Commit Briefs
make gitwrapper ignore 'permission denied' for repository paths
We recommend that gotsh users should not have direct filesystem access to repositories served by gotd. Which means admins will be setting things up as follows if public read-access should be denied: chown _gotd /git chmod 700 /git su -m _gotd -c 'gotadmin init /git/repo.git" However, gitwrapper would error out when repositories listed in gotd.conf were inaccessible to the user invoking gitwrapper: git-upload-pack: /etc/gotd.conf:2: realpath /git/repo.git: Permission denied Make gitwrapper ignore such errors as they are expected in this situation. While here, add a PROC_GITWRAPPER process ID for use as a global variable parse.y can check while special-casing any specific behaviour required by gitwrapper. (The worse alternative would have been adding a new global variable to parse.y just to control the behaviour on realpath errors.) ok op@
remove dependency of gitwrapper on gotd/auth.c
Move gotd_auth_parseuid() from auth.c to parse.y as gotd_parseuid(), and remove auth.c from the list of source files required by gitwrapper.
remove dependency of gitwrapper on gotd/listen.c
Move gotd_find_uid_connection_limit() from listen.c into parse.y and remove listen.c from the list of source files required by gitwrapper.
make gotd/gitwrapper start up even if a repository is missing on disk
This should result in more useful behaviour when gitwrapper runs and repositories listed in gotd.conf do not yet exist or do no longer exist.
avoid gitwrapper printing a warning when /etc/gotd.conf does not exist
gotd still requires the config file, of course, but gitwrapper must treat is as optional and remain silent if the file cannot be found.
add gitwrapper(1)
ok op@, tracey@ earlier version
gotd requires a config file; don't fail silently when gotd.conf cannot be read
Fixes an issue encountered by mlarkin@ where the auth process was working with an empty list of repositories and kept saying it could not find a repository which was obviously listed in gotd.conf. Now we can see errors from fopen() in the logs instead. Old code was copied from gotwebd where the config file is optional.
portable: rework SHA detection
Simply the SHA detection by not predicating on libcrypto, but instead checking individual header files.
portable: remove sha1.h; found portably
Remove sha1.h as this is found portably across systems.
include sha2.h too where sha1.h is included
In preparation for wide sha256 support; stsp@ agrees. Change done mechanically with find . -iname \*.[cy] -exec sam {} + X ,x/<sha1\.h>/i/\n#include <sha2.h>
gotd: move socket path check to parse.y and error from the main process
It's handy to have a "bad unix socket path" error being reported directly from the main process since can get caught by `gotd -n'. ok jamsek stsp
gotd: move nrepos check to parse_config
ok jamsek stsp
call realpath() during early startup in gotd's parse.y
This ensures that all repositories exist when the process is first started. It will also help to avoid an "rpath" pledge promise in a future gotd which uses a separate session process, by avoiding realpath() calls while starting new processes.
remove the gotsh group requirement from gotd; any user can now connect
Repository access is now controlled by access rules in gotd.conf, and concurrent connections to the gotd socket by local users are limited by the listen process. We should keep refining our anti-DoS measures in the future, but at least we have something in place now. ok jamsek, op
simplify gotd' timeouts string parsing
no need to duplicate what strtonum does; pass the *real* maximum value allowed to it directly. ok stsp@
gotd: allow to express timeouts using minutes/hours
This allows to use a suffix to indicate the unit of measure, such as "1h" for one hour or "30m" for 30 minutes. The suffix "s" for seconds is also accepted for completeness. ok stsp
enforce gotd request timeout > 0; the code doesn't handle zero right now
spotted by + ok op@