I've noticed that a lot of issues cannot be reproduced on http://try.gogs.io,
which either hints about specific database type problems or
hints about bugs which are already solved in the newer version
(as http://try.gogs.io is usually a newer build).
This patch adds the suggestion to test the issue at http://try.gogs.io in
the Github "issue template". The user can answer: "Yes", "No", "Not relevant".
"Not relevant" is an option where testing on http://try.gogs.io makes no sense as
the bug is unrelated to the Web UI or is very specific in nature.
- Remove the known issue about `.dockerignore` being ignored during DockerHub automated build as this has been fixed
- Added a note on the fact that we currently do no support building the container on RPi1
- Upgrade of gosu to v1.7
- Change in docker/build.sh to use `--no-cache` to prevent APKINDEX creation when installing dev dependencies
- Manual upgrade of Alpine on Raspberry Pi when building to make sure the environment is the same as the standard Dockerfile
Unknwon [Thu, 25 Feb 2016 05:21:48 +0000 (00:21 -0500)]
Add new config option for builtin SSH server
Config option [server] SSH_LISTEN_PORT to the port the builtin SSH server will be listen.
It can be different from SSH_PORT which is supposed to be exposed in the clone URL.
This should solve the problem when user runs Gogs inside Docker container
and still want to use builtin SSH server.
Adam Strzelecki [Tue, 16 Feb 2016 11:33:16 +0000 (12:33 +0100)]
LDAP: Fetch attributes in Bind DN context option
This is feature is workaround for #2628 (JumpCloud) and some other services
that allow LDAP search only under BindDN user account, but not allow any LDAP
search query in logged user DN context.
Such approach is an alternative to minimal permissions security pattern for
BindDN user.
Adam Strzelecki [Tue, 16 Feb 2016 10:58:00 +0000 (11:58 +0100)]
LDAP: Use single connection in BindDN mode auth
According to RFC 4511 4.2.1. Processing of the Bind Request "Clients may send
multiple Bind requests to change the authentication and/or security
associations or to complete a multi-stage Bind process. Authentication from
earlier binds is subsequently ignored."
Therefore we should not use 2 connections, but single one just sending two bind
requests.
Muh Muhten [Sat, 20 Feb 2016 03:54:51 +0000 (22:54 -0500)]
update alpine package dependencies
- s6 is in main in 3.3, so we no longer need to mangle the repos file
- official image is periodically updated, so it's not preferred to do
upgrades downstream (usually harmless, but inelegant)
- apk-tools in 3.3 supports --no-cache to avoid leaving the APKINDEX
files in the image
Unknwon [Fri, 19 Feb 2016 22:39:50 +0000 (17:39 -0500)]
Fix inappropriate markdown post process end tag check
When <code> is nested inside <pre>, the next end tag token would not able to be the same
as outer-most start tag. So we only check outer-most start and end tag token to be the same.
Unknwon [Thu, 18 Feb 2016 03:47:06 +0000 (22:47 -0500)]
#2650 fix possbility that use email as pusher user name
Remove the possibility of using email as user name when user actually push
through combination of email and password with HTTP.
Also refactor update action function to replcae tons of arguments with
single PushUpdateOptions struct.
And define the user who pushes code as pusher, therefore variable names shouldn't
be confusing any more.
Gibheer [Wed, 17 Feb 2016 08:33:41 +0000 (09:33 +0100)]
fix ssh public key tests
The old API was using []byte, but was changed to string without running
the tests again.
It also sets the variables from the configuration to make them work.
Maybe there is a better way to do this.
Gibheer [Tue, 16 Feb 2016 22:01:56 +0000 (23:01 +0100)]
allow native and ssh-keygen public key check
This commit adds the possibibility to use either the native golang
libraries or ssh-keygen to check public keys. The check is adjusted
depending on the settings, so that only supported keys are let through.
This commit also brings back the blacklist feature, which was removed in 7ef9a055886574655d9f2be70c957bc16bf30500. This allows to blacklist
algorythms or keys based on the key length. This works with the native
and the ssh-keygen way.
Because of #2179 it also includes a way to adjust the path to
ssh-keygen and the working directory for ssh-keygen. With this,
sysadmins should be able to adjust the settings in a way, that SELinux
is okay with it. In the worst case, they can switch to the native
implementation and only loose support for ed25519 keys at the moment.
There are some other places which need adjustment to utilize the
parameters and the native implementation, but this sets the ground work.