Commits
- Commit:
7d68253bffa1fdf653a220a4b023a653c2ed29df
- From:
- Omar Polo <op@omarpolo.com>
- Date:
plug memleak in parsing the notify options
The strings need to be released regardless of the process parsing
the file.
- Commit:
ba97b2d7ec97e54a025a39e04c0fd59fdd54a57b
- From:
- Stefan Sperling <stsp@stsp.name>
- Date:
add initial support for commit notifications to gotd(8)
At present only email notifications are implemented.
Code for HTTP notifications is not yet finished, hence HTTP-related
documentation remains hidden for now.
This adds a new 'notify' process which has an "exec" pledge. It runs
helper programs which implement the notification transport layer,
such as got-notify-email which speaks SMTP. This design avoids having
to link all of gotd with network libraries and related crypto libraries.
Notification content is generated by the 'repo_write' process. Commit log
messages and diffstats are written to a file which the 'notify' process
will pass on to its helpers on stdin. The default output looks similar
to 'got log -d'. If too many new commits are present the output looks
similar to 'got log -s' instead. Tags always look like 'got tag -l'.
The session process coordinates generation of notifications. It maintains
a notification queue which holds one notification per updated reference,
and passes notification requests from this queue to the 'repo_write'
process for notification content creation and then to the 'notify'
process for notification delivery.
Only one notification can be in flight at a time to avoid file descriptor
starvation if many references get updated in a single client session.
ok op@
- Commit:
b1c090542f4ecaf993fc81468338839febcb8e37
- From:
- Stefan Sperling <stsp@stsp.name>
- Date:
allow setting variables in gotd.conf; code from gotwebd/parse.y
ok op@
- Commit:
4b3827cd43394b89d2af822dcd1d9a9179c1ee10
- From:
- Stefan Sperling <stsp@stsp.name>
- Date:
make gitwrapper ignore 'permission denied' for repository paths
We recommend that gotsh users should not have direct filesystem
access to repositories served by gotd. Which means admins will be
setting things up as follows if public read-access should be denied:
chown _gotd /git
chmod 700 /git
su -m _gotd -c 'gotadmin init /git/repo.git"
However, gitwrapper would error out when repositories listed in
gotd.conf were inaccessible to the user invoking gitwrapper:
git-upload-pack: /etc/gotd.conf:2: realpath /git/repo.git: Permission denied
Make gitwrapper ignore such errors as they are expected in this situation.
While here, add a PROC_GITWRAPPER process ID for use as a global variable
parse.y can check while special-casing any specific behaviour required by
gitwrapper. (The worse alternative would have been adding a new global
variable to parse.y just to control the behaviour on realpath errors.)
ok op@
- Commit:
d571a1762e9ff7281a5363373468c1e00a62ed42
- From:
- Omar Polo <op@omarpolo.com>
- Date:
drop unused strlen; ok stsp@
- Commit:
1963be61deb20cacab2552113c66b38fbee7a080
- From:
- Stefan Sperling <stsp@stsp.name>
- Date:
remove dependency of gitwrapper on gotd/auth.c
Move gotd_auth_parseuid() from auth.c to parse.y as gotd_parseuid(), and
remove auth.c from the list of source files required by gitwrapper.
- Commit:
eeb616b754913da958b9781aee9ed88db64e7162
- From:
- Stefan Sperling <stsp@stsp.name>
- Date:
remove dependency of gitwrapper on gotd/listen.c
Move gotd_find_uid_connection_limit() from listen.c into parse.y and
remove listen.c from the list of source files required by gitwrapper.
- Commit:
859316d03c1ee64b2c2fd2787e727daadf60bcf3
- From:
- Stefan Sperling <stsp@stsp.name>
- Date:
make gotd/gitwrapper start up even if a repository is missing on disk
This should result in more useful behaviour when gitwrapper runs and
repositories listed in gotd.conf do not yet exist or do no longer exist.
