commit - 64c948072db62f52c83f7128d7a46761d8a59407
commit + c69ae5ea5c8fc5aba82018caf891314a895a55bc
blob - 4b8235ed1136c60de2cf7ed59d1c1917d4f91000
blob + 6c802d5d5ea60b0b2d1c0884bfe69fb2f979cb72
--- git-repository.5.html
+++ git-repository.5.html
</section>
</main>
<div class="foot" role="doc-pagefooter" aria-label="Manual footer
- line"><span class="foot-left"></span><span class="foot-date">June 23,
+ line"><span class="foot-left"></span><span class="foot-date">June 27,
2025</span> <span class="foot-os">OpenBSD 7.7</span></div>
</body>
</html>
blob - 6a52745d41cbaa26d11d9b89468a41d1f723d86a
blob + 2da1759ce4b54eaa24089f68ff704f0419b12ff1
--- gitwrapper.1.html
+++ gitwrapper.1.html
</section>
</main>
<div class="foot" role="doc-pagefooter" aria-label="Manual footer
- line"><span class="foot-left"></span><span class="foot-date">June 23,
+ line"><span class="foot-left"></span><span class="foot-date">June 27,
2025</span> <span class="foot-os">OpenBSD 7.7</span></div>
</body>
</html>
blob - 397c08f0d226fb76e730e7601f06de4ff29d9e90
blob + c63646421d506146c4478981e69379ec3176ca8e
--- got-worktree.5.html
+++ got-worktree.5.html
</section>
</main>
<div class="foot" role="doc-pagefooter" aria-label="Manual footer
- line"><span class="foot-left"></span><span class="foot-date">June 23,
+ line"><span class="foot-left"></span><span class="foot-date">June 27,
2025</span> <span class="foot-os">OpenBSD 7.7</span></div>
</body>
</html>
blob - 53ab0a8c4a05313dff7ff2cd26c92e143acdd627
blob + 472ca5f55407977863e2080d07401aaf13e2d316
--- got.1.html
+++ got.1.html
</section>
</main>
<div class="foot" role="doc-pagefooter" aria-label="Manual footer
- line"><span class="foot-left"></span><span class="foot-date">June 23,
+ line"><span class="foot-left"></span><span class="foot-date">June 27,
2025</span> <span class="foot-os">OpenBSD 7.7</span></div>
</body>
</html>
blob - cb41a1edf1f4a8bbadbfcc526806101421eec7a7
blob + eb52113084adcd376d490d7ecc9cfddc66dc7ca8
--- got.conf.5.html
+++ got.conf.5.html
</section>
</main>
<div class="foot" role="doc-pagefooter" aria-label="Manual footer
- line"><span class="foot-left"></span><span class="foot-date">June 23,
+ line"><span class="foot-left"></span><span class="foot-date">June 27,
2025</span> <span class="foot-os">OpenBSD 7.7</span></div>
</body>
</html>
blob - 26ae3d0aab408dd8c22cb15863391df6955c844f
blob + d465d72b7d246a4833192bca50ea62427d585ee3
--- gotadmin.1.html
+++ gotadmin.1.html
</section>
</main>
<div class="foot" role="doc-pagefooter" aria-label="Manual footer
- line"><span class="foot-left"></span><span class="foot-date">June 23,
+ line"><span class="foot-left"></span><span class="foot-date">June 27,
2025</span> <span class="foot-os">OpenBSD 7.7</span></div>
</body>
</html>
blob - b82bedd2a944d06f7fabb781524f1872653ac761
blob + e64534acf004eee35601e9cfb26257b741429ec6
--- gotctl.8.html
+++ gotctl.8.html
</section>
</main>
<div class="foot" role="doc-pagefooter" aria-label="Manual footer
- line"><span class="foot-left"></span><span class="foot-date">June 23,
+ line"><span class="foot-left"></span><span class="foot-date">June 27,
2025</span> <span class="foot-os">OpenBSD 7.7</span></div>
</body>
</html>
blob - 81dd48f92d211b3c2853bb859d4c3de06f7ca8c3
blob + 8b552c1c7e243eaf271cf93ac04f309f5230f4a1
--- gotd-secrets.conf.5.html
+++ gotd-secrets.conf.5.html
</section>
</main>
