5 # Suitable only for exposing to semi-trusted clients: clients are not
6 # supposed to be able to take over the server. However, clients can
7 # probably deny service to each other because the current
8 # implementation is not very good at handling various out-of-course
9 # situations (notably, clients which are too slow).
11 # usage: run it on some port, and then clone or fetch
12 # "git://<realhost>:<realport>/<real-git-url>[ <options>]"
13 # where <real-git-url> is http://<host>/... or git://<host>/...
14 # and <options> is zero or more (whitespace-separated) of
15 # [<some-option>] will be ignored if not recognised
16 # {<some-option>} error if not recognised
17 # options currently known:
18 # fetch=must fail if the fetch/clone from upstream fails
19 # fetch=no just use what is in the cache
20 # fetch=try use what is in the cache if the fetch/clone fails
21 # timeout=<seconds> length of time to allow for fetch/clone
22 # housekeeping-interval-days=<integer> } housekeeping tuning parameters
23 # tree-expire-days=<integer> }
24 # gc-interval-days=<integer> }
26 # example inetd.conf line:
27 # 9419 stream tcp nowait git-cache /usr/bin/git-cache-proxy git-cache-proxy
30 # mkdir /var/cache/git-cache-proxy
31 # chown git-cache /var/cache/git-cache-proxy
34 # Copyright 2010 Tony Finch
35 # Copyright 2013,2014 Ian Jackson
36 # Copyright 2017 Citrix
38 # git-cache-proxy is free software; you can redistribute it and/or
39 # modify them under the terms of the GNU General Public License as
40 # published by the Free Software Foundation; either version 3, or (at
41 # your option) any later version.
43 # git-cache-proxy is distributed in the hope that it will be useful,
44 # but WITHOUT ANY WARRANTY; without even the implied warranty of
45 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
46 # General Public License for more details.
48 # You should have received a copy of the GNU General Public License along
49 # with this program; if not, consult the Free Software Foundation's
50 # website at www.fsf.org, or the GNU Project website at www.gnu.org.
52 # (Some code taken from userv-utils's git-daemon.in and git-service.in
53 # which were written by Tony Finch <dot@dotat.at> and subsequently
54 # heavily modified by Ian Jackson <ijackson@chiark.greenend.org.uk>
55 # and were released under CC0 1.0. The whole program is now GPLv3+.)
63 use Fcntl qw(:flock SEEK_SET);
64 use File::Path qw(remove_tree);
66 our $us = 'git-cache-proxy';
69 our $housekeepingeverydays = 1;
70 our $gcintervaldays = 10;
71 our $treeexpiredays = 21;
72 our $fetchtimeout = 3600;
73 our $maxfetchtimeout = 7200;
74 our $servetimeout = 3600;
75 our $cachedir = '/var/cache/git-cache-proxy';
76 our $housekeepingonly = 0;
78 #---------- error handling and logging ----------
80 # This is a bit fiddly, because we want to catch errors sent to stderr
81 # and dump them to syslog if we can, but only if we are running as an
84 our $log; # filehandle (ref), or "1" meaning syslog
88 return ('(local)') unless defined $sockaddr;
89 my ($port,$addr) = sockaddr_in $sockaddr;
90 $addr = inet_ntoa $addr;
91 return ("[$addr]:$port",$addr,$port);
94 our ($client) = ntoa getpeername STDIN;
95 our ($server) = ntoa getsockname STDIN;
99 openlog $us, qw(pid), 'daemon';
104 my ($pri, $msg) = @_;
105 return if $pri eq 'debug' && !$debug;
106 if ($client eq '(local)') {
107 print STDERR "$us: $pri: $msg\n" or die $!;
111 my $mainmsg = sprintf "%s-%s: %s", $server, $client, $msg;
113 my $wholemsg = sprintf("%s [%d] %s: %s\n",
114 strftime("%Y-%m-%d %H:%M:%S Z", gmtime),
116 $pri eq 'err' ? 'error' : $pri,
118 print $log $wholemsg;
