From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/14005
Path: news.gmane.org!.POSTED.blaine.gmane.org!not-for-mail
From: Rich Felker <dalias@libc.org>
Newsgroups: gmane.linux.lib.musl.general
Subject: Re: Supporting git access via smart HTTPS protocol for
 musl-libc
Date: Mon, 25 Mar 2019 22:59:37 -0400
Message-ID: <20190326025937.GW23599@brightrain.aerifal.cx>
References: <20190324103306.GB1830@localhost>
 <20190326003411.GC1872@localhost>
 <20190326010933.GC3713@localhost>
 <397c5906-090a-460e-7ea8-8f9248e0be59@adelielinux.org>
 <20190326013706.GV23599@brightrain.aerifal.cx>
 <20190326015434.GB8855@localhost>
Reply-To: musl@lists.openwall.com
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Injection-Info: blaine.gmane.org; posting-host="blaine.gmane.org:195.159.176.226";
	logging-data="230389"; mail-complaints-to="usenet@blaine.gmane.org"
User-Agent: Mutt/1.5.21 (2010-09-15)
To: musl@lists.openwall.com
Original-X-From: musl-return-14021-gllmg-musl=m.gmane.org@lists.openwall.com Tue Mar 26 03:59:54 2019
Return-path: <musl-return-14021-gllmg-musl=m.gmane.org@lists.openwall.com>
Envelope-to: gllmg-musl@m.gmane.org
Original-Received: from mother.openwall.net ([195.42.179.200])
	by blaine.gmane.org with smtp (Exim 4.89)
	(envelope-from <musl-return-14021-gllmg-musl=m.gmane.org@lists.openwall.com>)
	id 1h8cJc-000xoz-VU
	for gllmg-musl@m.gmane.org; Tue, 26 Mar 2019 03:59:53 +0100
Original-Received: (qmail 29885 invoked by uid 550); 26 Mar 2019 02:59:50 -0000
Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:musl@lists.openwall.com>
List-Help: <mailto:musl-help@lists.openwall.com>
List-Unsubscribe: <mailto:musl-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:musl-subscribe@lists.openwall.com>
List-ID: <musl.lists.openwall.com>
Original-Received: (qmail 29864 invoked from network); 26 Mar 2019 02:59:50 -0000
Content-Disposition: inline
In-Reply-To: <20190326015434.GB8855@localhost>
Original-Sender: Rich Felker <dalias@aerifal.cx>
Xref: news.gmane.org gmane.linux.lib.musl.general:14005
Archived-At: <http://permalink.gmane.org/gmane.linux.lib.musl.general/14005>

On Tue, Mar 26, 2019 at 07:24:35AM +0530, vlse wrote:
> Hi,
> 
> On Mon, Mar 25, 2019 at 09:37:06PM -0400, Rich Felker wrote:
> > On Mon, Mar 25, 2019 at 08:17:26PM -0500, A. Wilcox wrote:
> > > On 03/25/19 20:09, vlse wrote:
> > > > Hello,
> > > > 
> > > > Would musl-libc support git access via smart HTTPS protocol.
> > > > As git man page says as well as stackoverflow site that using git protocol
> > > > is fine for lan operations.
> > > > But for internet git access, either ssh or https smart protocol use
> > > > is necessary to prevent man in the middle attack.
> > > 
> > > This is more an argument for signing commits so that they are
> > > cryptographically provable.  HTTPS is trivial to MITM, especially for
> > > the kind of actors that would care enough to MITM musl at all.
> > > 
> > > Threat models, people.
> > 
> > The request is reasonable. HTTPS is *not* "trivial to MITM", and
> > essentially impossible to do so without detection and a trail of
> > responsibility, especially now that CT logs are a thing. However,
> > until breaking sha1 (much worse than it's broken now) is practical,
> > you can also verify authenticity of a git repo via "git fsck" and a
> > known good source of the commit hash (e.g. cgit over https).
> > 
> 
> Yes. cgit over https. We need a secure start first.
> 
> > > > Please consider giving secure git access. Also smart http/s protocol
> > > > is way better than dumb protocol. It avoids downloading too much data
> > > > again and also shows progress and stats.
> > > 
> > > 
> > > There is absolutely no difference in transmitted data between the Git
> > > protocol and the HTTP Git transport, other than the useless overhead of
> > > HTTP messages, which actually skews favour towards the Git protocol.
> > > Also, the Git protocol is in my experience much much faster.
> > > 
> > > The Git transport definitely can show progress and stats, the same as
> > > the HTTP transport:
> > > 
> > > awilcox on gwyn [pts/18 Mon 25 20:13] ~: git clone
> > > git://git.musl-libc.org/musl
> > > Cloning into 'musl'...
> > > remote: Counting objects: 31396, done.
> > > Receiving objects: 100% (31396/31396), 4.77 MiB | 3.17 MiB/s, done.
> > > Resolving deltas: 100% (22605/22605), done.
> > > 
> > > Personally I would be okay with musl offering an HTTP(S) transport as an
> > > option, but please do not take away the Git transport.  It is much
> > > faster in my experience.  Every second wasted on stupid HTTP traffic is
> > > a second of my life I can't get back.
> > 
> > Of course the git transport won't be taken away. I'd like to add https
> > support, but I'm not sure how to do it without a nasty bloated httpd
> > that would increase server resource requirements by 1-2 orders of
> > magnitude. If anyone knows a way to hook up thttpd to it, I'll give it
> > a try.
> 
> Nginx is bloat free I think. But perhaps not in comparison to thttpd.
> I will look how to support cgit http/s with thttpd using a hook.
> 
> At skarnet.org, the author is using busybox httpd with cgi support and
> cgit cgi hooks to give http/s git access.

OK, that sounds promising. If it can be done with cgi, it should be
easy to setup, assuming the git client is forgiving of thttpd's
slightly non-conforming cgi behavior regarding headers.

Rich