* [PR PATCH] gitea: fix INSTALL script
@ 2020-02-01 0:27 voidlinux-github
2020-02-02 19:09 ` voidlinux-github
` (12 more replies)
0 siblings, 13 replies; 14+ messages in thread
From: voidlinux-github @ 2020-02-01 0:27 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 546 bytes --]
There is a new pull request by sineemore against master on the void-packages repository
https://github.com/sineemore/void-packages gitea-fix-install
https://github.com/void-linux/void-packages/pull/18705
gitea: fix INSTALL script
With current INSTALL sed process reveals generated secret key; it can be viewed by monitoring /proc or by using extrace.
Also sed pattern <SECRET_KEY> fails, since there no such substring in provided sample configuration.
A patch file from https://github.com/void-linux/void-packages/pull/18705.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-gitea-fix-install-18705.patch --]
[-- Type: text/x-diff, Size: 1627 bytes --]
From f61e95f94c21ed4d80f5ea3e84a83881bc59ef62 Mon Sep 17 00:00:00 2001
From: sineemore <sineemore@disroot.org>
Date: Sat, 1 Feb 2020 03:25:26 +0300
Subject: [PATCH] gitea: fix INSTALL script
With current INSTALL sed process reveals generated secret key; it can be viewed by monitoring /proc or by using extrace.
Also sed pattern <SECRET_KEY> fails, since there no such substring in provided sample configuration.
---
srcpkgs/gitea/INSTALL | 6 ++++--
srcpkgs/gitea/template | 2 +-
2 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/srcpkgs/gitea/INSTALL b/srcpkgs/gitea/INSTALL
index 92e2f390e76..e646bfbd646 100644
--- a/srcpkgs/gitea/INSTALL
+++ b/srcpkgs/gitea/INSTALL
@@ -5,8 +5,10 @@ case "$ACTION" in
else
# This sets the secret key which would otherwise be
# distributed as a static packaged value
- secret="$(tr -dc '[:alnum:]' < /dev/urandom | head -c32)"
- sed -i "s!<SECRET_KEY>!$secret!" etc/gitea.conf
+ cp etc/gitea.conf etc/gitea.conf.TMP
+ secret="$(tr -dc '[:alnum:]' < /dev/urandom | head -c32)" \
+ awk '/^SECRET_KEY =/ { print "SECRET_KEY = " ENVIRON["secret"]; next } //' < etc/gitea.conf.TMP > etc.gitea.conf
+ rm etc/gitea.conf.TMP
fi
chown _gitea:_gitea etc/gitea.conf
;;
diff --git a/srcpkgs/gitea/template b/srcpkgs/gitea/template
index 8b52483458d..a04c001f28f 100644
--- a/srcpkgs/gitea/template
+++ b/srcpkgs/gitea/template
@@ -1,7 +1,7 @@
# Template file for 'gitea'
pkgname=gitea
version=1.10.1
-revision=1
+revision=2
build_style=go
go_import_path=code.gitea.io/gitea
# This could be done with build options, but these are built in with the
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: gitea: fix INSTALL script
2020-02-01 0:27 [PR PATCH] gitea: fix INSTALL script voidlinux-github
@ 2020-02-02 19:09 ` voidlinux-github
2020-02-23 23:41 ` Piraty
` (11 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: voidlinux-github @ 2020-02-02 19:09 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 250 bytes --]
New comment by sineemore on void-packages repository
https://github.com/void-linux/void-packages/pull/18705#issuecomment-581166457
Comment:
Also, IIUC, gitea will produce new secret on the very first start, so maybe the sed/awk thing is pointless.
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: gitea: fix INSTALL script
2020-02-01 0:27 [PR PATCH] gitea: fix INSTALL script voidlinux-github
2020-02-02 19:09 ` voidlinux-github
@ 2020-02-23 23:41 ` Piraty
2020-02-24 15:25 ` sineemore
` (10 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: Piraty @ 2020-02-23 23:41 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 233 bytes --]
New comment by Piraty on void-packages repository
https://github.com/void-linux/void-packages/pull/18705#issuecomment-590130586
Comment:
@sineemore please verify your assumption. I'll be happy to merge this if it's indeed obsolete
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: gitea: fix INSTALL script
2020-02-01 0:27 [PR PATCH] gitea: fix INSTALL script voidlinux-github
2020-02-02 19:09 ` voidlinux-github
2020-02-23 23:41 ` Piraty
@ 2020-02-24 15:25 ` sineemore
2020-02-24 15:32 ` sineemore
` (9 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: sineemore @ 2020-02-24 15:25 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 302 bytes --]
New comment by sineemore on void-packages repository
https://github.com/void-linux/void-packages/pull/18705#issuecomment-590377849
Comment:
@Piraty gitea will change all secrets in configuration file right after web based installation process (happens on http://localhost:3000/ after service start).
