Add a new sub-package for gotsysd.
Add reload support to the gotd rc.d script. This will only work with
configuraton files at their default locations. If using other locations
the "gotctl reload" command must be run manually with -c and -s flags.
gotwebd now needs RUN_DEPENDS on devel/got,-main since it runs binaries
installed by the got package. The /var/www/bin/gotwebd directory is no
longer used and can be removed.
gotwebd now runs as the _gotwebd user by default, not "www". The user
"wwW" can still be set in /etc/gotwebd.conf if desired.
gotwebd no longer requires repositories to reside in the chroot.
The repos_path directive in /etc/gotwebd.conf now requires an absolute
path, rather than a chroot-relative path.
The default repository path, /var/www/got/public, remains unchanged.
To make gotwebd start up out of the box, create this directory during
installation of the gotwebd package, mode 750, with the default owner
being the _gotwebd user. This allows su -m _gotwebd -c "got init foo.git"
and similar commands to work. At run-time the effective mode is 550 since
gotwebd uses unveil(2) to impose read-only access to repositories on itself.
When serving repositories with both gotd and gotwebd, the recommended
ownership of repository directories is _gotd:_gotwebd with mode 750.
Unlike gotd, gotwebd lacks authentication at present. Private repositories
must be hidden via the respect_exportok mechanism in gotweb.conf(5). This
situation will be improved in a future release.
The detailed changelog follows:
- introduce gotsysd: configure gotd servers by committing to gotsys.git repo
- make gotd run 'gotsys check' on gotsys.conf commits before accepting them
- make gotd run 'gotsys apply' when the gotsys.git repo receives changes
- add a missing malloc failure check to gotd's repo_write process
- make got clone/fetch work against Git servers which do not speak English
- stop processing more messages upon error in gotd repo_write process
- close file descriptors passed to gotd_imsg_compose_event() on failure
- potential fix for use-after-free in lib/repository.c's match_packed_object()
- make gotd return an informative error when the connection limit is exceeded
- in gotctl info, display the time when a client connection was created
- add reload support to gotd, triggered via 'gotctl reload', not via SIGHUP!
- test S_ISREG in parse_ref_file() explicitly rather than via getline(3)
- release ref-file lock when fstat fails in parse_ref_file()
- do not treat unhandled signals as a fatal error in gotwebd
- fix an edge case of tog spinning when 'B' is pressed in log view
- stop using got_repo_map_path() in gotwebd to fix spurious realpath(3) errors
- avoid creation of pack_fds array when not needed, saving file descriptors
- gotwebd now runs as the _gotwebd user by default, rather than "www"
- gotwebd can now serve repositories outside the /var/www chroot directory
- the gotwebd.conf repos_path directive is no longer relative to the chroot
- get rid of the gotwebd-specific libexec helpers in /var/www/bin/gotwebd
- improve gotwebd behaviour when sending data to already disconnected clients
- plug some memory leaks in got-send-pack and got-fetch-pack
