RocketGit

catalinux / rocketgit (public) (License: Affero GPLv3) (since 2015-03-19) (hash sha1)

Main RocketGit repo

Clone URLs: https://rocketgit.com/user/catalinux/rocketgit ssh://rocketgit@ssh.rocketgit.com/user/catalinux/rocketgit git://git.rocketgit.com/user/catalinux/rocketgit

List of commits:

Subject	Hash	Author	Date (UTC)
Updates SELinux policy file	fa9d4acd0c6ee730ee45c3e3ab57b55665e74666	Catalin(ux) M. BOIE	2017-01-30 18:51:52
Added credits for TLS setup about perfect forward secrecy	63ff4cf11961421d6f187d2597354d12eff9a810	Catalin(ux) M. BOIE	2017-01-30 18:51:31
Make more clear the text about Enterprise Edition	20a621f3de637975d93cbb260213c2d833a0acab	Catalin(ux) M. BOIE	2017-01-30 18:50:50
TODO updates	29e7ddcea2ed6add27a13dfef09c8660d4b3520e	Catalin(ux) M. BOIE	2017-01-30 18:49:28
Use IdentitiesOnly when setup SSH config for RocketGit	fbd5d71c0341f9187cfd677d2d620749d09c61d6	Catalin(ux) M. BOIE	2017-01-30 18:49:10
Fixed push by HTTP; fixing some tests	af00ea421d6eec2877cab0c37f9c492fff3860ec	Catalin(ux) M. BOIE	2017-01-30 18:48:19
If user is suspended or deleted, show an error	c308a9b435c9e5baa39ac3529c794df227ab9196	Catalin(ux) M. BOIE	2017-01-06 07:12:32
Allow users to delete their account	2a2338aca850737f16febc056c1d248daf935736	Catalin(ux) M. BOIE	2016-12-30 12:49:48
Improved TLS cyphers list for better security	00f1ad9bffc47d0cd786e6caa6f9777fae27b2ff	Catalin(ux) M. BOIE	2016-12-30 12:47:54
Corrected the api key mail	3ac431ae8e880ceebc18507383771b23ce5d9b6a	Catalin(ux) M. BOIE	2016-12-08 04:20:30
Big Amazon fixes	f185636cf44652a2da9779ab21979807b91cf48f	Catalin(ux) M. BOIE	2016-12-07 20:38:54
Typos, some additions for hints, TODO	a0b3ff70ddcdfa28770b6467b03332b70cf38067	Catalin(ux) M. BOIE	2016-12-07 20:37:47
events.php missed apikeys include	e6370414e0bef923fb5d1f639b8a7738fb8d1641	Catalin(ux) M. BOIE	2016-12-07 20:34:05
Improved the functional tests	935c1f0f62aba1ca75fce124a33593e7e900a83a	Catalin(ux) M. BOIE	2016-12-07 20:33:33
Put passwords next to username to allow browser to cache username and not e-mail	4e2d12ca5ce8f5420c3d51469386eda84724256a	Catalin(ux) M. BOIE	2016-12-07 20:32:23
Raise the limits for the queries to 50	529edd633de2059eefd12afeb67847bbb72c4eed	Catalin(ux) M. BOIE	2016-12-07 20:29:06
Added Gogs.io into comparison and added more criteria	09bb2d793e67f732ff275ba72e42c71d54fd51d6	Catalin(ux) M. BOIE	2016-12-07 20:28:20
If session expires and the user presses logout, do not give errors	5871b5cd6efae48655000b980f641b39ccc4a146	Catalin(ux) M. BOIE	2016-12-07 20:11:31
No need for AllowOverride All	4b0cf4ec9663f0aa3cf4f8d55dfb4f7f3fd8614d	Catalin(ux) M. BOIE	2016-11-20 08:17:15
Use getmyuid instead of posix_getuid to not depend on another extention	f6d6dcce4d565281e3d47079974b6d6a91a36ae4	Catalin(ux) M. BOIE	2016-11-20 07:15:04

Commit fa9d4acd0c6ee730ee45c3e3ab57b55665e74666 - Updates SELinux policy file
Author: Catalin(ux) M. BOIE
Author date (UTC): 2017-01-30 18:51
Committer name: Catalin(ux) M. BOIE
Committer date (UTC): 2017-01-30 18:51
Parent(s): 63ff4cf11961421d6f187d2597354d12eff9a810
Signer:
Signing key:
Signing status: N
Tree: e4f9d0f443fa255bf9361a119d7082aca77be251

File	Lines added	Lines deleted
selinux/rocketgit.te.tmpl	7	17

File selinux/rocketgit.te.tmpl changed (mode: 100644) (index 6fe2153..303d90a)
1		policy_module(rocketgit,1.0.114)
	1		policy_module(rocketgit,1.0.119)
2	2
3	3	########################################	########################################
4	4	#	#

...	...	role unconfined_r types rocketgit_t;
33	33	type rocketgit_t;	type rocketgit_t;
34	34	domain_type(rocketgit_t)	domain_type(rocketgit_t)
35	35
36		apache_content_template(rocketgit)
37	36	# Allow crons to search in /var/lib - not clear why	# Allow crons to search in /var/lib - not clear why
38	37	files_search_var_lib(rocketgit_t)	files_search_var_lib(rocketgit_t)
39	38
40	39	# Allow rocketgit_t to manage .ssh/authorized_keys	# Allow rocketgit_t to manage .ssh/authorized_keys
41	40	ssh_manage_home_files(rocketgit_t)	ssh_manage_home_files(rocketgit_t)
42	41
43		# Allow apache to write authrorized_keys[.tmp] file(s)
44		allow httpd_t user_home_dir_t:file { create getattr open rename setattr write };
45		userdom_manage_user_home_dirs(httpd_t)
46
47	42	type rocketgit_exec_t;	type rocketgit_exec_t;
48	43	domain_entry_file(rocketgit_t, rocketgit_exec_t)	domain_entry_file(rocketgit_t, rocketgit_exec_t)
49	44

...	...	manage_files_pattern(rocketgit_t, rocketgit_log_t, rocketgit_log_t)
120	115	# 'rocketgit' user.	# 'rocketgit' user.
121	116	manage_files_pattern(httpd_t, rocketgit_log_t, rocketgit_log_t)	manage_files_pattern(httpd_t, rocketgit_log_t, rocketgit_log_t)
122	117	logging_log_filetrans(rocketgit_t, rocketgit_log_t, file)	logging_log_filetrans(rocketgit_t, rocketgit_log_t, file)
123		# below line tries to allow httpd to create err-* files in /var/log/rocketgit-web
124		#filetrans_pattern(httpd_t,dirtype?,rocketgit_log_t, file)
125		# allow rocketgit_t access to /var/log/rocketgit-web. Why?
126		# Some of rights are needed because cron as apache is deleting log files in
127		# /var/log/rocketgit-web.
128		allow rocketgit_t httpd_log_t:dir { search write add_name remove_name getattr read open };
129		allow rocketgit_t httpd_log_t:file { getattr setattr create unlink open append };
130	118
131	119
132	120	# content (repos)	# content (repos)

...	...	allow rocketgit_t tmp_t:file { write open create unlink setattr };
197	185	# Locale	# Locale
198	186	miscfiles_read_localization(rocketgit_t)	miscfiles_read_localization(rocketgit_t)
199	187
200		# Because cron.sh/apache:
201		# type=AVC msg=audit(1461432301.793:1002): avc: denied { getattr } for pid=3503 comm="cron.sh" path="/var/www" dev="dm-0" ino=143915 scontext=system_u:system_r:rocketgit_t:s0-s0:c0.c1023 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir
202		apache_search_sys_content(rocketgit_t)
203
204	188	# type=AVC msg=audit(1461494910.399:8020179): avc: denied { read } for pid=1667 comm="php" name="/" dev="tmpfs" ino=11809 scontext=system_u:system_r:rocketgit_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tmp_t:s0 tclass=dir permissive=0	# type=AVC msg=audit(1461494910.399:8020179): avc: denied { read } for pid=1667 comm="php" name="/" dev="tmpfs" ino=11809 scontext=system_u:system_r:rocketgit_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tmp_t:s0 tclass=dir permissive=0
205	189	files_list_tmp(rocketgit_t)	files_list_tmp(rocketgit_t)
206	190
	191		# Hugetlbfs (for opcache):
	192		# type=AVC msg=audit(1482069602.067:865): avc: denied { read write } for pid=2157 comm="php" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=26965 scontext=system_u:system_r:rocketgit_t:s0-s0:c0.c1023 tcontext=system_u:object_r:hugetlbfs_t:s0 tclass=file permissive=0
	193		fs_rw_hugetlbfs_files(rocketgit_t)
	194		fs_exec_hugetlbfs_files(rocketgit_t)
	195		allow rocketgit_t self:process execmem;
	196
207	197	# worker.sh needs some rights	# worker.sh needs some rights
208	198	type rocketgit_worker_t;	type rocketgit_worker_t;
209	199	domain_type(rocketgit_worker_t)	domain_type(rocketgit_worker_t)

Hints:
Before first commit, do not forget to setup your git environment:

git config --global user.name "your_name_here"
git config --global user.email "your@email_here"

Clone this repository using HTTP(S):

git clone https://rocketgit.com/user/catalinux/rocketgit

Clone this repository using ssh (do not forget to upload a key first):

git clone ssh://rocketgit@ssh.rocketgit.com/user/catalinux/rocketgit

Clone this repository using git:

git clone git://git.rocketgit.com/user/catalinux/rocketgit

You are allowed to anonymously push to this repository.
This means that your pushed commits will automatically be transformed into a merge request:

... clone the repository ...
... make some changes and some commits ...
git push origin main