docker/root/usr/bin/entrypoint already allows for the specification
of USER, USER_UID, USER_GID. But since AllowedUsers is hardcoded in
sshd_config, one cannot log in as a user different ftom git.
This change substitutes ${USER} for git in the sshd_config template.
Signed-off-by: Jeronimo Pellegrini <j_p@aleph0.info>
* - rearrange the templates to make it more logical because now ssh_config is a template
- implemented the updating of the port to the same as the port sent to the gitea config
* change the filename back
* Repository avatars
- first variant of code from old work for gogs
- add migration 87
- add new option in app.ini
- add en-US locale string
- add new class in repository.less
* Add changed index.css, remove unused template name
* Update en-us doc about configuration options
* Add comments to new functions, add new option to docker app.ini
* Add comment for lint
* Remove variable, not needed
* Fix formatting
* Update swagger api template
* Check if avatar exists
* Fix avatar link/path checks
* Typo
* TEXT column can't have a default value
* Fixes:
- remove old avatar file on upload
- use ID in name of avatar file - users may upload same files
- add simple tests
* Fix fmt check
* Generate PNG instead of "static" GIF
* More informative comment
* Fix error message
* Update avatar upload checks:
- add file size check
- add new option
- update config docs
- add new string to en-us locale
* Fixes:
- use FileHEader field for check file size
- add new test - upload big image
* Fix formatting
* Update comments
* Update log message
* Removed wrong style - not needed
* Use Sync2 to migrate
* Update repos list view
- bigger avatar
- fix html blocks alignment
* A little adjust avatar size
* Use small icons for explore/repo list
* Use new cool avatar preparation func by @lafriks
* Missing changes for new function
* Remove unused import, move imports
* Missed new option definition in app.ini
Add file size check in user/profile avatar upload
* Use smaller field length for Avatar
* Use session to update repo DB data, update DeleteAvatar - use session too
* Fix err variable definition
* As suggested @lafriks - return as soon as possible, code readability
The sshd flag `-e` instructs sshd to output any logs to stderr instead
of the syslog. Redirect this output to stdout then.
Signed-off-by: Jakob Ackermann <das7pad@outlook.com>
From the man page of ssh-keygen:
Ed25519 keys have a fixed length and the -b flag will be ignored.
[skip ci]
Signed-off-by: Jakob Ackermann <das7pad@outlook.com>
* Add disable registration as an environment variable
for docker
* Add REQUIRE_SIGNIN_VIEW as env var to docker
* Add variables to template
* Update docker docs
* If using a different $USER then rename git user
* Chown based on $USER env
* Target only one part of passwd
* su-exec based on $USER
not a hardcoded value
Why:
* We are using self-signed ssl certificates for internal services, which results in failures when gitea tries to communicate through webhooks with these. We would like to enable gitea to be able to use these certificates without having to build custom docker images.
How
* We add the internal certificates to /usr/local/share/ca-certificates on the host
* We read-only mount /usr/local/share/ca-certificates from the host to /usr/local/share/ca-certificates in the container
* We do a update-ca-certificates in the alpine container before starting gitea
This should have no consequence for users that do not have the need to handle self-signed certificates, as update-ca-certificates should be idempotent.
* Create docker/manifest/base.yml
serve as base for build docker image for most platform (386,amd64,arm,arm64)
* Add make task docker-multi-arch-push-manifest
To update references of a multi-arch image on docker registry.
* Use SED_INPLACE generic sed command
* Delete Dockerfile.aarch64
Delete Dockerfile.rpi
* Use gitea/gitea-base as base
and replace deprecated MAINTAINER by LABEL (https://docs.docker.com/engine/reference/builder/#maintainer-deprecated)
* Fix rebase
* Use sapk/gitea-base as base
* Split makefile for docker
* Fix version to v3.6
Could use in later version edge of alpine official library that support multi-arch for armhf.
