gitsuexecsmart-http

Git with smart HTTP and suexec: repository not found

I'm trying to install my own Git repository on one of my servers with smart HTTP.

It works on a virtual server without suexec, but doesn't on my production server that has suexec enabled. When I try to clone or push it says:

fatal: repository 'http://domain.tld/git/project/' not found

Apache configuration is like:

<VirtualHost *:80>
    Options -Indexes +ExecCGI

    ServerAdmin user@domain.tld

    DocumentRoot /var/www/domain.tld

    ServerName domain.tld

    Alias /fcgi-bin/ /var/www/domain.tld/fcgi-bin/
    SuexecUserGroup domainuser domainuser

    ########## GIT ##########

    SetEnv GIT_PROJECT_ROOT /var/www/git/git_domain
    SetEnv GIT_HTTP_EXPORT_ALL
    SetEnv REMOTE_USER=$REDIRECT_REMOTE_USER
    ScriptAlias /git/ /var/www/git/git_domain/git-http-backend/

    Alias /git /var/www/git/git_domain
    <Directory /usr/lib/git-core>
        Options +ExecCGI +SymLinksIfOwnerMatch
        AllowOverride All
        Require all granted
    </Directory>

    <Directory /var/www/git/git_domain>
        Options -Indexes -SymLinksIfOwnerMatch
        AllowOverride All
        Require all granted
    </Directory>

    ########## PROJECT DIRS HTPASS ##########

        <LocationMatch "^/git/project1/.*$">
#            DAV on
            AuthType Basic
            AuthName "project1"
            AuthUserFile /var/www/git/gitpass/domain/project1
            Require valid-user
        </LocationMatch>

    ########## /PROJECT DIRS HTPASS ##########
    ########## /GIT ##########

If I disable

ScriptAlias /git/ /var/www/git/git_domain/git-http-backend/

I can clone, but push, because it works with DAV in that case.

I think I changed all the files' owners and permissions to the right value (domainuser, 755) and suexec doesn't complain about anything in its log.

Can anyone tell me where I did something wrong?

Thank you in advance.

Solution

  • That's easy: mod_suexec wipes all the environment variables before running the target program and so all your SetEnv directives have no effect.

    Unfortunately, the last time I checked (facing the same problem) mod_suexec had no "whitelist" configuration knob for the environment variables and so the correct approach is this:

    1. Create a script wrappnig your actual git-http-backend.

      Seems like you have one already.

    2. Reformulate all the relevant SetEnv directives there using the shell's export builtin.

      That is,

      SetEnv GIT_PROJECT_ROOT /var/www/git/git_domain

      becames

      export GIT_PROJECT_ROOT=/var/www/git/git_domain

      in the script code.

    If you need the same virtualhost config file to work both in "normal" mode and under mod_suexec put extensive comment about this quirk next to the block of your SetEnv directives suggesting the next guy to keep them in sync with whatever is placed in the wrapper script.

    More details on mod_suexec behaviour can be found here.