Blob
- Date:
- Message:
- introduce gotd(8), a Git repository server reachable via ssh(1) This is an initial barebones implementation which provides the absolute minimum of functionality required to serve got(1) and git(1) clients. Basic fetch/send functionality has been tested and seems to work here, but this server is not yet expected to be stable. More testing is welcome. See the man pages for setup instructions. The current design uses one reader and one writer process per repository, which will have to be extended to N readers and N writers in the future. At startup, each process will chroot(2) into its assigned repository. This works because gotd(8) can only be started as root, and will then fork+exec, chroot, and privdrop. At present the parent process runs with the following pledge(2) promises: "stdio rpath wpath cpath proc getpw sendfd recvfd fattr flock unix unveil" The parent is the only process able to modify the repository in a way that becomes visible to Git clients. The parent uses unveil(2) to restrict its view of the filesystem to /tmp and the repositories listed in the configuration file gotd.conf(5). Per-repository chroot(2) processes use "stdio rpath sendfd recvfd". The writer defers to the parent for modifying references in the repository to point at newly uploaded commits. The reader is fine without such help, because Git repositories can be read without having to create any lock-files. gotd(8) requires a dedicated user ID, which should own repositories on the filesystem, and a separate secondary group, which should not have filesystem-level repository access, and must be allowed access to the gotd(8) socket. To obtain Git repository access, users must be members of this secondary group, and must have their login shell set to gotsh(1). gotsh(1) connects to the gotd(8) socket and speaks Git-protocol towards the client on the other end of the SSH connection. gotsh(1) is not an interactive command shell. At present, authenticated clients are granted read/write access to all repositories and all references (except for the "refs/got/" and the "refs/remotes/" namespaces, which are already being protected from modification). While complicated access control mechanism are not a design goal, making it possible to safely offer anonymous Git repository access over ssh(1) is on the road map.
- Actions:
- History | Blame | Raw File
1 /* $OpenBSD: buf.h,v 1.13 2011/07/06 15:36:52 nicm Exp $ */2 /*3 * Copyright (c) 2003 Jean-Francois Brousseau <jfb@openbsd.org>4 * All rights reserved.5 *6 * Redistribution and use in source and binary forms, with or without7 * modification, are permitted provided that the following conditions8 * are met:9 *10 * 1. Redistributions of source code must retain the above copyright11 * notice, this list of conditions and the following disclaimer.12 * 2. The name of the author may not be used to endorse or promote products13 * derived from this software without specific prior written permission.14 *15 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,16 * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY17 * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL18 * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,19 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,20 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;21 * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,22 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR23 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF24 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.25 *26 * Buffer management27 * -----------------28 *29 * This code provides an API to generic memory buffer management. All30 * operations are performed on a buf structure, which is kept opaque to the31 * API user in order to avoid corruption of the fields and make sure that only32 * the internals can modify the fields.33 *34 * The first step is to allocate a new buffer using the buf_alloc()35 * function, which returns a pointer to a new buffer.36 */38 #ifndef BUF_H39 #define BUF_H41 #include <sys/types.h>43 typedef struct buf BUF;45 struct buf {46 /* buffer handle, buffer size, and data length */47 u_char *cb_buf;48 size_t cb_size;49 size_t cb_len;50 };52 const struct got_error *buf_alloc(BUF **, size_t);53 const struct got_error *buf_load(BUF **, FILE *);54 const struct got_error *buf_load_fd(BUF **, int fd);55 void buf_free(BUF *);56 void *buf_release(BUF *);57 u_char buf_getc(BUF *, size_t);58 void buf_empty(BUF *);59 const struct got_error *buf_discard(BUF *, size_t);60 const struct got_error *buf_append(size_t *, BUF *, const void *, size_t);61 const struct got_error *buf_putc(BUF *, int);62 const struct got_error *buf_puts(size_t *, BUF *b, const char *str);63 size_t buf_len(BUF *);64 int buf_write_fd(BUF *, int);65 const struct got_error *buf_write(BUF *, const char *, mode_t);66 const struct got_error *buf_write_stmp(BUF *, char *);67 u_char *buf_get(BUF *b);69 #endif /* BUF_H */