120 syslog $pri, "%s", "$pri $mainmsg";
124 if ($client ne '(local)') {
125 open STDERR, ">/dev/null" or exit 255;
126 open TEMPERR, "+>", undef or exit 255;
127 open STDERR, ">&TEMPERR" or exit 255;
131 if ($client ne '(local)') {
132 if ($?) { logm 'crit', "crashing ($?)"; }
133 seek TEMPERR, 0, SEEK_SET;
148 $SIG{ALRM} = sub { fail "timeout" };
155 my $gitmsg = "ERR $us: $msg";
156 $gitmsg = substr($gitmsg,0,65535); # just in case
157 printf "%04x%s", length($gitmsg)+4, $gitmsg;
162 #---------- argument parsing ----------
166 last unless $ARGV[0] =~ m/^-/;
174 } elsif (s/^-L(.*)$//) {
176 open STDERR, ">>", $logfile or fail "open $logfile: $!";
178 } elsif (s/^-d(.*)$//) {
180 } elsif (s/^--( max-fetch-timeout
184 | housekeeping-interval-days
189 die $vn unless defined ${ $::{$vn} };
192 fail "bad usage: unknown option `$_'";
197 !@ARGV or fail "bad usage: no non-option arguments permitted";
199 #---------- utility functions ----------
201 sub lockfile ($$$$) {
202 my ($fh, $fn, $flockmode, $update_ts) = @_;
203 my $what = $fn.(($flockmode & ~LOCK_NB) == LOCK_SH ? " (shared)" : "");
206 open $fh, ($update_ts ? '+>' : '+>>'), $fn
207 or fail "open/create $fn for lock: $!";
208 logm 'debug', "lock $what: acquiring";
209 if (!flock $fh, $flockmode) {
210 if ($flockmode & LOCK_NB && $! == EWOULDBLOCK) {
213 fail "lock $what: $!";
215 stat $fh or fail "stat opened $fn: $!";
216 my $fh_ino = ((stat _)[1]);
218 $! == ENOENT or fail "stat $fn: $!";
221 my $fn_ino = ((stat _)[1]);
222 if ($fn_ino == $fh_ino) {
223 logm 'debug', "lock $what: acquired";
226 logm 'debug', "lock $what: deleted, need to loop again";
234 while ($length > length $buffer) {
235 my $ret = sysread STDIN, $buffer, $length, length $buffer;
236 fail "expected $length bytes, got ".length $buffer
237 if defined $ret and $ret == 0;
238 fail "read: $!" if not defined $ret and $! != EINTR and $! != EAGAIN;
243 #---------- main program ----------
245 chdir $cachedir or fail "chdir $cachedir: $!";
247 our ($service,$specpath,$spechost,$subdir);
248 our ($tmpd,$gitd,$lock);
253 logm 'info', "service `$specpath': $msg";
259 my $hex_len = xread 4;
260 fail "Bad hex in packet length" unless $hex_len =~ m|^[0-9a-fA-F]{4}$|;
261 my $line = xread -4 + hex $hex_len;
262 unless (($service,$specpath,$spechost) = $line =~
263 m|^(git-[a-z-]+) /*([!-~ ]+)\0host=([!-~]+)\0$|) {
264 $line =~ s|[^ -~]+| |g;
265 gitfail "unknown/unsupported instruction `$line'"
270 $service eq 'git-upload-pack'
271 or gitfail "unknown/unsupported service `$service'";
273 $fetch = 2; # 0:don't; 1:try; 2:force
276 while ($url =~ s#\s+(\[)([^][{}]+)\]$## ||
277 $url =~ s#\s+(\{)([^][{}]+)\}$##) {
279 my $must = $1 eq '{';
280 if (m/^fetch=try$/) {
282 } elsif (m/^fetch=no$/) {
284 } elsif (m/^fetch=must$/) {
285 $fetch = 2; # the default
286 } elsif (m/^timeout=(\d+)$/ && $1 >= 1) {
287 $fetchtimeout = $1 <= $maxfetchtimeout ? $1 : $maxfetchtimeout;
289 gitfail "unknown/unsupported option `$_'";
293 $url =~ m{^(?:https?|git)://[-.0-9a-z]+/}
294 or gitfail "unknown/unsupported url scheme or format `$url'";
297 $subdir =~ s|\\|\\\\|g;
298 $subdir =~ s|,|\\,|g;
301 $tmpd= "$subdir\\.tmp";
302 $gitd= "$subdir\\.git";
303 $lock = "$subdir\\.lock";
308 sub update_gcstamp ($) {
310 my $gcdone = "$gitdir/cache-proxy-gc.stamp";
311 if (open GCSTAMP, '>', $gcdone) {
314 $!==ENOENT or fail "create $gcdone: $!";
319 lockfile \*LOCK, $lock, LOCK_EX, 1;
321 my $exists = lstat $gitd;
322 $exists or $!==ENOENT or fail "lstat $gitd: $!";
331 my $r=select $rbits,undef,$ebits,0;
332 $r>=0 or fail "select recheck STDOUT failed: $!";
334 servinfo 'client disconnected (stdin unexpectedly'.
