RocketGit

catalinux / rocketgit (public) (License: Affero GPLv3) (since 2015-03-19) (hash sha1)

Main RocketGit repo

Clone URLs: https://rocketgit.com/user/catalinux/rocketgit ssh://rocketgit@ssh.rocketgit.com/user/catalinux/rocketgit git://git.rocketgit.com/user/catalinux/rocketgit

List of commits:

Subject	Hash	Author	Date (UTC)
TODO update	25ee0cf19af35ff1c9a273528bf60f40be987dfe	Catalin(ux) M. BOIE	2019-10-26 05:28:44
History update	86c0575fd1ce8b8dd7729c909b7b45e488729f87	Catalin(ux) M. BOIE	2019-10-26 05:28:27
Big rework for rg_exec/rg_exec2	6b962257e2494217bcd528bcdbb39544b3809c14	Catalin(ux) M. BOIE	2019-10-26 05:28:09
Be more explicit and specify exactly the ssh command instead of 'ssh ... totp'	3750e02fc5a0d75ba274c6ae9757e3d582348f51	Catalin(ux) M. BOIE	2019-10-25 02:54:52
Activating gzip compression in nginx sample file	60a153c84f1a8ee68c4008d2cb512d3016c50499	Catalin(ux) M. BOIE	2019-10-25 02:33:13
totp: urlencode parameters when calling qrencode	0b16e22978a8b5488e8f435a538dec07bb515476	Catalin(ux) M. BOIE	2019-10-19 03:53:20
/run/rocketgit-fpm/ -> /run to not create the dir	13ff6e91698260ba5a41591275fa915e33baebc9	Catalin(ux) M. BOIE	2019-10-01 16:08:43
Compute repo disk size only for not deleted repos	551d1798802853e5af1e12a1908cc10fbc432d17	Catalin(ux) M. BOIE	2019-09-30 22:08:27
git_log2listing big changes	e91fdef76511d586af30a3aa4b44273a1203bd36	Catalin(ux) M. BOIE	2019-09-30 19:54:38
typo	0ef09cd6e02fa3bf79e0a26b887badc103b03d87	Catalin(ux) M. BOIE	2019-09-30 19:53:56
Some more error testing for http_confirm test	1f36b1f55465c57e935b830e456d8f8044ec17da	Catalin(ux) M. BOIE	2019-09-30 19:53:38
fixes: ignore some errors	584eef4cbfb5427eaae34d72ea99b94ec4da29a4	Catalin(ux) M. BOIE	2019-09-30 19:52:45
cache: functional test for timeout	acaeca2fbceb797b0fb58f1c05bdd8d1f9025f25	Catalin(ux) M. BOIE	2019-09-30 19:51:35
Fixed rg_git_merge because it was broken	797a976065420525f9f2c6a096ae306ffa5ed78d	Catalin(ux) M. BOIE	2019-09-30 19:50:41
Disable GC when serving requests from web/fetch/push; we will do it from cron	fd16c96f5f0a6d24e0c6aaf45c5a02833579667a	Catalin(ux) M. BOIE	2019-09-30 19:48:49
git: fixes display of filenames which are not UTF-8 valid	83b6f641a547a4652aad6e921486d2b91cffdb9f	Catalin(ux) M. BOIE	2019-09-30 19:46:07
rg_change_pass missed a log file name	e49fc9f8c896414098713e418205d97b2e594c1f	Catalin(ux) M. BOIE	2019-09-22 09:32:59
totp: remove a double DELETE sql query and invalidate cache after we remove the data from db	ff22d7ddabc1c64a37fcb1749f54321974b0f8d3	Catalin(ux) M. BOIE	2019-09-22 09:28:30
selinux: added map (for packs)	911b2cffa2d754d466a31693af71d6c58639dd9d	Catalin(ux) M. BOIE	2019-09-22 06:58:44
Do not allow : char in user name	460b846752c03368990b60efbbf12f74e229bda5	Catalin(ux) M. BOIE	2019-09-22 05:58:37

Commit 25ee0cf19af35ff1c9a273528bf60f40be987dfe - TODO update
Author: Catalin(ux) M. BOIE
Author date (UTC): 2019-10-26 05:28
Committer name: Catalin(ux) M. BOIE
Committer date (UTC): 2019-10-26 05:28
Parent(s): 86c0575fd1ce8b8dd7729c909b7b45e488729f87
Signer:
Signing key:
Signing status: N
Tree: 7bc4bd021ff42fc25f34e18e06c9a3aa316b2c18