<div class="foot" role="doc-pagefooter" aria-label="Manual footer
- line"><span class="foot-left"></span><span class="foot-date">June 23,
+ line"><span class="foot-left"></span><span class="foot-date">June 27,
2025</span> <span class="foot-os">OpenBSD 7.7</span></div>
</body>
</html>
blob - 19a2f3f5a078730c97810526ac50c5f6c1c5b568
blob + 786f3c8c3b0a1e47661d888c453d764f3df8ece9
--- gotd.8.html
+++ gotd.8.html
</section>
</main>
<div class="foot" role="doc-pagefooter" aria-label="Manual footer
- line"><span class="foot-left"></span><span class="foot-date">June 23,
+ line"><span class="foot-left"></span><span class="foot-date">June 27,
2025</span> <span class="foot-os">OpenBSD 7.7</span></div>
</body>
</html>
blob - 0161b943907d7c6681790b2a2a182246c6d7d465
blob + dd4dfd1962951061e4e06a8bafa6ace51984d546
--- gotd.conf.5.html
+++ gotd.conf.5.html
</section>
</main>
<div class="foot" role="doc-pagefooter" aria-label="Manual footer
- line"><span class="foot-left"></span><span class="foot-date">June 23,
+ line"><span class="foot-left"></span><span class="foot-date">June 27,
2025</span> <span class="foot-os">OpenBSD 7.7</span></div>
</body>
</html>
blob - 0934437dde509573359d0039257a9d3cef3b240b
blob + 7aad3fd6cba1d056c5d6d76189c5fe99a99ca6e2
--- gotsh.1.html
+++ gotsh.1.html
</section>
</main>
<div class="foot" role="doc-pagefooter" aria-label="Manual footer
- line"><span class="foot-left"></span><span class="foot-date">June 23,
+ line"><span class="foot-left"></span><span class="foot-date">June 27,
2025</span> <span class="foot-os">OpenBSD 7.7</span></div>
</body>
</html>
blob - 0cffc509fe1462d0f50d9eb5aecce09871811b29
blob + 6bc7f46f4d425a4bb90a65d0b05f10fe17530c10
--- gotsys.1.html
+++ gotsys.1.html
</section>
</main>
<div class="foot" role="doc-pagefooter" aria-label="Manual footer
- line"><span class="foot-left"></span><span class="foot-date">June 23,
+ line"><span class="foot-left"></span><span class="foot-date">June 27,
2025</span> <span class="foot-os">OpenBSD 7.7</span></div>
</body>
</html>
blob - e3b201fb2d7b15a15faecc3c6b4cb1c140183400
blob + 2001b0326b57a5c90ff7c73f913629e5ef9bbc4b
--- gotsys.conf.5.html
+++ gotsys.conf.5.html
information to <a class="Xr" aria-label="gotsysd, section
8">gotsysd(8)</a>.</p>
<p class="Pp" id="system"><code class="Nm">gotsys.conf</code> allows remote
- administrators to configure aspects of Git repository services without
- having shell access to the Git server's operating system. Remote
- administrators merely need to be granted write access to a special-purpose
+ administrators to configure aspects of Git repositories hosted by
+ <a class="Xr" aria-label="gotd, section 8">gotd(8)</a> without having shell
+ access to the Git server's operating system. Remote administrators merely
+ need to be granted write access to a special-purpose
<a class="permalink" href="#system"><i class="Em">system repository</i></a>
- hosted by <a class="Xr" aria-label="gotd, section 8">gotd(8)</a> in order to
- configure Git repository services.</p>
+ called <span class="Pa">gotsys.git</span> in order to configure Git
+ repository services.</p>
<p class="Pp">The file format is line-based, with one configuration directive
per line. Any lines beginning with a ‘#’ are treated as
comments and ignored.</p>
<li>ssh-ed25519</li>
<li>ssh-rsa</li>
</ul>
+ <p class="Pp">The key type must be followed by the base64-encoded public
