From 4eeef3ae8999b5cac725d2f59fbbe5c23c3f789f Mon Sep 17 00:00:00 2001 From: Drew DeVault Date: Sun, 2 Sep 2018 20:17:42 -0400 Subject: [PATCH] Update for sr.ht unified config --- config.example.ini | 85 ++++++++++++++++++++++++++++++++++ config.ini.example | 68 --------------------------- git-srht-dispatch | 8 ++-- git-srht-keys | 7 ++- git-srht-periodic | 5 +- git-srht-shell | 11 ++--- git-srht-update-hook | 15 ++---- gitsrht/app.py | 23 ++++----- gitsrht/blueprints/manage.py | 2 +- gitsrht/blueprints/public.py | 8 ++-- gitsrht/oauth.py | 7 ++- gitsrht/repos.py | 2 +- gitsrht/templates/index.html | 6 +-- gitsrht/worker.py | 10 ++-- run.py | 4 +- scripts/symlink-update-hook.py | 5 +- 16 files changed, 136 insertions(+), 130 deletions(-) create mode 100644 config.example.ini delete mode 100644 config.ini.example diff --git a/config.example.ini b/config.example.ini new file mode 100644 index 0000000..1092aa5 --- /dev/null +++ b/config.example.ini @@ -0,0 +1,85 @@ +[sr.ht] +# +# The name of your network of sr.ht-based sites +site-name=sr.ht +# +# Contact information for the site owners +owner-name=Drew DeVault +owner-email=sir@cmpwn.com +# +# The source code for your fork of sr.ht +source-url=https://git.sr.ht/~sircmpwn/srht +# +# A secret key to encrypt session cookies with +secret-key=CHANGEME + +[mail] +# +# Outgoing SMTP settings +smtp-host= +smtp-port= +smtp-user= +smtp-password= +smtp-from= +# +# Application exceptions are emailed to this address +error-to= +error-from= +# +# Your PGP key information (DO NOT mix up pub and priv here) +# You must remove the password from your secret key, if present. +# You can do this with gpg --edit-key [key-id], then use the passwd +# command and do not enter a new password. +pgp-privkey= +pgp-pubkey= +pgp-key-id= + +[git.sr.ht] +# +# URL git.sr.ht is being served at (protocol://domain) +origin=http://git.sr.ht.local +# +# Address and port to bind the debug server to +debug-host=0.0.0.0 +debug-port=5001 +# +# Configures the SQLAlchemy connection string for the database. +connection-string=postgresql://postgres@localhost/git.sr.ht +# +# The redis connection used for the Celery worker +redis=redis://localhost:6379/1 +# +# A post-update script which is installed in every git repo. +post-update-script=/usr/bin/git-srht-update-hook +# +# git.sr.ht's OAuth client ID and secret for meta.sr.ht +# Register your client at meta.example.org/oauth +oauth-client-id=CHANGEME +oauth-client-secret=CHANGEME +# +# Path to git repositories on disk +repos=/var/lib/git/ + +[git.sr.ht::cgit] +# +# URL where cgit is being served (we proxy to it) +remote=http://cgit.local + +[git.sr.ht::dispatch] +# +# The authorized keys hook uses this to dispatch to various handlers +# The format is a program to exec into as the key, and the user to match as the +# value. When someone tries to log in as this user, this program is executed +# and is expected to omit an AuthorizedKeys file. +# +# Uncomment the relevant lines to enable the various sr.ht dispatchers. +/usr/bin/git-srht-keys=git:git +#/usr/bin/man-srht-keys=man:man + +[meta.sr.ht] +origin=http://meta.sr.ht.local + +# Uncomment this to provide optional builds.sr.ht integration +#[builds.sr.ht] +#origin=http://builds.sr.ht.local +#oauth-client-id=CHANGEME diff --git a/config.ini.example b/config.ini.example deleted file mode 100644 index 06fa234..0000000 --- a/config.ini.example +++ /dev/null @@ -1,68 +0,0 @@ -# -# git.sr.ht config - -[server] -# -# Specifies the protocol (usually http or https) meta.sr.ht runs with. -protocol=http -# -# Specifies the domain name meta.sr.ht is running on. -domain=localhost:5001 -# -# A secret key to encrypt session cookies with. -secret-key=CHANGEME - -[debug] -# -# Address and port to bind the debug server to. -debug-host=0.0.0.0 -debug-port=5001 - -[sr.ht] -# -# Configures the SQLAlchemy connection string for the database. -connection-string=postgresql://postgres@localhost/git.sr.ht -# -# The name of your network of sr.ht-based sites -site-name=sr.ht - -[network] -# -# Location of other sites in your network -# -# This isn't