Commits
- Commit:
050c0b8ca3bc56e34b304d886ed11ec58badadf2
- From:
- Omar Polo <op@omarpolo.com>
- Date:
got-notify-http: implement basic authentication
ok stsp
- Commit:
6cd04c7054a96d0025d9a12fc17c8ffbc5085925
- From:
- Stefan Sperling <stsp@stsp.name>
- Date:
remove outdated TOOD item and tweak test accordingly
The default deny policy is working as expected according to newly added
regression test. Tweak this test to use an implicit read-only rule,
rather than an explicit one, as stated in the TODO item.
- Commit:
bbca3812085e5772aac555a22b906351d2acfe91
- From:
- Stefan Sperling <stsp@stsp.name>
- Date:
add test for read-only access on empty repository
- Commit:
5565365ce71d431c522f98b121706b13c4bf2d22
- From:
- Omar Polo <op@omarpolo.com>
- Date:
add got-notify-http
ok stsp@
- Commit:
ba97b2d7ec97e54a025a39e04c0fd59fdd54a57b
- From:
- Stefan Sperling <stsp@stsp.name>
- Date:
add initial support for commit notifications to gotd(8)
At present only email notifications are implemented.
Code for HTTP notifications is not yet finished, hence HTTP-related
documentation remains hidden for now.
This adds a new 'notify' process which has an "exec" pledge. It runs
helper programs which implement the notification transport layer,
such as got-notify-email which speaks SMTP. This design avoids having
to link all of gotd with network libraries and related crypto libraries.
Notification content is generated by the 'repo_write' process. Commit log
messages and diffstats are written to a file which the 'notify' process
will pass on to its helpers on stdin. The default output looks similar
to 'got log -d'. If too many new commits are present the output looks
similar to 'got log -s' instead. Tags always look like 'got tag -l'.
The session process coordinates generation of notifications. It maintains
a notification queue which holds one notification per updated reference,
and passes notification requests from this queue to the 'repo_write'
process for notification content creation and then to the 'notify'
process for notification delivery.
Only one notification can be in flight at a time to avoid file descriptor
starvation if many references get updated in a single client session.
ok op@
- Commit:
ea2819beec950c5a86b5960f5966115816997164
- From:
- Josiah Frentsos <jfrent@tilde.team>
- Via:
- Omar Polo <op@omarpolo.com>
- Date:
consistently use ten Xs in mkstemp(3) templates
patch from Josiah Frentsos, thanks!
- Commit:
9afa3de221045d529287cc3fa75fdc2915aed5c1
- From:
- Stefan Sperling <stsp@stsp.name>
- Date:
add support for protecting references against 'got send -f' to gotd
ok op@
- Commit:
bec0d92a2fd3ce4d070485dd05b811e5561885b2
- From:
- Stefan Sperling <stsp@stsp.name>
- Date:
add gotd regress gotd.conf to CLEANFILES to remove it during 'make clean'
- Commit:
83577462cc61708af1c98d70939bb1d6c54a1506
- From:
- Stefan Sperling <stsp@stsp.name>
- Date:
switch gotd.conf syntax from 'unix_socket' to 'listen on'
ok op@
- Commit:
6f854dde056f82d0c757c720beed863fc557a1ca
- From:
- Stefan Sperling <stsp@stsp.name>
- Date:
remove the gotsh group requirement from gotd; any user can now connect
Repository access is now controlled by access rules in gotd.conf,
and concurrent connections to the gotd socket by local users are
limited by the listen process. We should keep refining our anti-DoS
measures in the future, but at least we have something in place now.
ok jamsek, op
- Commit:
b50a2b4639132c68255480f1c5c8785fd7cd8094
- From:
- Stefan Sperling <stsp@stsp.name>
- Date:
fork gotd repo_read/repo_write children on demand
ok op, jamsek
- Commit:
a5feed5fb64e7964d25144156a6dd0700af84150
- From:
- Mikhail <mp39590@gmail.com>
- Via:
- Stefan Sperling <stsp@stsp.name>
- Date:
add more gotd regression tests for bad requests; patch by Mikhail
And rename req_wrong_commit.sh to request_bad.sh to reflect the broader
scope of this test script.
- Commit:
be4f45b5bf0e1675373554243f024efb2d45a2e8
- From:
- Stefan Sperling <stsp@stsp.name>
- Date:
rename repo_req_wrong_commit.sh to req_wrong_commit.sh for consistency
- Commit:
6eb6bfed344145baeb3edf2fb884be0852bf857f
- From:
- Stefan Sperling <stsp@stsp.name>
- Date:
tweak naming in new gotd regress test for consistency
- Commit:
44ff0a4492e37763f0d19d4eeb2157221122cb1b
- From:
- Mikhail <mp39590@gmail.com>
- Via:
- Stefan Sperling <stsp@stsp.name>
- Date:
add a gotd regression test which requests a non-existent commit
Patch by Mikhail
- Commit:
b1a9f90ef84695ba812232cf18f1d358fc27c96e
- From:
- Stefan Sperling <stsp@stsp.name>
- Date:
in gotd regress, use USER instead of USERNAME and check for sudo/doas users
Problem where USERNAME is not usually set on OpenBSD reported by Mikhail
ok jamsek
- Commit:
62192466ab5788fb06092a4aed86ed2682cdee81
- From:
- Stefan Sperling <stsp@stsp.name>
- Date:
make it easier to run gotd regress via doas(1); ok kn, tracey
- Commit:
d5a5db9a703bfcc55f8c1755cca19f9ec5dac488
- From:
- Stefan Sperling <stsp@stsp.name>
- Date:
add a gotd auth test case for an explicitly denied group
ok op@
- Commit:
ec093ca72887803b109a43f72374f2be09e77109
- From:
- Stefan Sperling <stsp@stsp.name>
- Date:
add a gotd auth test case for explicitly denied users
ok op@
- Commit:
55f70a402ce99cc30701cace6ffb43e1da6dae7e
- From:
- Stefan Sperling <stsp@stsp.name>
- Date:
add a test case for requests from users not listed in gotd.conf
ok op@
- Commit:
ddbe612c691511246aacb15046c1a202d0efcf75
- From:
- Stefan Sperling <stsp@stsp.name>
- Date:
fix group membership check in gotd auth
ok op@
- Commit:
0ccf3acb6c3004ac41b46ad931024da1f4ea0e3e
- From:
- Stefan Sperling <stsp@stsp.name>
- Date:
implement per-repository read/write authorization rules in gotd
ok op@
- Commit:
4ce98cf7adb9e536bf4a2330e402899b0aac2e8f
- From:
- Stefan Sperling <stsp@stsp.name>
- Date:
add a regression test for sending to an empty repository via gotd
ok op@
- Commit:
4398c738bca10e0e884353fb494a23e7d7ac0524
- From:
- Omar Polo <op@omarpolo.com>
- Date:
awk ftw! no need to grep, awk can filter lines by itself
ok stsp@
- Commit:
6ae16afd7eb87b9d1ae10d16f29e1a66649decc7
- From:
- Stefan Sperling <stsp@stsp.name>
- Date:
add a test suite for gotd(8); check basic clone and send functionality