[Cryptech Tech] Some problems with the repo access

Rob Austein sra at hactrn.net
Mon Feb 10 21:51:03 UTC 2014


At Mon, 10 Feb 2014 22:10:45 +0100, Linus Nordberg wrote:
> 
> Joachim Strömbergson <joachim at secworks.se> wrote
> Thu, 06 Feb 2014 10:04:51 +0100:
> 
> | Yes, I expected it to be related to my shiny new key. If Linus can push
> | we know that we have a working flow.
> 
> I created a new repo (git clone git at cryptech.is:moretesting.git), added
> a file to it (git add README), committed (git commit --gpg-sign=23291265 -m 'Init.')
> and pushed (git push origin master).
> 
> You can clone it (using ssh).

So the basic mechanism works for people other than me.  Whew.

> Do we provide git over https?

Not yet.  I was holding off on that until we had the core services up.

Are we talking about read-only or read-write?  Read-write git over
HTTPS requires WebDAV, which does work (I've tested it and know how to
set it up), but it would also require yet another authentication
mechanism, unless we wanted to do something based on X.509 client
certificates generated from SSH keys (in which case why would we
bother supporting read-write HTTPS if all the authorized users already
have SSH access?).

So I'm guessing that you're asking about read-only git via HTTPS.
That should be straightforward, and we can add read-only git over
plain HTTP at the same time, just as we do for the Wiki and ticket
system.

> Can't see it in http://cryptech.is/browser though.

That would be the post-repository-create trigger script bug that was
blowing up in Joachim's face.  Did you get that one too?

I haven't done anything about this yet (just got back from holiday
late Saturday, still catching up), but I do wonder whether this is
somehow related to the other thing Joachim was reporting where his SSH
client was trying to use a pseudo-tty.



More information about the Tech mailing list