Commit Briefs
fix empty notification messages with multiple gotd notification targets
When multiple notification targets are configured only the first target received notification message content. The subsequent targets would read EOF when trying to read the content. Fix this issue and add regression test coverage for it, exercising existing test code with a gotd.conf file which contains two notification targets.
don't leak the existence of gotd repositories to unrelated user accounts
In particular, this prevents anonymous user accounts from discovering the existence of other private repositories served by gotd by correctly guessing the name of a private repository. They still wouldn't have read or write access but in some cases even knowledge about the existence of a particular repository could be cause for concern. ok op@
fix an issue where 'git fetch' would error or hang against gotd
If Git has more than 16 have-lines to send it will send a flush-pkt followed by more have-lines. Due to a misunderstanding on my part, gotd didn't like this because it assumed that the flush-pkt terminates the list. Add a test coverage in a new file which we can use to test Git interop issues. Fixes a problem seen by Thomas Adam upon git fetch from got.g.o.
remove outdated TOOD item and tweak test accordingly
The default deny policy is working as expected according to newly added regression test. Tweak this test to use an implicit read-only rule, rather than an explicit one, as stated in the TODO item.
add got-notify-http
ok stsp@
add initial support for commit notifications to gotd(8)
At present only email notifications are implemented. Code for HTTP notifications is not yet finished, hence HTTP-related documentation remains hidden for now. This adds a new 'notify' process which has an "exec" pledge. It runs helper programs which implement the notification transport layer, such as got-notify-email which speaks SMTP. This design avoids having to link all of gotd with network libraries and related crypto libraries. Notification content is generated by the 'repo_write' process. Commit log messages and diffstats are written to a file which the 'notify' process will pass on to its helpers on stdin. The default output looks similar to 'got log -d'. If too many new commits are present the output looks similar to 'got log -s' instead. Tags always look like 'got tag -l'. The session process coordinates generation of notifications. It maintains a notification queue which holds one notification per updated reference, and passes notification requests from this queue to the 'repo_write' process for notification content creation and then to the 'notify' process for notification delivery. Only one notification can be in flight at a time to avoid file descriptor starvation if many references get updated in a single client session. ok op@
consistently use ten Xs in mkstemp(3) templates
patch from Josiah Frentsos, thanks!
remove the gotsh group requirement from gotd; any user can now connect
Repository access is now controlled by access rules in gotd.conf, and concurrent connections to the gotd socket by local users are limited by the listen process. We should keep refining our anti-DoS measures in the future, but at least we have something in place now. ok jamsek, op
fork gotd repo_read/repo_write children on demand
ok op, jamsek
add more gotd regression tests for bad requests; patch by Mikhail
And rename req_wrong_commit.sh to request_bad.sh to reflect the broader scope of this test script.
add a gotd regression test which requests a non-existent commit
Patch by Mikhail
in gotd regress, use USER instead of USERNAME and check for sudo/doas users
Problem where USERNAME is not usually set on OpenBSD reported by Mikhail ok jamsek