commit c69ae5ea5c8fc5aba82018caf891314a895a55bc from: Stefan Sperling date: Fri Jun 27 06:50:06 2025 UTC sync manual pages commit - 64c948072db62f52c83f7128d7a46761d8a59407 commit + c69ae5ea5c8fc5aba82018caf891314a895a55bc blob - 4b8235ed1136c60de2cf7ed59d1c1917d4f91000 blob + 6c802d5d5ea60b0b2d1c0884bfe69fb2f979cb72 --- git-repository.5.html +++ git-repository.5.html @@ -215,7 +215,7 @@
June 23, + line">June 27, 2025 OpenBSD 7.7
blob - 6a52745d41cbaa26d11d9b89468a41d1f723d86a blob + 2da1759ce4b54eaa24089f68ff704f0419b12ff1 --- gitwrapper.1.html +++ gitwrapper.1.html @@ -142,7 +142,7 @@
June 23, + line">June 27, 2025 OpenBSD 7.7
blob - 397c08f0d226fb76e730e7601f06de4ff29d9e90 blob + c63646421d506146c4478981e69379ec3176ca8e --- got-worktree.5.html +++ got-worktree.5.html @@ -187,7 +187,7 @@
June 23, + line">June 27, 2025 OpenBSD 7.7
blob - 53ab0a8c4a05313dff7ff2cd26c92e143acdd627 blob + 472ca5f55407977863e2080d07401aaf13e2d316 --- got.1.html +++ got.1.html @@ -3672,7 +3672,7 @@ remote "origin" {
June 23, + line">June 27, 2025 OpenBSD 7.7
blob - cb41a1edf1f4a8bbadbfcc526806101421eec7a7 blob + eb52113084adcd376d490d7ecc9cfddc66dc7ca8 --- got.conf.5.html +++ got.conf.5.html @@ -325,7 +325,7 @@
June 23, + line">June 27, 2025 OpenBSD 7.7
blob - 26ae3d0aab408dd8c22cb15863391df6955c844f blob + d465d72b7d246a4833192bca50ea62427d585ee3 --- gotadmin.1.html +++ gotadmin.1.html @@ -439,7 +439,7 @@
June 23, + line">June 27, 2025 OpenBSD 7.7
blob - b82bedd2a944d06f7fabb781524f1872653ac761 blob + e64534acf004eee35601e9cfb26257b741429ec6 --- gotctl.8.html +++ gotctl.8.html @@ -113,7 +113,7 @@
June 23, + line">June 27, 2025 OpenBSD 7.7
blob - 81dd48f92d211b3c2853bb859d4c3de06f7ca8c3 blob + 8b552c1c7e243eaf271cf93ac04f309f5230f4a1 --- gotd-secrets.conf.5.html +++ gotd-secrets.conf.5.html @@ -112,7 +112,7 @@ repository "openbsd/src" {
June 23, + line">June 27, 2025 OpenBSD 7.7
blob - 19a2f3f5a078730c97810526ac50c5f6c1c5b568 blob + 786f3c8c3b0a1e47661d888c453d764f3df8ece9 --- gotd.8.html +++ gotd.8.html @@ -150,7 +150,7 @@
June 23, + line">June 27, 2025 OpenBSD 7.7
blob - 0161b943907d7c6681790b2a2a182246c6d7d465 blob + dd4dfd1962951061e4e06a8bafa6ace51984d546 --- gotd.conf.5.html +++ gotd.conf.5.html @@ -499,7 +499,7 @@ connection {
June 23, + line">June 27, 2025 OpenBSD 7.7
blob - 0934437dde509573359d0039257a9d3cef3b240b blob + 7aad3fd6cba1d056c5d6d76189c5fe99a99ca6e2 --- gotsh.1.html +++ gotsh.1.html @@ -157,7 +157,7 @@
June 23, + line">June 27, 2025 OpenBSD 7.7
blob - 0cffc509fe1462d0f50d9eb5aecce09871811b29 blob + 6bc7f46f4d425a4bb90a65d0b05f10fe17530c10 --- gotsys.1.html +++ gotsys.1.html @@ -172,7 +172,7 @@
June 23, + line">June 27, 2025 OpenBSD 7.7
blob - e3b201fb2d7b15a15faecc3c6b4cb1c140183400 blob + 2001b0326b57a5c90ff7c73f913629e5ef9bbc4b --- gotsys.conf.5.html +++ gotsys.conf.5.html @@ -38,12 +38,13 @@ information to gotsysd(8).

gotsys.conf allows remote - administrators to configure aspects of Git repository services without - having shell access to the Git server's operating system. Remote - administrators merely need to be granted write access to a special-purpose + administrators to configure aspects of Git repositories hosted by + gotd(8) without having shell + access to the Git server's operating system. Remote administrators merely + need to be granted write access to a special-purpose - hosted by gotd(8) in order to - configure Git repository services.

