We recommend that gotsh users should not have direct filesystem access to repositories served by gotd. Which means admins will be setting things up as follows if public read-access should be denied: chown _gotd /git chmod 700 /git su -m _gotd -c 'gotadmin init /git/repo.git" However, gitwrapper would error out when repositories listed in gotd.conf were inaccessible to the user invoking gitwrapper: git-upload-pack: /etc/gotd.conf:2: realpath /git/repo.git: Permission denied Make gitwrapper ignore such errors as they are expected in this situation. While here, add a PROC_GITWRAPPER process ID for use as a global variable parse.y can check while special-casing any specific behaviour required by gitwrapper. (The worse alternative would have been adding a new global variable to parse.y just to control the behaviour on realpath errors.) ok op@

gotadmin dump is used to export (part of) the history of the repository; at the moment it only generates git bundles (which are pack files with a header) but support to generate a fast-import stream is planned. ok/tweaks stsp and jamsek

from op@

Reorganize the reference validation and pathlist generation by removing the reflist and building a pathlist directly. The pathlist entries record the object id in their extra data pointer, which also allows several redundant reference lookups to be skipped. This will eventually simplify sending target reference names that do not match the local repo by adding another parameter to insert_sendable_ref for a remote reference. This remote name will be added to the pathlist, but validation and object id lookups will continue to be performed with the local reference. ok jamsek

Nothing appears to benefit from this being non-static, and it was missing from the public API headers as well. ok stsp@

ok op@

Don't make -C imply -c (a break statement was missing). Detect -an and -cn conflicts. Simplify by removing unneeded check for conflicting -aC (since -C requires -c, we can rely on the -ac conflict being detected). Update the man page to say -cC is allowed.

ok stsp@

now that got_get_repo_commits() doesn't look at `action' we can stop fetching the commits during the rendering and bubble up the call. This yields better error messages and better replies codes on failure.

ok stsp

before: gotadmin: lockfile timeout after: gotadmin: gc.pid.lock: lockfile timeout

Currently, if there is not a match on the server name, it attempts to match the "subdomain" against the server names, and fall back to the first server defined. The server name is taken from the SERVER_NAME fastcgi' parameter, the subdomain extracted from HTTP_HOST. Keep only the SERVER_NAME matching, but still use the first server defined if there's no match. Fix the manpage documenting how matching works and drop the lie about SNI as gotwebd doesn't do TLS but just looks at what the upstream http server decided. ok stsp@