From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/14027
Path: news.gmane.org!.POSTED.blaine.gmane.org!not-for-mail
From: Assaf Gordon <assafgordon@gmail.com>
Newsgroups: gmane.linux.lib.musl.general
Subject: Re: Supporting git access via smart HTTPS protocol for musl-libc
Date: Tue, 26 Mar 2019 14:39:13 -0600
Message-ID: <CAHN-GmxZMx69Wf+Lwq8RaUQKx7Z=k19fX7sSsTref+g5jTwSdg@mail.gmail.com>
References: <20190326013706.GV23599@brightrain.aerifal.cx> <20190326015434.GB8855@localhost>
 <20190326025937.GW23599@brightrain.aerifal.cx> <20190326100245.GA1900@localhost>
 <20190326150430.GY23599@brightrain.aerifal.cx> <20190326150901.GA2267@homura.localdomain>
 <20190326151344.GB23599@brightrain.aerifal.cx> <20190326154304.GB2267@homura.localdomain>
 <20190326154700.GC23599@brightrain.aerifal.cx> <20190326155743.GC2267@homura.localdomain>
 <20190326175700.GD23599@brightrain.aerifal.cx>
Reply-To: musl@lists.openwall.com
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Injection-Info: blaine.gmane.org; posting-host="blaine.gmane.org:195.159.176.226";
	logging-data="257027"; mail-complaints-to="usenet@blaine.gmane.org"
To: musl@lists.openwall.com
Original-X-From: musl-return-14043-gllmg-musl=m.gmane.org@lists.openwall.com Tue Mar 26 21:39:44 2019
Return-path: <musl-return-14043-gllmg-musl=m.gmane.org@lists.openwall.com>
Envelope-to: gllmg-musl@m.gmane.org
Original-Received: from mother.openwall.net ([195.42.179.200])
	by blaine.gmane.org with smtp (Exim 4.89)
	(envelope-from <musl-return-14043-gllmg-musl=m.gmane.org@lists.openwall.com>)
	id 1h8srE-0014gn-9Y
	for gllmg-musl@m.gmane.org; Tue, 26 Mar 2019 21:39:40 +0100
Original-Received: (qmail 11365 invoked by uid 550); 26 Mar 2019 20:39:38 -0000
Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:musl@lists.openwall.com>
List-Help: <mailto:musl-help@lists.openwall.com>
List-Unsubscribe: <mailto:musl-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:musl-subscribe@lists.openwall.com>
List-ID: <musl.lists.openwall.com>
Original-Received: (qmail 11347 invoked from network); 26 Mar 2019 20:39:38 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to;
        bh=WrZhOLigkb7SzPnd3LLfiJ+jhnqb7ahntRy1iO+3Iys=;
        b=Y3uFkqPUW9xfbbNgX5Cm7FYhEj6F9pi571ewzaTY6WZWv/alHBsvUedKP71QTr4vRf
         tzESKin7hQW7L5Izxi0wEcgzpH8bVLw+1F7pOHEaslCer3ouiy4qCO5yMQ33uojRF7OO
         QekEUVwapL+fwoAa1UnG10svvIRlcti4NaV0o/T0nxp8kX3JrqJs5J1XoAu75iUKTL9i
         xsgAoQIK0gKdpc2rT+QoOARyfMmUiUJkgTo9VW6lBlRqumomCfhecwRE64K0ftNqryis
         GycP9slz67sT/7J+5ima+7vM6eHEQFzyYGbEZQcG8Eg6qP3986PZlrysYD6STCdVEbhL
         AQKQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to;
        bh=WrZhOLigkb7SzPnd3LLfiJ+jhnqb7ahntRy1iO+3Iys=;
        b=cOmbC3GOL3lh/JlNAHMGNqfQL9ltYRi5Cma8cwjAhtoyBw+/Bidinj7MbAJ0oh+8AB
         h6S5ahJp0Oe1QGWYODEu9EqOlqn0/BjuBAapEXLkJ5VPuQFvMqWpkm6MGfaWWsJK3zAb
         DttH2xwLXDUXR7io/hExz/iN7eSllE107McLw90sBjrLwMOWQL8SiYYiC36hd7gC84qp
         XZMWRKXlco+2g+OSTcPQ+H4nBHv4gVp3dmzfJ/DngOZQcw/6KMqrnorz4rf7v4aDBCGc
         9ojzooIlS+/Pc1FhPzAXiNciMOczW5R7cGnrMjUFDnZfCA5u9cr7GygnFVSWdfNf73WI
         wNng==
X-Gm-Message-State: APjAAAVOkMaklSQtKr5a/eYhUunfdnTjqtVEXCjzBXsSvbvmlkTrk4WT
	cvSiNk/BYGYFJf6+JHIPtr+D2Hots5khmfORegiNmJoO
X-Google-Smtp-Source: APXvYqzdNR8I+8yIdOAj9feWHcoqWtHgi/+xtqC5GTpb1KNYstvTyzpIinF1GdGWwplSRyQO9ODrDisHcJzNXfUAidI=
X-Received: by 2002:ac2:4142:: with SMTP id c2mr16923751lfi.84.1553632766145;
 Tue, 26 Mar 2019 13:39:26 -0700 (PDT)
In-Reply-To: <20190326175700.GD23599@brightrain.aerifal.cx>
Xref: news.gmane.org gmane.linux.lib.musl.general:14027
Archived-At: <http://permalink.gmane.org/gmane.linux.lib.musl.general/14027>

