From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/14029 Path: news.gmane.org!.POSTED.blaine.gmane.org!not-for-mail From: Rich Felker Newsgroups: gmane.linux.lib.musl.general Subject: Re: Supporting git access via smart HTTPS protocol for musl-libc Date: Tue, 26 Mar 2019 18:02:25 -0400 Message-ID: <20190326220225.GE23599@brightrain.aerifal.cx> References: <20190326025937.GW23599@brightrain.aerifal.cx> <20190326100245.GA1900@localhost> <20190326150430.GY23599@brightrain.aerifal.cx> <20190326150901.GA2267@homura.localdomain> <20190326151344.GB23599@brightrain.aerifal.cx> <20190326154304.GB2267@homura.localdomain> <20190326154700.GC23599@brightrain.aerifal.cx> <20190326155743.GC2267@homura.localdomain> <20190326175700.GD23599@brightrain.aerifal.cx> Reply-To: musl@lists.openwall.com Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Injection-Info: blaine.gmane.org; posting-host="blaine.gmane.org:195.159.176.226"; logging-data="75389"; mail-complaints-to="usenet@blaine.gmane.org" User-Agent: Mutt/1.5.21 (2010-09-15) To: musl@lists.openwall.com Original-X-From: musl-return-14045-gllmg-musl=m.gmane.org@lists.openwall.com Tue Mar 26 23:02:40 2019 Return-path: Envelope-to: gllmg-musl@m.gmane.org Original-Received: from mother.openwall.net ([195.42.179.200]) by blaine.gmane.org with smtp (Exim 4.89) (envelope-from ) id 1h8u9Y-000JUl-B2 for gllmg-musl@m.gmane.org; Tue, 26 Mar 2019 23:02:40 +0100 Original-Received: (qmail 26438 invoked by uid 550); 26 Mar 2019 22:02:38 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Original-Received: (qmail 26418 invoked from network); 26 Mar 2019 22:02:37 -0000 Content-Disposition: inline In-Reply-To: Original-Sender: Rich Felker Xref: news.gmane.org gmane.linux.lib.musl.general:14029 Archived-At: On Tue, Mar 26, 2019 at 02:39:13PM -0600, Assaf Gordon wrote: > Hello, > > I might be able to suggest few pointers on setting up git/http CGI access. > > The git package contains 'git-http-backend' (typically in /usr/lib/git-core) > which is a cgi backend meant for smart/dump git cloning. > > On GNU Savannah we use NGINX with the following configuration: > > location = /r { return 302 $request_uri/; } > location /r/ { > autoindex on; > alias /srv/git/; > location ~ ^/r(/.*/(info/refs|git-upload-pack)$) { > gzip off; > include fastcgi_params; > fastcgi_pass unix:/var/run/fcgiwrap.socket; > fastcgi_param SCRIPT_FILENAME /usr/local/sbin/git-http-backend; > fastcgi_param PATH_INFO $1; > fastcgi_param GIT_HTTP_EXPORT_ALL true; > fastcgi_param GIT_PROJECT_ROOT /srv/git; > client_max_body_size 0; > } > } > > (You made your opinion on nginx clear, but this is just for reference for > a working configuration). > > ----- > > To run the backend manually, try variations of the following: > > $ REQUEST_METHOD=GET GIT_HTTP_EXPORT_ALL=true \ > GIT_PROJECT_ROOT=/home/gordon/projects/ PATH_INFO=/musl/.git/HEAD \ > /usr/lib/git-core/git-http-backend > > Content-Length: 23 > Content-Type: text/plain > ref: refs/heads/master > > (running 'man git-http-bckend' will give more details about GIT_PROJECT_ROOT > etc.). > > ---- > > To run under busybox's httpd, I used the following contrived setup: > > mkdir www > mkdir www/cgi-bin > echo "hello world" > www/index.html > cat<www/cgi-bin/test.sh > #!/bin/sh > echo "Content-type: text/html" > echo "" > echo "Hello CGI World" > EOF > chmod a+x ./www/cgi-bin/test.sh > > busybox httpd -v -f -p 9999 -h ./www > > This will start the busybox httpd server, serving files from ./www folder. > Assuming busybox/httpd was compiled with CGI support, the script in the > 'cgi-bin' directory should "just work". Test with: > > $ curl http://localhost:9999/ > hello world > > $ curl http://localhost:9999/cgi-bin/test.sh > Hello CGI World > > If the above worked, the CGI setup is fine and we can move on the git. > > --- > > Create the following wrapper in ./www/cgi-bin/ (any file name would work, > but a file name without extension 'looks' better, e.g. 'view'): > > #!/bin/sh > export GIT_HTTP_EXPORT_ALL=true > export GIT_PROJECT_ROOT=/home/gordon/projects/ > export HTTP_CONTENT_ENCODING=gzip > exec /usr/lib/git-core/git-http-backend > > and make it executable with "chmod a+x ./www/cgi-bin/view". > > This setup will serve ANY repository under the 'GIT_PROJECT_ROOT'. > You can of course adjust as needed. > In my case, I have '/home/gordon/projects/musl/', > which is tested below like so: > > $ curl -D /dev/stderr http://localhost:9999/cgi-bin/view/musl/HEAD > HTTP/1.0 200 OK > Content-Length: 23 > Content-Type: text/plain > > ref: refs/heads/master > > The above curl command executed the 'view' script with PATH_INFO being > '/musl/HEAD' - which is a request git-http-backend knows how to handle. > > If the above worked, cloning 'should work' as well: > > $ git clone http://localhost:9999/cgi-bin/view/musl > Cloning into 'musl'... > remote: Counting objects: 31250, done. > remote: Compressing objects: 100% (9126/9126), done. > remote: Total 31250 (delta 22523), reused 30465 (delta 21759) > Receiving objects: 100% (31250/31250), 4.78 MiB | 0 bytes/s, done. > Resolving deltas: 100% (22523/22523), done. > > ---- > > Others in this thread talked about URL re-routing/aliasing. > This would be useful to hide the "cgi-bin" part of the URL, but busybox's > httpd doesn't support it. Having it in the URL isn't the end of the world > if one insist on using a minimalistic web server. > > ---- > > I haven't used thttpd, but it should work very similarly. Thanks for the info. I've been playing with it, but haven't been able to get it to work yet. I suspect thttpd is doing something broken with the POST request since the git clone breaks during that. Going to look at it in more detail later. Rich