From 4a794ce0ba629fd9be8d2c3a1b9d1af81b96b69c Mon Sep 17 00:00:00 2001 From: matrss Date: Wed, 2 Oct 2024 14:42:37 +0000 Subject: [PATCH] --- ...8___reuse_credentials_for_repos_on_one_host.mdwn | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 doc/todo/p2phttp__58___reuse_credentials_for_repos_on_one_host.mdwn diff --git a/doc/todo/p2phttp__58___reuse_credentials_for_repos_on_one_host.mdwn b/doc/todo/p2phttp__58___reuse_credentials_for_repos_on_one_host.mdwn new file mode 100644 index 0000000000..075c4b57a3 --- /dev/null +++ b/doc/todo/p2phttp__58___reuse_credentials_for_repos_on_one_host.mdwn @@ -0,0 +1,13 @@ +Plain git tries the same credentials for multiple different repositories on the same host. I.e. with multiple different repositories on , if I push to one and supply my credentials, these will be saved omitting the actual repository path on the host and will be reused for any other repository that is also located on ATRIS. + +Git-annex with p2phttp behaves differently. It saves the full URL to the p2phttp endpoint including the repository path, which means that two repositories using p2phttp will both ask for credentials and save them separate from each other. + +This difference in behavior seems to stem from a difference in how `git credential` handles schemes: if you ask it for credentials for `http(s)` it will silently omit any supplied path and only match on scheme and host, while asking for `annex+http(s)` matches on the full scheme, host and path. + +There might be some situations in which one would want to associate the credentials with the full path, but in my case for forgejo-aneksajo all authentication is handled by Forgejo and users are global on that instance so per-repository credentials don't make much sense. + +I see some ways to address this: + +1. Remove the path from the request to `git credential` on git-annex' side +2. Allow `remote..annexurl` to be set to `http(s)://` URLs in addition to `annex+http(s)://`, exploiting the difference in the `git credential` behavior +3. Perhaps most elegantly: make p2phttp support serving multiple repositories, so that repositories could share the same annexurl and therefore share credentials