- fix got-fetch-http performance when server sends chunked HTTP responses
M devel/got/Makefile | 8+ 5-
M devel/got/distinfo | 2+ 2-
D devel/got/patches/patch-gotd_repo_write_c | 0+ 29-
D devel/got/patches/patch-gotd_session_read_c | 0+ 20-
D devel/got/patches/patch-gotd_session_write_c | 0+ 39-
D devel/got/patches/patch-lib_repository_c | 0+ 50-
D devel/got/patches/patch-libexec_got-fetch-pack_got-fetch-pack_c | 0+ 23-
A devel/got/pkg/DESCR-sysd | 10+ 0-
M devel/got/pkg/PLIST-main | 3+ 0-
A devel/got/pkg/PLIST-sysd | 20+ 0-
M devel/got/pkg/PLIST-webd | 9+ 10-
M devel/got/pkg/gotd.rc | 4+ 1-
A devel/got/pkg/gotsysd.rc | 15+ 0-
13 files changed, 71 insertions(+), 179 deletions(-)
commit - 9d2453246c77d54e499db41534a9ea3eb8bd630d
commit + e2e9fbeb8aa1df309e1158fe28b7818d9f880838
blob - 185ffbd23630e15835cc0526912a508cc9f33386
blob + 327ad37d2374461f59827134d80ae12eb7afb8e6
--- devel/got/Makefile
+++ devel/got/Makefile
@@ -2,13 +2,14 @@ COMMENT-main = game of trees version control
system
COMMENT-server = game of trees repository server
COMMENT-webd = game of trees repository fast-cgi server
COMMENT-gitwrapper = invoke an appropriate Git repository server
+COMMENT-sysd = game of trees system management daemon
-V = 0.110
-REVISION = 0
+V = 0.111
DISTNAME = got-${V}
PKGNAME-server = gotd-${V}
PKGNAME-webd = gotwebd-${V}
PKGNAME-gitwrapper = gitwrapper-${V}
+PKGNAME-sysd = gotsysd-${V}
CATEGORIES = devel
HOMEPAGE = https://gameoftrees.org
MAINTAINER = Stefan Sperling <s...@openbsd.org>
@@ -17,18 +18,20 @@ MAINTAINER = Stefan Sperling
<s...@openbsd.org>
PERMIT_PACKAGE = Yes
RUN_DEPENDS-server = devel/got,-gitwrapper
+RUN_DEPENDS-webd = devel/got,-main
-MULTI_PACKAGES = -main -server -webd -gitwrapper
+MULTI_PACKAGES = -main -server -webd -gitwrapper -sysd
# uses pledge()
WANTLIB-main = c curses m panel pthread tls util z
WANTLIB-server = c crypto event m tls util z
WANTLIB-webd = c event m util z
WANTLIB-gitwrapper = c
+WANTLIB-sysd = c event m util z
MAKE_FLAGS = CC="${CC}"
-ALL_TARGET = all server webd
-INSTALL_TARGET = install server-install webd-install
+ALL_TARGET = all server webd sysd
+INSTALL_TARGET = install server-install webd-install sysd-install
SITES = https://gameoftrees.org/releases/
blob - c30c780c6748505de86cfa18c1d11d2974506135
blob + 244524aabaa5aa75a396e45c45ebbc6fb36f9173
--- devel/got/distinfo
+++ devel/got/distinfo
@@ -1,2 +1,2 @@
-SHA256 (got-0.110.tar.gz) = qdcDgP3u8uo8m8UiB42kGxEQ9u585eZYfJp+hVwdFNo=
-SIZE (got-0.110.tar.gz) = 1054541
+SHA256 (got-0.111.tar.gz) = J/fTMH0FZXsr3k0ETOG9eFbUGLeO7ovDQvxrAaImCvM=
+SIZE (got-0.111.tar.gz) = 1177542
blob - 605c4133c30725790d333ef4783bb7c1da6fae9d (mode 644)
blob + /dev/null
--- devel/got/patches/patch-gotd_repo_write_c
+++ /dev/null
@@ -1,29 +0,0 @@
-Index: gotd/repo_write.c
---- gotd/repo_write.c.orig
-+++ gotd/repo_write.c
-@@ -1392,6 +1392,8 @@ verify_packfile(void)
- return got_error_from_errno("pack index fstat");
-
- packidx = malloc(sizeof(*packidx));
-+ if (packidx == NULL)
-+ return got_error_from_errno("malloc");
- memset(packidx, 0, sizeof(*packidx));
- packidx->fd = client->packidx_fd;
- client->packidx_fd = -1;