335 (vec($rbits,0,1) ? ' readable' : '').
336 (vec($ebits,0,1) ? ' exception' : '').
344 system qw(rm -rf --), $tmpd;
345 @cmd = (qw(git clone -q --mirror), $url, $tmpd);
348 @cmd = (qw(git remote update --prune));
351 my $cmd = "@cmd[0..1]";
353 my $child = open FETCHERR, "-|";
354 defined $child or fail "fork: $!";
357 chdir $gitd or fail "chdir $gitd: $!";
359 setpgrp or fail "setpgrp: $!";
360 open STDERR, ">&STDOUT" or fail "redirect stderr: $!";
361 exec @cmd or fail "exec $cmd[0]: $!";
367 local $SIG{ALRM} = sub {
368 servinfo "fetch/clone timeout";
369 $timedout=1; kill 9, -$child;
371 alarm($fetchtimeout);
372 $!=0; { local $/=undef; $fetcherr = <FETCHERR>; }
373 !FETCHERR->error or fail "read pipe from fetch/clone: $!";
377 kill -9, $child or fail "kill fetch/clone: $!";
378 $!=0; $?=0; if (!close FETCHERR) {
379 fail "reap fetch/clone: $!" if $!;
381 !($? & 255) ? "$cmd died with error exit code ".($? >> 8) :
382 $? != 9 ? "$cmd died due to fatal signa, status $?" :
383 $timedout ? "$cmd timed out (${fetchtimeout}s)" :
384 "$cmd died due to unexpected SIGKILL";
385 if (length $fetcherr) {
386 $fetchfail .= "\n$fetcherr";
387 $fetchfail =~ s/\n$//;
388 $fetchfail =~ s{\n}{ // }g;
393 servinfo "fetch/clone failed: $fetchfail";
399 update_gcstamp($tmpd);
400 rename $tmpd, $gitd or fail "rename fresh $tmpd to $gitd: $!";
404 $fetchfail = 'not attempted';
408 gitfail "no cached data, and not cloned: $fetchfail";
412 lockfile \*LOCK, $lock, LOCK_SH, 1; # NB releases and relocks
417 $!==ENOENT or fail "stat $gitd: $!";
419 # Well, err, someone must have taken the lock in between
420 # and garbage collected it. How annoying.
