-http.sh/
ScriptAlias /smart/incomplete_body/git-upload-pack incomplete-body-upload-pack-v2-http.sh/
diff --git a/t/t5563-simple-http-auth.sh b/t/t5563-simple-http-auth.sh
index f45a43b4b5..ab8a721ccc 100755
--- a/t/t5563-simple-http-auth.sh
+++ b/t/t5563-simple-http-auth.sh
@@ -5,6 +5,12 @@ test_description='test http auth header and credential helper interop'
. ./test-lib.sh
. "$TEST_DIRECTORY"/lib-httpd.sh
+enable_cgipassauth
+if ! test_have_prereq CGIPASSAUTH
+then
+ skip_all="no CGIPassAuth support"
+ test_done
+fi
start_httpd
test_expect_success 'setup_credential_helper' '
--
2.41.0.rc0.359.g22664e20e7
^ permalink raw reply related [flat|nested] 11+ messages in thread
* Re: [BUG 2.41.0] t/lib-httpd/apache.conf incompatible with RHEL/CentOS 7
2023-05-18 19:14 ` Todd Zullinger
@ 2023-05-18 19:22 ` Jeff King
0 siblings, 0 replies; 11+ messages in thread
From: Jeff King @ 2023-05-18 19:22 UTC (permalink / raw)
To: Todd Zullinger; +Cc: git, Matthew John Cheetham
On Thu, May 18, 2023 at 03:14:50PM -0400, Todd Zullinger wrote:
> > 1. You use the looser value of GIT_TEST_HTTPD for CentOS tests, which
> > would do the right thing. The downside is that if server setup
> > failed for other reasons, we wouldn't notice and would silently
> > skip the HTTP tests.
> >
> > 2. We do some kind of version check in enable_cgipassauth(),
> > and skip tests manually if it doesn't pass.
> >
> > 3. You just skip the test manually on that platform with
> > GIT_SKIP_TESTS=t5563.
> >
> > Obviously (1) and (3) are the least work for us upstream, but I don't
> > think (2) would be too hard to do.
>
> Yeah, the path of least effort seems ideal here. If the
> tests are split I can easily skip them for CentOS 7. For
> something that's going away in little over a year, it's good
> to put at least some of the onus on folks packaging for it.
> And that's less cruft in the test suite after CentOS 7 is
> gone (or any other ancient httpd's git may wish to support).
Too late. :) I just sent a patch with (2), as it was only a few extra
lines.
> Thanks Peff! I'm really glad you know your way around the
> test suite so well. It'd take me far longer to figure out a
> good plan for something like this.
I was able to cheat a little, having had to figure out a similar
solution for HTTP/2 not too long ago. :)
-Peff
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [BUG 2.41.0] t/lib-httpd/apache.conf incompatible with RHEL/CentOS 7
2023-05-18 19:21 ` Jeff King
@ 2023-05-18 19:50 ` Todd Zullinger
2023-05-18 20:11 ` Todd Zullinger
2023-05-18 21:28 ` Junio C Hamano
2 siblings, 0 replies; 11+ messages in thread
From: Todd Zullinger @ 2023-05-18 19:50 UTC (permalink / raw)
To: Jeff King; +Cc: Junio C Hamano, git, Matthew John Cheetham
Jeff King wrote:
> On Thu, May 18, 2023 at 02:45:32PM -0400, Jeff King wrote:
>
>> 2. We do some kind of version check in enable_cgipassauth(),
>> and skip tests manually if it doesn't pass.
>> [...]
>> Obviously (1) and (3) are the least work for us upstream, but I don't
>> think (2) would be too hard to do.
>
> It indeed was pretty easy. So here's a patch. I'm adding Junio to the cc
> before any review, as this is a change in the v2.41 cycle. So I think
> we'd want to address this before the release.
Nice.
> I tested this manually by mutilating the config directive to "FooBar",
> which would fail even on recent versions. And then tweaking the "13"
> in the version check up to "60" to make sure it properly skips even with
> recent Apache. But testing on real CentOS 7 would be very much
> appreciated.
I have a build running now. It takes around ~20 minutes in
the Fedora/EPEL build system. I wanted to make sure it was
started quickly since you turned out a patch in the time it
took me to write my last reply. ;)
(It would have been quicker if I hadn't forgot to apply the
imap-send patch as well. D'oh!)