File	Lines added	Lines deleted
TODO	91	47

File TODO changed (mode: 100644) (index 9a1643c..73f979d)
1	1	== Where I stopped last time ==	== Where I stopped last time ==
2	2	[ ] ssh key checked is install 0700 and owner root. It must be allowed to	[ ] ssh key checked is install 0700 and owner root. It must be allowed to
3	3	be run by rocketgit user! Spec? Makefile?	be run by rocketgit user! Spec? Makefile?
4		[ ] totp: when trying to validate a token, if the token is wrong, the message
5		is wrong ("you are not enrolled"). Is is a mess in totp_sc_verify
6		because the error is set globally. We should pass it in return,
7		not globally, everywhere is possible.
8		[ ] We should check if the request was a POST and not a GET! Else, CSRF!
9		[ ] PagerDuty, Splunk integration.
10		[ ] Add "Only AGPL and no CLA!" where needed.
11		[ ] comparison: "2fa for ssh".
12		[ ] When generating html diff, use a sha1(file_name) to not inject XSS and
13		for html to look nice.
14		[ ] git_log_simple returns an array of commits, with a 'vars' section and
15		a 'files' section. When calling git_log, we also need to pass also the
16		from/to extracted from 'simple' output. Think about someone pushing changes
17		betwen 'simple' and 'full'!
18		[ ] We have some invalid numstat in the logs!
19		[ ] We have lines_add/del. Why we need also 'changes' field (git.inc.php)?!
20		[ ] 'git log --patch' for submodules probably is not working right.
21		[ ] Allow users to change the value of 'diff.context'.
22		[ ] rg_git_diff2array is called with already mangled file names (\xxx\xxx...)
23		Check why they are not "correct".
24		[ ] Document 2fa for http, now that is working.
25		[ ] Replace all 'who_nice' open coded stuff with rg_user_nice.
26		[ ] ldap: What should happen when we update plan_id.
27		What about other fields?
28		[ ] ldap: If I remember correctly, the password attribute was editable!
29		[ ] ldap: document what 'Session time' means.
30		Other fields need an explanation also.
31		[ ] Pushing by http but using ssh 2fa feature to unlock an IP is working?
32		Should work?
33		[ ] Test push by http with an empty user! CRITICAL!
34		[ ] scratch_codes table: we should have an 'id' column for deletion.
35		[ ] test: move rg_test_sc_generate into 'totp.inc.php'.
36		[ ] 2fa: test pushing by http(by_http.php)/ssh(?).
37		[ ] Compare: mouse over is not working on touch-screens!
38		[ ] Aug 18 15:10:04 rg2 audit[29395]: AVC avc: denied { map } for pid=29395 comm="git" path="/var/lib/rocketgit/repos/by_id/00/00/00/7B/0000007B/repos/by_id/125.git/objects/pack/pack-dbb7e352e05eec6b15b74679d813897b29fa0b62.idx" dev="dm-0" ino=133117 scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:rocketgit_var_t:s0 tclass=file permissive=1
39		[ ] Truncate big descriptions.
40		[ ] report how many repos/users/etc. were removed.
41		[ ] Investigate WWW-Authenticate HTTP header.
	4
	5		== BEFORE NEXT RELEASE ==
	6		[ ] MR merge_mr must contain also the ID.
	7		Search for "This is the merge message <xss>".
	8		[ ] git_merge_base: cache is not done in the repo namespace => will not be
	9		deleted when a repo is gone. And we do not use the id of the repo,
	10		but path! We must use the id.
	11		[ ] Blacklist IPs for webhooks
	12		127.0.0.0/8
	13		10.0.0.0/8
	14		172.16.0.0/12
	15		192.168.0.0/16
	16		100.64.0.0/10
	17		169.254.0.0/16
	18		::1/128
	19		fe80::/64
	20		fc00::/7
	21		[ ] See err-* errors on production.
	22		[ ] cb_* returning error - abort execution!
	23		[ ] https://rocketgit.com/user/kapstok/NHL-InfoArch/source/log/commit/b61a9e25983fa66096a7a30755f7f0c4b89a7210
	24		Shows the commits and then "This repo contains no commits."!
	25		This is fixed, but the consumers of rg_git_log_simple
	26		must check if the array is empty and show a message.
	27		[ ] git-receive-pack - it seems stateless-rpc and other thigs are gone!
	28		[ ] php_errormsg -> rg_php_err().
	29		[ ] Log also the time for push/fetch.
	30		[ ] In the reports, report also the size of the database? Tables? Indexes?
	31		[ ] Size of 'rocketgit' repo is not correct! Seems correct.
	32		[ ] When we try to send the report, check last success date and generate from
	33		there as many as days are needed to arrive in present.
	34		[ ] Show size on disk for a user. Maybe on click, generate a nice report?
	35		[ ] Error: error on ls-tree (task returned code 128 (fatal: Not a valid object name refs/heads/master))
	36		Must be converted to a nicer message (when repo is empty).
	37		[ ] use '--stdin' for git-log to not get error 127 (command line too long)?
	38		See /user/howaboutsynergy/q1q/source/log/commit/50b2f01937cab19772c486f70fc81a4e0f5d0b34
	39		We may want to truncate the list to 50 files and warn the user.
	40		[ ] Do git GC from cron.
	41		[ ] When adding a http(s) hook with cert, should we check if we can connect
	42		and report at once?
	43		[ ] Put in environment LANG=C/LC_ALL=C when running commands? Not sure.
	44		[ ] When a lock is taken, log this (try without blocking and then with blocking)?
	45		[ ] rg_git_merge: git locking - use the official way?
	46		[ ] rg_git_lock: use it also for other operations?
	47		[ ] "You have the chance to help all free software projects hosted here"
	48		[ ] Allow users to add a PayPal/Ethereum/Bitcoin etc. pay details, and add
	49		specific links to accept donations easily.
	50		[ ] totp: add a test to check if both db and cache are clean when unenrolling.
42	51	[ ] ldap: delete a server: we must not have a user in 'users', without	[ ] ldap: delete a server: we must not have a user in 'users', without
43	52	a uid in ldap_cache: maybe a transaction needed?	a uid in ldap_cache: maybe a transaction needed?
44	53	Why? Because we will not delete that user!	Why? Because we will not delete that user!