424 sub hkfail ($) { my ($msg) = @_; fail "housekeeping: $msg"; }
426 sub housekeeping () {
427 logm 'info', "housekeeping started";
428 foreach $lock (<[a-z]*\\.lock>) {
429 my $subdir = $lock; $subdir =~ s/\\.lock$//;
430 my $gcdone = "$subdir\\.git/cache-proxy-gc.stamp";
432 $! == ENOENT or hkfail "$lock: lstat: $!";
435 my ($mode_what,$mode_locknb,$mode_action);
436 if (-M _ <= $treeexpiredays) {
438 if (!lstat "$gcdone") {
439 $! == ENOENT or hkfail "$gcdone: lstat: $!";
440 return 1, "touched recently, never gc'd!";
441 } elsif (-M _ <= $gcintervaldays) {
442 return 0, "touched recently, gc'd recently";
444 return 1, "touched recently, needs gc";
447 my ($needsgc, $gcmsg) = $gccheck->();
448 logm 'debug', "housekeeping: subdirs $subdir: $gcmsg";
449 next unless $needsgc;
450 $mode_what = 'garbage collecting';
453 my ($needsgc, $gcmsg) = $gccheck->();
456 "housekeeping: subdirs $subdir: someone else has gc'd";
459 logm 'debug', "housekeeping: subdirs $subdir: $gcmsg (2)";
460 my $gclog = "$subdir/gc.log";
461 unlink $gclog or $!==ENOENT or hkfail "remove $gclog: $!";
462 my $child = fork // hkfail "fork (for $subdir): $!";
464 if (!chdir "$subdir\\.git") {
465 exit 0 if $!==ENOENT;
466 die "for gc: chdir $subdir: $!\n";
468 exec qw(git gc --quiet);
469 die "exec git gc (for $subdir): $!\n";
471 waitpid($child, 0) == $child or hkfail "waitpid failed! $!";
474 "housekeeping: subdirs $subdir: gc failed (wait status $?)";
476 update_gcstamp("$subdir\\.git");
478 "housekeeping: subdirs $subdir: gc done";
482 $mode_what = 'cleaning';
483 $mode_locknb = LOCK_NB;
486 foreach my $suffix (qw(tmp git)) {
487 my $dir = "${subdir}\\.$suffix";
488 my $tdir = "${subdir}\\.tmp";
490 if (!rename $dir,$tdir) {
491 next if $! == ENOENT;
492 die "$dir: cannot rename to $tdir: $!\n";
495 system qw(rm -rf --), $tdir;
497 die "$dir: problem deleting file(s), rm exited $?\n";
498 } elsif ($! != ENOENT) {
499 die "$tdir: cannot stat after deletion: $!\n";
505 logm 'warning', "housekeeping: $subdir: cleanup prevented: $@";
507 unlink $lock or hkfail "remove $lock: $!";
511 if (!lockfile \*LOCK, $lock, LOCK_EX|$mode_locknb, 0) {
512 die $! unless $mode_locknb;
513 logm 'info', "housekeeping: subdirs $subdir: lock busy, skipping";
516 logm 'info', "housekeeping: subdirs $subdir: $mode_what";
519 open HS, ">", "Housekeeping.stamp" or hkfail "touch Housekeeping.stamp: $!";
520 close HS or hkfail "close Housekeeping.stamp: $!";
521 logm 'info', "housekeeping finished";
524 sub housekeepingcheck ($$) {
525 my ($dofork, $force) = @_;
527 if (!lockfile \*HLOCK, "Housekeeping.lock", LOCK_EX|LOCK_NB, 1) {
528 logm 'debug', "housekeeping lock taken, not running";
534 logm 'info', "housekeeping forced";
535 } elsif (!lstat "Housekeeping.stamp") {
536 $! == ENOENT or fail "lstat Housekeeping.stamp: $!";
537 logm 'info', "housekeeping not done yet, will run";
538 } elsif (-M _ <= $housekeepingeverydays) {
539 logm 'debug', "housekeeping done recently";
545 defined $child or fail "fork: $!";
547 open STDERR, "|logger -p daemon.warning -t '$us(housekeeping)'"
548 or die "fork: logger $!";
562 chdir $gitd or fail "chdir $gitd: $!";
564 exec qw(git-upload-pack --strict), "--timeout=$servetimeout", qw(.)
565 or fail "exec git-upload-pack: $!";
568 sub daemonservice () {
570 while (!clonefetch()) { }
571 housekeepingcheck(1,0);
575 if ($housekeepingonly) {
576 housekeepingcheck(0, $housekeepingonly>=2);