difference between cookie and netrc file for http authentication?

[Makson Lee]

on gerrit-review.googlesource.com, it use a cookie file for http authentication.

on our own gerrit instance, we can only use a netrc file and put http password in it for http authentication.

so what is the difference? can we also enable http cookie authentication on our own gerrit instance?

[David Pursehouse]

This is nothing to do with the gerrit instance but depends on what your git or http client is able to use.

There is nothing to stop you from using netrc instead of a git cookie file, except that you have to manually set it up rather than running the provided commands.

--
--
To unsubscribe, email repo-discuss...@googlegroups.com
More info at http://groups.google.com/group/repo-discuss?hl=en

---
You received this message because you are subscribed to the Google Groups "Repo and Gerrit Discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to repo-discuss...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Makson Lee]

On Wednesday, October 26, 2016 at 3:00:32 PM UTC+8, David Pursehouse wrote:

This is nothing to do with the gerrit instance but depends on what your git or http client is able to use.

There is nothing to stop you from using netrc instead of a git cookie file, except that you have to manually set it up rather than running the provided commands.

so how to get http password of user in gerrit-review.googlesource.com?

and how to create a http cookie file in our own gerrit instance?

[David Pursehouse]

On Wed, Oct 26, 2016 at 4:23 PM Makson Lee <cdle...@gmail.com> wrote:

On Wednesday, October 26, 2016 at 3:00:32 PM UTC+8, David Pursehouse wrote:

This is nothing to do with the gerrit instance but depends on what your git or http client is able to use.

There is nothing to stop you from using netrc instead of a git cookie file, except that you have to manually set it up rather than running the provided commands.

so how to get http password of user in gerrit-review.googlesource.com?

The password is in the created git cookie file.  You can just do:

  cat ~/.gitcookies

and see it there.

 

and how to create a http cookie file in our own gerrit instance?

I've never done it but I assume one should be able to simply add a new line in the .gitcookies file in the same format as the googlesource one, replacing googlesource.com with your domain and the password with the password for your Gerrit.

 

 

[Makson Lee]

On Wednesday, October 26, 2016 at 4:00:27 PM UTC+8, David Pursehouse wrote:

I've never done it but I assume one should be able to simply add a new line in the .gitcookies file in the same format as the googlesource one, replacing googlesource.com with your domain and the password with the password for your Gerrit.

thanks, but i can't get it work :-(

i tried to enable git http.savecookies option to save http cookie, but didn't work, no file was produced.

$ git init

$ git config http.cookieFile cookie.txt

$ git config http.saveCookies true

$ git fetch http://gerrit.domain:8080/p/test master

Username for 'http://gerrit.domain:8080': user

Password for 'http://us...@gerrit.domain:8080': xxxxxx

From http://gerrit.domain:8080/p/test

 * branch            master        -> FETCH_HEAD

[Dave Borowitz]

On Wed, Oct 26, 2016 at 4:00 AM, David Pursehouse <david.pu...@gmail.com> wrote:

On Wed, Oct 26, 2016 at 4:23 PM Makson Lee <cdle...@gmail.com> wrote:

On Wednesday, October 26, 2016 at 3:00:32 PM UTC+8, David Pursehouse wrote:

This is nothing to do with the gerrit instance but depends on what your git or http client is able to use.

There is nothing to stop you from using netrc instead of a git cookie file, except that you have to manually set it up rather than running the provided commands.

so how to get http password of user in gerrit-review.googlesource.com?

The password is in the created git cookie file.  You can just do:

  cat ~/.gitcookies

and see it there.

 

and how to create a http cookie file in our own gerrit instance?

I've never done it but I assume one should be able to simply add a new line in the .gitcookies file in the same format as the googlesource one, replacing googlesource.com with your domain and the password with the password for your Gerrit.

Unfortunately not, the googlesource.com cookie auth is custom code in the googlesource.com server. Open-source Gerrit does not support passing HTTP passwords as cookies.

 

 

--
--
To unsubscribe, email repo-discuss+unsubscribe@googlegroups.com

More info at http://groups.google.com/group/repo-discuss?hl=en

---
You received this message because you are subscribed to the Google Groups "Repo and Gerrit Discussion" group.

To unsubscribe from this group and stop receiving emails from it, send an email to repo-discuss+unsubscribe@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--
--
To unsubscribe, email repo-discuss+unsubscribe@googlegroups.com

More info at http://groups.google.com/group/repo-discuss?hl=en

---
You received this message because you are subscribed to the Google Groups "Repo and Gerrit Discussion" group.

To unsubscribe from this group and stop receiving emails from it, send an email to repo-discuss+unsubscribe@googlegroups.com.

[Makson Lee]

On Wednesday, October 26, 2016 at 10:23:55 PM UTC+8, Dave Borowitz wrote:

Unfortunately not, the googlesource.com cookie auth is custom code in the googlesource.com server. Open-source Gerrit does not support passing HTTP passwords as cookies.

thanks for confirming, any chances that this feature would be available in open-source gerrit?

[Dave Borowitz]

I don't think it would be that hard, but I'm not volunteering to do it :)

And honestly, this is the first time anyone's asked for it.

--

[Makson Lee]

On Thursday, October 27, 2016 at 2:54:26 AM UTC+8, Dave Borowitz wrote:

I don't think it would be that hard, but I'm not volunteering to do it :)

And honestly, this is the first time anyone's asked for it.

the reason why i am asking this is [1], it uses gitiles json api, and it asks a cookie for http authentication, not sure if we can use a .netrc file for that, i will try.

[1] https://groups.google.com/forum/#!topic/repo-discuss/0wWrdGnI4W4