-@@ -2231,7 +2233,7 @@ repo_write_dispatch_session(int fd, short event, void
- fatalx("%s", err->msg);
- }
-
-- for (;;) {
-+ while (err == NULL) {
- if ((n = imsg_get(ibuf, &imsg)) == -1)
- fatal("%s: imsg_get error", __func__);
- if (n == 0) /* No more messages. */
-@@ -2320,6 +2322,7 @@ repo_write_dispatch_session(int fd, short event, void
- break;
- default:
- log_debug("unexpected imsg %d", imsg.hdr.type);
-+ err = got_error(GOT_ERR_PRIVSEP_MSG);
- break;
- }
-
blob - 36751c8730f711a46fd4b8570608487834780b81 (mode 644)
blob + /dev/null
--- devel/got/patches/patch-gotd_session_read_c
+++ /dev/null
@@ -1,20 +0,0 @@
-Index: gotd/session_read.c
---- gotd/session_read.c.orig
-+++ gotd/session_read.c
-@@ -429,6 +429,8 @@ send_packfile(struct gotd_session_client *client)
- err = got_error_from_errno("imsg compose SEND_PACKFILE");
- close(pipe[0]);
- close(pipe[1]);
-+ close(client->delta_cache_fd);
-+ client->delta_cache_fd = -1;
- return err;
- }
-
-@@ -444,6 +446,7 @@ send_packfile(struct gotd_session_client *client)
- if (gotd_imsg_compose_event(&client->iev,
- GOTD_IMSG_PACKFILE_PIPE, PROC_GOTD, pipe[0], NULL, 0) == -1) {
- err = got_error_from_errno("imsg compose PACKFILE_PIPE");
-+ close(pipe[0]);
- close(pipe[1]);
- return err;
- }
blob - 16ed236d70475b5c8904d62dcd9f17c3a47ce7d8 (mode 644)
blob + /dev/null
--- devel/got/patches/patch-gotd_session_write_c
+++ /dev/null
@@ -1,39 +0,0 @@
-Index: gotd/session_write.c
---- gotd/session_write.c.orig
-+++ gotd/session_write.c
-@@ -1113,7 +1113,6 @@ recv_packfile(struct gotd_session_client *client)
- GOTD_IMSG_PACKFILE_PIPE, PROC_SESSION_WRITE, pipe[0],
- NULL, 0) == -1) {
- err = got_error_from_errno("imsg compose PACKFILE_PIPE");
-- pipe[0] = -1;
- goto done;
- }
- pipe[0] = -1;
-@@ -1121,8 +1120,10 @@ recv_packfile(struct gotd_session_client *client)
- /* Send pack pipe end 1 to gotsh(1) (expects just an fd, no data). */
- if (gotd_imsg_compose_event(&client->iev,
- GOTD_IMSG_PACKFILE_PIPE, PROC_SESSION_WRITE, pipe[1],
-- NULL, 0) == -1)
-+ NULL, 0) == -1) {
- err = got_error_from_errno("imsg compose PACKFILE_PIPE");
-+ goto done;
-+ }
- pipe[1] = -1;
-
- if (asprintf(&basepath, "%s/%s/receiving-from-uid-%d.pack",
-@@ -1160,7 +1161,6 @@ recv_packfile(struct gotd_session_client *client)
- GOTD_IMSG_PACKIDX_FILE, PROC_SESSION_WRITE,
- idxfd, NULL, 0) == -1) {
- err = got_error_from_errno("imsg compose PACKIDX_FILE");
-- idxfd = -1;
- goto done;
- }
- idxfd = -1;
-@@ -1173,7 +1173,6 @@ recv_packfile(struct gotd_session_client *client)
- GOTD_IMSG_RECV_PACKFILE, PROC_SESSION_WRITE, packfd,
- &ipack, sizeof(ipack)) == -1) {
- err = got_error_from_errno("imsg compose RECV_PACKFILE");
-- packfd = -1;
- goto done;
- }
- packfd = -1;
blob - f334a52df3e8a6f1dde98478024b76537ae4ce8a (mode 644)
blob + /dev/null
--- devel/got/patches/patch-lib_repository_c
+++ /dev/null
@@ -1,50 +0,0 @@
-Index: lib/repository.c
---- lib/repository.c.orig
-+++ lib/repository.c
-@@ -1838,21 +1838,6 @@ retry:
- struct got_packidx *packidx;
- struct got_object_qid *qid;
-
-- /*
-- * If the modification time of the 'objects/pack' directory
-- * has changed then 'pe' could now be an invalid pointer.
