From 4e078e91129725c8b09ba551ab2a04e0328a45b3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Thu, 28 Feb 2019 15:03:21 +0100 Subject: [PATCH] Add gogs code for CI --- README.md | 70 +----- check_process | 2 +- conf/app.ini | 533 ++++++++++++++++++++++++++++++++++++++---- conf/arm.src | 4 +- conf/i386.src | 4 +- conf/ldap.conf | 28 +++ conf/login_source.sql | 3 - conf/nginx.conf | 2 +- conf/systemd.service | 2 +- conf/x86-64.src | 4 +- manifest.json | 32 +-- scripts/_common.sh | 33 ++- scripts/change_url | 43 +--- scripts/install | 32 +-- scripts/restore | 5 +- scripts/upgrade | 10 + 16 files changed, 613 insertions(+), 194 deletions(-) create mode 100644 conf/ldap.conf delete mode 100644 conf/login_source.sql diff --git a/README.md b/README.md index e844d10..6da87c0 100644 --- a/README.md +++ b/README.md @@ -1,69 +1 @@ -# Gitea package for YunoHost - -Gitea is a fork of Gogs a self-hosted Git service written in Go. Alternative to Github. -- [Gitea website](http://gitea.io) - -[![Integration level](https://dash.yunohost.org/integration/gitea.svg)](https://ci-apps.yunohost.org/jenkins/job/gitea%20%28Community%29/lastBuild/consoleFull) - -[![Install Gitea with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=gitea) - -## Requirements -A functional instance of [YunoHost](https://yunohost.org) - -## Installation -From the command-line: - -`sudo yunohost app install https://github.com/YunoHost-Apps/gitea_ynh` - -## Upgrade -From the command-line: - -`sudo yunohost app upgrade Gitea -u https://github.com/YunoHost-Apps/gogs_ynh gogs` - -## Notes on SSH usage -If you want to use Gitea with ssh and be able to pull/push with you ssh key, your ssh daemon must be properly configured to use private/public keys. Here is a sample configuration of `/etc/ssh/sshd_config` that works with Gitea: - -```bash -PubkeyAuthentication yes -AuthorizedKeysFile %h/.ssh/authorized_keys -ChallengeResponseAuthentication no -PasswordAuthentication no -UsePAM no -``` - -You also need to add your public key to your Gitea profile. - -If you use ssh on another port than 22, you need to add theses lines to your ssh config in `~/.ssh/config`: - -```bash -Host domain.tld - port 2222 # change this with the port you use -``` - - -Architecture: this package is compatible with amd64, i386 and arm. The package will try to detect it with the command uname -m and fail if it can't detect the architecture. If that happens please open an issue describing your hardware and the result of the command `uname -m`. - -## Issue - -Any issue is welcome here : https://github.com/YunoHost-Apps/gogs_ynh/issues - -## License -Gitea is published under the MIT License: -https://github.com/go-gitea/gitea/blob/master/LICENSE - -This package is published under the MIT License. - - -## Developper info -Please do your pull requests to the `dev` branch. - -Test or upgrade to dev version: -```bash -sudo su - admin -git clone -b dev https://github.com/YunoHost-Apps/gogs_ynh -# to install -sudo yunohost app install -l Gogs /home/admin/gogs_ynh -# to upgrade -sudo yunohost app upgrade -f /home/admin/gogs_ynh gogs - -``` +# Please not install the app from this branch. It's only for the CI diff --git a/check_process b/check_process index 713665d..14429cb 100644 --- a/check_process +++ b/check_process @@ -24,7 +24,7 @@ Level 1=auto Level 2=auto Level 3=auto - # https://github.com/YunoHost-Apps/gitea_ynh/blob/master/conf/login_source.sql + # https://github.com/YunoHost-Apps/gogs_ynh/blob/master/conf/login_source.sql Level 4=1 Level 5=auto Level 6=auto diff --git a/conf/app.ini b/conf/app.ini index 93e2d2c..5a08d74 100644 --- a/conf/app.ini +++ b/conf/app.ini @@ -1,51 +1,506 @@ -;https://github.com/gogits/gogs/blob/master/conf/app.ini -APP_NAME = Gitea +; App name that shows on every page title +APP_NAME = Gogs: Go Git Service +; The name of the system user that runs Gogs RUN_USER = __APP__ +; Either "dev", "prod" or "test" RUN_MODE = prod + +[server] +PROTOCOL = http +DOMAIN = __DOMAIN__ +ROOT_URL = https://__URL__/ +HTTP_ADDR = 0.0.0.0 +HTTP_PORT = __PORT__ +; Permission for unix socket +UNIX_SOCKET_PERMISSION = 666 +; Local (DMZ) URL for Gogs workers (such as SSH update) accessing web service. +; In most cases you do not need to change the default value. +; Alter it only if your SSH server node is not the same as HTTP node. +LOCAL_ROOT_URL = %(PROTOCOL)s://%(HTTP_ADDR)s:%(HTTP_PORT)s/ +; Disable SSH feature when not available +DISABLE_SSH = false +; Whether use builtin SSH server or not. +START_SSH_SERVER = false +; Domain name to be exposed in SSH clone URL +SSH_DOMAIN = %(DOMAIN)s +; Port number to be exposed in SSH clone URL +SSH_PORT = 22 +; Network interface builtin SSH server listens on +SSH_LISTEN_HOST = 0.0.0.0 +; Port number builtin SSH server listens on +SSH_LISTEN_PORT = %(SSH_PORT)s +; Root path of SSH directory, default is '~/.ssh', but you have to use '/home/git/.ssh'. +SSH_ROOT_PATH = +; Indicate whether to rewrite authorized_keys at start, ignored when use builtin SSH server +REWRITE_AUTHORIZED_KEYS_AT_START = false +; Choose the ciphers to support for SSH connections +SSH_SERVER_CIPHERS = aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, arcfour256, arcfour128 +; Directory to create temporary files when test publick key using ssh-keygen, +; default is system temporary directory. +SSH_KEY_TEST_PATH = +; Path to ssh-keygen, default is 'ssh-keygen' and let shell find out which one to call. +SSH_KEYGEN_PATH = ssh-keygen +; Indicate whether to check minimum key size with corresponding type +MINIMUM_KEY_SIZE_CHECK = false +; Disable CDN even in "prod" mode +OFFLINE_MODE = false +DISABLE_ROUTER_LOG = false +; Generate steps: +; $ ./gogs cert -ca=true -duration=8760h0m0s -host=myhost.example.com +; +; Or from a .pfx file exported from the Windows certificate store (do +; not forget to export the private key): +; $ openssl pkcs12 -in cert.pfx -out cert.pem -nokeys +; $ openssl pkcs12 -in cert.pfx -out key.pem -nocerts -nodes +CERT_FILE = custom/https/cert.pem +KEY_FILE = custom/https/key.pem +; Allowed TLS version values: SSL30, TLS10, TLS11, TLS12 +TLS_MIN_VERSION = TLS10 + +; Upper level of template and static file path +; default is the path where Gogs is executed +STATIC_ROOT_PATH = +; Default path for App data +APP_DATA_PATH = __DATA_PATH__ +; Application level GZIP support +ENABLE_GZIP = false +; Landing page for non-logged users, can be "home" or "explore" +LANDING_PAGE = explore + +[repository] +; Root path for storing repositories's data, default is "~//gogs-repositories" +ROOT = __REPOS_PATH__ +; The script type server supports, sometimes could be "sh" +SCRIPT_TYPE = bash +; Default ANSI charset for an unrecognized charset +ANSI_CHARSET = +; Force every new repository to be private +FORCE_PRIVATE = false +; Global maximum creation limit of repository per user, -1 means no limit +MAX_CREATION_LIMIT = -1 +; Mirror sync queue length, increase if mirror syncing starts hanging +MIRROR_QUEUE_LENGTH = 1000 +; Patch test queue length, increase if pull request patch testing starts hanging +PULL_REQUEST_QUEUE_LENGTH = 1000 +; Preferred Licenses to place at the top of the list +; Name must match file name in conf/license or custom/conf/license +PREFERRED_LICENSES = Apache License 2.0,MIT License +; Disable ability to interact with repositories by HTTP protocol +DISABLE_HTTP_GIT = false +; Enable ability to migrate repository by local path +ENABLE_LOCAL_PATH_MIGRATION = false +; Concurrency is used to retrieve commits information. This variable define +; the maximum number of tasks that can be run at the same time. Usually, the +; value depend of how many CPUs (cores) you have. If the value is set to zero +; or under, GOGS will automatically detect the number of CPUs your system have +COMMITS_FETCH_CONCURRENCY = 0 +; Enable render mode for raw file +ENABLE_RAW_FILE_RENDER_MODE = false + +[repository.editor] +; List of file extensions that should have line wraps in the CodeMirror editor. +; Separate extensions with a comma. To line wrap files without extension, just put a comma +LINE_WRAP_EXTENSIONS = .txt,.md,.markdown,.mdown,.mkd, +; Valid file modes that have a preview API associated with them, such as api/v1/markdown. +; Separate values by commas. Preview tab in edit mode won't show if the file extension doesn't match +PREVIEWABLE_FILE_MODES = markdown + +[repository.upload] +; Enable repository file uploads. +ENABLED = true +; Path to temporarily store uploads (default path gets cleaned by Gogs in every start) +TEMP_PATH = data/tmp/uploads +; File types that are allowed to be uploaded, e.g. image/jpeg|image/png. Leave empty means allow any file type +ALLOWED_TYPES = +; Maximum size of