WIP: read-only https support

just scratching an itch; there are plenty of web forges online and I don't have an account for every one of them (not that I want to). I can use git to clone, but then i'd miss all the niceties :) Diff belows adds an initial read-only HTTP/S support for got fetch and clone. The code is incomplete, wip, etc... use it at your own risk. Sharing just in case somebody wants to play along. This is done with a new libexec helper "got-http" (an alternative name could be "got-dial-http"?) To minimize the changes needed to the dial and fetch_pack API I decided to write an helper that behaves like ssh(1) as far as got is concerned. Under the hood, it transforms what got asks into HTTP requests. Only the "smart" HTTP protocol is supported, the "dumb" one not. (as of now at least) The "smart" HTTP protocol behaves almost as git over ssh, but needs two HTTP requests: - a first one to do the "discovery" (see if the remote server is "smart") and fetch the refs - a POST where we send our have/want line and fetch the packfile The dumb one is just a bare git repo served via a web server (could be httpd(8)) and needs us to fetch all the objects manually and do the resolving by ourselves. To be fair I'm not thrilled at the idea of implementing it. got-http is pledged "stdio inet dns" and is not unveiled by default unlike the other libexec helpers. It also can't be sandboxed with capsicum(4) on FreeBSD and I don't want to go thru the pain of trying to sandbox it with landlock on linux (needs to access certs.pem and probably more stuff there?) At the moment it "works." I managed to clone repos from github (including ports.git) and from sr.ht. Incremental fetches also seems to work, in part at least. There's still some bits of how the server replies that I'm not following. For example, here's an excerpt of a partial fetch: 00000000 30 30 30 38 4e 41 4b 0a 30 30 32 39 02 45 6e 75 |0008NAK.0029.Enu| 00000010 6d 65 72 61 74 69 6e 67 20 6f 62 6a 65 63 74 73 |merating objects| 00000020 3a 20 31 37 37 33 39 32 34 2c 20 64 6f 6e 65 2e |: 1773924, done.| 00000030 0a 30 30 32 36 02 43 6f 75 6e 74 69 6e 67 20 6f |.0026.Counting o| ... 000021a0 30 25 20 28 37 39 34 30 2f 37 39 34 30 29 2c 20 |0% (7940/7940), | 000021b0 64 6f 6e 65 2e 0a 30 30 31 30 01 50 41 43 4b 00 |done..0010.PACK.| 000021c0 00 00 02 00 1b 11 32 30 30 35 01 64 93 16 78 9c |......2005.d..x.| We get a NAK and then side-band info, which seems to confuse got-fetch-pack that excepts at least one ACK. (see the XXX below.) In some case partial fetches seems to degrade into a full fetch, still investigating. diff /home/op/w/gotd commit - 4cad5be9f88baeb0583b4b63a546f5815929a270 path + /home/op/w/gotd blob - ad0fec63ec6030f40937e7bf6836769359bb55ba file + got/got.c --- got/got.c +++ got/got.c @@ -1649,16 +1649,16 @@ cmd_clone(int argc, char *argv[]) err(1, "pledge"); #endif } else if (strcmp(proto, "git+ssh") == 0 || - strcmp(proto, "ssh") == 0) { + strcmp(proto, "ssh") == 0 || + strcmp(proto, "git+http") == 0 || + strcmp(proto, "http") == 0 || + strcmp(proto, "git+https") == 0 || + strcmp(proto, "https") == 0) { #ifndef PROFILE if (pledge("stdio rpath wpath cpath fattr flock proc exec " "sendfd unveil", NULL) == -1) err(1, "pledge"); #endif - } else if (strcmp(proto, "http") == 0 || - strcmp(proto, "git+http") == 0) { - error = got_error_path(proto, GOT_ERR_NOT_IMPL); - goto done; } else { error = got_error_path(proto, GOT_ERR_BAD_PROTO); goto done; @@ -2514,16 +2514,16 @@ cmd_fetch(int argc, char *argv[]) err(1, "pledge"); #endif } else if (strcmp(proto, "git+ssh") == 0 || - strcmp(proto, "ssh") == 0) { + strcmp(proto, "ssh") == 0 || + strcmp(proto, "git+http") == 0 || + strcmp(proto, "http") == 0 || + strcmp(proto, "git+https") == 0 || + strcmp(proto, "https") == 0) { #ifndef PROFILE if (pledge("stdio rpath wpath cpath fattr flock proc exec " "sendfd unveil", NULL) == -1) err(1, "pledge"); #endif - } else if (strcmp(proto, "http") == 0 || - strcmp(proto, "git+http") == 0) { - error = got_error_path(proto, GOT_ERR_NOT_IMPL); - goto done; } else { error = got_error_path(proto, GOT_ERR_BAD_PROTO); goto done; blob - 3325c8994f55721d8588155cdc72b95d11fd2248 file + lib/dial.c --- lib/dial.c +++ lib/dial.c @@ -18,19 +18,28 @@ #include <sys/queue.h> #include <sys/types.h> #include <sys/socket.h> +#include <sys/uio.h> #include <netdb.h> #include <assert.h> #include <err.h> +#include <limits.h> +#include <sha1.h> +#include <stdint.h> #include <stdio.h> #include <stdlib.h> #include <string.h> #include <unistd.h> +#include <imsg.h> #include "got_error.h" #include "got_path.h" +#include "got_object.h" #include "got_lib_dial.h" +#include "got_lib_delta.h" +#include "got_lib_object.h" +#include "got_lib_privsep.h" #include "got_dial.h" #ifndef nitems @@ -63,6 +72,13 @@ got_dial_apply_unveil(const char *proto) } } + if (strstr(proto, "http") != NULL) { + if (unveil(GOT_PATH_PROG_HTTP, "x") != 0) { + return got_error_from_errno2("unveil", + GOT_PATH_PROG_HTTP); + } + } + return NULL; } @@ -321,3 +337,59 @@ done: *newfd = fd; return err; } + +const struct got_error * +got_dial_http(pid_t *newpid, int *newfd, const char *host, + const char *port, const char *path, int verbosity, int tls) +{ + const struct got_error *error = NULL; + int pid, pfd[2]; + const char *argv[8]; + int i = 0; + + *newpid = -1; + *newfd = -1; + + if (!port) + port = tls ? "443" : "80"; + + argv[i++] = GOT_PATH_PROG_HTTP; + if (verbosity == -1) + argv[i++] = "-q"; + else if (verbosity > 0) + argv[i++] = "-v"; + argv[i++] = "--"; + argv[i++] = tls ? "https" : "http"; + argv[i++] = host; + argv[i++] = port; + argv[i++] = path; + argv[i++] = NULL; + assert(i <= nitems(argv)); + + if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, pfd) == -1) + return got_error_from_errno("socketpair"); + + pid = fork(); + if (pid == -1) { + error = got_error_from_errno("fork"); + close(pfd[0]); + close(pfd[1]); + return error; + } else if (pid == 0) { + if (close(pfd[1]) == -1) + err(1, "close"); + if (dup2(pfd[0], 0) == -1) + err(1, "dup2"); + if (dup2(pfd[0], 1) == -1) + err(1, "dup2"); + if (execv(GOT_PATH_PROG_HTTP, (char *const *)argv) == -1) + err(1, "execv"); + abort(); /* not reached */ + } else { + if (close(pfd[0]) == -1) + return got_error_from_errno("close"); + *newpid = pid; + *newfd = pfd[1]; + return NULL; + } +} blob - 0dd641076040553ff06ef8320ae4686dabdd6786 