Commits
- Commit:
8f46aeb14260544bea936951f2c0193f1aae6412
- From:
- Stefan Sperling <stsp@stsp.name>
- Date:
add obj/pages.c to CLEANFILES in gotwebd's Makefile
- Commit:
ed619ca07e51b9c984c8404ca2b1153efdb14d1e
- From:
- Omar Polo <op@omarpolo.com>
- Date:
gotwebd: start using the template system
ok tracey@
- Commit:
13b2bc374c1870ec27b2eeb40efe68fd465f64bb
- From:
- Stefan Sperling <stsp@stsp.name>
- Date:
introduce gotd(8), a Git repository server reachable via ssh(1)
This is an initial barebones implementation which provides the absolute
minimum of functionality required to serve got(1) and git(1) clients.
Basic fetch/send functionality has been tested and seems to work here,
but this server is not yet expected to be stable.
More testing is welcome. See the man pages for setup instructions.
The current design uses one reader and one writer process per repository,
which will have to be extended to N readers and N writers in the future.
At startup, each process will chroot(2) into its assigned repository.
This works because gotd(8) can only be started as root, and will then
fork+exec, chroot, and privdrop.
At present the parent process runs with the following pledge(2) promises:
"stdio rpath wpath cpath proc getpw sendfd recvfd fattr flock unix unveil"
The parent is the only process able to modify the repository in a way
that becomes visible to Git clients. The parent uses unveil(2) to
restrict its view of the filesystem to /tmp and the repositories
listed in the configuration file gotd.conf(5).
Per-repository chroot(2) processes use "stdio rpath sendfd recvfd".
The writer defers to the parent for modifying references in the
repository to point at newly uploaded commits. The reader is fine
without such help, because Git repositories can be read without
having to create any lock-files.
gotd(8) requires a dedicated user ID, which should own repositories
on the filesystem, and a separate secondary group, which should not
have filesystem-level repository access, and must be allowed access
to the gotd(8) socket.
To obtain Git repository access, users must be members of this
secondary group, and must have their login shell set to gotsh(1).
gotsh(1) connects to the gotd(8) socket and speaks Git-protocol
towards the client on the other end of the SSH connection.
gotsh(1) is not an interactive command shell.
At present, authenticated clients are granted read/write access to
all repositories and all references (except for the "refs/got/" and
the "refs/remotes/" namespaces, which are already being protected
from modification).
While complicated access control mechanism are not a design goal,
making it possible to safely offer anonymous Git repository access
over ssh(1) is on the road map.
- Commit:
96fd6df18fbd10f0beed6fcc138d336bbb536a3e
- From:
- Stefan Sperling <stsp@stsp.name>
- Date:
move got_gotconfig_read() into new file read_gotconfig_privsep.c
- Commit:
6a800804535a75203abfb3708e68a661c1c89958
- From:
- Stefan Sperling <stsp@stsp.name>
- Date:
move code for reading Git's config file into new file read_gitconfig_privsep.c
The end goal here is to remove the dependency of repository.c on privsep.c
during compilation.
- Commit:
8e359fa0dccf91ec3b06edc1ea17404f42a62862
- From:
- Stefan Sperling <stsp@stsp.name>
- Date:
move functions which open objects into new file object_open_privsep.c
For the future, this will make it possible to provide alternative
implementations of functions now stored in object_open_privsep.c.
This will probably be needed by future gotd(8) which runs inside
a chroot(2) environment and without the "exec" pledge(2) promise,
making it impossible to run libexec helpers on the fly.
Details of this design are not yet settled, but moving functions
into a separate compilation unit won't hurt in any case.