+ <var class="Ar">key</var>. To avoid syntax errors the base64 string
+ might need to be wrapped in quotes.</p>
<p class="Pp">The optional <var class="Ar">comment</var> is not used for
anything, but may be convenient for the user to identify the
key.</p>
user flan_squee {
group porters
authorized key ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAQ2ZWscmMeCYLwm07gDSf0jApFJ58bMNxiErDqUrFz4
+ authorized key ecdsa-sha2-nistp256 "AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBVqRHzWh20u49JoZPc34pBFo7w+0KGRCnkuNbeR7ufJUbXceDwzgssQHDVILD1QK0Mmku2jLo1MG/BtwTVpsWc=" flan_squee@localhost
}
repository "src" {
</section>
</main>
<div class="foot" role="doc-pagefooter" aria-label="Manual footer
- line"><span class="foot-left"></span><span class="foot-date">June 23,
+ line"><span class="foot-left"></span><span class="foot-date">June 27,
2025</span> <span class="foot-os">OpenBSD 7.7</span></div>
</body>
</html>
blob - 81d8b670d4d81fc538de2bfb3b017081b10ea4cb
blob + f002ed2f7b9d74db8e3a64478e69efea213204be
--- gotsysctl.8.html
+++ gotsysctl.8.html
</section>
</main>
<div class="foot" role="doc-pagefooter" aria-label="Manual footer
- line"><span class="foot-left"></span><span class="foot-date">June 23,
+ line"><span class="foot-left"></span><span class="foot-date">June 27,
2025</span> <span class="foot-os">OpenBSD 7.7</span></div>
</body>
</html>
blob - 53fd15a909d57f46774f8bd27786ca8a37977101
blob + 485471868eed2b8a4d24c6145a428a28a4d2229e
--- gotsysd.8.html
+++ gotsysd.8.html
</section>
</main>
<div class="foot" role="doc-pagefooter" aria-label="Manual footer
- line"><span class="foot-left"></span><span class="foot-date">June 23,
+ line"><span class="foot-left"></span><span class="foot-date">June 27,
2025</span> <span class="foot-os">OpenBSD 7.7</span></div>
</body>
</html>
blob - f9ce4546b1cc210ce065e789cf145336747a5f15
blob + 9da5aa24288edff97da79e378138dbd473ac0675
--- gotsysd.conf.5.html
+++ gotsysd.conf.5.html
<p class="Pp">If not specified, the path <span class="Pa">/git</span> will
be used.</p>
</dd>
+ <dt id="repository~2"><a class="permalink" href="#repository~2"><code class="Ic">repository</code></a>
+ <code class="Ic">deny</code> <var class="Ar">identity</var></dt>
+ <dd>Deny repository access to users with the username
+ <var class="Ar">identity</var>.
+ <p class="Pp">Access rules set in <code class="Nm">gotsysd.conf</code> apply
+ to all repositories and override conflicting per-repository access rules
+ specified in <a class="Xr" aria-label="gotsys.conf, section
+ 5">gotsys.conf(5)</a>.</p>
+ <p class="Pp">Group names may be matched by prepending a colon
+ (‘:’) to <var class="Ar">identity</var>.</p>
+ <p class="Pp">The special user <var class="Ar">identity</var>
+ “*” (an asterisk) can be used to match all users,
+ including the “anonymous” user.</p>
+ <p class="Pp">Multiple access rules can be specified, and the last matching
+ rule determines the action taken. If no rule matches, the per-repository
+ rules specified in <a class="Xr" aria-label="gotsys.conf, section
+ 5">gotsys.conf(5)</a> will take effect.</p>
+ </dd>
+ <dt id="repository~3"><a class="permalink" href="#repository~3"><code class="Ic">repository</code></a>
+ <code class="Ic">permit</code> <var class="Ar">mode</var>
+ <var class="Ar">identity</var></dt>
+ <dd>Permit repository access to users with the username
+ <var class="Ar">identity</var>.
