Commit Briefs
remove outdated TOOD item and tweak test accordingly
The default deny policy is working as expected according to newly added regression test. Tweak this test to use an implicit read-only rule, rather than an explicit one, as stated in the TODO item.
add got-notify-http
ok stsp@
add initial support for commit notifications to gotd(8)
At present only email notifications are implemented. Code for HTTP notifications is not yet finished, hence HTTP-related documentation remains hidden for now. This adds a new 'notify' process which has an "exec" pledge. It runs helper programs which implement the notification transport layer, such as got-notify-email which speaks SMTP. This design avoids having to link all of gotd with network libraries and related crypto libraries. Notification content is generated by the 'repo_write' process. Commit log messages and diffstats are written to a file which the 'notify' process will pass on to its helpers on stdin. The default output looks similar to 'got log -d'. If too many new commits are present the output looks similar to 'got log -s' instead. Tags always look like 'got tag -l'. The session process coordinates generation of notifications. It maintains a notification queue which holds one notification per updated reference, and passes notification requests from this queue to the 'repo_write' process for notification content creation and then to the 'notify' process for notification delivery. Only one notification can be in flight at a time to avoid file descriptor starvation if many references get updated in a single client session. ok op@
consistently use ten Xs in mkstemp(3) templates
patch from Josiah Frentsos, thanks!
remove the gotsh group requirement from gotd; any user can now connect
Repository access is now controlled by access rules in gotd.conf, and concurrent connections to the gotd socket by local users are limited by the listen process. We should keep refining our anti-DoS measures in the future, but at least we have something in place now. ok jamsek, op
fork gotd repo_read/repo_write children on demand
ok op, jamsek
add more gotd regression tests for bad requests; patch by Mikhail
And rename req_wrong_commit.sh to request_bad.sh to reflect the broader scope of this test script.
add a gotd regression test which requests a non-existent commit
Patch by Mikhail
in gotd regress, use USER instead of USERNAME and check for sudo/doas users
Problem where USERNAME is not usually set on OpenBSD reported by Mikhail ok jamsek