- Commit:
7cc8fde444029694f3805a16faf0f03ec1c8d5b8
- From:
- Omar Polo <op@omarpolo.com>
- Date:
gotwebd: drop the x bit from assets in-tree and also when installing
ok stsp@
- Commit:
86b4b772a2c289053be29f6df2ad411dc853e05a
- From:
- Stefan Sperling <stsp@stsp.name>
- Date:
move use of sin_len out of gotwebd's parse.y
ok tracey
- Commit:
a596b9579655b53f1549498aff25ae1d2c9dfc81
- From:
- Tracey Emery <tracey@traceyemery.net>
- Date:
import gotwebd
thread fcgi response to client for rendering in browser as data is returned
fix potential problem with a stuck loop if the client is hammering the server with random clicks and stop/restarts
render our index! WOOHOO! small var refactoring.
fcgi.c to handle all clean-up, various error clean-up
remove output used to trace down got bug
temporarily stop overloading a socket, but a better solution needs to be found
return on fcgi_gen_response, so we can track if a client is writable or not
this stops page creation when the client is unavailable
remove old comments
enable profile building, although, i don't think this works thoroughly in a priv/proc daemon
catch more errors
correctly count repos
remove temp logger
we don't need to start our responder thread so early. move it to fcgi.c and start when we start processing html
kill the unneeded thread, stop queueing responses, and just write to clients immediately
clean up some memory leaks and dead stores
rework querystring so an error can be displayed instead of showing the index on
querystring error
get framework in place for the rest of the content
add server struct to response struct
bo last commit
get back a usable gotweb. not sure what i was thinking yesterday
properly move our structs around this time
remember index page for sitelink, fix leak
unused var is annoying, so stop it for now. don't forget to change this!
style
briefs nearly completed.
finish briefs output
add briefs to summary
cleanup some html
properly retrieve next and previous commit ids for list navigation
follow naddy's stailq macro change
we will never have a previous link on the summary page
goto correct label, so we get a previous link on the last page of briefs
don't wrap short line
simplify got_get_repo_commits code
start rendering a diff
start rendering a diff
this was by accident
finish diff output
functions cleanup
prepare for fd request
that was a stupid idea, just flush the priv_fd
bo that too. that won't work eith with append in mkstemp
that isn't going to work
actually zero out the priv_fd
missed seek to beginning of file was overwriting first line of diff
fsync our fd as well
add link to repo path by sitelink and add back verbose fcgi debugging that was removed
add modest write heuristics to fcgi_send_response
fix dead assignments and XXX comment where a leak is happening that I can't find right now
there was no leak. stsp is brilliant and knew it was the cache growing
prevent double-free, render prettier err output if we can
remove unused variables
correctly fix double-free
fix gotwebd to build with main's changes after rebase
fix double-free
don't error on index if pack files missing and fixup some error handling
render commits
finish up tag briefs and start the tag page
finish up tag page
unbreak TAGS and SUMMARY actions
grab the correct tag from the queue
unbreak TAGS and SUMMARY actions again
update some error handling
clean up unneeded code and start tree output
render tree
render branches
remove tags from summary if there aren't any
fix tree div structure and start blob render
render blob
render blame
fix tree href in briefs
clean up some css
add headref to querystrings
load correct commit for tree and diff
fixup some error output
update some copyright dates
add full SNI support
rm debug line found by Lucas6023, notified via IRC. thanks!!
fix tree
fix crash when querystring is manipulated to not have a commit id in certain
instances. also break a stuck while loop on client error.
fix for new got_object_id_by_path arguments
rebase and fix
prep for multiple fds per socket, instead of just one
fix overlooked shift/reduce conflicts
backout priv_fds as a list. after discussion with stsp, an array and length are the better direction
prepare array of fds to pass into got functions
make a new set of pack fds, which will be passed to got_repo_open
work with new pack_fds in got_repo_open
give output when no tags exist
escape html in blame output
change files listed in tree view to show blob, file commits, and blame, instead of blob, blob, blame. idea from mp4 on irc. this is way more handy.
stop populating the queue from the headref and figure out previous commit id
while iterating. this should reduce some overhead.
actually purge our sockets instead of not using the function
start work with new blob
rm volatile
use new diff
change func names
no more temp files
increase blame number line width
set content-type to text/plain so firefox won't download files
rm test infra for now
account for -Wwrite-strings
fix for sigs and algorithm choice
clean up some leaks and other mistakes