AUR web interface

**This is the bug tracker for the AUR web interface.**

Use this tracker to report bugs or make feature requests regarding the behaviour or implementation of the AUR software.
Please read the Reporting Bug Guidelines before filing a new task.

- Please report bugs related to Arch Linux official packages here:
- Please report bugs for [community] packages here:
- For any packages in the AUR contact the maintainer or leave a comment on the package's detail page.

Source Code:

FS#61193 - [aurweb] cloning an invald https git url creates an 500

Attached to Project: AUR web interface
Opened by Jelle van der Waa (jelly) - Thursday, 27 December 2018, 21:03 GMT
Task Type Bug Report
Category Backend
Status Assigned
Assigned To Marcel Korpel (Marcel-)
Lukas Fleischer (lfleischer)
Johannes Löthberg (demize)
Eli Schwartz (eschwartz)
Architecture All
Severity Low
Priority Normal
Reported Version 4.7.0
Due in Version Undecided
Due Date Undecided
Percent Complete 0%
Votes 0
Private No


Some users seem to do https clones with a dot appended to the git clone url. This causes an error 500, it would be better to return a 400 or 404.

A typical request is for example:

[27/Dec/2018:19:33:21 +0000] "GET /xiphos.git./info/refs?service=git-upload-pack HTTP/2.0" 500 0 "-" "git/2.19.2" "-" 0.003
This task depends upon

Comment by Jelle van der Waa (jelly) - Thursday, 27 December 2018, 21:25 GMT
Update, this seems to not be an issue with PHP itself but with the smartgit sock. Maybe the regex should be adjusted to disallow foo.git.

location ~ "^/([a-z0-9][a-z0-9.+_-]*?)(\.git)?/(git-(receive|upload)-pack|HEAD|info/refs|objects/(info/(http-)?alternates|packs)|[0-9a-f]{2}/[0-9a-f]{38}|pack/pack-[0-9a-f]{40}\.(pack|idx))$" {
Comment by Johannes Löthberg (demize) - Saturday, 29 December 2018, 22:39 GMT
It seems like the core reason that it throws a 500 is that Git seems to not support namespaces that end with a period. This doesn't seem to be documented, so I would guess that it's a bug.

Fundamentally what this should do is let you clone an empty repo literally called xiphos.git. (xiphos.git. is identical to xiphos.git..git)
Comment by Eli Schwartz (eschwartz) - Saturday, 29 December 2018, 23:22 GMT
makepkg/pacman also supports packages named literally pkgbase="xiphos.git." -- does that mean the AUR (via a dependency) is broken in its lack of support for this? OTOH, do we care?
Comment by Jelle van der Waa (jelly) - Sunday, 30 December 2018, 10:49 GMT
Yes we care, since it makes it harder to find real 500 errors.