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: gitea: fix INSTALL script
2020-02-01 0:27 [PR PATCH] gitea: fix INSTALL script voidlinux-github
` (2 preceding siblings ...)
2020-02-24 15:25 ` sineemore
@ 2020-02-24 15:32 ` sineemore
2020-04-19 14:43 ` sgn
` (8 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: sineemore @ 2020-02-24 15:32 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 182 bytes --]
New comment by sineemore on void-packages repository
https://github.com/void-linux/void-packages/pull/18705#issuecomment-590385962
Comment:
@Piraty so yeah, it's kind of obsolete.
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: gitea: fix INSTALL script
2020-02-01 0:27 [PR PATCH] gitea: fix INSTALL script voidlinux-github
` (3 preceding siblings ...)
2020-02-24 15:32 ` sineemore
@ 2020-04-19 14:43 ` sgn
2020-04-19 22:12 ` sineemore
` (7 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: sgn @ 2020-04-19 14:43 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 199 bytes --]
New comment by sgn on void-packages repository
https://github.com/void-linux/void-packages/pull/18705#issuecomment-616151102
Comment:
Do you have a documentation or code to backing your statement?
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: gitea: fix INSTALL script
2020-02-01 0:27 [PR PATCH] gitea: fix INSTALL script voidlinux-github
` (4 preceding siblings ...)
2020-04-19 14:43 ` sgn
@ 2020-04-19 22:12 ` sineemore
2020-04-19 22:13 ` sineemore
` (6 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: sineemore @ 2020-04-19 22:12 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 817 bytes --]
New comment by sineemore on void-packages repository
https://github.com/void-linux/void-packages/pull/18705#issuecomment-616233544
Comment:
@sgn
The command
```
sed -i "s!<SECRET_KEY>!$secret!" etc/gitea.conf
```
should change the line
```
SECRET_KEY = !#@FDEWREWR&*(
```
in /etc/gitea.conf.
As you can see, sed pattern will fail.
So right no we already have broken code in INSTALL script.
___
Code, that generates gitea new SECRET_KEY during web based installation: https://github.com/go-gitea/gitea/blob/ad1b6d439fe0e0875e54227e0bc23a74411f490e/routers/install.go#L345
Also there is a way to generate new SECRET_KEY with gitea binary itself:
https://github.com/go-gitea/gitea/blob/37c3db7be6dd6fc5ee085979cc5f5dda09d978c3/docs/content/doc/usage/command-line.en-us.md#generate
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: gitea: fix INSTALL script
2020-02-01 0:27 [PR PATCH] gitea: fix INSTALL script voidlinux-github
` (5 preceding siblings ...)
2020-04-19 22:12 ` sineemore
@ 2020-04-19 22:13 ` sineemore
2020-04-19 22:15 ` sineemore
` (5 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: sineemore @ 2020-04-19 22:13 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 818 bytes --]
New comment by sineemore on void-packages repository
https://github.com/void-linux/void-packages/pull/18705#issuecomment-616233544
Comment:
@sgn
The command
```
sed -i "s!<SECRET_KEY>!$secret!" etc/gitea.conf
```
should change the line
```
SECRET_KEY = !#@FDEWREWR&*(
```
in /etc/gitea.conf.
As you can see, sed pattern will fail.
So right now we already have broken code in INSTALL script.
___
Code, that generates gitea new SECRET_KEY during web based installation: https://github.com/go-gitea/gitea/blob/ad1b6d439fe0e0875e54227e0bc23a74411f490e/routers/install.go#L345
Also there is a way to generate new SECRET_KEY with gitea binary itself:
https://github.com/go-gitea/gitea/blob/37c3db7be6dd6fc5ee085979cc5f5dda09d978c3/docs/content/doc/usage/command-line.en-us.md#generate
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: gitea: fix INSTALL script
2020-02-01 0:27 [PR PATCH] gitea: fix INSTALL script voidlinux-github
` (6 preceding siblings ...)
