"GOT", but the "O" is a cute, smiling pufferfish. Index | Thread | Search

From:
Landry Breuil <landry@openbsd.org>
Subject:
[gotwebd] add respect_exportok flag to hide/dont expose some repositories
To:
gameoftrees@openbsd.org
Date:
Mon, 31 Oct 2022 14:54:16 +0100

Download raw body.

Thread 
Hi,

replacing my cgit install by gotwebd, got annoyed because by default
gotwebd displays all repositories while cgitrc allows to list the
repositories to display in the index.

discussing it with stsp@ we pondered about adding per-repo settings, but
he suggested reusing the magic 'git-daemon-export-ok' file, that
git-daemon checks for existence to figure out if it should export a
repo.

so here's a diff that :
- adds respect_exportok boolean flag to the config, defaulting to
  false -> no change to existing configs needed
- if the flag is true, check that the git-daemon-export-ok magic file
  exists in the repo, and returns GOT_ERR_NOT_GIT_REPO if it doesnt
  exist

this way, i can have "hidden" git repos in /var/www/htdocs/git that can
still be cloned only by the ones who know their name, and the same repos
listed in https://cgit.rhaalovely.net/
are seen in https://cgit.rhaalovely.net/gotwebd/

feedback welcome.

Landry
diff refs/heads/main refs/heads/foo
commit - b2e7d31ee036249faf5099d0a548d8e0b1dcc520
commit + 70c522a63bb0def0601951963f7dfd546c08437a
blob - 62c8c986ac17851a371bfa80e6bdff7c7dd2084f
blob + 0e5695cd1f8bf1ddc42ba2137e7544ebb541d645
--- gotwebd/gotweb.c
+++ gotwebd/gotweb.c
@@ -2439,6 +2439,17 @@ done:
 	}
 
 done:
+	if (srv->respect_exportok) {
+		if (asprintf(&dir_test, "%s/%s/git-daemon-export-ok",
+		    srv->repos_path, repo_dir->name) == -1)
+				return got_error_from_errno("asprintf");
+		if (access(dir_test, F_OK) == -1) {
+			error = got_error_path(repo_dir->name, GOT_ERR_NOT_GIT_REPO);
+			goto err;
+		}
+	}
+
+
 	repo = find_cached_repo(srv, repo_dir->path);
 	if (repo == NULL) {
 		error = cache_repo(&repo, srv, repo_dir, sock);
blob - 82d73b6a9ce6b79982f543208398c56d6464e96d
blob + b8810e4a11ed97dc24801469d1b15ae12bd8ad8a
--- gotwebd/gotwebd.conf.5
+++ gotwebd/gotwebd.conf.5
@@ -130,6 +130,10 @@ the server should publish.
 .It Ic repos_path Ar path
 Set the path to the directory which contains Git repositories that
 the server should publish.
+.It Ic respect_exportok Ar on | off
+Set whether to display the repository only if it contains the magic
+.Pa git-daemon-export-ok
+file.
 .It Ic show_repo_age Ar on | off
 Toggle display of last repository modification date.
 .It Ic show_repo_cloneurl Ar on | off
blob - 06f8d01516c1b327e8524a128e571a8cc082ca7e
blob + a8a55276acbd0b209205938c75b88d6918b1c6b8
--- gotwebd/gotwebd.h
+++ gotwebd/gotwebd.h
@@ -71,6 +71,7 @@
 #define D_SHOWAGE		 1
 #define D_SHOWDESC		 1
 #define D_SHOWURL		 1
+#define D_RESPECTEXPORTOK	 0
 #define D_MAXREPO		 0
 #define D_MAXREPODISP		 25
 #define D_MAXSLCOMMDISP		 10
@@ -278,6 +279,7 @@ struct server {
 	int		 show_repo_age;
 	int		 show_repo_description;
 	int		 show_repo_cloneurl;
+	int		 respect_exportok;
 
 	int		 unix_socket;
 	char		 unix_socket_name[PATH_MAX];
blob - a343be03a8846c19af54d78c6da13c96303c3dde
blob + 3fa61ab2a8f841eb1259a6824dbb7f5f17b32558
--- gotwebd/parse.y
+++ gotwebd/parse.y
@@ -121,7 +121,7 @@ typedef struct {
 %token	LISTEN WWW_PATH MAX_REPOS SITE_NAME SITE_OWNER SITE_LINK LOGO
 %token	LOGO_URL SHOW_REPO_OWNER SHOW_REPO_AGE SHOW_REPO_DESCRIPTION
 %token	MAX_REPOS_DISPLAY REPOS_PATH MAX_COMMITS_DISPLAY ON ERROR
-%token	SHOW_SITE_OWNER SHOW_REPO_CLONEURL PORT PREFORK
+%token	SHOW_SITE_OWNER SHOW_REPO_CLONEURL PORT PREFORK RESPECT_EXPORTOK
 %token	UNIX_SOCKET UNIX_SOCKET_NAME SERVER CHROOT CUSTOM_CSS
 
 %token	<v.string>	STRING
@@ -358,6 +358,9 @@ serveropts1	: REPOS_PATH STRING {
 		| SHOW_REPO_CLONEURL boolean {
 			new_srv->show_repo_cloneurl = $2;
 		}
+		| RESPECT_EXPORTOK boolean {
+			new_srv->respect_exportok = $2;
+		}
 		| MAX_REPOS_DISPLAY NUMBER {
 				new_srv->max_repos_display = $2;
 		}
@@ -441,6 +444,7 @@ lookup(char *s)
 		{ "port",			PORT },
 		{ "prefork",			PREFORK },
 		{ "repos_path",			REPOS_PATH },
+		{ "respect_exportok",		RESPECT_EXPORTOK },
 		{ "server",			SERVER },
 		{ "show_repo_age",		SHOW_REPO_AGE },
 		{ "show_repo_cloneurl",		SHOW_REPO_CLONEURL },
@@ -877,6 +881,7 @@ conf_new_server(const char *name)
 	srv->show_repo_age = D_SHOWAGE;
 	srv->show_repo_description = D_SHOWDESC;
 	srv->show_repo_cloneurl = D_SHOWURL;
+	srv->respect_exportok = D_RESPECTEXPORTOK;
 
 	srv->max_repos_display = D_MAXREPODISP;
 	srv->max_commits_display = D_MAXCOMMITDISP;