...	...	betwen 'simple' and 'full'!
47	56	[ ] ldap: func test when ldap_password changes, but we have the user inserted	[ ] ldap: func test when ldap_password changes, but we have the user inserted
48	57	in 'users'	in 'users'
49	58	[ ] Will the moving of user_edit_no_check call into ldap would simplify code?	[ ] Will the moving of user_edit_no_check call into ldap would simplify code?
50		[ ] ldap: ldap_cache.prio is needed?! Not anymore!
51	59	[ ] ldap: editing a server:	[ ] ldap: editing a server:
52	60	- I have to update the plan_id for all users in 'users' table, if different.	- I have to update the plan_id for all users in 'users' table, if different.
53	61	- if admin changes 'uid_attr', I have to set 'username' to '', to signal the	- if admin changes 'uid_attr', I have to set 'username' to '', to signal the

...	...	betwen 'simple' and 'full'!
58	66	[ ] If we change the 'uid' attribute, we must invalidate the whole cache.	[ ] If we change the 'uid' attribute, we must invalidate the whole cache.
59	67	But, we cannot delete anything. We need the link between ldap_cache and users.	But, we cannot delete anything. We need the link between ldap_cache and users.
60	68	Just mark it as unavailable.	Just mark it as unavailable.
61		[ ] Recover password must be enabled for ldap users?
62		[ ] 'deleted' field must be respected by ldap?
63		If admin blocks/deletes/suspends an ldap account, what should we do?
64		I think I must respect it.
65	69	[ ] I think I should not allow the login by e-mail! If user can change the	[ ] I think I should not allow the login by e-mail! If user can change the
66	70	e-mail in LDAP, I have a problem. I think I can keep it.	e-mail in LDAP, I have a problem. I think I can keep it.
67	71	The password must match. Check!	The password must match. Check!

...	...	betwen 'simple' and 'full'!
84	88	controlled. Should we use ^/$ by default?	controlled. Should we use ^/$ by default?
85	89	[ ] ldap: https://github.com/thorin/redmine_ldap_sync	[ ] ldap: https://github.com/thorin/redmine_ldap_sync
86	90	As an example which works also on AD.	As an example which works also on AD.
	91		[ ] ldap: tests?: somehow delete old ldap servers. Also from cache.
87	92	[ ] ldap: how to specify if an account is disabled? Some regex needed?	[ ] ldap: how to specify if an account is disabled? Some regex needed?
88	93	[ ] ldap: server settings: select between one level or subtree.	[ ] ldap: server settings: select between one level or subtree.
89	94	[ ] ldap: what indexes are needed for ldap_* tables?	[ ] ldap: what indexes are needed for ldap_* tables?
90		[ ] ldap: tests?: somehow delete old ldap servers. Also from cache.
91	95	[ ] 'meronos' user is with lower 'm', but in the /var/lib/rocketgit/repos/	[ ] 'meronos' user is with lower 'm', but in the /var/lib/rocketgit/repos/
92	96	folder is with bigger M! Does he renamed the user and I did not updated	folder is with bigger M! Does he renamed the user and I did not updated
93	97	the link?	the link?