--
Todd
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [BUG 2.41.0] t/lib-httpd/apache.conf incompatible with RHEL/CentOS 7
2023-05-18 19:21 ` Jeff King
2023-05-18 19:50 ` Todd Zullinger
@ 2023-05-18 20:11 ` Todd Zullinger
2023-05-18 21:31 ` Junio C Hamano
2023-05-18 21:28 ` Junio C Hamano
2 siblings, 1 reply; 11+ messages in thread
From: Todd Zullinger @ 2023-05-18 20:11 UTC (permalink / raw)
To: Jeff King; +Cc: Junio C Hamano, git, Matthew John Cheetham
Jeff King wrote:
> I tested this manually by mutilating the config directive to "FooBar",
> which would fail even on recent versions. And then tweaking the "13"
> in the version check up to "60" to make sure it properly skips even with
> recent Apache. But testing on real CentOS 7 would be very much
> appreciated.
I tested on RHEL/CentOS 7 and it does what it says on the tin:
t5563-simple-http-auth.sh .......................... skipped: no CGIPassAuth support
Thanks!
--
Todd
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [BUG 2.41.0] t/lib-httpd/apache.conf incompatible with RHEL/CentOS 7
2023-05-18 19:21 ` Jeff King
2023-05-18 19:50 ` Todd Zullinger
2023-05-18 20:11 ` Todd Zullinger
@ 2023-05-18 21:28 ` Junio C Hamano
2023-05-18 23:10 ` Jeff King
2 siblings, 1 reply; 11+ messages in thread
From: Junio C Hamano @ 2023-05-18 21:28 UTC (permalink / raw)
To: Jeff King; +Cc: Todd Zullinger, git, Matthew John Cheetham
Jeff King <peff@peff.net> writes:
> On Thu, May 18, 2023 at 02:45:32PM -0400, Jeff King wrote:
>
>> 2. We do some kind of version check in enable_cgipassauth(),
>> and skip tests manually if it doesn't pass.
>> [...]
>> Obviously (1) and (3) are the least work for us upstream, but I don't
>> think (2) would be too hard to do.
>
> It indeed was pretty easy. So here's a patch. I'm adding Junio to the cc
> before any review, as this is a change in the v2.41 cycle. So I think
> we'd want to address this before the release.
Thanks for being considerate, as always ;-) Very much appreciated.
> -- >8 --
> Subject: [PATCH] t/lib-httpd: make CGIPassAuth support conditional
>
> Commit 988aad99b4 (t5563: add tests for basic and anoymous HTTP access,
> 2023-02-27) added tests that require Apache to support the CGIPassAuth
> directive, which was added in Apache 2.4.13. This is fairly old (~8
> years), but recent enough that we still encounter it in the wild (e.g.,
> RHEL/CentOS 7, which is not EOL until June 2024).
nitpick: we are fine to encountering 2.4.13 in the wild---encountering
something a bit older than that is problematic. A quick internet
search tells me that CentOS 7 ships Apache 2.4.6, so if we trust that...
... fairly old (~8 years), but recent enough that we still
encounter versions older than that in the wild (e.g. CentOS 7,
which is not EOL until June 2024, comes with Apache 2.4.6 from
2014 plus security fixes).
or something?
> I tested this manually by mutilating the config directive to "FooBar",
> which would fail even on recent versions. And then tweaking the "13"
> in the version check up to "60" to make sure it properly skips even with
> recent Apache. But testing on real CentOS 7 would be very much
> appreciated.
Indeed, we'd love to see tests on a real thing, especially if we
were to fast-track this. FWIW, the manual test you outlined above
sounds like a very sensible way to "emulate" under the condition
that there is no access to the real thing.
> +enable_cgipassauth () {
> + # We are looking for 2.4.13 or more recent. Since we only support
> + # 2.4 and up, no need to check for older major/minor.
> + if test "$HTTPD_VERSION_MAJOR" = 2 &&
> + test "$HTTPD_VERSION_MINOR" = 4 &&
> + test "$(echo $HTTPD_VERSION | cut -d. -f3)" -lt 13
As HTTPD_VERSION comes from
$LIB_HTTPD_PATH -v | sed -n 's|^Server version: Apache/\([0-9.]*\).*|p'
and parses a line like "Server version: Apache/2.4.6 (CentOS)",
unless somebody ships 2.4 without any digit after it, the above
should be safe ;-)
> + then
> + echo >&4 "apache $HTTPD_VERSION too old for CGIPassAuth"
> + return
> + fi
> + HTTPD_PARA="$HTTPD_PARA -DUSE_CGIPASSAUTH"
> + test_set_prereq CGIPASSAUTH
> +}
OK.