2020-04-19 22:13 ` sineemore
@ 2020-04-19 22:15 ` sineemore
2020-04-19 22:16 ` sineemore
` (4 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: sineemore @ 2020-04-19 22:15 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 1355 bytes --]
New comment by sineemore on void-packages repository
https://github.com/void-linux/void-packages/pull/18705#issuecomment-616233544
Comment:
@sgn
The command
```
sed -i "s!<SECRET_KEY>!$secret!" etc/gitea.conf
```
should change the line
```
SECRET_KEY = !#@FDEWREWR&*(
```
in /etc/gitea.conf.
As you can see, sed pattern will fail.
So right now we already have broken code in INSTALL script.
___
Code, that generates gitea new SECRET_KEY during web based installation: https://github.com/go-gitea/gitea/blob/ad1b6d439fe0e0875e54227e0bc23a74411f490e/routers/install.go#L345
Also there is a way to generate new SECRET_KEY with gitea binary itself:
https://github.com/go-gitea/gitea/blob/37c3db7be6dd6fc5ee085979cc5f5dda09d978c3/docs/content/doc/usage/command-line.en-us.md#generate
> If you don't want the web installer to be able to write the config file at all, it is also possible to make the config file read-only for the gitea user (owner/group root:root, mode 0660), and set INSTALL_LOCK = true. In that case all database configuration details must be set beforehand in the config file, as well as the SECRET_KEY and INTERNAL_TOKEN values.
https://github.com/go-gitea/gitea/blob/3f0cb8b33a6e96a12498c9d5c2ae8dda44a13a62/docs/content/doc/installation/from-binary.en-us.md#create-required-directory-structure
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: gitea: fix INSTALL script
2020-02-01 0:27 [PR PATCH] gitea: fix INSTALL script voidlinux-github
` (7 preceding siblings ...)
2020-04-19 22:15 ` sineemore
@ 2020-04-19 22:16 ` sineemore
2020-04-19 22:21 ` [PR PATCH] [Updated] " sineemore
` (3 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: sineemore @ 2020-04-19 22:16 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 1447 bytes --]
New comment by sineemore on void-packages repository
https://github.com/void-linux/void-packages/pull/18705#issuecomment-616233544
Comment:
@sgn
The command
```
sed -i "s!<SECRET_KEY>!$secret!" etc/gitea.conf
```
should change the line
```
SECRET_KEY = !#@FDEWREWR&*(
```
in /etc/gitea.conf.
As you can see, sed pattern will fail.
So right now we already have broken code in INSTALL script.
___
Code, that generates gitea new SECRET_KEY during web based installation: https://github.com/go-gitea/gitea/blob/ad1b6d439fe0e0875e54227e0bc23a74411f490e/routers/install.go#L345
Also there is a way to generate new SECRET_KEY with gitea binary itself:
https://github.com/go-gitea/gitea/blob/37c3db7be6dd6fc5ee085979cc5f5dda09d978c3/docs/content/doc/usage/command-line.en-us.md#generate
> If you don't want the web installer to be able to write the config file at all, it is also possible to make the config file read-only for the gitea user (owner/group root:root, mode 0660), and set INSTALL_LOCK = true. In that case all database configuration details must be set beforehand in the config file, as well as the SECRET_KEY and INTERNAL_TOKEN values.
This one quote states that web installer will change the SECRET_KEY during installation:
https://github.com/go-gitea/gitea/blob/3f0cb8b33a6e96a12498c9d5c2ae8dda44a13a62/docs/content/doc/installation/from-binary.en-us.md#create-required-directory-structure
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PR PATCH] [Updated] gitea: fix INSTALL script
2020-02-01 0:27 [PR PATCH] gitea: fix INSTALL script voidlinux-github
` (8 preceding siblings ...)
2020-04-19 22:16 ` sineemore
@ 2020-04-19 22:21 ` sineemore
2020-04-19 22:25 ` sineemore
` (2 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: sineemore @ 2020-04-19 22:21 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 551 bytes --]
There is an updated pull request by sineemore against master on the void-packages repository
https://github.com/sineemore/void-packages gitea-fix-install
https://github.com/void-linux/void-packages/pull/18705
gitea: fix INSTALL script
With current INSTALL sed process reveals generated secret key; it can be viewed by monitoring /proc or by using extrace.
Also sed pattern <SECRET_KEY> fails, since there no such substring in provided sample configuration.