a hardcoded list, add or remove entries as you like. The upstream -# sites do know about each other and will omit integrations if you leave out -# the relevant site. Only meta is required. -meta=http://meta.sr.ht.local -git=http://git.sr.ht.local -builds=http://builds.sr.ht.local - -[cgit] -remote=http://cgit.local -repos=/var/lib/git/ - -# -# The authorized keys hook uses this to dispatch to various handlers -# The format is a program to exec into as the key, and the user to match as the -# value. When someone tries to log in as this user, this program is executed -# and is expected to omit an AuthorizedKeys file. -[dispatch] -/usr/bin/git-srht-keys=git:git -# Uncomment to enable the man.sr.ht dispatcher: -#/usr/bin/man-srht-keys=man:man - -[git.sr.ht] -redis=redis://localhost:6379/1 -post-update-script=/usr/bin/git-srht-update-hook - -[meta.sr.ht] -# -# Register an OAuth client for meta.sr.ht and fill in these details with it -oauth-client-id= -oauth-client-secret= - -[builds.sr.ht] -# -# Fill this in with the oauth client ID builds.sr.ht uses for builds.sr.ht -# integration -oauth-client-id= diff --git a/git-srht-dispatch b/git-srht-dispatch index a337775..39e8609 100644 --- a/git-srht-dispatch +++ b/git-srht-dispatch @@ -14,7 +14,7 @@ from collections import namedtuple from datetime import datetime from pwd import getpwnam from grp import getgrnam -from srht.config import cfg, cfgkeys, load_config +from srht.config import cfg, cfgkeys def log(s, *args): sys.stderr.write("{} {}\n".format(datetime.now().isoformat(), @@ -22,8 +22,6 @@ def log(s, *args): sys.stderr.flush() log("Running git-srht-dispatch") -load_config("git") - def auth_keys_error(): log("This command should be run by sshd's AuthorizedKeysCommand") log('AuthorizedKeysCommand={} "%u" "%h" "%t" "%k"\nAuthorizedKeysUser=root', @@ -33,8 +31,8 @@ def auth_keys_error(): Dispatcher = namedtuple("Dispatcher", ["cmd", "uid", "gid"]) dispatchers = list() -for cmd in cfgkeys("dispatch"): - user = cfg("dispatch", cmd).split(":") +for cmd in cfgkeys("git.sr.ht::dispatch"): + user = cfg("git.sr.ht::dispatch", cmd).split(":") uid, gid = getpwnam(user[0]).pw_uid, getgrnam(user[-1]).gr_gid dispatchers.append(Dispatcher(cmd=cmd, uid=uid, gid=gid)) log("registered dispatcher for {}:{}: {}", uid, gid, cmd) diff --git a/git-srht-keys b/git-srht-keys index daea571..f615739 100755 --- a/git-srht-keys +++ b/git-srht-keys @@ -2,10 +2,9 @@ import os import sys import requests -from srht.config import cfg, load_config -load_config("git") +from srht.config import cfg from srht.database import DbSession -db = DbSession(cfg("sr.ht", "connection-string")) +db = DbSession(cfg("git.sr.ht", "connection-string")) from gitsrht.types import User db.init() @@ -14,7 +13,7 @@ key_type = sys.argv[3] b64key = sys.argv[4] r = requests.get("{}/api/ssh-key/{}".format( - cfg("network", "meta"), b64key)) + cfg("meta.sr.ht", "origin"), b64key)) if r.status_code != 200: sys.stderr.write("meta.sr.ht returned 404 for this key\n") sys.exit(0) diff --git a/git-srht-periodic b/git-srht-periodic index 3e056d1..911a01f 100755 --- a/git-srht-periodic +++ b/git-srht-periodic @@ -1,8 +1,7 @@ #!/usr/bin/env python3 -from srht.config import cfg, cfgi, load_config -load_config("git") +from srht.config import cfg from srht.database import DbSession -db = DbSession(cfg("sr.ht", "connection-string")) +db = DbSession(cfg("git.sr.ht", "connection-string")) from gitsrht.types import Repository, RepoVisibility db.init() from datetime import datetime, timedelta diff --git a/git-srht-shell b/git-srht-shell index aea537d..11b1a0d 100644 --- a/git-srht-shell +++ b/git-srht-shell @@ -11,11 +11,10 @@ except Exception as ex: import requests import shlex from datetime import datetime -from srht.config import cfg, load_config -load_config("git") +from srht.config import cfg from srht.validation import Validation from srht.database import DbSession -db = DbSession(cfg("sr.ht", "connection-string")) +db = DbSession(cfg("git.sr.ht", "connection-string")) from gitsrht.types import User, Repository, RepoVisibility, Redirect from