Commits
- Commit:
ce1bfad9f1f7c6b1599e0bfed0a1b169d4a30781
- From:
- Stefan Sperling <stsp@stsp.name>
- Via:
- Thomas Adam <thomas@xteddy.org>
- Date:
add initial support for commit notifications to gotd(8)
At present only email notifications are implemented.
Code for HTTP notifications is not yet finished, hence HTTP-related
documentation remains hidden for now.
This adds a new 'notify' process which has an "exec" pledge. It runs
helper programs which implement the notification transport layer,
such as got-notify-email which speaks SMTP. This design avoids having
to link all of gotd with network libraries and related crypto libraries.
Notification content is generated by the 'repo_write' process. Commit log
messages and diffstats are written to a file which the 'notify' process
will pass on to its helpers on stdin. The default output looks similar
to 'got log -d'. If too many new commits are present the output looks
similar to 'got log -s' instead. Tags always look like 'got tag -l'.
The session process coordinates generation of notifications. It maintains
a notification queue which holds one notification per updated reference,
and passes notification requests from this queue to the 'repo_write'
process for notification content creation and then to the 'notify'
process for notification delivery.
Only one notification can be in flight at a time to avoid file descriptor
starvation if many references get updated in a single client session.
ok op@
- Commit:
7fed8fa426806e627fcf1e344e4ce134b17a0474
- From:
- Stefan Sperling <stsp@stsp.name>
- Via:
- Thomas Adam <thomas@xteddy.org>
- Date:
unveil repositories read-only in gotd session process while serving fetches
ok op@
- Commit:
62ee7d94746d0e54c308e112e3b47dcd1bf294f9
- From:
- Stefan Sperling <stsp@stsp.name>
- Via:
- Thomas Adam <thomas@xteddy.org>
- Date:
add a gotd session process, split off from the parent process
The new session process is able to manipulate files in the repository
and keeps track of the read/write client session state.
The parent process now restricts its view of the filesystem to the
absolute path stored in argv[0], and combines this with unveil "x"
on this path. As a result the parent process can only re-exec itself.
small tweaks + ok op@