each file in MB +FILE_MAX_SIZE = 3 +; Maximum number of files per upload +MAX_FILES = 5 + +; Attachment settings for releases +[release.attachment] +; Whether attachments are enabled. Defaults to `true` +ENABLED = true +; Path for attachments. Defaults to `data/attachments` +PATH = data/attachments +; One or more allowed types, e.g. image/jpeg|image/png +ALLOWED_TYPES = */* +; Max size of each file. Defaults to 32MB +MAX_SIZE = 32 +; Max number of files per upload. Defaults to 10 +MAX_FILES = 10 + +[markdown] +; Enable hard line break extension +ENABLE_HARD_LINE_BREAK = false +; List of custom URL-Schemes that are allowed as links when rendering Markdown +; for example git,magnet +CUSTOM_URL_SCHEMES = +; List of file extensions that should be rendered/edited as Markdown +; Separate extensions with a comma. To render files w/o extension as markdown, just put a comma +FILE_EXTENSIONS = .md,.markdown,.mdown,.mkd + +[smartypants] +ENABLED = false +FRACTIONS = true +DASHES = true +LATEX_DASHES = true +ANGLED_QUOTES = true + +[http] +; Value for Access-Control-Allow-Origin header, default is not to present +ACCESS_CONTROL_ALLOW_ORIGIN = + +; Define allowed algorithms and their minimum key length (use -1 to disable a type) +[ssh.minimum_key_sizes] +ED25519 = 256 +ECDSA = 256 +RSA = 2048 +DSA = 1024 + [database] +; Either "mysql", "postgres" or "sqlite3", you can connect to TiDB with MySQL protocol DB_TYPE = mysql HOST = 127.0.0.1:3306 NAME = __DB_USER__ USER = __DB_USER__ PASSWD = __DB_PASSWORD__ +; For "postgres" only, either "disable", "require" or "verify-full" SSL_MODE = disable -PATH = data/gitea.db -[repository] -ROOT = __REPOS_PATH__ -FORCE_PRIVATE = false -[server] -DOMAIN = __DOMAIN__ -HTTP_PORT = __PORT__ -ROOT_URL = https://__URL__/ -DISABLE_SSH = false -SSH_PORT = 22 -OFFLINE_MODE = false -APP_DATA_PATH = __DATA_PATH__ -LANDING_PAGE = explore -[mailer] -ENABLED = true -HOST = 127.0.0.1:25 -FROM = "Gitea" -SKIP_VERIFY = true -[service] -REGISTER_EMAIL_CONFIRM = false -ENABLE_NOTIFY_MAIL = true -DISABLE_REGISTRATION = true -ENABLE_CAPTCHA = false -REQUIRE_SIGNIN_VIEW = false -ENABLE_REVERSE_PROXY_AUTHENTICATION = true -ENABLE_REVERSE_PROXY_AUTO_REGISTERATION = true -[picture] -AVATAR_UPLOAD_PATH = __DATA_PATH__/avatars -[attachment] -PATH = __DATA_PATH__/attachments -[session] -PROVIDER = memory -[log] -MODE = file -LEVEL = Warn -ROOT_PATH = /var/log/__APP__ +; For "sqlite3" and "tidb", use absolute path when you start as service +PATH = data/gogs.db + +[admin] +; Disable regular (non-admin) users to create organizations +DISABLE_REGULAR_ORG_CREATION = false + [security] INSTALL_LOCK = true -SECRET_KEY = __KEY__ +; !!CHANGE THIS TO KEEP YOUR USER DATA SAFE!! +SECRET_KEY = __KEY__ +; Auto-login remember days +LOGIN_REMEMBER_DAYS = 7 +COOKIE_USERNAME = gogs_awesome +COOKIE_REMEMBER_NAME = gogs_incredible +COOKIE_SECURE = false +; Reverse proxy authentication header name of user name REVERSE_PROXY_AUTHENTICATION_USER = REMOTE_USER +; Enable to set cookie to indicate user login status +ENABLE_LOGIN_STATUS_COOKIE = false +LOGIN_STATUS_COOKIE_NAME = login_status + +[service] +ACTIVE_CODE_LIVE_MINUTES = 180 +RESET_PASSWD_CODE_LIVE_MINUTES = 180 +; User need to confirm e-mail for registration +REGISTER_EMAIL_CONFIRM = false +; Does not allow register and admin create account only +DISABLE_REGISTRATION = true +; User must sign in to view anything. +REQUIRE_SIGNIN_VIEW = __PRIVATE_MODE__ +; Mail notification +ENABLE_NOTIFY_MAIL = true +; More detail: https://github.com/gogits/gogs/issues/165 +ENABLE_REVERSE_PROXY_AUTHENTICATION = true +ENABLE_REVERSE_PROXY_AUTO_REGISTERATION = true +; Enable captcha validation for registration +ENABLE_CAPTCHA = false + +[webhook] +; Types are enabled for users to use, can be "gogs", "slack", "discord", "dingtalk" +TYPES = gogs, slack, discord, dingtalk +; Hook task queue length, increase if webhook shooting starts hanging +QUEUE_LENGTH = 1000 +; Deliver timeout in seconds +DELIVER_TIMEOUT = 15 +; Allow insecure certification +SKIP_TLS_VERIFY = false +; Number of history information in each page +PAGING_NUM = 10 + +[mailer] +ENABLED = true +; Buffer length of channel, keep it as it is if you don't know what it is. +SEND_BUFFER_LEN = 100 +; Prefix prepended to the subject line +SUBJECT_PREFIX = `[%(APP_NAME)s] ` +; Mail server +; Gmail: smtp.gmail.com:587 +; QQ: smtp.qq.com:465 +; Note, if the port ends with "465", SMTPS will be used. Using STARTTLS on port 587 is recommended per RFC 6409. If the server supports STARTTLS it will always be used. +HOST = 127.0.0.1:25 +; Disable HELO operation when hostname are different. +DISABLE_HELO = +; Custom hostname for HELO operation, default is from system. +HELO_HOSTNAME = +; Do not verify the certificate of the server. Only use this for self-signed certificates +SKIP_VERIFY = true +; Use client certificate +USE_CERTIFICATE = false +CERT_FILE = custom/mailer/cert.pem +KEY_FILE = custom/mailer/key.pem +; Mail from address, RFC 5322. This can be just an email address, or the `"Name" ` format +FROM = "Gogs" +; Mailer user name and password +USER = +PASSWD = +; Use text/plain as format of content +USE_PLAIN_TEXT = false + +[cache] +; Either "memory", "redis", or "memcache", default is "memory" +ADAPTER = memory +; For "memory" only, GC interval in seconds, default is 60 +INTERVAL = 60 +; For "redis" and "memcache", connection host address +; redis: network=tcp,addr=:6379,password=macaron,db=0,pool_size=100,idle_timeout=180 +; memcache: `127.0.0.1:11211` +HOST = + +[session] +; Either "memory", "file", or "redis", default is "memory" +PROVIDER = memory +; Provider config options +; memory: not have any config yet +; file: session file path, e.g. `data/sessions` +; redis: network=tcp,addr=:6379,password=macaron,db=0,pool_size=100,idle_timeout=180 +; mysql: go-sql-driver/mysql dsn config string, e.g. `root:password@/session_table` +PROVIDER_CONFIG = data/sessions +; Session cookie name +COOKIE_NAME = i_like_gogits +; If you use session in https only, default is false +COOKIE_SECURE = false +; Enable set cookie, default is true +ENABLE_SET_COOKIE = true +; Session GC time interval, default is 3600 +GC_INTERVAL_TIME = 3600 +; Session life time, default is 86400 +SESSION_LIFE_TIME = 86400 +; Cookie name for CSRF +CSRF_COOKIE_NAME = _csrf + +[picture] +; Path to store user uploaded avatars +AVATAR_UPLOAD_PATH = __DATA_PATH__/avatars +; Chinese users can choose "duoshuo" +; or a custom avatar source, like: http://cn.gravatar.com/avatar/ +GRAVATAR_SOURCE = gravatar +; This value will be forced to be true in offline mode. +DISABLE_GRAVATAR = false +; Federated avatar lookup uses DNS to discover avatar associated +; with emails, see https://www.libravatar.org +; This value will be forced to be false in offline mode or Gravatar is disbaled. +ENABLE_FEDERATED_AVATAR = false + +; Attachment settings for issues +[attachment] +; Whether attachments are enabled. Defaults to `true` +ENABLED = true +; Path for attachments. Defaults to `data/attachments` +PATH = __DATA_PATH__/attachments +; One or more allowed types, e.g. image/jpeg|image/png +ALLOWED_TYPES = image/jpeg|image/png +; Max size of each file. Defaults to 4MB +MAX_SIZE = 4 +; Max number of files per upload. Defaults to 5 +MAX_FILES = 5 + +[time] +; Specifies the format for fully outputed dates. Defaults to RFC1123 +; Special supported values are ANSIC, UnixDate, RubyDate, RFC822, RFC822Z, RFC850, RFC1123, RFC1123Z, RFC3339, RFC3339Nano, Kitchen, Stamp, StampMilli, StampMicro and StampNano +; For more information about the format see http://golang.org/pkg/time/#pkg-constants +FORMAT = + +; General settings of loggers +[log] +ROOT_PATH = /var/log/__APP__ +; Can be "console" and "file", default is "console" +; Use comma to separate multiple modes, e.g. "console, file" +MODE = file +; Buffer length of channel, keep it as it is if you don't know what it is. +BUFFER_LEN = 100 +; Either "Trace", "Info", "Warn", "Error", "Fatal", default is "Trace" +LEVEL = Warn + +; For "console" mode only +[log.console] +; leave empty to inherit +LEVEL = + +; For "file" mode only +[log.file] +; leave empty to inherit +LEVEL = +; This enables automated log rotate (switch of following options) +LOG_ROTATE = true +; Segment log daily +DAILY_ROTATE = true +; Max size shift of single file, default is 28 means 1 << 28, 256MB +MAX_SIZE_SHIFT = 28 +; Max line number of single file +MAX_LINES = 1000000 +; Expired days of log file (delete after max days) +MAX_DAYS = 7 + +; For "slack" mode only +[log.slack] +; leave empty to inherit +LEVEL = +; Webhook URL +URL = + +[log.discord] +; leave empty to inherit +LEVEL = +; Webhook URL +URL = +; Username displayed in