Hello,

I might be able to suggest few pointers on setting up git/http CGI access.

The git package contains 'git-http-backend' (typically in /usr/lib/git-core)
which is a cgi backend meant for smart/dump git cloning.

On GNU Savannah we use NGINX with the following configuration:

  location = /r { return 302 $request_uri/; }
  location /r/ {
    autoindex on;
    alias /srv/git/;
    location ~ ^/r(/.*/(info/refs|git-upload-pack)$) {
      gzip off;
      include fastcgi_params;
      fastcgi_pass unix:/var/run/fcgiwrap.socket;
      fastcgi_param SCRIPT_FILENAME /usr/local/sbin/git-http-backend;
      fastcgi_param PATH_INFO $1;
      fastcgi_param GIT_HTTP_EXPORT_ALL true;
      fastcgi_param GIT_PROJECT_ROOT /srv/git;
      client_max_body_size 0;
    }
  }

(You made your opinion on nginx clear, but this is just for reference for
a working configuration).

-----

To run the backend manually, try variations of the following:

  $ REQUEST_METHOD=GET GIT_HTTP_EXPORT_ALL=true \
    GIT_PROJECT_ROOT=/home/gordon/projects/ PATH_INFO=/musl/.git/HEAD \
    /usr/lib/git-core/git-http-backend

  Content-Length: 23
  Content-Type: text/plain
  ref: refs/heads/master

(running 'man git-http-bckend' will give more details about GIT_PROJECT_ROOT
etc.).

----

To run under busybox's httpd, I used the following contrived setup:

    mkdir www
    mkdir www/cgi-bin
    echo "hello world" > www/index.html
    cat<<EOF>www/cgi-bin/test.sh
    #!/bin/sh
    echo "Content-type: text/html"
    echo ""
    echo "Hello CGI World"
    EOF
    chmod a+x ./www/cgi-bin/test.sh

    busybox httpd -v -f -p 9999 -h ./www

This will start the busybox httpd server, serving files from ./www folder.
Assuming busybox/httpd was compiled with CGI support, the script in the
'cgi-bin' directory should "just work". Test with:

    $ curl http://localhost:9999/
    hello world

    $ curl http://localhost:9999/cgi-bin/test.sh
    Hello CGI World

If the above worked, the CGI setup is fine and we can move on the git.

---

Create the following wrapper in ./www/cgi-bin/ (any file name would work,
but a file name without extension 'looks' better, e.g. 'view'):

    #!/bin/sh
    export GIT_HTTP_EXPORT_ALL=true
    export GIT_PROJECT_ROOT=/home/gordon/projects/
    export HTTP_CONTENT_ENCODING=gzip
    exec /usr/lib/git-core/git-http-backend

and make it executable with "chmod a+x ./www/cgi-bin/view".

This setup will serve ANY repository under the 'GIT_PROJECT_ROOT'.
You can of course adjust as needed.
In my case, I have '/home/gordon/projects/musl/',
which is tested below like so:

    $ curl -D /dev/stderr http://localhost:9999/cgi-bin/view/musl/HEAD
    HTTP/1.0 200 OK
    Content-Length: 23
    Content-Type: text/plain

    ref: refs/heads/master

The above curl command executed the 'view' script with PATH_INFO being
'/musl/HEAD' - which is a request git-http-backend knows how to handle.

If the above worked, cloning 'should work' as well:

    $ git clone http://localhost:9999/cgi-bin/view/musl
    Cloning into 'musl'...
    remote: Counting objects: 31250, done.
    remote: Compressing objects: 100% (9126/9126), done.
    remote: Total 31250 (delta 22523), reused 30465 (delta 21759)
    Receiving objects: 100% (31250/31250), 4.78 MiB | 0 bytes/s, done.
    Resolving deltas: 100% (22523/22523), done.

----

Others in this thread talked about URL re-routing/aliasing.
This would be useful to hide the "cgi-bin" part of the URL, but busybox's
httpd doesn't support it. Having it in the URL isn't the end of the world
if one insist on using a minimalistic web server.

----

I haven't used thttpd, but it should work very similarly.

Hope this helps,
regards,
 - assaf