-- */
-- if (tv.tv_sec != repo->pack_path_mtime.tv_sec ||
-- tv.tv_nsec != repo->pack_path_mtime.tv_nsec) {
-- if (++retries > max_retries) {
-- err = got_error_msg(GOT_ERR_TIMEOUT,
-- "too many concurrent pack file "
-- "modifications");
-- goto done;
-- }
-- goto retry;
-- }
--
- path_packidx = pe->path;
-
- err = got_packidx_open(&packidx, got_repo_get_fd(repo),
-@@ -1884,6 +1869,24 @@ retry:
- &qid->id);
- if (err)
- goto done;
-+ /*
-+ * If the modification time of the
-+ * 'objects/pack' directory has changed then
-+ * 'pe' could now be an invalid pointer.
-+ */
-+ if (tv.tv_sec !=
-+ repo->pack_path_mtime.tv_sec ||
-+ tv.tv_nsec !=
-+ repo->pack_path_mtime.tv_nsec) {
-+ if (++retries > max_retries) {
-+ err = got_error_msg(
-+ GOT_ERR_TIMEOUT,
-+ "too many concurrent "
-+ "pack file modifications");
-+ goto done;
-+ }
-+ goto retry;
-+ }
- if (matched_type != obj_type)
- continue;
- }
blob - fe5043c5177056c699a9904b0f1bf93d046bc455 (mode 644)
blob + /dev/null
--- devel/got/patches/patch-libexec_got-fetch-pack_got-fetch-pack_c
+++ /dev/null
@@ -1,23 +0,0 @@
-Index: libexec/got-fetch-pack/got-fetch-pack.c
---- libexec/got-fetch-pack/got-fetch-pack.c.orig
-+++ libexec/got-fetch-pack/got-fetch-pack.c
-@@ -193,13 +193,16 @@ fetch_progress(struct imsgbuf *ibuf, const char *buf,
- if (len > MAX_IMSGSIZE - IMSG_HEADER_SIZE)
- len = MAX_IMSGSIZE - IMSG_HEADER_SIZE;
-
-- /* Only allow printable ASCII. */
-+ /*
-+ * We only allow printable ASCII for safety reasons and silently
-+ * ignore non-ASCII messages, which may be somewhat legitimately
-+ * caused by Git servers running in a non-English language locale.
-+ */
- for (i = 0; i < len; i++) {
- if (isprint((unsigned char)buf[i]) ||
- isspace((unsigned char)buf[i]))
- continue;
-- return got_error_msg(GOT_ERR_BAD_PACKET,
-- "non-printable progress message received from server");
-+ return NULL;
- }
-
- return send_fetch_server_progress(ibuf, buf, len);
blob - /dev/null
blob + 03dcc9ead1a1bd9446c94f4fb89726e09c95d191 (mode 644)
--- /dev/null
+++ devel/got/pkg/DESCR-sysd
@@ -0,0 +1,10 @@
+gotsysd(8) is the Game of Trees System management daemon.
+
+gotsysd(8) allows managing a gotd(8) server without having direct shell
+access to the OpenBSD system which runs gotd(8). Service administrators
+manage the gotd(8) server by committing changes to gotsys.conf(5) in the
+special gotsys.git repository, rather than via a root shell.
+
+gotsysd(8) supports the creation of Git repositories, the creation of
+user accounts running gotsh(1), setting repository access permissions,
+and more.
