From: Rich Felker <dalias@libc.org>
To: musl@lists.openwall.com
Subject: Re: Supporting git access via smart HTTPS protocol for musl-libc
Date: Tue, 26 Mar 2019 18:02:25 -0400 [thread overview]
Message-ID: <20190326220225.GE23599@brightrain.aerifal.cx> (raw)
In-Reply-To: <CAHN-GmxZMx69Wf+Lwq8RaUQKx7Z=k19fX7sSsTref+g5jTwSdg@mail.gmail.com>
On Tue, Mar 26, 2019 at 02:39:13PM -0600, Assaf Gordon wrote:
> Hello,
>
> I might be able to suggest few pointers on setting up git/http CGI access.
>
> The git package contains 'git-http-backend' (typically in /usr/lib/git-core)
> which is a cgi backend meant for smart/dump git cloning.
>
> On GNU Savannah we use NGINX with the following configuration:
>
> location = /r { return 302 $request_uri/; }
> location /r/ {
> autoindex on;
> alias /srv/git/;
> location ~ ^/r(/.*/(info/refs|git-upload-pack)$) {
> gzip off;
> include fastcgi_params;
> fastcgi_pass unix:/var/run/fcgiwrap.socket;
> fastcgi_param SCRIPT_FILENAME /usr/local/sbin/git-http-backend;
> fastcgi_param PATH_INFO $1;
> fastcgi_param GIT_HTTP_EXPORT_ALL true;
> fastcgi_param GIT_PROJECT_ROOT /srv/git;
> client_max_body_size 0;
> }
> }
>
> (You made your opinion on nginx clear, but this is just for reference for
> a working configuration).
>
> -----
>
> To run the backend manually, try variations of the following:
>
> $ REQUEST_METHOD=GET GIT_HTTP_EXPORT_ALL=true \
> GIT_PROJECT_ROOT=/home/gordon/projects/ PATH_INFO=/musl/.git/HEAD \
> /usr/lib/git-core/git-http-backend
>
> Content-Length: 23
> Content-Type: text/plain
> ref: refs/heads/master
>
> (running 'man git-http-bckend' will give more details about GIT_PROJECT_ROOT
> etc.).
>
> ----
>
> To run under busybox's httpd, I used the following contrived setup:
>
> mkdir www
> mkdir www/cgi-bin
> echo "hello world" > www/index.html
> cat<<EOF>www/cgi-bin/test.sh
> #!/bin/sh
> echo "Content-type: text/html"
> echo ""
> echo "Hello CGI World"
> EOF
> chmod a+x ./www/cgi-bin/test.sh
>
> busybox httpd -v -f -p 9999 -h ./www
>
> This will start the busybox httpd server, serving files from ./www folder.
> Assuming busybox/httpd was compiled with CGI support, the script in the
> 'cgi-bin' directory should "just work". Test with:
>
> $ curl http://localhost:9999/
> hello world
>
> $ curl http://localhost:9999/cgi-bin/test.sh
> Hello CGI World
>
> If the above worked, the CGI setup is fine and we can move on the git.
>
> ---
>
> Create the following wrapper in ./www/cgi-bin/ (any file name would work,
> but a file name without extension 'looks' better, e.g. 'view'):
>
> #!/bin/sh
> export GIT_HTTP_EXPORT_ALL=true
> export GIT_PROJECT_ROOT=/home/gordon/projects/
> export HTTP_CONTENT_ENCODING=gzip
> exec /usr/lib/git-core/git-http-backend
>
> and make it executable with "chmod a+x ./www/cgi-bin/view".
>
> This setup will serve ANY repository under the 'GIT_PROJECT_ROOT'.
> You can of course adjust as needed.
> In my case, I have '/home/gordon/projects/musl/',
> which is tested below like so:
>
> $ curl -D /dev/stderr http://localhost:9999/cgi-bin/view/musl/HEAD
> HTTP/1.0 200 OK
> Content-Length: 23
> Content-Type: text/plain
>
> ref: refs/heads/master
>
> The above curl command executed the 'view' script with PATH_INFO being
> '/musl/HEAD' - which is a request git-http-backend knows how to handle.
>
> If the above worked, cloning 'should work' as well:
>
> $ git clone http://localhost:9999/cgi-bin/view/musl
> Cloning into 'musl'...
> remote: Counting objects: 31250, done.
> remote: Compressing objects: 100% (9126/9126), done.
> remote: Total 31250 (delta 22523), reused 30465 (delta 21759)
> Receiving objects: 100% (31250/31250), 4.78 MiB | 0 bytes/s, done.
> Resolving deltas: 100% (22523/22523), done.
>
> ----
>
> Others in this thread talked about URL re-routing/aliasing.
> This would be useful to hide the "cgi-bin" part of the URL, but busybox's
> httpd doesn't support it. Having it in the URL isn't the end of the world
> if one insist on using a minimalistic web server.
>
> ----
>
> I haven't used thttpd, but it should work very similarly.
Thanks for the info. I've been playing with it, but haven't been able
to get it to work yet. I suspect thttpd is doing something broken with
the POST request since the git clone breaks during that. Going to look
at it in more detail later.
Rich
next prev parent reply other threads:[~2019-03-26 22:02 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20190324103306.GB1830@localhost>
[not found] ` <20190326003411.GC1872@localhost>
2019-03-26 1:09 ` vlse
2019-03-26 1:17 ` A. Wilcox
2019-03-26 1:37 ` Rich Felker
2019-03-26 1:54 ` vlse
2019-03-26 2:59 ` Rich Felker
2019-03-26 10:02 ` vlse
2019-03-26 10:36 ` Laurent Bercot
2019-03-26 15:04 ` Rich Felker
2019-03-26 15:09 ` Drew DeVault
2019-03-26 15:13 ` Rich Felker
2019-03-26 15:43 ` Drew DeVault
2019-03-26 15:47 ` Rich Felker
2019-03-26 15:57 ` Drew DeVault
2019-03-26 17:57 ` Rich Felker
2019-03-26 20:32 ` A. Wilcox
2019-03-26 20:39 ` Assaf Gordon
2019-03-26 22:02 ` Rich Felker [this message]
2019-03-26 22:32 ` Assaf Gordon
2019-03-26 23:58 ` Rich Felker
2019-03-27 0:15 ` Rich Felker
2019-03-27 5:39 ` vlse
2019-03-27 17:26 ` Assaf Gordon
2019-03-27 17:41 ` Assaf Gordon
2019-04-03 6:42 ` vlse
2019-03-26 10:19 ` Jens Gustedt
2019-03-26 10:30 ` vlse
2019-03-26 14:59 ` Rich Felker
2019-03-26 1:43 ` vlse
2019-03-26 2:29 ` A. Wilcox
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190326220225.GE23599@brightrain.aerifal.cx \
--to=dalias@libc.org \
--cc=musl@lists.openwall.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/musl/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).