A patch file from https://github.com/void-linux/void-packages/pull/18705.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-gitea-fix-install-18705.patch --]
[-- Type: text/x-diff, Size: 2370 bytes --]
From 7fee1916ffe022af8d9010fe3a3c8cdb35e3a91e Mon Sep 17 00:00:00 2001
From: sineemore <sineemore@disroot.org>
Date: Mon, 24 Feb 2020 18:18:54 +0300
Subject: [PATCH] gitea: fix INSTALL script
With current INSTALL sed process reveals generated secret key; it can be viewed by monitoring /proc or by using extrace.
Also sed pattern <SECRET_KEY> fails, since there no such substring in provided sample configuration.
gitea will change all secrets in configuration file right after web based installation process.
---
srcpkgs/gitea/INSTALL | 16 ++++------------
srcpkgs/gitea/template | 8 ++++----
2 files changed, 8 insertions(+), 16 deletions(-)
diff --git a/srcpkgs/gitea/INSTALL b/srcpkgs/gitea/INSTALL
index 92e2f390e76..660e7deabaa 100644
--- a/srcpkgs/gitea/INSTALL
+++ b/srcpkgs/gitea/INSTALL
@@ -1,13 +1,5 @@
-case "$ACTION" in
- post)
- if [ "$UPDATE" = "yes" ] ; then
- :
- else
- # This sets the secret key which would otherwise be
- # distributed as a static packaged value
- secret="$(tr -dc '[:alnum:]' < /dev/urandom | head -c32)"
- sed -i "s!<SECRET_KEY>!$secret!" etc/gitea.conf
- fi
- chown _gitea:_gitea etc/gitea.conf
- ;;
+case "${ACTION}" in
+post)
+ chown _gitea:_gitea etc/gitea.conf
+ ;;
esac
diff --git a/srcpkgs/gitea/template b/srcpkgs/gitea/template
index 212d6172ebf..2b16b3909bc 100644
--- a/srcpkgs/gitea/template
+++ b/srcpkgs/gitea/template
@@ -1,7 +1,7 @@
# Template file for 'gitea'
pkgname=gitea
-version=1.10.3
-revision=1
+version=1.10.6
+revision=2
build_style=go
go_import_path=code.gitea.io/gitea
# This could be done with build options, but these are built in with the
@@ -24,14 +24,14 @@ go_build_tags="bindata sqlite pam tidb"
go_ldflags=" -X main.Version=${version}"
hostmakedepends="go-bindata git"
makedepends="sqlite-devel pam-devel"
-depends="git"
+depends="git bash"
short_desc="Git with a cup of Tea"
maintainer="Michael Aldridge <maldridge@voidlinux.org>"
license="MIT"
homepage="https://gitea.io"
changelog="https://github.com/go-gitea/gitea/blob/master/CHANGELOG.md"
distfiles="https://github.com/go-gitea/gitea/archive/v${version}.tar.gz"
-checksum=564b676163077dfc2c1d0175c9766cf118b8fc917f49e7e7e2e5b2b33d8b6539
+checksum=d7fad3b0257c13037e0770d722e07da9bf2d356997c060a75d149e605a421f22
nocross="https://api.travis-ci.org/v3/job/616733825/log.txt"
system_accounts="_gitea"
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PR PATCH] [Updated] gitea: fix INSTALL script
2020-02-01 0:27 [PR PATCH] gitea: fix INSTALL script voidlinux-github
` (9 preceding siblings ...)
2020-04-19 22:21 ` [PR PATCH] [Updated] " sineemore
@ 2020-04-19 22:25 ` sineemore
2020-04-19 22:30 ` sineemore
2020-04-20 0:06 ` [PR PATCH] [Merged]: " the-maldridge
12 siblings, 0 replies; 14+ messages in thread
From: sineemore @ 2020-04-19 22:25 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 551 bytes --]
There is an updated pull request by sineemore against master on the void-packages repository
https://github.com/sineemore/void-packages gitea-fix-install
https://github.com/void-linux/void-packages/pull/18705
gitea: fix INSTALL script
With current INSTALL sed process reveals generated secret key; it can be viewed by monitoring /proc or by using extrace.
Also sed pattern <SECRET_KEY> fails, since there no such substring in provided sample configuration.
