Florian Zschocke [Fri, 11 Nov 2022 11:14:55 +0000 (12:14 +0100)]
bugtraq: Catch exceptions from bugtraq and show message
Catch all exceptions, and not just IOExceptions, from bugtraq formatter.
If an exception is caught, ignore the bugtraq handling of the commit
message and show the plain message. Way better then not showing anything
just because something broke in bugtraq.
Florian Zschocke [Fri, 11 Nov 2022 11:12:13 +0000 (12:12 +0100)]
bugtraq: Fallback to UTF-8 if commit encoding is unsupported
Reading the encoding of a commit can result in a Unsupported- or
IllegalCharsetException. This happens when for whatever reason the
commit has an encoding recorded that the system doesn't understand.
Instead of completely failing, fallback to UTF-8.
Florian Zschocke [Fri, 11 Nov 2022 10:58:23 +0000 (11:58 +0100)]
Remove workaround for JGit crashing on 'utf-9' etc
Updating JGit fixed the issue that a commit in a repo with an unknown
character set throws an exception. This would crash the RepositoryManager.
The extra handling, which patches JGit classes during runtime is completely
removed.
ci: Delete nightly build artefact after testing the container
Leave the artefact until after the container has been built and tested.
In case the test fails the artefact can be still downloaded to analyse
what might have caused the container build or test to fail.
This brings back in a change that was implemented in a pull request
from 2017, but got lost in the chaos of multiple pull requests from
intermingling branches.
This does not only provide feedback when a SSH key cannot be parsed,
but it also does so in a way that the warning goes away when a correct
key is added. Admittedly, I have no idea how to properly do this with
a Wicket FeedbackMessage, all I could find on Google was highly
complicated.
Not only does this bring back (or really in) the fix for issue #1226,
but it also fixes #984.
Replace key feedback with label instead of FeedbackMessage
Since it is a pest to get rid of a Wicket FeedbackMessage in an AJAX target,
change the code to use an extra label that can provide feedback if the
key could not be parsed or was empty.
The Github 'checkout' action was updated from v1 to v3. But the behaviour
changed between the two which broke this workflow.
The old action would clone other repositories not into the workspace
but parallel to the workspace. The new version does every clone/checkout
relative to the workspace. That means that where previously the
gitblit-docker repository would be cloned in parallel to the workspace
which is gitblit/gitblit, it is now cloned into the gitblit/gitblit
directory path.
So remove all the references to `../gitblit-docker`. The files are in
the current directory now.
Florian Zschocke [Mon, 31 Oct 2022 23:50:14 +0000 (00:50 +0100)]
authority: Fix null pointer crash for deleted users
When a user had a certificate, i.e. an entry in the Gitblit Authority
database, but the user was deleted from the Gitblit database, then the
Authority application crashes upon loading. This patch prevents the
crash. The deleted user is no longer shown in the Authority. But the
database entry still is kept. This should be improved to show deleted
users and give the possibility to delete them from the Authority's
database.
Florian Zschocke [Thu, 27 Oct 2022 21:26:44 +0000 (23:26 +0200)]
deps: Update Guice version to 5.1.0
Update Guice to 5.1.0. This version is compatible with Java 17.
The gitblit patch of the servlet extension was ported to Guice 5.1.0,
too.
The update of Guice requires an update of the Guava version, too.
Thus Guava is updated to 27.0.1-jar.
Florian Zschocke [Wed, 26 Oct 2022 16:03:40 +0000 (18:03 +0200)]
ci: Update action versions in push build workflow
The workflow runs started issuing warnings because NodeJS 12 was
deprecated. Actions need to get updated to newer versions that use
NodeJS 16. This commit updates the `actions/checkout` and the
`actions/setup-java` actions to the latest version in the workflow that
builds on every push.
The new setup-java action requires the distribution to be specified,
since multiple JDK distributions are supported now. We chose Eclipse's
Temurin here which is the successor to AdoptOpenJDK, which we use for
development.
Florian Zschocke [Mon, 24 Oct 2022 22:00:03 +0000 (00:00 +0200)]
Skip SSH host key files that do not exist
Since we now do not generate a DSA host key file anymore, but keep it in
the list of potential keys so that existing keys still work, it can
happen that the files for DSA (and Ed25519) are getting loaded but they
do not exist. This results in an error in the log.
So instead check if the file exists and only try to load files that
exist. This prevents from errors (which are none) being spammed in the
log.
Create new host keys, one with ECDSA and one with Ed25519 algorithms.
For the Ed25519 currently the EdDSA library from i2p is used. This
requires some quirks, compared to a modern BouncyCastle. But the SSHD
library used cannot use BouncyCastle yet for Ed25519.
No DSA key is generated anymore, but we still support existing ones.
The version 1.69 is chosen instead of 1.70, because the moxie build
would not download the jars, trying to download `...1.7.jar` instead.
Three class deprecations are fixed. `PEMWriter` and `X509Extension`
are replaced with their drop-in replacements `JcaPEMWriter` and
`Extension`. The `PasswordFinder` deprecation note says that "it is
no longer used". It also was never used in Gitblit's code, so it is
removed from the key par provider class.
Florian Zschocke [Sun, 14 Aug 2022 12:45:58 +0000 (14:45 +0200)]
Use existing setting but with new values
Instead of adding another setting and having to explain how the new one
and the existing `requireClientCertificates` setting are interdependent,
let's use the existing setting and add new values.
It is changed from a boolean to a string, with the values `required`,
`optional` and `disabled`. To keep backward compatibility with the old
values, the `true` value is mapped to `required` and the `false` value
is mapped to `optional`.
This also removes the additional Set. What changes is that the order of
the repositories is kept, but the resulting list will have user and team
permissions intertwined.
