[JENKINS-72606] Make Git repos work via HTTP

[daniel-beck]

https://issues.jenkins.io/browse/JENKINS-72606

Testing done

Installed https://plugins.jenkins.io/git-userContent/ and ran

GIT_TRACE=1 GIT_TRACE_PACKET=1 GIT_CURL_VERBOSE=1 git clone http://localhost/8080/userContent.git

Without this fix, it fails with

09:12:45.193646 http.c:646              => Send header, 0000000264 bytes (0x00000108)
09:12:45.193649 http.c:658              => Send header: POST /userContent.git/git-upload-pack HTTP/1.1
09:12:45.193650 http.c:658              => Send header: Host: localhost:8080
09:12:45.193652 http.c:658              => Send header: User-Agent: git/2.39.3 (Apple Git-145)
09:12:45.193653 http.c:658              => Send header: Accept-Encoding: deflate, gzip
09:12:45.193654 http.c:658              => Send header: Content-Type: application/x-git-upload-pack-request
09:12:45.193656 http.c:658              => Send header: Accept: application/x-git-upload-pack-result
09:12:45.193657 http.c:658              => Send header: Content-Length: 157
09:12:45.193658 http.c:658              => Send header:
09:12:45.194968 http.c:646              <= Recv header, 0000000024 bytes (0x00000018)
09:12:45.194989 http.c:658              <= Recv header: HTTP/1.1 403 Forbidden
09:12:45.194993 http.c:646              <= Recv header, 0000000037 bytes (0x00000025)
09:12:45.194999 http.c:658              <= Recv header: Date: Thu, 25 Jan 2024 08:12:45 GMT
09:12:45.195002 http.c:646              <= Recv header, 0000000033 bytes (0x00000021)
09:12:45.195004 http.c:658              <= Recv header: X-Content-Type-Options: nosniff
09:12:45.195006 http.c:646              <= Recv header, 0000000050 bytes (0x00000032)
09:12:45.195009 http.c:658              <= Recv header: Cache-Control: must-revalidate,no-cache,no-store
09:12:45.195012 http.c:646              <= Recv header, 0000000019 bytes (0x00000013)
09:12:45.195013 http.c:658              <= Recv header: Content-Length: 0
09:12:45.195015 http.c:646              <= Recv header, 0000000024 bytes (0x00000018)
09:12:45.195017 http.c:658              <= Recv header: Server: Jetty(10.0.18)
09:12:45.195019 http.c:646              <= Recv header, 0000000002 bytes (0x00000002)
09:12:45.195020 http.c:658              <= Recv header:
09:12:45.195026 http.c:699              == Info: Connection #0 to host localhost left intact
error: RPC failed; HTTP 403 curl 22 The requested URL returned error: 403
fatal: the remote end hung up unexpectedly

Submitter checklist

Edit tasklist title

Beta Give feedback Tasklist Submitter checklist, more options

• Rename
• Copy markdown
• Delete tasklist

Delete tasklist

Delete tasklist block?

Are you sure? All relationships in this tasklist will be removed.

Cancel Delete

1. Make sure you are opening from a **topic/feature/bugfix branch** (right side) and not your main branch!

   Make sure you are opening from a topic/feature/bugfix branch (right side) and not your main branch!
   Options

   • Convert to issue
   • Toggle completion
   • Rename
   • Remove
2. Ensure that the pull request title represents the desired changelog entry

   Ensure that the pull request title represents the desired changelog entry
   Options

   • Convert to issue
   • Toggle completion
   • Rename
   • Remove
3. Please describe what you did

   Please describe what you did
   Options

   • Convert to issue
   • Toggle completion
   • Rename
   • Remove
4. Link to relevant issues in GitHub or Jira

   Link to relevant issues in GitHub or Jira
   Options

   • Convert to issue
   • Toggle completion
   • Rename
   • Remove
5. Link to relevant pull requests, esp. upstream and downstream changes

   Link to relevant pull requests, esp. upstream and downstream changes
   Options

   • Convert to issue
   • Toggle completion
   • Rename
   • Remove
6. Ensure you have provided tests - that demonstrates feature works or fixes the issue

   Ensure you have provided tests - that demonstrates feature works or fixes the issue
   Options

   • Convert to issue
   • Toggle completion
   • Rename
   • Remove

Add item to Submitter checklist

[MarkEWaite]

Thanks!

[jglick]

Be very careful here. This plugin is a bad idea generally, but my distant memory of it is that HTTP mode is essentially useless because it does not support authentication at all and so is only appropriate for an unsecured controller. You have to use SSH if you want authentication. It is possible this PR opens up all Git servers for anonymous pull over HTTP, which could be a serious vulnerability. I am not sure what protection exists for pushes.

I do not follow the justification in Jira either. In the unlikely event that you were using this plugin, you should be using it via SSH; it does not make sense to disable the SSHD port in Jenkins as a workaround and then install the git-server update with this PR since if you installed that update you would also have gotten 068ac7c which makes SSH access safe again.

[daniel-beck]

I do not follow the justification in Jira either.

Jira comment relating to bug discovery than justification. The mode being broken meant we could not mention it as a workaround.

It is possible this PR opens up all Git servers for anonymous pull over HTTP

All implementations currently use RootAction (not Unprotected) so would not expose the URLs to unauthenticated users.

[daniel-beck]

my distant memory of it is that HTTP mode is essentially useless because it does not support authentication at all and so is only appropriate for an unsecured controller

Looks like all that was missing is an HTTP auth challenge, which Jenkins doesn't usually send. The following isn't particularly pretty (probably better off in this repo), but works for me: jenkinsci/git-userContent-plugin#5