file + lib/fetch.c --- lib/fetch.c +++ lib/fetch.c @@ -91,8 +91,12 @@ got_fetch_connect(pid_t *fetchpid, int *fetchfd, const else if (strcmp(proto, "git") == 0) err = got_dial_git(fetchfd, host, port, server_path, GOT_DIAL_DIRECTION_FETCH); - else if (strcmp(proto, "http") == 0 || strcmp(proto, "git+http") == 0) - err = got_error_path(proto, GOT_ERR_NOT_IMPL); + else if (strcmp(proto, "http") == 0 || + strcmp(proto, "git+http") == 0 || + strcmp(proto, "https") == 0 || + strcmp(proto, "git+https") == 0) + err = got_dial_http(fetchpid, fetchfd, host, port, + server_path, verbosity, strstr(proto, "https") != NULL); else err = got_error_path(proto, GOT_ERR_BAD_PROTO); return err; blob - cbaf4ea224445b13ae795d7ec9ddb72fda40ab52 file + lib/got_lib_dial.h --- lib/got_lib_dial.h +++ lib/got_lib_dial.h @@ -24,3 +24,6 @@ const struct got_error *got_dial_ssh(pid_t *newpid, in const struct got_error *got_dial_ssh(pid_t *newpid, int *newfd, const char *host, const char *port, const char *path, const char *direction, int verbosity); + +const struct got_error *got_dial_http(pid_t *newpid, int *newfd, + const char *host, const char *port, const char *path, int, int); blob - 37d537ab48623fa50dd909cf2725e58151958e35 file + lib/got_lib_privsep.h --- lib/got_lib_privsep.h +++ lib/got_lib_privsep.h @@ -48,6 +48,7 @@ #define GOT_PROG_FETCH_PACK got-fetch-pack #define GOT_PROG_INDEX_PACK got-index-pack #define GOT_PROG_SEND_PACK got-send-pack +#define GOT_PROG_HTTP got-http #define GOT_STRINGIFY(x) #x #define GOT_STRINGVAL(x) GOT_STRINGIFY(x) @@ -77,6 +78,8 @@ GOT_STRINGVAL(GOT_LIBEXECDIR) "/" GOT_STRINGVAL(GOT_PROG_SEND_PACK) #define GOT_PATH_PROG_INDEX_PACK \ GOT_STRINGVAL(GOT_LIBEXECDIR) "/" GOT_STRINGVAL(GOT_PROG_INDEX_PACK) +#define GOT_PATH_PROG_HTTP \ + GOT_STRINGVAL(GOT_LIBEXECDIR) "/" GOT_STRINGVAL(GOT_PROG_HTTP) enum got_imsg_type { /* An error occured while processing a request. */ blob - 174d412f27d59a5180400ca4bbd33f6a4b8e5564 file + lib/privsep.c --- lib/privsep.c +++ lib/privsep.c @@ -3483,6 +3483,7 @@ got_privsep_unveil_exec_helpers(void) GOT_PATH_PROG_FETCH_PACK, GOT_PATH_PROG_INDEX_PACK, GOT_PATH_PROG_SEND_PACK, + /* GOT_PATH_PROG_HTTP explicitly excluded */ }; size_t i; blob - cfd4876a2dfa135816bb51fb862396c0cd6a4331 file + libexec/Makefile --- libexec/Makefile +++ libexec/Makefile @@ -1,6 +1,6 @@ SUBDIR = got-read-blob got-read-commit got-read-object got-read-tree \ got-read-tag got-fetch-pack got-index-pack got-read-pack \ got-read-gitconfig got-read-gotconfig got-send-pack \ - got-read-patch + got-read-patch got-http .include <bsd.subdir.mk> blob - 07e2042c17a6d66588622b9d6a7fb1e9c158cfbd file + libexec/got-fetch-pack/got-fetch-pack.c --- libexec/got-fetch-pack/got-fetch-pack.c +++ libexec/got-fetch-pack/got-fetch-pack.c @@ -541,6 +541,10 @@ fetch_pack(int fd, int packfd, uint8_t *pack_sha1, /* Server has not located our objects yet. */ continue; } + if (n > 1 && buf[0] == 0x2) { + /* XXX: sideband? */ + break; + } if (n < 4 + SHA1_DIGEST_STRING_LENGTH || strncmp(buf, "ACK ", 4) != 0) { err = got_error_msg(GOT_ERR_BAD_PACKET, blob - /dev/null file + libexec/got-http/Makefile (mode 644) --- /dev/null +++ libexec/got-http/Makefile @@ -0,0 +1,18 @@ +.PATH:${.CURDIR}/../../lib + +.include "../../got-version.mk" + +PROG= got-http +SRCS= got-http.c error.c inflate.c sha1.c pollfd.c + +CPPFLAGS= -I${.CURDIR}/../../include -I${.CURDIR}/../../lib + +.if defined(PROFILE) +LDADD= -lutil_p -lz_p -ltls_p +.else +LDADD= -lutil -lz -ltls +.endif + +DPADD= ${LIBZ} ${LIBUTIL} ${LIBTLS} + +.include <bsd.prog.mk> blob - /dev/null file + libexec/got-http/got-http.c (mode 644) --- /dev/null +++ libexec/got-http/got-http.c @@ -0,0 +1,608 @@ +/* + * Copyright (c) 2022 Omar Polo <op@openbsd.org> + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include <sys/types.h> +#include <sys/socket.h> + +#include <err.h> +#include <errno.h> +#include <limits.h> +#include <netdb.h> +#include <poll.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <tls.h> +#include <unistd.h> + +#include "got_version.h" + +#define UPLOAD_PACK_ADV "application/x-git-upload-pack-advertisement" +#define UPLOAD_PACK_REQ "application/x-git-upload-pack-request" +#define UPLOAD_PACK_RES "application/x-git-upload-pack-result" + +#define HTTP_BUFSIZ 4096 +#define GOT_USERAGENT "got/" GOT_VERSION_STR +#define MINIMUM(a, b) ((a) < (b) ? (a) : (b)) +#define hasprfx(str, p) (strncasecmp(str, p, strlen(p)) == 0) + +#define DEBUG_HTTP 1 + +FILE *tmp; + +static int verbose; + +static long long +hexstrtonum(const char *str, long long min, long long max, const char **errstr) +{ + long long lval; + char *cp; + + errno = 0; + lval = strtoll(str, &cp, 16); + if (*str == '\0' || *cp != '\0') { + *errstr = "not a number"; + return 0; + } + if ((errno == ERANGE && (lval == LONG_MAX || lval == LONG_MIN)) || + lval < min || lval > max) { + *errstr = "out of range"; + return 0; + } + + *errstr = NULL; + return lval; +} + +static int +stdio_tls_write(void *arg, const char *buf, int len) +{ + struct tls *ctx = arg; + ssize_t ret; + + do { + ret = tls_write(ctx, buf, len); + } while (ret == TLS_WANT_POLLIN || ret == TLS_WANT_POLLOUT); + + if (ret == -1) + warn("tls_write: %s", tls_error(ctx)); + + return ret; +} + +static int +stdio_tls_read(void *arg, char *buf, int len) +{ + struct tls *ctx = arg; + ssize_t ret; + + do { + ret = tls_read(ctx, buf, len); + } while (ret == TLS_WANT_POLLIN || ret == TLS_WANT_POLLOUT); + + if (ret == -1) + warn("tls_read: %s", tls_error(ctx)); + + return ret; +} + +static int +stdio_tls_close(void *arg) +{ + struct tls *ctx = arg; + int ret; + + do { + ret = tls_close(ctx); + } while (ret == TLS_WANT_POLLIN || ret == TLS_WANT_POLLOUT); + + return ret; +} + +static FILE * +dial(int https, const char *host, const char *port) +{ + FILE *fp; + struct tls *ctx; + struct tls_config *conf; + struct addrinfo hints, *res, *res0; + int r, error, saved_errno, fd = -1; + const char *cause = NULL; + + if (https) { + if ((conf = tls_config_new()) == NULL) + errx(1, "failed to create TLS configuration"); + if ((ctx = tls_client()) == NULL) + errx(1, "failed to create TLS client"); + if (tls_configure(ctx, conf) == -1) + errx(1, "TLS configuration failure: %s", + tls_error(ctx)); + tls_config_free(conf); + + if (tls_connect(ctx, host, port) == -1) { + warnx("connect to %s:%s: %s", host, port, + tls_error(ctx)); + tls_close(ctx); + return