Florian Zschocke [Sun, 13 Mar 2022 17:03:17 +0000 (18:03 +0100)]
fix: Fix StoredUserConfig not escaping control characters
The `StoredUserConfig` only escaped the escape character, i.e. backslash.
But it does not escape control characters like tab or newline. This
introduces a vulnerability where an attacker can create new entries
in their user account and create new accounts.
In addition, other characters are also not properly handled. Field values
with a comment character need to be quoted. This only happens for the
`#` character and only when the value starts with it. Also the quote
is note escaped in values.
This change completely rewrites the `escape` method of `StoredUserConfig`.
It takes care of properly escaping characters that need escaping for the
git configuration file format.
Te `StoredUserConfig` did not handle sections without a subsection.
When the subsection did not exist, i.e. was `null`, then the subsection
name would be set to the string "null". This is not how the config file
format works. It should create a `[SECTIONNAME]` entry instead.
This fix handles a `null` subsection correctly, by handling it as a
section without a subsection.
Florian Zschocke [Sun, 14 Nov 2021 11:03:46 +0000 (12:03 +0100)]
ci: Allow to force build a nightly version
Enable a switch for manual workflow triggering that overrides the check
if a new commits were made since the last build. If the input is set to
'true', a new build is run even when no new commits are present.
This is mainly so that changes to the gitblit-docker repo can be included
in builds. This could also be automated in the workflow, if need be.
The link to the nightly docker images points to the actual image layer,
which is removed when a new nightly is pushed.
Instead, we should point to the images page, filtering on the tag 'nightly'.
Florian Zschocke [Thu, 13 Jan 2022 17:19:14 +0000 (18:19 +0100)]
build: Determine release version with simple grep
To determine what the release version is to be, use a simple grep over
the moxie.build file and cut off the `-SNAPSHOT` part. The moxie
tag command doesn't do anything else, either. But the problem is that
when using the moxie tag command on the release branch, where the
version has already been set to a release version, it would create
a second release version, like so: 1.9.2-1.
Florian Zschocke [Thu, 16 Dec 2021 22:46:28 +0000 (23:46 +0100)]
build: Allow for updating an existing draft release
When creating a release draft and uploading assets, provision for the case
that a draft release already exists. In that case, instead of creating a
release, the existing release (changelog) is edited and the assets are
deleted before the new built ones are uploaded.
This commit also introduces the `${gh.repo}` property in build.xml,
so that the Github project could be chosen dynamically. Not really needed,
to be honest, but, yeah, whatever.
Florian Zschocke [Thu, 30 Jan 2020 20:47:12 +0000 (21:47 +0100)]
Build: create macro for creating the release process script
Refactor the creation of the release process script, from
`release.template` into a `macrodef`.
Add a new target `releaseScript`, so that the release script can be
created after the `tagRelease` target was run.
This is helpful if the `tagRelease` target is run by a different,
earlier process than the actual release creation process.
To help with analysis, try to detect if the instance is running inside
a container. Some containers are detected, but this is probably not
exhaustive. At least a Docker container should be detectable.
Report in the runtime manager to the log if a container was detected.
pages: Fix repo-relative reference links in markdown docs
As with explicit links, also for reference links in markdown documents
which point to repository-relative files the links are broken. They do
not take the path to the repository into account.
This fix is related to commit b23269 which fixed issue #1358
for explicit links.
bug: Fix double encoding links in Markdown/Wiki pages
When parsing Markdown or Wiki pages, links get URL encoded. This happened
twice for links to other documents. Once explicitly and once by Wicket
when it creates a `urlFor` the page. That results in multi-byte
characters getting percent escaped, and then the percent character again
getting percent escaped.
The explicit encoding looks like a forgotten left over, so it gets
removed from the code. The Wicket encoding is smarter anyways, knowing
what is path and what is parameter.
Florian Zschocke [Thu, 25 Nov 2021 14:28:18 +0000 (15:28 +0100)]
docs: Update docker URL
Update the URL to the Gitblit docker image to point to the
`gitblit/gitblit` repository, which I now consider the official
Docker repository.
Also link to the Docker images on the main page.
Tom [Wed, 23 Nov 2016 17:30:48 +0000 (18:30 +0100)]
Fix NPE
Although it seems strange to have a RefModel with a referenced object
but a null Ref, Gitblit uses such RefModels for instance in
JGitUtils.getNotesOnCommit().
Be careful to do something sensible when that Ref is null.
Tom [Wed, 26 Oct 2016 20:49:56 +0000 (22:49 +0200)]
Issue #1011: do not serialize JGit commit objects
JGit commit objects are a recursive data structure; they have links to
their parent commits. Serializing a JGit commit will try to recursively
serialize all reachable ancestors as faras they have been loaded. If
that ancestor chain is too long, a StackOverflowError is thrown during
Wicket's page serialization if a page has a reference to sucha JGit
commit.
Fixed by making sure that pages o not contain references to JGit
commits. Use the (existing) wrapper object RepositoryCommit instead.
* RepositoryCommit has a transient reference to the JGit commit and
reads the commit from the repository upon de-serialization.
* RefModel is a similar case (JGit tags/branches may also have links
to the commits they point to). Solved a bit differently by making it
a pure data object by transferring the interesting data from the JGit
object in the constructor.
* Change DataViews instantiated with RevCommit to use RepositoryCommit
instead.
* Change inner anonymous DataViews to ensure they do not have a
synthesized field referencing the "allRefs" map. Such a synthesized
field would also get serialized, and then serialize JGit commits
again.
Finally, remove non-transient logger instances in Wicket classes. Those
might lead to NotSerializableException.
These StackOverflowErrors have been reported in several places since
2014: