From: Omar Polo Subject: Re: [gotwebd] add respect_exportok flag to hide/dont expose some repositories To: Landry Breuil Cc: gameoftrees@openbsd.org Date: Mon, 31 Oct 2022 16:04:19 +0100 On 2022/10/31 14:54:16 +0100, Landry Breuil wrote: > Hi, > > replacing my cgit install by gotwebd, got annoyed because by default > gotwebd displays all repositories while cgitrc allows to list the > repositories to display in the index. > > discussing it with stsp@ we pondered about adding per-repo settings, but > he suggested reusing the magic 'git-daemon-export-ok' file, that > git-daemon checks for existence to figure out if it should export a > repo. > > so here's a diff that : > - adds respect_exportok boolean flag to the config, defaulting to > false -> no change to existing configs needed > - if the flag is true, check that the git-daemon-export-ok magic file > exists in the repo, and returns GOT_ERR_NOT_GIT_REPO if it doesnt > exist > > this way, i can have "hidden" git repos in /var/www/htdocs/git that can > still be cloned only by the ones who know their name, and the same repos > listed in https://cgit.rhaalovely.net/ > are seen in https://cgit.rhaalovely.net/gotwebd/ > > feedback welcome. Love the idea. I had the same issue when migrating from cgit to gotwebd, and ended up with a gitolite post-receive hook that copies only some repos to /var/www. With something like diff below I could avoid doing that, thanks! > Landry > diff refs/heads/main refs/heads/foo > commit - b2e7d31ee036249faf5099d0a548d8e0b1dcc520 > commit + 70c522a63bb0def0601951963f7dfd546c08437a > blob - 62c8c986ac17851a371bfa80e6bdff7c7dd2084f > blob + 0e5695cd1f8bf1ddc42ba2137e7544ebb541d645 > --- gotwebd/gotweb.c > +++ gotwebd/gotweb.c > @@ -2439,6 +2439,17 @@ done: > } > done: > + if (srv->respect_exportok) { > + if (asprintf(&dir_test, "%s/%s/git-daemon-export-ok", This should be fine, however I'd prefer if we can avoid allocating yet another string and just peek into the directory with faccessat since we've just opened it. > + srv->repos_path, repo_dir->name) == -1) > + return got_error_from_errno("asprintf"); one extra indent level for the return. Also, what about enabling respect_exportok by default? :)