blob - 338e4d4e3d7511e0b152556245434298a6cca3fc
blob + 77698f655a6731023808a6d03f86008d938f3d71
--- devel/got/pkg/PLIST-main
+++ devel/got/pkg/PLIST-main
@@ -1,6 +1,7 @@
@pkgpath devel/got
@bin bin/got
@bin bin/gotadmin
+@bin bin/gotsys
@bin bin/tog
@bin libexec/got-fetch-http
@bin libexec/got-fetch-pack
@@ -17,7 +18,9 @@
@bin libexec/got-send-pack
@man man/man1/got.1
@man man/man1/gotadmin.1
+@man man/man1/gotsys.1
@man man/man1/tog.1
@man man/man5/git-repository.5
@man man/man5/got-worktree.5
@man man/man5/got.conf.5
+@man man/man5/gotsys.conf.5
blob - f9e3ea03e9c5bcfba07a9936ff6615e13a8f36e9
blob + 674aa121ad60d1cb22c09f1dd880fa62571d1ef1
--- devel/got/pkg/PLIST-webd
+++ devel/got/pkg/PLIST-webd
@@ -1,14 +1,6 @@
+@newgroup _gotwebd:593
+@newuser _gotwebd:593:_gotwebd::Game of Trees Web
Daemon:/nonexistent:/sbin/nologin
@rcscript ${RCDIR}/gotwebd
-bin/gotwebd/
-bin/gotwebd/libexec/
-@bin bin/gotwebd/libexec/got-read-blob
-@bin bin/gotwebd/libexec/got-read-commit
-@bin bin/gotwebd/libexec/got-read-gitconfig
-@bin bin/gotwebd/libexec/got-read-gotconfig
-@bin bin/gotwebd/libexec/got-read-object
-@bin bin/gotwebd/libexec/got-read-pack
-@bin bin/gotwebd/libexec/got-read-tag
-@bin bin/gotwebd/libexec/got-read-tree
htdocs/gotwebd/
htdocs/gotwebd/android-chrome-192x192.png
htdocs/gotwebd/android-chrome-384x384.png
@@ -23,6 +15,13 @@ htdocs/gotwebd/gotweb.css
htdocs/gotwebd/mstile-150x150.png
htdocs/gotwebd/safari-pinned-tab.svg
htdocs/gotwebd/site.webmanifest
+@mode 750
+@owner _gotwebd
+@group _gotwebd
+@dir got/public
+@mode
+@group
+@owner
@cwd ${LOCALBASE}
@man man/man5/gotwebd.conf.5
@man man/man8/gotwebd.8
blob - 9e579c3b42acdc3ba42fd2d6b079968262c053b7
blob + fb0704145269ee58d007b7074a3b337d88f87312
--- devel/got/pkg/gotd.rc
+++ devel/got/pkg/gotd.rc
@@ -1,6 +1,7 @@
#!/bin/ksh
daemon="${TRUEPREFIX}/sbin/gotd"
+control="${TRUEPREFIX}/sbin/gotctl"
. /etc/rc.d/rc.subr
@@ -10,6 +11,8 @@ rc_configtest() {
${daemon} -n ${daemon_flags}
}
-rc_reload=NO
+rc_reload() {
+ ${control} reload
+}
rc_cmd $1
blob - /dev/null
blob + 617e5755ff8c4eca2d7a23ee25e2c22c95d9b037 (mode 644)
--- /dev/null
+++ devel/got/pkg/PLIST-sysd
@@ -0,0 +1,20 @@
+@newgroup _gotsysd:600
+@newuser _gotsysd:600:_gotsysd::Game of Trees System
Daemon:/nonexistent:/sbin/nologin
+@rcscript ${RCDIR}/gotsysd
+@bin libexec/gotsys-apply
+@bin libexec/gotsys-apply-conf
+@bin libexec/gotsys-check
+@bin libexec/gotsys-groupadd
+@bin libexec/gotsys-read-conf
+@bin libexec/gotsys-repo-create
+@bin libexec/gotsys-rmkeys
+@bin libexec/gotsys-sshdconfig
+@bin libexec/gotsys-useradd
+@bin libexec/gotsys-userhome
+@bin libexec/gotsys-userkeys
+@bin libexec/gotsys-write-conf
+@man man/man5/gotsysd.conf.5
+@bin sbin/gotsysctl
+@bin sbin/gotsysd
+@man man/man8/gotsysctl.8
+@man man/man8/gotsysd.8
blob - /dev/null
blob + 814ad8547b5c118fb492db933302fdbcb1d9c4bc (mode 644)
--- /dev/null
+++ devel/got/pkg/gotsysd.rc
@@ -0,0 +1,15 @@
+#!/bin/ksh
+
+daemon="${TRUEPREFIX}/sbin/gotsysd"
+
+. /etc/rc.d/rc.subr
+
+pexp="gotsysd: parent"
+
+rc_configtest() {
+ ${daemon} -n ${daemon_flags}
+}
+
+rc_reload=NO
+
+rc_cmd $1