> diff --git a/t/lib-httpd/apache.conf b/t/lib-httpd/apache.conf
> index 9e6892970d..a22d138605 100644
> --- a/t/lib-httpd/apache.conf
> +++ b/t/lib-httpd/apache.conf
> @@ -146,7 +146,9 @@ SetEnv PERL_PATH ${PERL_PATH}
> <LocationMatch /custom_auth/>
> SetEnv GIT_EXEC_PATH ${GIT_EXEC_PATH}
> SetEnv GIT_HTTP_EXPORT_ALL
> + <IfDefine USE_CGIPASSAUTH>
> CGIPassAuth on
> + </IfDefine>
> </LocationMatch>
> ScriptAlias /smart/incomplete_length/git-upload-pack incomplete-length-upload-pack-v2-http.sh/
> ScriptAlias /smart/incomplete_body/git-upload-pack incomplete-body-upload-pack-v2-http.sh/
> diff --git a/t/t5563-simple-http-auth.sh b/t/t5563-simple-http-auth.sh
> index f45a43b4b5..ab8a721ccc 100755
> --- a/t/t5563-simple-http-auth.sh
> +++ b/t/t5563-simple-http-auth.sh
> @@ -5,6 +5,12 @@ test_description='test http auth header and credential helper interop'
> . ./test-lib.sh
> . "$TEST_DIRECTORY"/lib-httpd.sh
>
> +enable_cgipassauth
> +if ! test_have_prereq CGIPASSAUTH
> +then
> + skip_all="no CGIPassAuth support"
> + test_done
> +fi
> start_httpd
>
> test_expect_success 'setup_credential_helper' '
Yup, very cleanly done.
Thanks.
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [BUG 2.41.0] t/lib-httpd/apache.conf incompatible with RHEL/CentOS 7
2023-05-18 20:11 ` Todd Zullinger
@ 2023-05-18 21:31 ` Junio C Hamano
0 siblings, 0 replies; 11+ messages in thread
From: Junio C Hamano @ 2023-05-18 21:31 UTC (permalink / raw)
To: Todd Zullinger; +Cc: Jeff King, git, Matthew John Cheetham
Todd Zullinger <tmz@pobox.com> writes:
> Jeff King wrote:
>> I tested this manually by mutilating the config directive to "FooBar",
>> which would fail even on recent versions. And then tweaking the "13"
>> in the version check up to "60" to make sure it properly skips even with
>> recent Apache. But testing on real CentOS 7 would be very much
>> appreciated.
>
> I tested on RHEL/CentOS 7 and it does what it says on the tin:
>
> t5563-simple-http-auth.sh .......................... skipped: no CGIPassAuth support
>
> Thanks!
Nice. Thanks, both.
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [BUG 2.41.0] t/lib-httpd/apache.conf incompatible with RHEL/CentOS 7
2023-05-18 21:28 ` Junio C Hamano
@ 2023-05-18 23:10 ` Jeff King
2023-05-18 23:23 ` Junio C Hamano
0 siblings, 1 reply; 11+ messages in thread
From: Jeff King @ 2023-05-18 23:10 UTC (permalink / raw)
To: Junio C Hamano; +Cc: Todd Zullinger, git, Matthew John Cheetham
On Thu, May 18, 2023 at 02:28:22PM -0700, Junio C Hamano wrote:
> > Commit 988aad99b4 (t5563: add tests for basic and anoymous HTTP access,
> > 2023-02-27) added tests that require Apache to support the CGIPassAuth
> > directive, which was added in Apache 2.4.13. This is fairly old (~8
> > years), but recent enough that we still encounter it in the wild (e.g.,
> > RHEL/CentOS 7, which is not EOL until June 2024).
>
> nitpick: we are fine to encountering 2.4.13 in the wild---encountering
> something a bit older than that is problematic. A quick internet
> search tells me that CentOS 7 ships Apache 2.4.6, so if we trust that...
>
> ... fairly old (~8 years), but recent enough that we still
> encounter versions older than that in the wild (e.g. CentOS 7,
> which is not EOL until June 2024, comes with Apache 2.4.6 from
> 2014 plus security fixes).
