gitlab 8.0.x / gitlab-git-http-server breaks compatability with older perl+libgit clients (Git::Raw) - simple hack to "fix" included (invalid Www-Authenticate header)
Unexpectedly found one of my deployment tools broken after upgrading to 8.0.5 recently. Don't know exactly when it broke, but I suspect it's was at 8.0.x and the move to gitlab-git-http-server.
Anyway, I think the underlying problem is probably in libgit, but I don't know for sure. Applying the below (seriously ugly hack - not intended as a fix, just to demonstrate the problem and triggered solution) patch to gitlab-git-http-server makes the problem go away.
The underlying symptom is that the client never even TRIES to send it's basic auth creds when doing a clone. The only effective change below is turning the "Www-Authenticate" that is being returned into "WWW-Authenticate". After applying the below, the perl Git::Raw client works perfectly.
I initially thought it was something to do with the empty realm being returned, but narrowed it down to just the case of the header.
diff --git a/githandler.go b/githandler.go
index cfbd062..22a1c4d 100644
--- a/githandler.go
+++ b/githandler.go
@@ -78,6 +78,13 @@ func (h *gitHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
}
defer authResponse.Body.Close()
+ for k, v := range authResponse.Header {
+ if ( k == "Www-Authenticate" ) {
+ k = strings.Replace(k, "Www-Authenticate","WWW-Authenticate", -1)
+ w.Header()[k] = v
+ }
+ }
+
if authResponse.StatusCode != 200 {
// The Git request is not allowed by the backend. Maybe the
// client needs to send HTTP Basic credentials. Forward the