A patch file from https://github.com/void-linux/void-packages/pull/18705.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-gitea-fix-install-18705.patch --]
[-- Type: text/x-diff, Size: 1616 bytes --]
From b8d32e77b31fc8f3d49ae22196575514f5addafb Mon Sep 17 00:00:00 2001
From: sineemore <sineemore@disroot.org>
Date: Mon, 24 Feb 2020 18:18:54 +0300
Subject: [PATCH] gitea: fix INSTALL script
With current INSTALL sed process reveals generated secret key; it can be viewed by monitoring /proc or by using extrace.
Also sed pattern <SECRET_KEY> fails, since there no such substring in provided sample configuration.
gitea will change all secrets in configuration file right after web based installation process.
---
srcpkgs/gitea/INSTALL | 16 ++++------------
srcpkgs/gitea/template | 2 +-
2 files changed, 5 insertions(+), 13 deletions(-)
diff --git a/srcpkgs/gitea/INSTALL b/srcpkgs/gitea/INSTALL
index 92e2f390e76..660e7deabaa 100644
--- a/srcpkgs/gitea/INSTALL
+++ b/srcpkgs/gitea/INSTALL
@@ -1,13 +1,5 @@
-case "$ACTION" in
- post)
- if [ "$UPDATE" = "yes" ] ; then
- :
- else
- # This sets the secret key which would otherwise be
- # distributed as a static packaged value
- secret="$(tr -dc '[:alnum:]' < /dev/urandom | head -c32)"
- sed -i "s!<SECRET_KEY>!$secret!" etc/gitea.conf
- fi
- chown _gitea:_gitea etc/gitea.conf
- ;;
+case "${ACTION}" in
+post)
+ chown _gitea:_gitea etc/gitea.conf
+ ;;
esac
diff --git a/srcpkgs/gitea/template b/srcpkgs/gitea/template
index 5d9a2ad5f06..2b16b3909bc 100644
--- a/srcpkgs/gitea/template
+++ b/srcpkgs/gitea/template
@@ -1,7 +1,7 @@
# Template file for 'gitea'
pkgname=gitea
version=1.10.6
-revision=1
+revision=2
build_style=go
go_import_path=code.gitea.io/gitea
# This could be done with build options, but these are built in with the
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: gitea: fix INSTALL script
2020-02-01 0:27 [PR PATCH] gitea: fix INSTALL script voidlinux-github
` (10 preceding siblings ...)
2020-04-19 22:25 ` sineemore
@ 2020-04-19 22:30 ` sineemore
2020-04-20 0:06 ` [PR PATCH] [Merged]: " the-maldridge
12 siblings, 0 replies; 14+ messages in thread
From: sineemore @ 2020-04-19 22:30 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 219 bytes --]
New comment by sineemore on void-packages repository
https://github.com/void-linux/void-packages/pull/18705#issuecomment-616236056
Comment:
@the-maldridge, as a current maintainer, can you review the proposed change?
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PR PATCH] [Merged]: gitea: fix INSTALL script
2020-02-01 0:27 [PR PATCH] gitea: fix INSTALL script voidlinux-github
` (11 preceding siblings ...)
2020-04-19 22:30 ` sineemore
@ 2020-04-20 0:06 ` the-maldridge
12 siblings, 0 replies; 14+ messages in thread
From: the-maldridge @ 2020-04-20 0:06 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 381 bytes --]
There's a merged pull request on the void-packages repository
gitea: fix INSTALL script
https://github.com/void-linux/void-packages/pull/18705
Description:
With current INSTALL sed process reveals generated secret key; it can be viewed by monitoring /proc or by using extrace.
Also sed pattern <SECRET_KEY> fails, since there no such substring in provided sample configuration.
^ permalink raw reply [flat|nested] 14+ messages in thread
end of thread, other threads:[~2020-04-20 0:06 UTC | newest]
Thread overview: 14+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-02-01 0:27 [PR PATCH] gitea: fix INSTALL script voidlinux-github
2020-02-02 19:09 ` voidlinux-github
2020-02-23 23:41 ` Piraty
2020-02-24 15:25 ` sineemore
2020-02-24 15:32 ` sineemore
2020-04-19 14:43 ` sgn
2020-04-19 22:12 ` sineemore
2020-04-19 22:13 ` sineemore
2020-04-19 22:15 ` sineemore
2020-04-19 22:16 ` sineemore
2020-04-19 22:21 ` [PR PATCH] [Updated] " sineemore
2020-04-19 22:25 ` sineemore
2020-04-19 22:30 ` sineemore
2020-04-20 0:06 ` [PR PATCH] [Merged]: " the-maldridge
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).