From: Landry Breuil Subject: [gotwebd] add respect_exportok flag to hide/dont expose some repositories To: gameoftrees@openbsd.org Date: Mon, 31 Oct 2022 14:54:16 +0100 Hi, replacing my cgit install by gotwebd, got annoyed because by default gotwebd displays all repositories while cgitrc allows to list the repositories to display in the index. discussing it with stsp@ we pondered about adding per-repo settings, but he suggested reusing the magic 'git-daemon-export-ok' file, that git-daemon checks for existence to figure out if it should export a repo. so here's a diff that : - adds respect_exportok boolean flag to the config, defaulting to false -> no change to existing configs needed - if the flag is true, check that the git-daemon-export-ok magic file exists in the repo, and returns GOT_ERR_NOT_GIT_REPO if it doesnt exist this way, i can have "hidden" git repos in /var/www/htdocs/git that can still be cloned only by the ones who know their name, and the same repos listed in https://cgit.rhaalovely.net/ are seen in https://cgit.rhaalovely.net/gotwebd/ feedback welcome. Landry diff refs/heads/main refs/heads/foo commit - b2e7d31ee036249faf5099d0a548d8e0b1dcc520 commit + 70c522a63bb0def0601951963f7dfd546c08437a blob - 62c8c986ac17851a371bfa80e6bdff7c7dd2084f blob + 0e5695cd1f8bf1ddc42ba2137e7544ebb541d645 --- gotwebd/gotweb.c +++ gotwebd/gotweb.c @@ -2439,6 +2439,17 @@ done: } done: + if (srv->respect_exportok) { + if (asprintf(&dir_test, "%s/%s/git-daemon-export-ok", + srv->repos_path, repo_dir->name) == -1) + return got_error_from_errno("asprintf"); + if (access(dir_test, F_OK) == -1) { + error = got_error_path(repo_dir->name, GOT_ERR_NOT_GIT_REPO); + goto err; + } + } + + repo = find_cached_repo(srv, repo_dir->path); if (repo == NULL) { error = cache_repo(&repo, srv, repo_dir, sock); blob - 82d73b6a9ce6b79982f543208398c56d6464e96d blob + b8810e4a11ed97dc24801469d1b15ae12bd8ad8a --- gotwebd/gotwebd.conf.5 +++ gotwebd/gotwebd.conf.5 @@ -130,6 +130,10 @@ the server should publish. .It Ic repos_path Ar path Set the path to the directory which contains Git repositories that the server should publish. +.It Ic respect_exportok Ar on | off +Set whether to display the repository only if it contains the magic +.Pa git-daemon-export-ok +file. .It Ic show_repo_age Ar on | off Toggle display of last repository modification date. .It Ic show_repo_cloneurl Ar on | off blob - 06f8d01516c1b327e8524a128e571a8cc082ca7e blob + a8a55276acbd0b209205938c75b88d6918b1c6b8 --- gotwebd/gotwebd.h +++ gotwebd/gotwebd.h @@ -71,6 +71,7 @@ #define D_SHOWAGE 1 #define D_SHOWDESC 1 #define D_SHOWURL 1 +#define D_RESPECTEXPORTOK 0 #define D_MAXREPO 0 #define D_MAXREPODISP 25 #define D_MAXSLCOMMDISP 10 @@ -278,6 +279,7 @@ struct server { int show_repo_age; int show_repo_description; int show_repo_cloneurl; + int respect_exportok; int unix_socket; char unix_socket_name[PATH_MAX]; blob - a343be03a8846c19af54d78c6da13c96303c3dde blob + 3fa61ab2a8f841eb1259a6824dbb7f5f17b32558 --- gotwebd/parse.y +++ gotwebd/parse.y @@ -121,7 +121,7 @@ typedef struct { %token LISTEN WWW_PATH MAX_REPOS SITE_NAME SITE_OWNER SITE_LINK LOGO %token LOGO_URL SHOW_REPO_OWNER SHOW_REPO_AGE SHOW_REPO_DESCRIPTION %token MAX_REPOS_DISPLAY REPOS_PATH MAX_COMMITS_DISPLAY ON ERROR -%token SHOW_SITE_OWNER SHOW_REPO_CLONEURL PORT PREFORK +%token SHOW_SITE_OWNER SHOW_REPO_CLONEURL PORT PREFORK RESPECT_EXPORTOK %token UNIX_SOCKET UNIX_SOCKET_NAME SERVER CHROOT CUSTOM_CSS %token STRING @@ -358,6 +358,9 @@ serveropts1 : REPOS_PATH STRING { | SHOW_REPO_CLONEURL boolean { new_srv->show_repo_cloneurl = $2; } + | RESPECT_EXPORTOK boolean { + new_srv->respect_exportok = $2; + } | MAX_REPOS_DISPLAY NUMBER { new_srv->max_repos_display = $2; } @@ -441,6 +444,7 @@ lookup(char *s) { "port", PORT }, { "prefork", PREFORK }, { "repos_path", REPOS_PATH }, + { "respect_exportok", RESPECT_EXPORTOK }, { "server", SERVER }, { "show_repo_age", SHOW_REPO_AGE }, { "show_repo_cloneurl", SHOW_REPO_CLONEURL }, @@ -877,6 +881,7 @@ conf_new_server(const char *name) srv->show_repo_age = D_SHOWAGE; srv->show_repo_description = D_SHOWDESC; srv->show_repo_cloneurl = D_SHOWURL; + srv->respect_exportok = D_RESPECTEXPORTOK; srv->max_repos_display = D_MAXREPODISP; srv->max_commits_display = D_MAXCOMMITDISP;