- Commit:
6be067cef84c15f7e8623ec8fccaf955d98d006b
- From:
- Stefan Sperling <stsp@stsp.name>
- Date:
grammar fix for parse.y error message
- Commit:
f850236e70ed5627a614d01de2af54581cbce23f
- From:
- Stefan Sperling <stsp@stsp.name>
- Date:
reject overlapping protected branch vs. tag namespaces
ok op@
- Commit:
584140c2ad19f354c4504d0b3381c873658bdbf3
- From:
- Omar Polo <op@omarpolo.com>
- Date:
gotd.conf: free STRINGS in all code paths
ok stsp@
- Commit:
f0426190497546f380f3bbd5d7cf464e5423a1c6
- From:
- Omar Polo <op@omarpolo.com>
- Date:
gotd.conf: fix memleak in `protect' error path and disallow dups too
ok stsp@
- Commit:
9afa3de221045d529287cc3fa75fdc2915aed5c1
- From:
- Stefan Sperling <stsp@stsp.name>
- Date:
add support for protecting references against 'got send -f' to gotd
ok op@
- Commit:
e9e0377f452e9d3f600011e0714cc6c779f10bab
- From:
- Stefan Sperling <stsp@stsp.name>
- Date:
avoid gitwrapper printing a warning when /etc/gotd.conf does not exist
gotd still requires the config file, of course, but gitwrapper must
treat is as optional and remain silent if the file cannot be found.
- Commit:
b09c127974759a56a6b5273da53d215f8500f5a7
- From:
- Stefan Sperling <stsp@stsp.name>
- Date:
add gitwrapper(1)
ok op@, tracey@ earlier version
- Commit:
3fa763e5f0869e218fa64750c375a84b706c6f92
- From:
- Stefan Sperling <stsp@stsp.name>
- Date:
gotd requires a config file; don't fail silently when gotd.conf cannot be read
Fixes an issue encountered by mlarkin@ where the auth process was working
with an empty list of repositories and kept saying it could not find a
repository which was obviously listed in gotd.conf. Now we can see errors
from fopen() in the logs instead. Old code was copied from gotwebd where
the config file is optional.
- Commit:
5822e79e39a8777984e08b5d89a8c55d6aa0356d
- From:
- Omar Polo <op@omarpolo.com>
- Date:
include sha2.h too where sha1.h is included
In preparation for wide sha256 support; stsp@ agrees. Change done
mechanically with
find . -iname \*.[cy] -exec sam {} +
X ,x/<sha1\.h>/i/\n#include <sha2.h>
- Commit:
3b8fb9520f899be7cb492c652afa0cdce28e350e
- From:
- Tracey Emery <tracey@traceyemery.net>
- Date:
rm unused boolean grammar. ok stsp@
- Commit:
abe844e2dfc7056150889993b3568fe400af7358
- From:
- Omar Polo <op@omarpolo.com>
- Date:
gotd: move socket path check to parse.y and error from the main process
It's handy to have a "bad unix socket path" error being reported
directly from the main process since can get caught by `gotd -n'.
ok jamsek stsp
- Commit:
809a54db7c7cec54dcacb53f62eedecc18a833da
- From:
- Omar Polo <op@omarpolo.com>
- Date:
gotd: move nrepos check to parse_config
ok jamsek stsp
- Commit:
9b7f22a6148eb14af6e59de120bb5b1dd0e05469
- From:
- Stefan Sperling <stsp@stsp.name>
- Date:
call realpath() during early startup in gotd's parse.y
This ensures that all repositories exist when the process is first started.
It will also help to avoid an "rpath" pledge promise in a future gotd which
uses a separate session process, by avoiding realpath() calls while starting
new processes.
- Commit:
83577462cc61708af1c98d70939bb1d6c54a1506
- From:
- Stefan Sperling <stsp@stsp.name>
- Date:
switch gotd.conf syntax from 'unix_socket' to 'listen on'
ok op@
- Commit:
6f854dde056f82d0c757c720beed863fc557a1ca
- From:
- Stefan Sperling <stsp@stsp.name>
- Date:
remove the gotsh group requirement from gotd; any user can now connect
Repository access is now controlled by access rules in gotd.conf,
and concurrent connections to the gotd socket by local users are
limited by the listen process. We should keep refining our anti-DoS
measures in the future, but at least we have something in place now.
ok jamsek, op
- Commit:
71cd355cb2711ad528715bbbb5b41be7c26ace2a
- From:
- Omar Polo <op@omarpolo.com>
- Date:
simplify gotd' timeouts string parsing
no need to duplicate what strtonum does; pass the *real* maximum value
allowed to it directly.
ok stsp@
- Commit:
2be11cdeee0c210d3273b3724e924de0422d9f67
- From:
- Omar Polo <op@omarpolo.com>
- Date:
gotd: allow to express timeouts using minutes/hours
This allows to use a suffix to indicate the unit of measure, such as
"1h" for one hour or "30m" for 30 minutes. The suffix "s" for seconds
is also accepted for completeness.
ok stsp