...	...	betwen 'simple' and 'full'!
116	120	Trying to clone the repo by the non-owner, gives an errors as repo	Trying to clone the repo by the non-owner, gives an errors as repo
117	121	does not exists! This is not correct. The user must know that the repo	does not exists! This is not correct. The user must know that the repo
118	122	is there because of the 'Access' rights. So, improve the error message!	is there because of the 'Access' rights. So, improve the error message!
119		[ ]
120
121		== BEFORE NEXT RELEASE ==
	123		[ ] Recover password must be enabled for ldap users? Probably yes.
	124		[ ] 'deleted' field must be respected by ldap?
	125		If admin blocks/deletes/suspends an ldap account, what should we do?
	126		I think I must respect it.
	127		[ ] ldap: ldap_cache.prio is needed?! Not anymore!
	128		[ ] report how many repos/users/etc. were removed.
	129		[ ] Investigate WWW-Authenticate HTTP header.
	130		[ ] ldap: should we allow users to change their ldap password?
	131		[ ] scratch_codes table: we should have an 'id' column for deletion.
	132		[ ] test: move rg_test_sc_generate into 'totp.inc.php'.
	133		[ ] 2fa: test pushing by http(by_http.php)/ssh(?).
	134		[ ] Compare: mouse over is not working on touch-screens!
	135		[ ] ldap: What should happen when we update plan_id.
	136		What about other fields?
	137		[ ] ldap: If I remember correctly, the password attribute was editable!
	138		[ ] ldap: document what 'Session time' means.
	139		Other fields need an explanation also.
	140		[ ] Pushing by http but using ssh 2fa feature to unlock an IP is working?
	141		Should work?
	142		[ ] When generating html diff, use a sha1(file_name) to not inject XSS and
	143		for html to look nice.
	144		[ ] We should check if the request was a POST and not a GET! Else, CSRF!
	145		[ ] totp: when trying to validate a token, if the token is wrong, the message
	146		is wrong ("you are not enrolled"). Is is a mess in totp_sc_verify
	147		because the error is set globally. We should pass it in return,
	148		not globally, everywhere is possible.
	149		[ ] git_log_simple returns an array of commits, with a 'vars' section and
	150		a 'files' section. When calling git_log, we also need to pass also the
	151		from/to extracted from 'simple' output. Think about someone pushing changes
	152		betwen 'simple' and 'full'!
	153		[ ] We have some invalid numstat in the logs!
	154		[ ] 'git log --patch' for submodules probably is not working right.
	155		[ ] Allow users to change the value of 'diff.context'.
	156		[ ] Replace all 'who_nice' open coded stuff with rg_user_nice.
	157		[ ] We have lines_add/del. Why we need also 'changes' field (git.inc.php)?!
	158		[ ] Document 2fa for http, now that is working.
	159		[ ] PagerDuty, Splunk integration.
	160		[ ] Add "Only AGPL and no CLA!" where needed.
	161		[ ] comparison: "2fa for ssh".
	162		[ ] Admin user edit is not working (going to create).
	163		[ ] When pushing by ssh, show also the key id/name.
	164		[ ] When pushing and 2fa is used, show how much time remains and how to
	165		revalidate the IP again.
122	166	[ ] When trying to clone by http, and I am enrolled in 2fa, I get an error:	[ ] When trying to clone by http, and I am enrolled in 2fa, I get an error:
123	167	Error: non existing repo or you are not allowed to push!	Error: non existing repo or you are not allowed to push!
124	168	Which should not say anything about "push"!	Which should not say anything about "push"!

Hints:
Before first commit, do not forget to setup your git environment:

git config --global user.name "your_name_here"
git config --global user.email "your@email_here"

Clone this repository using HTTP(S):

git clone https://rocketgit.com/user/catalinux/rocketgit

Clone this repository using ssh (do not forget to upload a key first):

git clone ssh://rocketgit@ssh.rocketgit.com/user/catalinux/rocketgit

Clone this repository using git:

git clone git://git.rocketgit.com/user/catalinux/rocketgit

You are allowed to anonymously push to this repository.
This means that your pushed commits will automatically be transformed into a merge request:

... clone the repository ...
... make some changes and some commits ...
git push origin main