>
> or something?
Yeah, I agree what I wrote is a bit unclear. I think what I meant was
"..recent enough that we'll still encounter older versions in the wild".
But yours is even better, since you dug up the actual version it ships.
Do you want to squash that into the commit message, or do you prefer a
re-send?
> > +enable_cgipassauth () {
> > + # We are looking for 2.4.13 or more recent. Since we only support
> > + # 2.4 and up, no need to check for older major/minor.
> > + if test "$HTTPD_VERSION_MAJOR" = 2 &&
> > + test "$HTTPD_VERSION_MINOR" = 4 &&
> > + test "$(echo $HTTPD_VERSION | cut -d. -f3)" -lt 13
>
> As HTTPD_VERSION comes from
>
> $LIB_HTTPD_PATH -v | sed -n 's|^Server version: Apache/\([0-9.]*\).*|p'
>
> and parses a line like "Server version: Apache/2.4.6 (CentOS)",
> unless somebody ships 2.4 without any digit after it, the above
> should be safe ;-)
Yep. I wondered about trying to be more paranoid here, but I think
there's not much point until we see a real world example. The most
likely outcome of a mis-parse is that we'd claim "this looks too old"
and skip the t5536 tests, which seems OK (at least nobody gets an
unexpected test failure, though it may mean that they simply gloss over
the problem).
-Peff
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [BUG 2.41.0] t/lib-httpd/apache.conf incompatible with RHEL/CentOS 7
2023-05-18 23:10 ` Jeff King
@ 2023-05-18 23:23 ` Junio C Hamano
0 siblings, 0 replies; 11+ messages in thread
From: Junio C Hamano @ 2023-05-18 23:23 UTC (permalink / raw)
To: Jeff King; +Cc: Todd Zullinger, git, Matthew John Cheetham
Jeff King <peff@peff.net> writes:
> Yeah, I agree what I wrote is a bit unclear. I think what I meant was
> "..recent enough that we'll still encounter older versions in the wild".
>
> But yours is even better, since you dug up the actual version it ships.
> Do you want to squash that into the commit message, or do you prefer a
> re-send?
Neither. What you wrote was serviceable (and my comment was labeled
"nitpick" for that reason) even though it might have been a bit
unclear.
>> > +enable_cgipassauth () {
>> > + # We are looking for 2.4.13 or more recent. Since we only support
>> > + # 2.4 and up, no need to check for older major/minor.
>> > + if test "$HTTPD_VERSION_MAJOR" = 2 &&
>> > + test "$HTTPD_VERSION_MINOR" = 4 &&
>> > + test "$(echo $HTTPD_VERSION | cut -d. -f3)" -lt 13
>>
>> As HTTPD_VERSION comes from
>>
>> $LIB_HTTPD_PATH -v | sed -n 's|^Server version: Apache/\([0-9.]*\).*|p'
>>
>> and parses a line like "Server version: Apache/2.4.6 (CentOS)",
>> unless somebody ships 2.4 without any digit after it, the above
>> should be safe ;-)
>
> Yep. I wondered about trying to be more paranoid here, but I think
> there's not much point until we see a real world example. The most
> likely outcome of a mis-parse is that we'd claim "this looks too old"
> and skip the t5536 tests, which seems OK (at least nobody gets an
> unexpected test failure, though it may mean that they simply gloss over
> the problem).
Yup, this will be in 'next' and will become part of -rc1.
Thanks.
^ permalink raw reply [flat|nested] 11+ messages in thread
end of thread, other threads:[~2023-05-18 23:23 UTC | newest]
Thread overview: 11+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-05-17 19:06 [BUG 2.41.0] t/lib-httpd/apache.conf incompatible with RHEL/CentOS 7 Todd Zullinger
2023-05-18 18:45 ` Jeff King
2023-05-18 19:14 ` Todd Zullinger
2023-05-18 19:22 ` Jeff King
2023-05-18 19:21 ` Jeff King
2023-05-18 19:50 ` Todd Zullinger
2023-05-18 20:11 ` Todd Zullinger
2023-05-18 21:31 ` Junio C Hamano
2023-05-18 21:28 ` Junio C Hamano
2023-05-18 23:10 ` Jeff King
2023-05-18 23:23 ` Junio C Hamano
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).