Merge ~cjwatson/lp-codeimport:git-auth-launchpad-services into lp-codeimport:master

Proposed by Colin Watson
Status: Merged
Approved by: Colin Watson
Approved revision: fc97f28e19894c0096ee0efb0fee0ba34f3b8515
Merge reported by: Otto Co-Pilot
Merged at revision: not available
Proposed branch: ~cjwatson/lp-codeimport:git-auth-launchpad-services
Merge into: lp-codeimport:master
Diff against target: 22 lines (+2/-3)
1 file modified
lib/lp/codehosting/codeimport/worker.py (+2/-3)
Reviewer Review Type Date Requested Status
Ioana Lasc (community) Approve
Review via email: mp+417643@code.launchpad.net

Commit message

Authenticate using +launchpad-services rather than empty username

Description of the change

We previously authenticated to git using the empty username and a non-user-bound macaroon. This is syntactically valid and works with current versions of git and curl, but it's the sort of edge case in the URL specification that's easy to mishandle, and modern versions of git built against versions of curl prior to 7.62.0 fail to send an Authorization header. Using a reserved username is safer.

See also the similar https://code.launchpad.net/~cjwatson/launchpad/+git/launchpad/+merge/407532, which added support to Launchpad for authenticating using this reserved username.

To post a comment you must log in.
Revision history for this message
Ioana Lasc (ilasc) :
review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/lib/lp/codehosting/codeimport/worker.py b/lib/lp/codehosting/codeimport/worker.py
2index f547cfb..9391324 100644
3--- a/lib/lp/codehosting/codeimport/worker.py
4+++ b/lib/lp/codehosting/codeimport/worker.py
5@@ -1157,15 +1157,14 @@ class GitToGitImportWorker(ImportWorker):
6 unauth_target_url = urljoin(
7 config.codehosting.git_browse_root, self.source_details.target_id)
8 split = urlsplit(unauth_target_url)
9- target_netloc = ":%s@%s" % (
10+ target_netloc = "+launchpad-services:%s@%s" % (
11 self.source_details.macaroon.serialize(), split.hostname)
12 if split.port:
13 target_netloc += ":%s" % split.port
14 target_url = urlunsplit([
15 split.scheme, target_netloc, split.path, "", ""])
16 # XXX cjwatson 2016-10-11: Ideally we'd put credentials in a
17- # credentials store instead. However, git only accepts credentials
18- # that have both a non-empty username and a non-empty password.
19+ # credentials store instead.
20 self._logger.info("Getting existing repository from hosting service.")
21 try:
22 self._runGit(

Subscribers

People subscribed via source and target branches