+ called gotsys.git in order to configure Git + repository services.

The file format is line-based, with one configuration directive per line. Any lines beginning with a ‘#’ are treated as comments and ignored.

@@ -144,6 +145,9 @@
  • ssh-ed25519
  • ssh-rsa
    • +

    The key type must be followed by the base64-encoded public + key. To avoid syntax errors the base64 string + might need to be wrapped in quotes.

    The optional comment is not used for anything, but may be convenient for the user to identify the key.

    @@ -275,6 +279,7 @@ user flan_hacker { user flan_squee { group porters authorized key ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAQ2ZWscmMeCYLwm07gDSf0jApFJ58bMNxiErDqUrFz4 + authorized key ecdsa-sha2-nistp256 "AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBVqRHzWh20u49JoZPc34pBFo7w+0KGRCnkuNbeR7ufJUbXceDwzgssQHDVILD1QK0Mmku2jLo1MG/BtwTVpsWc=" flan_squee@localhost } repository "src" { @@ -312,7 +317,7 @@ repository "secret" {
    June 23, + line">June 27, 2025 OpenBSD 7.7
    blob - 81d8b670d4d81fc538de2bfb3b017081b10ea4cb blob + f002ed2f7b9d74db8e3a64478e69efea213204be --- gotsysctl.8.html +++ gotsysctl.8.html @@ -93,7 +93,7 @@
    June 23, + line">June 27, 2025 OpenBSD 7.7
    blob - 53fd15a909d57f46774f8bd27786ca8a37977101 blob + 485471868eed2b8a4d24c6145a428a28a4d2229e --- gotsysd.8.html +++ gotsysd.8.html @@ -136,7 +136,7 @@
    June 23, + line">June 27, 2025 OpenBSD 7.7
    blob - f9ce4546b1cc210ce065e789cf145336747a5f15 blob + 9da5aa24288edff97da79e378138dbd473ac0675 --- gotsysd.conf.5.html +++ gotsysd.conf.5.html @@ -91,6 +91,52 @@ listen on $path

    If not specified, the path /git will be used.

    +
    + deny identity
    +
    Deny repository access to users with the username + identity. +

    Access rules set in gotsysd.conf apply + to all repositories and override conflicting per-repository access rules + specified in gotsys.conf(5).

    +

    Group names may be matched by prepending a colon + (‘:’) to identity.

    +

    The special user identity + “*” (an asterisk) can be used to match all users, + including the “anonymous” user.

    +

    Multiple access rules can be specified, and the last matching + rule determines the action taken. If no rule matches, the per-repository + rules specified in gotsys.conf(5) will take effect.

    +
    +
    + permit mode + identity
    +
    Permit repository access to users with the username + identity. +

    Access rules set in gotsysd.conf apply + to all repositories and override conflicting per-repository access rules + specified in gotsys.conf(5).

    +

    The mode argument must be set to either + ro for read-only access, or + rw for read-write access. Group names may be + matched by prepending a colon (‘:’) to + identity.

    +

    The special user identity + “anonymous” can be used when public read-only access to + repositories over SSH is desired. The anonymous user has an empty + password, cannot use an SSH public key, and can only be granted + read-only access.

    +

    The special user identity + “*” (an asterisk) can be used to match all users, except + the “anonymous” user. Read-only anonymous access must be + enabled explicitly.

    +

    Multiple access rules can be specified, and the last matching + rule determines the action taken. If no rule matches, the per-repository + rules specified in gotsys.conf(5) will take effect.

    +
    start end
    Set the start and end (inclusive) of the range from which @@ -123,6 +169,22 @@ listen on "/var/run/gotsysd.sock" repository directory "/git" uid range 5000 5999 +

    Regardless of what gotsys.conf(5) says, allow the user account + “backup-user” to read any repository:

    +
    +
    repository permit ro backup-user
    +
    +

    Regardless of what gotsys.conf(5) says, make all repositories read-only:

    +
    +
    repository permit ro "*"
    +
    +

    Regardless of what gotsys.conf(5) says, make all repositories inaccessible:

    +
    +
    repository deny "*"
    +