From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/14028 Path: news.gmane.org!.POSTED.blaine.gmane.org!not-for-mail From: "Laurent Bercot" Newsgroups: gmane.linux.lib.musl.general Subject: Re: Supporting git access via smart HTTPS protocol for musl-libc Date: Tue, 26 Mar 2019 10:36:14 +0000 Message-ID: References: <20190324103306.GB1830@localhost> <20190326003411.GC1872@localhost> <20190326010933.GC3713@localhost> <397c5906-090a-460e-7ea8-8f9248e0be59@adelielinux.org> <20190326013706.GV23599@brightrain.aerifal.cx> <20190326015434.GB8855@localhost> <20190326025937.GW23599@brightrain.aerifal.cx> <20190326100245.GA1900@localhost> Reply-To: musl@lists.openwall.com Mime-Version: 1.0 Content-Type: text/plain; format=flowed; charset=utf-8 Content-Transfer-Encoding: quoted-printable Injection-Info: blaine.gmane.org; posting-host="blaine.gmane.org:195.159.176.226"; logging-data="247341"; mail-complaints-to="usenet@blaine.gmane.org" User-Agent: eM_Client/7.2.34711.0 To: musl@lists.openwall.com Original-X-From: musl-return-14044-gllmg-musl=m.gmane.org@lists.openwall.com Tue Mar 26 22:39:32 2019 Return-path: Envelope-to: gllmg-musl@m.gmane.org Original-Received: from mother.openwall.net ([195.42.179.200]) by blaine.gmane.org with smtp (Exim 4.89) (envelope-from ) id 1h8tn9-0012GK-G2 for gllmg-musl@m.gmane.org; Tue, 26 Mar 2019 22:39:31 +0100 Original-Received: (qmail 3804 invoked by uid 550); 26 Mar 2019 21:39:29 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Original-Received: (qmail 3783 invoked from network); 26 Mar 2019 21:39:28 -0000 In-Reply-To: <20190326100245.GA1900@localhost> X-VR-SPAMSTATE: OK X-VR-SPAMSCORE: 0 X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedutddrkedtgdduudeiucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecupfgfoffgtffkveetuefngfdpqfgfvfenuceurghilhhouhhtmecufedttdenucenucfjughrpefhvffufffkjghfrhgfgggtgfesthhqredttderjeenucfhrhhomhepfdfnrghurhgvnhhtuceuvghrtghothdfuceoshhkrgdqughivghtlhhisggtsehskhgrrhhnvghtrdhorhhgqeenucffohhmrghinhepmhhushhlqdhlihgstgdrohhrghdphhhtthhpshhonhhskhgrrhhnvghtrdhorhhgpdhhthhtphhsshhmrghrthhprhhothhotgholhgshihushhinhhgtghgihhtihhtshgvlhhfrdhnohenucfrrghrrghmpehmohguvgepshhmthhpohhuthenucevlhhushhtvghrufhiiigvpedt Xref: news.gmane.org gmane.linux.lib.musl.general:14028 Archived-At: >On further enquiry I found that the latest cgit only supports dumb http pr= otocol >for cloning or fetch. But it has option to disable the http/s cloning supp= ort, >so that another program can do it. Sorry, I was on the impression that ska= rnet was >supporting git http/s smart protocol by using cgit itself. No, this is much simpler than that: HTTPS on skarnet.org is supported by having busybox httpd run under a TLS-capable superserver (s6-tlsserver, from s6-networking, which can use BearSSL as its crypto backend). It's literally HTTP in a TLS tunnel, and has nothing to do with cgit or git, which are not TLS-aware at all. Unfortunately, that solution isn't applicable to git.musl-libc.org, because thttpd apparently insists on doing the socket listening itself - it doesn't seem to support inetd-style, which is how s6-tlsserver operates. This is a direct illustration of the superior convenience of inetd-style servers: they can be plugged with other tools in order to achieve functionality the original author didn't plan for. For thttpd, a different approach will be necessary, very likely at the CGI level. Good luck, Jim. -- Laurent