[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAHN-GmxZMx69Wf+Lwq8RaUQKx7Z=k19fX7sSsTref+g5jTwSdg@mail.gmail.com>
Date: Tue, 26 Mar 2019 14:39:13 -0600
From: Assaf Gordon <assafgordon@...il.com>
To: musl@...ts.openwall.com
Subject: Re: Supporting git access via smart HTTPS protocol for musl-libc
Hello,
I might be able to suggest few pointers on setting up git/http CGI access.
The git package contains 'git-http-backend' (typically in /usr/lib/git-core)
which is a cgi backend meant for smart/dump git cloning.
On GNU Savannah we use NGINX with the following configuration:
location = /r { return 302 $request_uri/; }
location /r/ {
autoindex on;
alias /srv/git/;
location ~ ^/r(/.*/(info/refs|git-upload-pack)$) {
gzip off;
include fastcgi_params;
fastcgi_pass unix:/var/run/fcgiwrap.socket;
fastcgi_param SCRIPT_FILENAME /usr/local/sbin/git-http-backend;
fastcgi_param PATH_INFO $1;
fastcgi_param GIT_HTTP_EXPORT_ALL true;
fastcgi_param GIT_PROJECT_ROOT /srv/git;
client_max_body_size 0;
}
}
(You made your opinion on nginx clear, but this is just for reference for
a working configuration).
-----
To run the backend manually, try variations of the following:
$ REQUEST_METHOD=GET GIT_HTTP_EXPORT_ALL=true \
GIT_PROJECT_ROOT=/home/gordon/projects/ PATH_INFO=/musl/.git/HEAD \
/usr/lib/git-core/git-http-backend
Content-Length: 23
Content-Type: text/plain
ref: refs/heads/master
(running 'man git-http-bckend' will give more details about GIT_PROJECT_ROOT
etc.).
----
To run under busybox's httpd, I used the following contrived setup:
mkdir www
mkdir www/cgi-bin
echo "hello world" > www/index.html
cat<<EOF>www/cgi-bin/test.sh
#!/bin/sh
echo "Content-type: text/html"
echo ""
echo "Hello CGI World"
EOF
chmod a+x ./www/cgi-bin/test.sh
busybox httpd -v -f -p 9999 -h ./www
This will start the busybox httpd server, serving files from ./www folder.
Assuming busybox/httpd was compiled with CGI support, the script in the
'cgi-bin' directory should "just work". Test with:
$ curl http://localhost:9999/
hello world
$ curl http://localhost:9999/cgi-bin/test.sh
Hello CGI World
If the above worked, the CGI setup is fine and we can move on the git.
---
Create the following wrapper in ./www/cgi-bin/ (any file name would work,
but a file name without extension 'looks' better, e.g. 'view'):
#!/bin/sh
export GIT_HTTP_EXPORT_ALL=true
export GIT_PROJECT_ROOT=/home/gordon/projects/
export HTTP_CONTENT_ENCODING=gzip
exec /usr/lib/git-core/git-http-backend
and make it executable with "chmod a+x ./www/cgi-bin/view".
This setup will serve ANY repository under the 'GIT_PROJECT_ROOT'.
You can of course adjust as needed.
In my case, I have '/home/gordon/projects/musl/',
which is tested below like so:
$ curl -D /dev/stderr http://localhost:9999/cgi-bin/view/musl/HEAD
HTTP/1.0 200 OK
Content-Length: 23
Content-Type: text/plain
ref: refs/heads/master
The above curl command executed the 'view' script with PATH_INFO being
'/musl/HEAD' - which is a request git-http-backend knows how to handle.
If the above worked, cloning 'should work' as well:
$ git clone http://localhost:9999/cgi-bin/view/musl
Cloning into 'musl'...
remote: Counting objects: 31250, done.
remote: Compressing objects: 100% (9126/9126), done.
remote: Total 31250 (delta 22523), reused 30465 (delta 21759)
Receiving objects: 100% (31250/31250), 4.78 MiB | 0 bytes/s, done.
Resolving deltas: 100% (22523/22523), done.
----
Others in this thread talked about URL re-routing/aliasing.
This would be useful to hide the "cgi-bin" part of the URL, but busybox's
httpd doesn't support it. Having it in the URL isn't the end of the world
if one insist on using a minimalistic web server.
----
I haven't used thttpd, but it should work very similarly.
Hope this helps,
regards,
- assaf
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