webhook +USERNAME = %(APP_NAME)s + +[log.xorm] +; Enable file rotation +ROTATE = true +; Rotate every day +ROTATE_DAILY = true +; Rotate once file size excesses x MB +MAX_SIZE = 100 +; Maximum days to keep logger files +MAX_DAYS = 3 + +[cron] +; Enable running cron tasks periodically. +ENABLED = true +; Run cron tasks when Gogs starts. +RUN_AT_START = false + +; Update mirrors +[cron.update_mirrors] +SCHEDULE = @every 10m + +; Repository health check +[cron.repo_health_check] +SCHEDULE = @every 24h +TIMEOUT = 60s +; Arguments for command 'git fsck', e.g. "--unreachable --tags" +; see more on http://git-scm.com/docs/git-fsck/1.7.5 +ARGS = + +; Check repository statistics +[cron.check_repo_stats] +RUN_AT_START = true +SCHEDULE = @every 24h + +; Cleanup repository archives +[cron.repo_archive_cleanup] +RUN_AT_START = false +SCHEDULE = @every 24h +; Time duration to check if archive should be cleaned +OLDER_THAN = 24h + +[git] +; Disables highlight of added and removed changes +DISABLE_DIFF_HIGHLIGHT = false +; Max number of lines allowed of a single file in diff view +MAX_GIT_DIFF_LINES = 1000 +; Max number of characters of a line allowed in diff view +MAX_GIT_DIFF_LINE_CHARACTERS = 500 +; Max number of files shown in diff view +MAX_GIT_DIFF_FILES = 100 +; Arguments for command 'git gc', e.g. "--aggressive --auto" +; see more on http://git-scm.com/docs/git-gc/1.7.5 +GC_ARGS = + +; Operation timeout in seconds +[git.timeout] +MIGRATE = 600 +MIRROR = 300 +CLONE = 300 +PULL = 300 +GC = 60 + +[mirror] +; Default interval in hours between each check +DEFAULT_INTERVAL = 8 + +[api] +; Max number of items will response in a page +MAX_RESPONSE_ITEMS = 50 + +[ui] +; Number of repositories that are showed in one explore page +EXPLORE_PAGING_NUM = 20 +; Number of issues that are showed in one page +ISSUE_PAGING_NUM = 10 +; Number of maximum commits showed in one activity feed +FEED_MAX_COMMIT_NUM = 5 +; Value of "theme-color" meta tag, used by Android >= 5.0 +; An invalid color like "none" or "disable" will have the default style +; More info: https://developers.google.com/web/updates/2014/11/Support-for-theme-color-in-Chrome-39-for-Android +THEME_COLOR_META_TAG = `#ff5343` +; Max size in bytes of files to be displayed (default is 8MB) +MAX_DISPLAY_FILE_SIZE = 8388608 + +[ui.admin] +; Number of users that are showed in one page +USER_PAGING_NUM = 50 +; Number of repos that are showed in one page +REPO_PAGING_NUM = 50 +; Number of notices that are showed in one page +NOTICE_PAGING_NUM = 25 +; Number of organization that are showed in one page +ORG_PAGING_NUM = 50 + +[ui.user] +; Number of repos that are showed in one page +REPO_PAGING_NUM = 15 +; Number of news feeds that are showed in one page +NEWS_FEED_PAGING_NUM = 20 +; Number of commits that are showed in one page +COMMITS_PAGING_NUM = 30 + +[i18n] +LANGS = en-US,zh-CN,zh-HK,zh-TW,de-DE,fr-FR,nl-NL,lv-LV,ru-RU,ja-JP,es-ES,pt-BR,pl-PL,bg-BG,it-IT,fi-FI,tr-TR,cs-CZ,sr-SP,sv-SE,ko-KR,gl-ES,uk-UA,en-GB,hu-HU,sk-SK,id-ID,fa-IR,vi-VN +NAMES = English,简体中文,繁體中文(香港),繁體中文(臺灣),Deutsch,français,Nederlands,latviešu,русский,日本語,español,português do Brasil,polski,български,italiano,suomi,Türkçe,čeština,српски,svenska,한국어,galego,українська,English (United Kingdom),Magyar,Slovenčina,Indonesian,Persian,Vietnamese + +; Used for datetimepicker +[i18n.datelang] +en-US = en +zh-CN = zh +zh-HK = zh-TW +zh-TW = zh-TW +de-DE = de +fr-FR = fr +nl-NL = nl +lv-LV = lv +ru-RU = ru +ja-JP = ja +es-ES = es +pt-BR = pt-BR +pl-PL = pl +bg-BG = bg +it-IT = it +fi-FI = fi +tr-TR = tr +cs-CZ = cs-CZ +sr-SP = sr +sv-SE = sv +ko-KR = ko +gl-ES = gl +uk-UA = uk +en-GB = en-GB +hu-HU = hu +sk-SK = sk +id-ID = id +fa-IR = fa +vi-VN = vi + +; Extension mapping to highlight class +; e.g. .toml=ini +[highlight.mapping] + +[other] +SHOW_FOOTER_BRANDING = false +; Show version information about Gogs and Go in the footer +SHOW_FOOTER_VERSION = true +; Show time of template execution in the footer +SHOW_FOOTER_TEMPLATE_LOAD_TIME = true diff --git a/conf/arm.src b/conf/arm.src index 989bf63..7c882e3 100644 --- a/conf/arm.src +++ b/conf/arm.