git_inetd_server: run git-http-backend using inetd

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



===========
What is it?
===========
I have created a script (POSIX sh compatible) that allows running git- http-backend via inetd or similar service (it makes it like git-http- backend had a --inet option just like git-daemon does).

This allows the Git smart HTTP protocol to be served without needing to run a standard web server (assuming inetd, xinetd, launchd or similar is already available).

It is available at [1] with a GPL license.

====
Why?
====
I have several machines/virtual machines that need to be able to fetch from a central Git repository without authentication (several of them are test platforms and are therefore not trusted and typing a password on every fetch is a non-starter as some of the fetches are automated). I also don't want to have to run a web server just to serve Git fetches.

Of course you say, "why not use git daemon for that?" Well, I was (in --inetd mode), but it has a serious problem and until recently I didn't know the cause.

Talking to a git-daemon server works great for my FreeBSD, Darwin, cygwin, msysgit platforms, but it's terrible for my Linux platforms.

On the Linux platforms every git fetch would hang for at least 15 seconds before starting the fetch. I just wrote that off as some odd configuration issue I was going to have to live with (although it only happened with Git and not web browsing or curl fetches). It's killer though when fetching a project with lots of submodules as each one has the delay.

Recently though, I discovered the cause. While I don't actually run Debian itself, all my Linux platforms are Debian offspring (Ubuntu, Raspbian, Linux Mint, etc.). The problem is in the Debian git package [2] specifically the "0010-transport-optionally-honor-DNS-SRV- records.diff" patch located in the Debian diffs file [3].

The 0010 patch makes "git://host/..." fetches first try to fetch a git SRV record from DNS. This patch has a compile time option to enable it, but once baked in it cannot be turned off at runtime and the binary packages for my distributions all have it turned on and baked in. And none of these distributions have a visible "WARNING: Git has patches that may cause it to behave oddly, violate RFC standards and/ or experience unexpected delays."

It so happens that my internal network is setup using mDNS [4] (on Linux/FreeBSD by installing Avahi and nss-mdns packages).

When I then try to fetch using a "git://host/..." URL where "host" is an mDNS host name, the 0010 patch causes git to attempt to lookup a DNS SRV record on the non-mDNS regular DNS service (a violation of RFC 6762 [4] section 22) and this is what has to time out before the real fetch can start.

Since the patch does not try to lookup an SRV record for "http:// host/..." URLs, switching from git: to http: for fetches eliminates the problem. However, git-http-backend does not have any of the -- daemon or --inetd related options that git-daemon does. Hence the git_inetd_server.sh script [1] that provides the equivalent of a -- inetd option for git-http-backend.

I have since discovered that the 0010 patch behavior can be bypassed by explicitly including a port number in the git: URLs. So instead of "git://example.local/repo.git" using "git://example.local:9418/ repo.git" avoids the delaying SRV lookup. This is highly unintuitive since omitting the default port for a scheme should not change its behavior (according to RFC 3986 [5] section 3.2.3 the port should be omitted by producers and normalizers if it's the same as the scheme's default port). In any case, unless git_inetd_server.sh can be run on the default http port (80), the resulting http: URLs are no more convenient than the git: URLs with an explicit port.

Nonetheless, others may find this script helpful as it allows the Git smart (and non-smart) HTTP protocol to be served without needing to run a standard web server so I decided to share it.

--Kyle

=====
Links
=====
[1] https://github.com/mackyle/git_inetd_server
[2] https://packages.debian.org/wheezy/git
[3] http://ftp.de.debian.org/debian/pool/main/g/git/git_1.7.10.4-1+wheezy1.diff.gz
[4] RFC 6762 http://tools.ietf.org/html/rfc6762
[5] RFC 3986 http://tools.ietf.org/html/rfc3986

--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]