This commit is contained in:
matrss 2024-10-02 14:42:37 +00:00 committed by admin
parent 13580427c8
commit 4a794ce0ba

View file

@ -0,0 +1,13 @@
Plain git tries the same credentials for multiple different repositories on the same host. I.e. with multiple different repositories on <https://atris.fz-juelich.de/>, if I push to one and supply my credentials, these will be saved omitting the actual repository path on the host and will be reused for any other repository that is also located on ATRIS.
Git-annex with p2phttp behaves differently. It saves the full URL to the p2phttp endpoint including the repository path, which means that two repositories using p2phttp will both ask for credentials and save them separate from each other.
This difference in behavior seems to stem from a difference in how `git credential` handles schemes: if you ask it for credentials for `http(s)` it will silently omit any supplied path and only match on scheme and host, while asking for `annex+http(s)` matches on the full scheme, host and path.
There might be some situations in which one would want to associate the credentials with the full path, but in my case for forgejo-aneksajo all authentication is handled by Forgejo and users are global on that instance so per-repository credentials don't make much sense.
I see some ways to address this:
1. Remove the path from the request to `git credential` on git-annex' side
2. Allow `remote.<name>.annexurl` to be set to `http(s)://` URLs in addition to `annex+http(s)://`, exploiting the difference in the `git credential` behavior
3. Perhaps most elegantly: make p2phttp support serving multiple repositories, so that repositories could share the same annexurl and therefore share credentials