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/gogits/gogs/releases/download/v0.11.33/raspi2_armv6.zip -SOURCE_SUM=334bb5a053f3335f8a8c3c85728ff0d0b376d3a0b5b6470a0334b9172441a1af +SOURCE_URL=https://github.com/gogits/gogs/releases/download/v0.11.79/raspi2_armv6.zip +SOURCE_SUM=a7d17f6dc542fd2d88f884271bca9c62729fbd725fdb310616b2987dba382631 # (Optional) Program to check the integrity (sha256sum, md5sum...) # default: sha256 SOURCE_SUM_PRG=sha256sum diff --git a/conf/i386.src b/conf/i386.src index c813a89..abf6148 100644 --- a/conf/i386.src +++ b/conf/i386.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.3.3/gitea-1.3.3-linux-386 -SOURCE_SUM=1b746cccffca446876ccc71efe328699f002622dab1d438e2142c8d7c23a22d7 +SOURCE_URL=https://github.com/gogits/gogs/releases/download/v0.11.79/linux_386.zip +SOURCE_SUM=ad1a89eb01723a4b289b7b8773fd018f78b0dad801101f27c1af0f2d649edeeb # (Optional) Program to check the integrity (sha256sum, md5sum...) # default: sha256 SOURCE_SUM_PRG=sha256sum diff --git a/conf/ldap.conf b/conf/ldap.conf new file mode 100644 index 0000000..52ea4a3 --- /dev/null +++ b/conf/ldap.conf @@ -0,0 +1,28 @@ +# This is an example of LDAP (BindDN) authentication +# +id = 1 +type = ldap_bind_dn +name = Yunohost LDAP +is_activated = true + +[config] +host = localhost +port = 389 +# 0 - Unencrypted, 1 - LDAPS, 2 - StartTLS +security_protocol = 0 +skip_verify = false +bind_dn = +bind_password = +user_base = ou=users,dc=yunohost,dc=org +attribute_username = uid +attribute_name = givenName +attribute_surname = sn +attribute_mail = mail +attributes_in_bind = false +filter = (&(objectClass=posixAccount)(uid=%s)) +admin_filter = (uid=__ADMIN__) +group_enabled = false +group_dn = +group_filter = +group_member_uid = +user_uid = uid \ No newline at end of file diff --git a/conf/login_source.sql b/conf/login_source.sql deleted file mode 100644 index 7454918..0000000 --- a/conf/login_source.sql +++ /dev/null @@ -1,3 +0,0 @@ -INSERT INTO `__APP__`.`login_source` (`id`, `type`, `name`, `is_actived`, `cfg`, `created_unix`, `updated_unix`) VALUES -('1', '2', 'Yunohost LDAP', '1', '{"Name":"Yunohost LDAP","Host":"localhost","Port":389,"UseSSL":false,"BindDN":"","BindPassword":"","UserBase":"ou=users,dc=yunohost,dc=org","AttributeName":"givenName","AttributeSurname":"sn","AttributeMail":"mail","Filter":"(uid=%s)","AdminFilter":"(uid=__ADMIN__)","Enabled":true}', '1464014433', '1464015955') -ON DUPLICATE KEY UPDATE cfg='{"Name":"Yunohost LDAP","Host":"localhost","Port":389,"UseSSL":false,"BindDN":"","BindPassword":"","UserBase":"ou=users,dc=yunohost,dc=org","AttributeName":"givenName","AttributeSurname":"sn","AttributeMail":"mail","Filter":"(uid=%s)","AdminFilter":"(uid=__ADMIN__)","Enabled":true}' diff --git a/conf/nginx.conf b/conf/nginx.conf index 36617de..4aca76b 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -4,7 +4,7 @@ location __PATH__/ { proxy_set_header Host $host; proxy_buffering off; fastcgi_param REMOTE_USER $remote_user; - client_max_body_size 50M; + client_max_body_size 200M; # Force https if ($scheme = http) { diff --git a/conf/systemd.service b/conf/systemd.service index f4bccf4..e237439 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -1,5 +1,5 @@ [Unit] -Description=Gitea +Description=Gogs (Go Git Service) After=syslog.target After=network.target After=mysql.service diff --git a/conf/x86-64.src b/conf/x86-64.src index b3142a4..cd8f52b 100644 --- a/conf/x86-64.src +++ b/conf/x86-64.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/gogits/gogs/releases/download/v0.11.33/linux_amd64.zip -SOURCE_SUM=7f0841a0451174349bf058e3827a0f46b8a827de0303827a6ff6d20fd03db3ff +SOURCE_URL=https://github.com/gogits/gogs/releases/download/v0.11.79/linux_amd64.zip +SOURCE_SUM=85f60494de63e6c4af16faba9bc739eb7c9e5477de1f16d11c6665495141162f # (Optional) Program to check the integrity (sha256sum, md5sum...) # default: sha256 SOURCE_SUM_PRG=sha256sum diff --git a/manifest.json b/manifest.json index f936dae..f25402e 100644 --- a/manifest.json +++ b/manifest.json @@ -1,7 +1,7 @@ { "package_format": 1, - "name": "Gitea", - "id": "gitea", + "name": "Gogs", + "id": "gogs", "packaging_format": 1, "description": { "en": "Lightweight git forge", @@ -9,10 +9,14 @@ }, "url": "http://gogs.io", "license": "MIT", - "version": "0.11.33~ynh1", + "version": "0.11.66~ynh1", "maintainer": { - "name": "", - "email": "" + "name": "Josué Tille", + "email": "josue@tille.ch" + }, + "previous_maintainers": { + "name": "tostaki", + "email": "maxime@max.privy.place" }, "multi_instance": true, "services": [ @@ -20,7 +24,7 @@ "mysql" ], "requirements": { - "yunohost": ">= 2.7.9" + "yunohost": ">= 2.7.12" }, "arguments": { "install" : [ @@ -28,8 +32,8 @@ "name": "domain", "type": "domain", "ask": { - "en": "Choose a domain for Gitea", - "fr": "Choisissez un domaine pour Gitea" + "en": "Choose a domain for Gogs", + "fr": "Choisissez un domaine pour Gogs" }, "example": "domain.org" }, @@ -37,18 +41,18 @@ "name": "path", "type": "path", "ask": { - "en": "Choose a path for Gitea", - "fr": "Choisissez un chemin pour Gitea" + "en": "Choose a path for Gogs", + "fr": "Choisissez un chemin pour Gogs" }, - "example": "/gitea", - "default": "/gitea" + "example": "/gogs", + "default": "/gogs" }, { "name": "admin", "type": "user", "ask": { - "en": "Choose the Gitea administrator (must be an existing YunoHost user)", - "fr": "Choisissez l'administrateur de Gitea (doit être un utilisateur YunoHost existant)" + "en": "Choose the Gogs administrator (must be an existing YunoHost user)", + "fr": "Choisissez l'administrateur de Gogs (doit être un utilisateur YunoHost existant)" }, "example": "johndoe" }, diff --git a/scripts/_common.sh b/scripts/_common.sh index c860ea6..38d9424 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -30,8 +30,7 @@ fi create_dir() { mkdir -p "$final_path/data" - mkdir -p "$final_path/custom/conf" - mkdir -p "$REPO_PATH" + mkdir -p "$final_path/custom/conf/auth.d" mkdir -p "$DATA_PATH/avatars" mkdir -p "$DATA_PATH/attachments" mkdir -p "/var/log/$app" @@ -47,8 +46,10 @@ config_nginx() { config_gogs() { ynh_backup_if_checksum_is_different "$final_path/custom/conf/app.ini" + ynh_backup_if_checksum_is_different "$final_path/custom/conf/auth.d/ldap.conf" cp ../conf/app.ini "$final_path/custom/conf" + cp ../conf/ldap.conf "$final_path/custom/conf/auth.d/ldap.conf" if [ "$path_url" = "/" ] then @@ -66,7 +67,17 @@ config_gogs() { ynh_replace_string "__PORT__" $port "$final_path/custom/conf/app.ini" ynh_replace_string "__APP__" $app "$final_path/custom/conf/app.ini" + if [[ "$is_public" = '1' ]] + then + ynh_replace_string "__PRIVATE_MODE__" "false" "$final_path/custom/conf/app.ini" + else + ynh_replace_string "__PRIVATE_MODE__" "true" "$final_path/custom/conf/app.ini" + fi + + ynh_replace_string "__ADMIN__" "$admin" "$final_path/custom/conf/auth.d/ldap.conf" + ynh_store_file_checksum "$final_path/custom/conf/app.ini" + ynh_store_file_checksum "$final_path/custom/conf/auth.d/ldap.conf" } set_permission() { @@ -77,3 +88,21 @@ set_permission() { chmod u=rwX,g=rX,o= "/home/$app" chmod u=rwX,g=rX,o= "/var/log/$app" } + +set_access_settings() { + if [ "$is_public" = '1' ] + then + ynh_app_setting_set $app unprotected_uris "/" + else + # For an access to the git server by https in private mode we need to allow the access to theses URL : + # - "DOMAIN/PATH/USER/REPOSITORY/info/refs" + # - "DOMAIN/PATH/USER/REPOSITORY/git-upload-pack" + # - "DOMAIN/PATH/USER/REPOSITORY/git-receive-pack" + + excaped_domain=${domain//'.'/'%.'} + excaped_domain=${excaped_domain//'-'/'%-'} + excaped_path=${path_url//'.'/'%.'} + excaped_path=${excaped_path//'-'/'%-'} + ynh_app_setting_set $app skipped_regex "$excaped_domain$excaped_path/[%w-.]*/[%w-.]*/git%-receive%-pack,$excaped_domain$excaped_path/[%w-.]*/[%w-.]*/git%-upload%-pack,$excaped_domain$excaped_path/[%w-.]*/[%w-.]*/info/refs" + fi +} diff --git a/scripts/change_url b/scripts/change_url index 46ad532..c85fa31 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -14,57 +14,32 @@ ynh_abort_if_errors source ./experimental_helper.sh source ./_common.sh -cp -r /etc/yunohost/apps/${app}/conf ../ # Quick hack for https://github.com/YunoHost/yunohost/pull/427 - # RETRIEVE ARGUMENTS old_domain=$YNH_APP_OLD_DOMAIN -old_path=$YNH_APP_OLD_PATH -new_domain=$YNH_APP_NEW_DOMAIN -new_path=$YNH_APP_NEW_PATH +domain=$YNH_APP_NEW_DOMAIN +path_url=$(ynh_normalize_url_path ${YNH_APP_NEW_PATH:-'/'}) app=$YNH_APP_INSTANCE_NAME dbpass=$(ynh_app_setting_get "$app" mysqlpwd) admin=$(ynh_app_setting_get "$app" adminusername) key=$(ynh_app_setting_get "$app" secret_key) port=$(ynh_app_setting_get "$app" web_port) - -# CHECK THE SYNTAX OF THE PATHS -test -n "$old_path" || old_path="/" -test -n "$new_path" || new_path="/" -new_path=$(ynh_normalize_url_path $new_path) -old_path=$(ynh_normalize_url_path $old_path) - -domain="$new_domain" -path_url="$new_path" - -# CHECK WHICH PARTS SHOULD BE CHANGED -change_domain=0 -if [ "$old_domain" != "$new_domain" ] -then - change_domain=1 -fi - -change_path=0 -if [ "$old_path" != "$new_path" ] -then - change_path=1 -fi +is_public=$(ynh_app_setting_get "$app" is_public) #================================================= # STANDARD MODIFICATIONS #================================================= -# MODIFY URL IN NGINX CONF -nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf - # Change the domain for nginx -if [ $change_domain -eq 1 ] +if [ "$old_domain" != "$domain" ] then # Delete file checksum for the old conf file location - ynh_delete_file_checksum "$nginx_conf_path" - mv $nginx_conf_path /etc/nginx/conf.d/$new_domain.d/$app.conf + ynh_delete_file_checksum "/etc/nginx/conf.d/$old_domain.d/$app.conf" + + mv "/etc/nginx/conf.d/$old_domain.d/$app.conf" "/etc/nginx/conf.d/$domain.d/$app.conf" + # Store file checksum for the new config file location - ynh_store_file_checksum "/etc/nginx/conf.d/$new_domain.d/$app.conf" + ynh_store_file_checksum "/etc/nginx/conf.d/$domain.d/$app.conf" fi config_nginx diff --git a/scripts/install b/scripts/install index 0f474c6..76586ee 100644 --- a/scripts/install +++ b/scripts/install @@ -16,7 +16,7 @@ source ./_common.sh # Retrieve arguments domain=$YNH_APP_ARG_DOMAIN -path_url=$YNH_APP_ARG_PATH +path_url=$(ynh_normalize_url_path $YNH_APP_ARG_PATH) admin=$YNH_APP_ARG_ADMIN is_public=$YNH_APP_ARG_IS_PUBLIC @@ -53,7 +53,10 @@ ynh_app_setting_set $app web_port $port ynh_mysql_create_db "$dbname" "$dbuser" "$dbpass" # Add users -ynh_system_user_create $app +# We can't use the official helper because we need to set the shell for the login +test getent passwd "$app" &>/dev/null || \ + useradd -d "$DATADIR" --system --user-group "$app" --shell /bin/bash || \ + ynh_die "Unable to create $app system account" # create needed directories create_dir @@ -70,32 +73,15 @@ ynh_add_systemd_config # Modify Nginx configuration file and copy it to Nginx conf directory config_nginx -# Start gogs for building mysql tables -systemctl start "$app".service - -# Set permissions -set_permission - -# Wait till login_source mysql table is created -while ! $(ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname" <<< "SELECT * FROM login_source;" &>/dev/null) -do - sleep 2 -done - -# Add ldap config -ynh_replace_string "__ADMIN__" "$admin" ../conf/login_source.sql -ynh_replace_string "__APP__" "$app" ../conf/login_source.sql -ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname" < ../conf/login_source.sql - #================================================= # GENERIC FINALIZATION #================================================= +# Set permissions +set_permission + # Unprotect root from SSO if public -if [ "$is_public" = '1' ] -then - ynh_app_setting_set $app unprotected_uris "/" -fi +set_access_settings # Add Gogs to YunoHost's monitored services yunohost service add "$app" --log "/var/log/$app/$app.log" diff --git a/scripts/restore b/scripts/restore index 3ea6635..27b6ee5 100644 --- a/scripts/restore +++ b/scripts/restore @@ -35,7 +35,10 @@ test ! -e "$final_path" || ynh_die "This path already contains a folder" #================================================= # Add users -ynh_system_user_create $app +# We can't use the official helper because we need to set the shell for the login +test getent passwd "$app" &>/dev/null || \ + useradd -d "$DATADIR" --system --user-group "$app" --shell /bin/bash || \ + ynh_die "Unable to create $app system account" # Restore all files ynh_restore diff --git a/scripts/upgrade b/scripts/upgrade index 260e566..82d0b6d 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -80,6 +80,13 @@ then usermod -p '*' "$app" fi +# Remove old authentification mecanisme, actually the registry in the database has been replaced by a config file +if [[ ! -e "$final_path/custom/conf/auth.d/ldap.conf" ]] +then + ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname" <<< "DELETE FROM login_source WHERE name = 'Yunohost LDAP';" + mkdir -p "$final_path/custom/conf/auth.d" +fi + #================================================= # STANDARD UPGRADE STEPS #================================================= @@ -103,6 +110,9 @@ config_nginx # GENERIC FINALIZATION #================================================= +# Unprotect root from SSO if public +set_access_settings + # Set permissions set_permission