Re: Supporting git access via smart HTTPS protocol for musl-libc

[Rich Felker <dalias@libc.org>]

On Tue, Mar 26, 2019 at 02:39:13PM -0600, Assaf Gordon wrote:
> Hello,
> 
> I might be able to suggest few pointers on setting up git/http CGI access.
> 
> The git package contains 'git-http-backend' (typically in /usr/lib/git-core)
> which is a cgi backend meant for smart/dump git cloning.
> 
> On GNU Savannah we use NGINX with the following configuration:
> 
>   location = /r { return 302 $request_uri/; }
>   location /r/ {
>     autoindex on;
>     alias /srv/git/;
>     location ~ ^/r(/.*/(info/refs|git-upload-pack)$) {
>       gzip off;
>       include fastcgi_params;
>       fastcgi_pass unix:/var/run/fcgiwrap.socket;
>       fastcgi_param SCRIPT_FILENAME /usr/local/sbin/git-http-backend;
>       fastcgi_param PATH_INFO $1;
>       fastcgi_param GIT_HTTP_EXPORT_ALL true;
>       fastcgi_param GIT_PROJECT_ROOT /srv/git;
>       client_max_body_size 0;
>     }
>   }
> 
> (You made your opinion on nginx clear, but this is just for reference for
> a working configuration).
> 
> -----
> 
> To run the backend manually, try variations of the following:
> 
>   $ REQUEST_METHOD=GET GIT_HTTP_EXPORT_ALL=true \
>     GIT_PROJECT_ROOT=/home/gordon/projects/ PATH_INFO=/musl/.git/HEAD \
>     /usr/lib/git-core/git-http-backend
> 
>   Content-Length: 23
>   Content-Type: text/plain
>   ref: refs/heads/master
> 
> (running 'man git-http-bckend' will give more details about GIT_PROJECT_ROOT
> etc.).
> 
> ----
> 
> To run under busybox's httpd, I used the following contrived setup:
> 
>     mkdir www
>     mkdir www/cgi-bin
>     echo "hello world" > www/index.html
>     cat<<EOF>www/cgi-bin/test.sh
>     #!/bin/sh
>     echo "Content-type: text/html"
>     echo ""
>     echo "Hello CGI World"
>     EOF
>     chmod a+x ./www/cgi-bin/test.sh
> 
>     busybox httpd -v -f -p 9999 -h ./www
> 
> This will start the busybox httpd server, serving files from ./www folder.
> Assuming busybox/httpd was compiled with CGI support, the script in the
> 'cgi-bin' directory should "just work". Test with:
> 
>     $ curl http://localhost:9999/
>     hello world
> 
>     $ curl http://localhost:9999/cgi-bin/test.sh
>     Hello CGI World
> 
> If the above worked, the CGI setup is fine and we can move on the git.
> 
> ---
> 
> Create the following wrapper in ./www/cgi-bin/ (any file name would work,
> but a file name without extension 'looks' better, e.g. 'view'):
> 
>     #!/bin/sh
>     export GIT_HTTP_EXPORT_ALL=true
>     export GIT_PROJECT_ROOT=/home/gordon/projects/
>     export HTTP_CONTENT_ENCODING=gzip
>     exec /usr/lib/git-core/git-http-backend
> 
> and make it executable with "chmod a+x ./www/cgi-bin/view".
> 
> This setup will serve ANY repository under the 'GIT_PROJECT_ROOT'.
> You can of course adjust as needed.
> In my case, I have '/home/gordon/projects/musl/',
> which is tested below like so:
> 
>     $ curl -D /dev/stderr http://localhost:9999/cgi-bin/view/musl/HEAD
>     HTTP/1.0 200 OK
>     Content-Length: 23
>     Content-Type: text/plain
> 
>     ref: refs/heads/master
> 
> The above curl command executed the 'view' script with PATH_INFO being
> '/musl/HEAD' - which is a request git-http-backend knows how to handle.
> 
> If the above worked, cloning 'should work' as well:
> 
>     $ git clone http://localhost:9999/cgi-bin/view/musl
>     Cloning into 'musl'...
>     remote: Counting objects: 31250, done.
>     remote: Compressing objects: 100% (9126/9126), done.
>     remote: Total 31250 (delta 22523), reused 30465 (delta 21759)
>     Receiving objects: 100% (31250/31250), 4.78 MiB | 0 bytes/s, done.
>     Resolving deltas: 100% (22523/22523), done.
> 
> ----
> 
> Others in this thread talked about URL re-routing/aliasing.
> This would be useful to hide the "cgi-bin" part of the URL, but busybox's
> httpd doesn't support it. Having it in the URL isn't the end of the world
> if one insist on using a minimalistic web server.
> 
> ----
> 
> I haven't used thttpd, but it should work very similarly.

Thanks for the info. I've been playing with it, but haven't been able
to get it to work yet. I suspect thttpd is doing something broken with
the POST request since the git clone breaks during that. Going to look
at it in more detail later.

Rich