gitsrht.access import has_access, UserAccess from gitsrht.repos import create_repo @@ -25,8 +24,8 @@ def log(s, *args): sys.stderr.write("{} {}\n".format(datetime.now().isoformat(), s.format(*args) if isinstance(s, str) else str(s))) -root = "{}://{}".format(cfg("server", "protocol"), cfg("server", "domain")) -repos = cfg("cgit", "repos") +origin = cfg("git.sr.ht", "origin") +repos = cfg("git.sr.ht", "repos") _cmd = os.environ.get("SSH_ORIGINAL_COMMAND") if not _cmd: @@ -66,7 +65,7 @@ if not repo: sys.stderr.write("\tThis repository has moved:\n") # TODO: orgs sys.stderr.write("\t{}/~{}/{}\n".format( - root, repo.owner.username, repo.name)) + origin, repo.owner.username, repo.name)) sys.stderr.write("\tPlease update your remote.\n\n") sys.exit(128) diff --git a/git-srht-update-hook b/git-srht-update-hook index 41102c0..014df16 100755 --- a/git-srht-update-hook +++ b/git-srht-update-hook @@ -1,8 +1,7 @@ #!/usr/bin/env python3 -from srht.config import cfg, cfgi, load_config -load_config("git") +from srht.config import cfg, cfgi from srht.database import DbSession -db = DbSession(cfg("sr.ht", "connection-string")) +db = DbSession(cfg("git.sr.ht", "connection-string")) from gitsrht.types import User, Repository, RepoVisibility db.init() from configparser import ConfigParser @@ -14,12 +13,8 @@ import sys import re op = sys.argv[0] -builds_sr_ht = cfg("network", "builds", default=None) -root = ( - cfg("server", "protocol") + - "://" + - cfg("server", "domain") -) +builds_sr_ht = cfg("builds.sr.ht", "origin", default=None) +origin = cfg("git.sr.ht", "origin") if op == "hooks/post-update": refs = sys.argv[1:] @@ -41,7 +36,7 @@ if op == "hooks/post-update": print("\n\t\033[93mNOTICE\033[0m") print("\tWe saved your changes, but this repository does not exist.") print("\tClick here to create it:") - print("\t{}/create?name={}".format(root, repo.name)) + print("\t{}/create?name={}".format(origin, repo.name)) print("\tYour changes will be discarded in 20 minutes.\n") repo.updated = datetime.utcnow() diff --git a/gitsrht/app.py b/gitsrht/app.py index 957785e..412ed46 100644 --- a/gitsrht/app.py +++ b/gitsrht/app.py @@ -1,30 +1,31 @@ from flask import session from srht.flask import SrhtFlask -from srht.config import cfg, load_config -load_config("git") - +from srht.config import cfg from srht.database import DbSession -db = DbSession(cfg("sr.ht", "connection-string")) + +db = DbSession(cfg("git.sr.ht", "connection-string")) from gitsrht.types import User + db.init() import gitsrht.oauth -from gitsrht.blueprints.api import api -from gitsrht.blueprints.public import public -from gitsrht.blueprints.manage import manage class GitApp(SrhtFlask): def __init__(self): - super().__init__("git", __name__) + super().__init__("git.sr.ht", __name__) + + from gitsrht.blueprints.api import api + from gitsrht.blueprints.public import public + from gitsrht.blueprints.manage import manage self.register_blueprint(api) self.register_blueprint(public) self.register_blueprint(manage) - meta_client_id = cfg("meta.sr.ht", "oauth-client-id") - meta_client_secret = cfg("meta.sr.ht", "oauth-client-secret") - builds_client_id = cfg("builds.sr.ht", "oauth-client-id") + meta_client_id = cfg("git.sr.ht", "oauth-client-id") + meta_client_secret = cfg("git.sr.ht", "oauth-client-secret") + builds_client_id = cfg("builds.sr.ht", "oauth-client-id", default=None) self.configure_meta_auth(meta_client_id, meta_client_secret, base_scopes=["profile"] + ([ "{}/jobs:write".format(builds_client_id) diff --git a/gitsrht/blueprints/manage.py b/gitsrht/blueprints/manage.py index c64b4fa..d827c22 100644 --- a/gitsrht/blueprints/manage.py +++ b/gitsrht/blueprints/manage.py @@ -12,7 +12,7 @@ from gitsrht.repos import create_repo, rename_repo, delete_repo import shutil manage = Blueprint('manage', __name__) -repos_path = cfg("cgit", "repos") +repos_path = cfg("git.sr.ht", "repos") post_update = cfg("git.sr.ht", "post-update-script") @manage.route("/create") diff --git a/gitsrht/blueprints/public.py b/gitsrht/blueprints/public.py index 7b66b49..9912ae8 100644 --- a/gitsrht/blueprints/public.py +++ b/gitsrht/blueprints/public.py @@ -10,8 +10,8 @@ from sqlalchemy import or_ public = Blueprint('cgit', __name__) -upstream = cfg("cgit", "remote") -meta_uri = cfg("network", "meta") +upstream = cfg("git.sr.ht::cgit", "remote") +meta_uri = cfg("meta.sr.ht", "origin") @public.route("/") def index(): @@ -52,7 +52,9 @@ def cgit_passthrough(owner_name, repo_name, cgit_path=""): r = requests.get("{}/{}".format(upstream, request.full_path)) if r.status_code != 200: abort(r.status_code) - base = cfg("network", "git").replace("http://", "").replace("https://", "") + base = (cfg("git.sr.ht", "origin") + .replace("http://", "") + .replace("https://", "")) clone_urls = ["https://{}/{}/{}", "git@{}:{}/{}"] our_clone_text = """ diff --git a/gitsrht/oauth.py b/gitsrht/oauth.py index e6b1336..99e1064 100644 --- a/gitsrht/oauth.py +++ b/gitsrht/oauth.py @@ -6,10 +6,9 @@ from srht.database import db from gitsrht.types import OAuthToken, User from datetime import datetime -client_id = cfg("meta.sr.ht", "oauth-client-id") -client_secret = cfg("meta.sr.ht", "oauth-client-secret") -revocation_url = "{}://{}/oauth/revoke".format( - cfg("server", "protocol"), cfg("server", "domain")) +client_id = cfg("git.sr.ht", "oauth-client-id") +client_secret = cfg("git.sr.ht", "oauth-client-secret") +revocation_url = "{}/oauth/revoke".format(cfg("git.sr.ht", "origin")) class GitOAuthService(AbstractOAuthService): def get_client_id(self): diff --git a/gitsrht/repos.py b/gitsrht/repos.py index 0ed6fb7..8e617e2 100644 --- a/gitsrht/repos.py +++ b/gitsrht/repos.py @@ -6,7 +6,7 @@ import shutil import re import os -repos_path = cfg("cgit", "repos") +repos_path = cfg("git.sr.ht", "repos") post_update = cfg("git.sr.ht", "post-update-script") def validate_name(valid, owner, repo_name): diff --git a/gitsrht/templates/index.html b/gitsrht/templates/index.html index 419af77..00419e9 100644 --- a/gitsrht/templates/index.html +++ b/gitsrht/templates/index.html @@ -44,13 +44,13 @@ {% else %}

- Welcome to {{cfg("server", "domain")}}. This is a part of the - + Welcome to {{domain}}. This is a part of the + {{cfg("sr.ht", "site-name")}} network and provides git hosting services to members. If you already have an account, you can log in here. New users can - register here. + register here.

{% endif %}
diff --git a/gitsrht/worker.py b/gitsrht/worker.py index 8e8f0bd..1ef631a 100644 --- a/gitsrht/worker.py +++ b/gitsrht/worker.py @@ -1,9 +1,7 @@ -from srht.config import cfg, load_config, loaded -if not loaded(): - load_config("git") +from srht.config import cfg from srht.database import DbSession, db if not hasattr(db, "session"): - db = DbSession(cfg("sr.ht", "connection-string")) + db = DbSession(cfg("git.sr.ht", "connection-string")) import gitsrht.types db.init() @@ -17,9 +15,9 @@ import yaml import os worker = Celery('git', broker=cfg("git.sr.ht", "redis")) -builds_sr_ht = cfg("network", "builds") +builds_sr_ht = cfg("builds.sr.ht", "origin") builds_client_id = cfg("builds.sr.ht", "oauth-client-id") -git_sr_ht = cfg("server", "protocol") + "://" + cfg("server", "domain") +git_sr_ht = cfg("git.sr.ht", "origin") @worker.task def _do_webhook(url, payload, headers=None, **kwargs): diff --git a/run.py b/run.py index 203fc06..c6ed93e 100644 --- a/run.py +++ b/run.py @@ -6,6 +6,6 @@ import os app.static_folder = os.path.join(os.getcwd(), "static") if __name__ == '__main__': - app.run(host=cfg("debug", "debug-host"), - port=cfgi("debug", "debug-port"), + app.run(host=cfg("git.sr.ht", "debug-host"), + port=cfgi("git.sr.ht", "debug-port"), debug=True) diff --git a/scripts/symlink-update-hook.py b/scripts/symlink-update-hook.py index 10baf9c..66f7d82 100755 --- a/scripts/symlink-update-hook.py +++ b/scripts/symlink-update-hook.py @@ -1,8 +1,7 @@ #!/usr/bin/env python3 -from srht.config import cfg, cfgi, load_config -load_config("git") +from srht.config import cfg from srht.database import DbSession -db = DbSession(cfg("sr.ht", "connection-string")) +db = DbSession(cfg("git.sr.ht", "connection-string")) from gitsrht.types import Repository db.init() import os -- 2.38.4