NULL; + } + do { + r = tls_handshake(ctx); + } while (r == TLS_WANT_POLLIN || r == TLS_WANT_POLLOUT); + fp = funopen(ctx, stdio_tls_read, stdio_tls_write, NULL, + stdio_tls_close); + if (fp == NULL) { + warn("funopen"); + tls_free(ctx); + } + return fp; + } + + memset(&hints, 0, sizeof(hints)); + hints.ai_family = AF_UNSPEC; + hints.ai_socktype = SOCK_STREAM; + error = getaddrinfo(host, port, &hints, &res0); + if (error) { + warnx("%s", gai_strerror(error)); + return NULL; + } + + for (res = res0; res; res = res->ai_next) { + fd = socket(res->ai_family, res->ai_socktype, + res->ai_protocol); + if (fd == -1) { + cause = "socket"; + continue; + } + + if (connect(fd, res->ai_addr, res->ai_addrlen) == 0) + break; + + cause = "connect"; + saved_errno = errno; + close(fd); + fd = -1; + errno = saved_errno; + } + freeaddrinfo(res0); + + if (fd == -1) { + warn("%s", cause); + return NULL; + } + + if ((fp = fdopen(fd, "r+")) == NULL) { + warn("fdopen"); + close(fd); + } + return fp; +} + +static FILE * +http_open(int https, const char *method, const char *host, const char *port, + const char *path, const char *path_sufx, const char *query, + const char *ctype) +{ + FILE *fp; + const char *chdr = NULL, *te = ""; + char *p, *req; + int r; + + if ((fp = dial(https, host, port)) == NULL) + return NULL; + + if (path_sufx != NULL && *path && path[strlen(path) - 1] == '/') + path_sufx++; /* skip the slash */ + + if (strcmp(method, "POST") == 0) + te = "\r\nTransfer-Encoding: chunked\r\n"; + + if (ctype) + chdr = "Content-Type: "; + + r = asprintf(&p, "%s/%s%s%s", path, path_sufx, + query ? "?" : "", query ? query : ""); + if (r == -1) + err(1, "asprintf"); + + r = asprintf(&req, "%s %s HTTP/1.1\r\n" + "Host: %s\r\n" + "Connection: close\r\n" + "User-agent: %s\r\n" + "%s%s%s\r\n", + method, p, host, GOT_USERAGENT, + chdr ? chdr : "", ctype ? ctype : "", te); + free(p); + if (r == -1) + err(1, "asprintf"); + + if (verbose > 0) + fprintf(stderr, "%s: %s", getprogname(), req); + + if (fwrite(req, 1, r, fp) != r) { + free(req); + fclose(fp); + return NULL; + } + free(req); + + return fp; +} + +static int +http_parse_reply(FILE *fp, int *chunked, const char *expected_ctype) +{ + char *cp, *line = NULL; + size_t linesize = 0; + ssize_t linelen; + + *chunked = 0; + + if ((linelen = getline(&line, &linesize, fp)) == -1) { + warn("%s: getline", __func__); + return -1; + } + + if ((cp = strchr(line, '\r')) == NULL) { + warnx("malformed HTTP response"); + goto err; + } + *cp = '\0'; + + if ((cp = strchr(line, ' ')) == NULL) { + warnx("malformed HTTP response"); + goto err; + } + cp++; + + if (strncmp(cp, "200 ", 4) != 0) { + warnx("malformed HTTP response"); + goto err; + } + + while ((linelen = getline(&line, &linesize, fp)) != -1) { + if (line[linelen-1] == '\n') + line[--linelen] = '\0'; + if (linelen > 0 && line[linelen-1] == '\r') + line[--linelen] = '\0'; + + if (*line == '\0') + break; + + if (hasprfx(line, "content-type:")) { + cp = strchr(line, ':') + 1; + cp += strspn(cp, " \t"); + cp[strcspn(cp, " \t")] = '\0'; + if (strcmp(cp, expected_ctype) != 0) { + warnx("server not using the \"smart\" " + "HTTP protocol."); + goto err; + } + } + + if (hasprfx(line, "transfer-encoding:")) { + cp = strchr(line, ':') + 1; + cp += strspn(cp, " \t"); + cp[strcspn(cp, " \t")] = '\0'; + if (strcmp(cp, "chunked") != 0) { + warnx("unknown transfer-encoding"); + goto err; + } + *chunked = 1; + } + } + + free(line); + return 0; + +err: + free(line); + return -1; +} + +static ssize_t +http_read(FILE *fp, int chunked, size_t *chunksz, void *buf, size_t bufsz) +{ + const char *errstr; + char *cp, *line = NULL; + size_t r, linesize = 0; + ssize_t ret = 0, linelen; + + if (!chunked) { + r = fread(buf, 1, bufsz, fp); + if (r == 0 && ferror(fp)) + return -1; +#if DEBUG_HTTP + fwrite(buf, 1, r, stderr); +#endif + return r; + } + + while (bufsz > 0) { + if (*chunksz == 0) { + again: + if ((linelen = getline(&line, &linesize, fp)) == -1) { + if (ferror(fp)) { + warn("%s: getline", __func__); + ret = -1; + } + break; + } + + if ((cp = strchr(line, '\r')) == NULL) { + warnx("invalid HTTP chunk: missing CR"); + ret = -1; + break; + } + *cp = '\0'; + + if (*line == '\0') + goto again; /* was the CRLF after the chunk */ + + *chunksz = hexstrtonum(line, 0, INT_MAX, &errstr); + if (errstr != NULL) { + warnx("invalid HTTP chunk: size is %s (%s)", + errstr, line); + ret = -1; + break; + } + + if (*chunksz == 0) + break; + } + + r = fread(buf, 1, MINIMUM(*chunksz, bufsz), fp); + if (r == 0) { + if (ferror(fp)) + ret = -1; + break; + } + +#if DEBUG_HTTP + if (tmp) + fwrite(buf, 1, r, tmp); + /* fwrite(buf, 1, r, stderr); */ +#endif + ret += r; + buf += r; + bufsz -= r; + *chunksz -= r; + } + + free(line); + return ret; +} + +static void +http_chunk(FILE *fp, const void *buf, size_t len) +{ + /* fprintf(stderr, "> %.*s", (int)len, (char *)buf); */ + + fprintf(fp, "%zx\r\n", len); + if (fwrite(buf, 1, len, fp) != len || + fwrite("\r\n", 1, 2, fp) != 2) + err(1, "%s fwrite", __func__); +} + +static int +get_refs(int https, const char *host, const char *port, const char *path) +{ + char buf[HTTP_BUFSIZ]; + const char *errstr, *sufx = "/info/refs"; + FILE *fp; + size_t skip, chunksz = 0; + ssize_t r; + int chunked; + + fp = http_open(https, "GET", host, port, path, sufx, + "service=git-upload-pack", NULL); + if (fp == NULL) + return -1; + + if (http_parse_reply(fp, &chunked, UPLOAD_PACK_ADV) == -1) { + fclose(fp); + return -1; + } + + /* skip first pack; why git over http is like this? */ + r = http_read(fp, chunked, &chunksz, buf, 4); + if (r <= 0) { + fclose(fp); + return -1; + } + buf[4] = '\0'; + skip = hexstrtonum(buf, 0, INT_MAX, &errstr); + if (errstr != NULL) { + warnx("pktlen is %s", errstr); + fclose(fp); + return -1; + } + + /* TODO: validate it's # service=git-upload-pack\n */ + while (skip > 0) { + r = http_read(fp, chunked, &chunksz, buf, + MINIMUM(skip, sizeof(buf))); + if (r <= 0) { + fclose(fp); + return -1; + } + + skip -= r; + } + + for (;;) { + r = http_read(fp, chunked, &chunksz, buf, sizeof(buf)); + if (r == -1) { + fclose(fp); + return -1; + } + + if (r == 0) + break; + + fwrite(buf, 1, r, stdout); + } + + fflush(stdout); + fclose(fp); + return 0; +} + +static int +upload_request(int https, const char *host, const char *port, const char *path, + FILE *in) +{ + const char *errstr; + char buf[HTTP_BUFSIZ]; + FILE *fp; + ssize_t r; + size_t chunksz = 0; + long long t; + int chunked; + + fp = http_open(https, "POST", host, port, path, "/git-upload-pack", + NULL, UPLOAD_PACK_REQ); + if (fp == NULL) + return -1; + + for (;;) { + r = fread(buf, 1, 4, in); + if (r != 4) + goto err; + + buf[4] = '\0'; + t = hexstrtonum(buf, 0, sizeof(buf), &errstr); + if (errstr != NULL) { + warnx("pktline len is %s", errstr); + goto err; + } + + /* no idea why 0000 is not enough. */ + if (t == 0) { + const char *x = "00000009done\n"; + http_chunk(fp, x, strlen(x)); + http_chunk(fp, NULL, 0); + break; + } + + if (t < 6) { + warnx("pktline len is too small"); + goto err; + } + + r = fread(buf + 4, 1, t - 4, in); + if (r != t - 4) + goto err; + + http_chunk(fp, buf, t); + } + + if (http_parse_reply(fp, &chunked, UPLOAD_PACK_RES) == -1) + goto err; + + for (;;) { + r = http_read(fp, chunked, &chunksz, buf, sizeof(buf)); + if (r == -1) { + fclose(fp); + return -1; + } + + if (r == 0) + break; + + fwrite(buf, 1, r, stdout); + } + + fclose(fp); + return 0; + +err: + fclose(fp); + return -1; +} + +static __dead void +usage(void) +{ + fprintf(stderr, "usage: %s [-qv] proto host port path\n", + getprogname()); + exit(1); +} + +int +main(int argc, char **argv) +{ + struct pollfd pfd; + const char *host, *port, *path; + int https = 0; + int ch; +#if 0 + static int attached; + while (!attached) + sleep(1); +#endif + +#if !DEBUG_HTTP || defined(PROFILE) + if (pledge("stdio inet dns", NULL) == -1) + err(1, "pledge"); +#endif + + while ((ch = getopt(argc, argv, "qv")) != -1) { + switch (ch) { + case 'q': + verbose = -1; + break; + case 'v': + verbose++; + break; + default: + usage(); + } + } + argc -= optind; + argv += optind; + + if (argc != 4) + usage(); + + https = strcmp(argv[0], "https") == 0; + + host = argv[1]; + port = argv[2]; + path = argv[3]; + + if (get_refs(https, host, port, path) == -1) + errx(1, "failed to get refs"); + +#if DEBUG_HTTP + tmp = fopen("/tmp/pck", "w"); +#endif + + pfd.fd = 0; + pfd.events = POLLIN; + if (poll(&pfd, 1, INFTIM) == -1) + err(1, "poll"); + + if ((ch = fgetc(stdin)) == EOF) + return 0; + + ungetc(ch, stdin); + if (upload_request(https, host, port, path, stdin) == -1) { + fflush(tmp); + errx(1, "failed to upload request"); + } + + return 0; +} blob - 45aaadb8bcd9513fe5075ceaa0fc416d03874885 file + libexec/got-read-gotconfig/got-read-gotconfig.c --- libexec/got-read-gotconfig/got-read-gotconfig.c +++ libexec/got-read-gotconfig/got-read-gotconfig.c @@ -383,7 +383,11 @@ validate_protocol(const char *protocol, const char *re if (strcmp(protocol, "ssh") != 0 && strcmp(protocol, "git+ssh") != 0 && - strcmp(protocol, "git") != 0) { + strcmp(protocol, "git") != 0 && + strcmp(protocol, "git+http") != 0 && + strcmp(protocol, "http") != 0 && + strcmp(protocol, "https") != 0 && + strcmp(protocol, "git+https") != 0) { snprintf(msg, sizeof(msg),"unknown protocol \"%s\" " "for remote repository \"%s\"", protocol, repo_name); return got_error_msg(GOT_ERR_PARSE_CONFIG, msg);

2022-11-20 09:45 Omar Polo:
WIP: read-only https support
- 2022-11-20 11:11 Stefan Sperling:
  WIP: read-only https support
- - 2022-11-20 17:59 Omar Polo:
    WIP: read-only https support