- Regression: Users who to don't have git-access permission can't access the
public repositories.
Tests:
- Functional tests work.
- Admin user is able to view and access the repos when there are some public
repos and when there no public repos.
- User belonging to git-access are regular usrs are unable to access private
repos. But they are also not able to access the public repos. They have to
logout to be able to do that.
- Anonymous user is not able to access the application if all repos are private.
If there is at least one public repo, the repo listing can be accessed and
public repos can be seen and accessed.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Config files are all symlinks /etc/
- Configuration file is effective
- Web interface works
- Web interface authentication works
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- This will leave /etc/{plinth,freedombox} empty by default making service more
robust to run across various environments and situations. See systemd's
explanation for more details.
- Use Debian maintainer scripts remove all the existing files in
/etc/plinth/modules-enabled.
- Read from /usr/share/freedombox/modules-enabled then from
/etc/plinth/modules-enabled and finally from /etc/freedombox/modules-enabled.
Later read ones override previously read files. Any file pointing to /dev/null
will mean the module must be ignored.
Tests:
- Clean up /etc/plinth, /etc/freedombox and
/usr/share/freedombox/modules-enabled. Run service and notice that files are
getting loaded from development folder using a debug message.
- Run setup.py and notice that files get installed in
/usr/share/freedombox/modules-enabled/ and in the next run they get loaded from
there.
- Create a override file in /etc/plinth/modules-enabled/transmission and notice
that overriden file gets priority over the one in
/usr/share/freedombox/modules-enabled.
- Link the file /etc/plinth/modules-enabled/transmission to /dev/null and notice
that is not loaded.
- Create another file in /etc/freedombox/modules-enabled/transmission and notice
that it overrides the previous two files.
- All affected modules are loaded.
- Build a new Debian package and ensure that upgrading 23.8 to new version
removes are all configuration files.
- Build developer documentation and test that Tutorial -> Full Code and Tutorial
-> Skeleton sections have been updated with references to
-.../modules-enabled/... paths.
- Install quassel and notice that certificates were copied to /var/lib/quassel
directory. Change domain to another domain and notice that certificates were
copied again to that directory.
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
* Fixes the gitweb app initalization when there are no public
repositories and the apache2 configuration gitweb-freedombox-auth has
not been enabled before (this may happen when the git repositories or
apache2 configuration has been modified outside the plinth web UI).
* Fix comment in the gitweb-freedombox-auth.conf apache2 configuration
file.
Fixes#1928
Tests performed:
* The gitweb app unit and functional tests pass.
* Configured all gitweb repositories as private. Stopped the plinth
service. Disabled the apache2 configuration gitweb-freedombox-auth.
Then starting the plinth service succeeds and gitweb-freedombox-auth
configuration gets enabled.
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: Joseph Nuthalapati <njoseph@riseup.net>
On the Gitweb site, links that end with /HEAD (for example menu links after
selecting 'tree' on the front page) are mistakenly redirected
to the git-http-backend cgi script and an empty page is shown to the user.
Modified Apache2 ScriptAliasMatch regex so that git-http-backend services get
redirected only if they immediately follow repository's name path component.
Links on Gitweb site have additional action component before /HEAD and those
will be handled by the gitweb cgi script.
The relevant git-http-backend source:
https://repo.or.cz/git/debian.git/blob/refs/tags/v2.20.1:/http-backend.c#l706
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
When using git-http-backend, both URLs ending with and without .git are allowed.
However, access restriction has only be applied for URLs ending with .git. This
means that private git repositories are clone-able by anonymous users by
removing the .git suffix in the URLs.
Fix the issue by extending the access restriction to cover URLs not ending with
.git.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