+ <p class="Pp">Access rules set in <code class="Nm">gotsysd.conf</code> apply
+ to all repositories and override conflicting per-repository access rules
+ specified in <a class="Xr" aria-label="gotsys.conf, section
+ 5">gotsys.conf(5)</a>.</p>
+ <p class="Pp">The <var class="Ar">mode</var> argument must be set to either
+ <code class="Ic">ro</code> for read-only access, or
+ <code class="Ic">rw</code> for read-write access. Group names may be
+ matched by prepending a colon (‘:’) to
+ <var class="Ar">identity</var>.</p>
+ <p class="Pp">The special user <var class="Ar">identity</var>
+ “anonymous” can be used when public read-only access to
+ repositories over SSH is desired. The anonymous user has an empty
+ password, cannot use an SSH public key, and can only be granted
+ read-only access.</p>
+ <p class="Pp">The special user <var class="Ar">identity</var>
+ “*” (an asterisk) can be used to match all users, except
+ the “anonymous” user. Read-only anonymous access must be
+ enabled explicitly.</p>
+ <p class="Pp">Multiple access rules can be specified, and the last matching
+ rule determines the action taken. If no rule matches, the per-repository
+ rules specified in <a class="Xr" aria-label="gotsys.conf, section
+ 5">gotsys.conf(5)</a> will take effect.</p>
+ </dd>
<dt id="uid"><a class="permalink" href="#uid"><code class="Ic">uid
range</code></a> <var class="Ar">start</var> <var class="Ar">end</var></dt>
<dd>Set the start and end (inclusive) of the range from which
repository directory "/git"
uid range 5000 5999</pre>
</div>
+<p class="Pp">Regardless of what <a class="Xr" aria-label="gotsys.conf, section
+ 5">gotsys.conf(5)</a> says, allow the user account
+ “backup-user” to read any repository:</p>
+<div class="Bd Pp Bd-indent Li">
+<pre>repository permit ro backup-user</pre>
+</div>
+<p class="Pp">Regardless of what <a class="Xr" aria-label="gotsys.conf, section
+ 5">gotsys.conf(5)</a> says, make all repositories read-only:</p>
+<div class="Bd Pp Bd-indent Li">
+<pre>repository permit ro "*"</pre>
+</div>
+<p class="Pp">Regardless of what <a class="Xr" aria-label="gotsys.conf, section
+ 5">gotsys.conf(5)</a> says, make all repositories inaccessible:</p>
+<div class="Bd Pp Bd-indent Li">
+<pre>repository deny "*"</pre>
+</div>
</section>
<section class="Sh">
<h2 class="Sh" id="SEE_ALSO"><a class="permalink" href="#SEE_ALSO">SEE
</section>
</main>
<div class="foot" role="doc-pagefooter" aria-label="Manual footer
- line"><span class="foot-left"></span><span class="foot-date">June 23,
+ line"><span class="foot-left"></span><span class="foot-date">June 27,
2025</span> <span class="foot-os">OpenBSD 7.7</span></div>
</body>
</html>
blob - a6017f2745168c701468c37b4a2cb8f7e36f29ce
blob + de1eb120419fa1dc1944ba566e4c3dcb6622811c
--- gotwebd.8.html
+++ gotwebd.8.html
</section>
</main>
<div class="foot" role="doc-pagefooter" aria-label="Manual footer
- line"><span class="foot-left"></span><span class="foot-date">June 23,
+ line"><span class="foot-left"></span><span class="foot-date">June 27,
2025</span> <span class="foot-os">OpenBSD 7.7</span></div>
</body>
</html>
blob - 37e1bb5eb15edb22c0fb26aed0d3db15f03493d2
blob + 8a63eb7f19a089e76b07ef0894b8bb15a98b4ce8
--- gotwebd.conf.5.html
+++ gotwebd.conf.5.html
</section>
</main>
<div class="foot" role="doc-pagefooter" aria-label="Manual footer
- line"><span class="foot-left"></span><span class="foot-date">June 23,
+ line"><span class="foot-left"></span><span class="foot-date">June 27,
2025</span> <span class="foot-os">OpenBSD 7.7</span></div>
</body>
</html>
blob - 6912e90e08cdfa16292664c7cafead24d28a4d0d
blob + c38f755e74d72f7be42c57ff83ce91e6a27e71d7
--- tog.1.html
+++ tog.1.html
</section>
</main>
<div class="foot" role="doc-pagefooter" aria-label="Manual footer
- line"><span class="foot-left"></span><span class="foot-date">June 23,
+ line"><span class="foot-left"></span><span class="foot-date">June 27,
2025</span> <span class="foot-os">OpenBSD 7.7</span></div>
</body>
</html>
