portable: gotd/gitwrapper: update for libs Bring gotd and gitwrapper closer to how libraries are detected.

make gitwrapper ignore 'permission denied' for repository paths We recommend that gotsh users should not have direct filesystem access to repositories served by gotd. Which means admins will be setting things up as follows if public read-access should be denied: chown _gotd /git chmod 700 /git su -m _gotd -c 'gotadmin init /git/repo.git" However, gitwrapper would error out when repositories listed in gotd.conf were inaccessible to the user invoking gitwrapper: git-upload-pack: /etc/gotd.conf:2: realpath /git/repo.git: Permission denied Make gitwrapper ignore such errors as they are expected in this situation. While here, add a PROC_GITWRAPPER process ID for use as a global variable parse.y can check while special-casing any specific behaviour required by gitwrapper. (The worse alternative would have been adding a new global variable to parse.y just to control the behaviour on realpath errors.) ok op@

drop unused strlen; ok stsp@

remove dependency of gitwrapper on gotd/auth.c Move gotd_auth_parseuid() from auth.c to parse.y as gotd_parseuid(), and remove auth.c from the list of source files required by gitwrapper.

remove dependency of gitwrapper on gotd/listen.c Move gotd_find_uid_connection_limit() from listen.c into parse.y and remove listen.c from the list of source files required by gitwrapper.

make gotd/gitwrapper start up even if a repository is missing on disk This should result in more useful behaviour when gitwrapper runs and repositories listed in gotd.conf do not yet exist or do no longer exist.

grammar fix for parse.y error message

reject overlapping protected branch vs. tag namespaces ok op@

gotd.conf: free STRINGS in all code paths ok stsp@

gotd.conf: fix memleak in `protect' error path and disallow dups too ok stsp@

add support for protecting references against 'got send -f' to gotd ok op@

avoid gitwrapper printing a warning when /etc/gotd.conf does not exist gotd still requires the config file, of course, but gitwrapper must treat is as optional and remain silent if the file cannot be found.

add gitwrapper(1) ok op@, tracey@ earlier version

gotd requires a config file; don't fail silently when gotd.conf cannot be read Fixes an issue encountered by mlarkin@ where the auth process was working with an empty list of repositories and kept saying it could not find a repository which was obviously listed in gotd.conf. Now we can see errors from fopen() in the logs instead. Old code was copied from gotwebd where the config file is optional.

portable: rework SHA detection Simply the SHA detection by not predicating on libcrypto, but instead checking individual header files.

portable: remove sha1.h; found portably Remove sha1.h as this is found portably across systems.

include sha2.h too where sha1.h is included In preparation for wide sha256 support; stsp@ agrees. Change done mechanically with find . -iname \*.[cy] -exec sam {} + X ,x/<sha1\.h>/i/\n#include <sha2.h>

rm unused boolean grammar. ok stsp@

gotd: move socket path check to parse.y and error from the main process It's handy to have a "bad unix socket path" error being reported directly from the main process since can get caught by `gotd -n'. ok jamsek stsp

gotd: move nrepos check to parse_config ok jamsek stsp

call realpath() during early startup in gotd's parse.y This ensures that all repositories exist when the process is first started. It will also help to avoid an "rpath" pledge promise in a future gotd which uses a separate session process, by avoiding realpath() calls while starting new processes.

switch gotd.conf syntax from 'unix_socket' to 'listen on' ok op@

remove the gotsh group requirement from gotd; any user can now connect Repository access is now controlled by access rules in gotd.conf, and concurrent connections to the gotd socket by local users are limited by the listen process. We should keep refining our anti-DoS measures in the future, but at least we have something in place now. ok jamsek, op

simplify gotd' timeouts string parsing no need to duplicate what strtonum does; pass the *real* maximum value allowed to it directly. ok stsp@

gotd: allow to express timeouts using minutes/hours This allows to use a suffix to indicate the unit of measure, such as "1h" for one hour or "30m" for 30 minutes. The suffix "s" for seconds is also accepted for completeness. ok stsp