* Remove sapk/gitea-base and use directly new official alpine multi-arch
* Add `gettext` dependencies as we need `envsubst` command;
* Modified s6's gitea setup script, instead of `cp` the template if no
`app.ini` exist, it will substitude the envvars and generate the new
`app.ini`;
* Make `/docker/etc/templates/app.ini` a template contains environment
variables;
Signed-off-by: Tao Wang <twang2218@gmail.com>
* Added stupid docker task to makefile
* Dropped unknown option PrintLastLog from docker ssh config
* OpenSSH should log to docker stdout
* Set random pw for docker git user, otherwise it is locked
* Stop using templates and public within docker
I have restructured the docker build process entirely, the binary gets
built outside of the docker build command, now we are managing all
dependencies with real Alpine packages and I have dropped features like
socat or the cron daemon.
Signed-off-by: Thomas Boerger <tboerger@suse.de>
Still use GOGS_WORK_DIR and GOGS_CUSTOM env variables
as a fallback if the equivalent GITEA_* are not set,
warning user about the need for change.
Does not change "gogs" to "gitea" in webhook type name
Because "gogs" hook type is part of the API (routes) and used
in templates...
Closes #87
* docker: update build script to use glide + make
- docker/build.sh will now use glide to fetch dependencies
- glide is built from source to keep compatibility with arm
(no pre-prebuilt binary for arm)
- docker/build.sh will also now use the provided Makefile
It will generate an error when trying to get git build has as we do
not ship the 88mo .git directory during the build (should not cause
any problem as the variable it sets was not set previously)
* docker: fix docker arm build
- drop gosu version back to 1.7 as gosu binary for armhf is broken
- see tianon/gosu#19
* docker: update gosu to 1.9
Signed-off-by: Jean-Philippe Roemer <jp@roemer.im>
- Remove the known issue about `.dockerignore` being ignored during DockerHub automated build as this has been fixed
- Added a note on the fact that we currently do no support building the container on RPi1
- Upgrade of gosu to v1.7
- Change in docker/build.sh to use `--no-cache` to prevent APKINDEX creation when installing dev dependencies
- Manual upgrade of Alpine on Raspberry Pi when building to make sure the environment is the same as the standard Dockerfile
- Add the crond init script for s6
- Add the RUN_CROND configuration variable to setup crond
- Crond will not be run by default (hence the `down` file in the service directory)
- `start.sh` check if RUN_CROND = "true" || "1" and remove this file to tell s6 to run the initscript
- Resolves #2597
- Dockerfile now uses alpine:3.3 as base
- Dockerfile.rpi now uses v3.3/community repository without pinning
- Go package is no longer fetched using repository pinning
- Fixes problem while using repository pinning & virtual package at the same time
- Add nsswitch.conf to configure LibC Name Service inside the container
- Change my email in the Dockerfile
- Update build script to install software as a `build-deps` virtual package so that adding a package to it will be automatically removed at the end of the build script
- Resolve #1893
- Add syslogd to output sshd log on stdout (via `docker logs`)
- Enforce directory rights on `/data/git`, `/data/gogs` & `/data/ssh`
- Add `SOCAT_LINK` environment variable to prevent the creation of scout links when they are not needed (see #1815)
- `start.sh` will now verify that the port is not already used by another service
- Resolve #1807
- Log when a service is created, or could not be created
- Keep track of which port is already used, including goes & sshd port
- ssh/setup: test directive now check if a file exist in key path instead of a folder
- ssh/setup script was hanging waiting for an input about rewriting the key
as the test case was returning true, when it should have been false
(check if file is a folder instead of a file)
- Volumed subfolder now created up in the ENTRYPOINT script, this way
they are created before S6 even starts making VOLUME.
- The subfolder will be created during VOLUME creation too as ENTRYPOINT
script will be run before /bin/true
- SSH Keys will now be created on a single key basis not replying on the
existence of /data/ssh folder
- Now using a setup script before starting the app. The separation of
the run script and the setup script will make service initialisation a
little bit clearer
- Now calling start.sh script as ENTRYPOINT and S6 as CMD. This way
when running the container with just a shell script, the start.sh
script will be launched before, making debugging easier
- Added note about `.dockerignore` ignored during Docker Hub Automated
Build
- VOLUME for ‘/data’
- Usage of S6 as PID 1 Process
- Usage of ‘socat’ so linked container (like databases) are binded to
localhost
- OpenSSH, Socat Link and Gogs are supervised using S6
- Size of container reduced to ~75Mo
The previous setting would cause all repo creations to fail, as
described in issue #328.
The previous commit also resolves this issue, but it seems saner to
create the user in the Dockerfile than at runtime.