bjoernager/forgejo
bjoernager/forgejo
1
Fork 0
Code Issues Pull requests Activity

chore: introduce gitNeeded bool in setup (#7348)

Browse source 
There are various commands of the Forgejo CLI that do not actually need Git, because i.e. they only issue network requests. Matter of fact, most occurrences do not actually require Git.

By removing the Git initialization, operations by e.g. the manager will not fail in the absence of a Git binary. This is mostly relevant for an in-the-works Landlock implementation, which aims to minimize access to paths depending on the situation. Although we should expect that Git will be installed on the same system that the user is running Forgejo from, it somewhat slows things down, whereas the same edge cases that we are trying to protect the user from _could_ be achieved by keeping the `setting.RepoRootPath` check.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7348
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Panagiotis "Ivory" Vasilopoulos <git@n0toose.net>
Co-committed-by: Panagiotis "Ivory" Vasilopoulos <git@n0toose.net>
This commit is contained in:
Panagiotis "Ivory" Vasilopoulos 2025-03-31 16:35:20 +00:00 committed by Gusted
parent 10c8ca62d2
commit dbeab2a0c3
5 changed files with 23 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

6
cmd/hook.go
View file

@ -168,7 +168,7 @@ func runHookPreReceive(c *cli.Context) error {
ctx, cancel := installSignals() ctx, cancel := installSignals()
defer cancel() defer cancel()
setup(ctx, c.Bool("debug")) setup(ctx, c.Bool("debug"), true)
if len(os.Getenv("SSH_ORIGINAL_COMMAND")) == 0 { if len(os.Getenv("SSH_ORIGINAL_COMMAND")) == 0 {
if setting.OnlyAllowPushIfGiteaEnvironmentSet { if setting.OnlyAllowPushIfGiteaEnvironmentSet {
@ -327,7 +327,7 @@ func runHookPostReceive(c *cli.Context) error {
ctx, cancel := installSignals() ctx, cancel := installSignals()
defer cancel() defer cancel()
setup(ctx, c.Bool("debug")) setup(ctx, c.Bool("debug"), true)
// First of all run update-server-info no matter what // First of all run update-server-info no matter what
if _, _, err := git.NewCommand(ctx, "update-server-info").RunStdString(nil); err != nil { if _, _, err := git.NewCommand(ctx, "update-server-info").RunStdString(nil); err != nil {
@ -491,7 +491,7 @@ func runHookProcReceive(c *cli.Context) error {
ctx, cancel := installSignals() ctx, cancel := installSignals()
defer cancel() defer cancel()
setup(ctx, c.Bool("debug")) setup(ctx, c.Bool("debug"), true)
if len(os.Getenv("SSH_ORIGINAL_COMMAND")) == 0 { if len(os.Getenv("SSH_ORIGINAL_COMMAND")) == 0 {
if setting.OnlyAllowPushIfGiteaEnvironmentSet { if setting.OnlyAllowPushIfGiteaEnvironmentSet {

2
cmd/keys.go
View file

@ -71,7 +71,7 @@ func runKeys(c *cli.Context) error {
ctx, cancel := installSignals() ctx, cancel := installSignals()
defer cancel() defer cancel()
setup(ctx, c.Bool("debug")) setup(ctx, c.Bool("debug"), true)
authorizedString, extra := private.AuthorizedPublicKeyByContent(ctx, content) authorizedString, extra := private.AuthorizedPublicKeyByContent(ctx, content)
// do not use handleCliResponseExtra or cli.NewExitError, if it exists immediately, it breaks some tests like Test_CmdKeys // do not use handleCliResponseExtra or cli.NewExitError, if it exists immediately, it breaks some tests like Test_CmdKeys

10
cmd/manager.go
View file

@ -112,7 +112,7 @@ func runShutdown(c *cli.Context) error {
ctx, cancel := installSignals() ctx, cancel := installSignals()
defer cancel() defer cancel()
setup(ctx, c.Bool("debug")) setup(ctx, c.Bool("debug"), false)
extra := private.Shutdown(ctx) extra := private.Shutdown(ctx)
return handleCliResponseExtra(extra) return handleCliResponseExtra(extra)
} }
@ -121,7 +121,7 @@ func runRestart(c *cli.Context) error {
ctx, cancel := installSignals() ctx, cancel := installSignals()
defer cancel() defer cancel()
setup(ctx, c.Bool("debug")) setup(ctx, c.Bool("debug"), false)
extra := private.Restart(ctx) extra := private.Restart(ctx)
return handleCliResponseExtra(extra) return handleCliResponseExtra(extra)
} }
@ -130,7 +130,7 @@ func runReloadTemplates(c *cli.Context) error {
ctx, cancel := installSignals() ctx, cancel := installSignals()
defer cancel() defer cancel()
setup(ctx, c.Bool("debug")) setup(ctx, c.Bool("debug"), false)
extra := private.ReloadTemplates(ctx) extra := private.ReloadTemplates(ctx)
return handleCliResponseExtra(extra) return handleCliResponseExtra(extra)
} }
@ -139,7 +139,7 @@ func runFlushQueues(c *cli.Context) error {
ctx, cancel := installSignals() ctx, cancel := installSignals()
defer cancel() defer cancel()
setup(ctx, c.Bool("debug")) setup(ctx, c.Bool("debug"), false)
extra := private.FlushQueues(ctx, c.Duration("timeout"), c.Bool("non-blocking")) extra := private.FlushQueues(ctx, c.Duration("timeout"), c.Bool("non-blocking"))
return handleCliResponseExtra(extra) return handleCliResponseExtra(extra)
} }
@ -148,7 +148,7 @@ func runProcesses(c *cli.Context) error {
ctx, cancel := installSignals() ctx, cancel := installSignals()
defer cancel() defer cancel()
setup(ctx, c.Bool("debug")) setup(ctx, c.Bool("debug"), false)
extra := private.Processes(ctx, os.Stdout, c.Bool("flat"), c.Bool("no-system"), c.Bool("stacktraces"), c.Bool("json"), c.String("cancel")) extra := private.Processes(ctx, os.Stdout, c.Bool("flat"), c.Bool("no-system"), c.Bool("stacktraces"), c.Bool("json"), c.String("cancel"))
return handleCliResponseExtra(extra) return handleCliResponseExtra(extra)
} }

14
cmd/manager_logging.go
View file

@ -199,7 +199,7 @@ func runRemoveLogger(c *cli.Context) error {
ctx, cancel := installSignals() ctx, cancel := installSignals()
defer cancel() defer cancel()
setup(ctx, c.Bool("debug")) setup(ctx, c.Bool("debug"), false)
logger := c.String("logger") logger := c.String("logger")
if len(logger) == 0 { if len(logger) == 0 {
logger = log.DEFAULT logger = log.DEFAULT
@ -214,7 +214,7 @@ func runAddConnLogger(c *cli.Context) error {
ctx, cancel := installSignals() ctx, cancel := installSignals()
defer cancel() defer cancel()
setup(ctx, c.Bool("debug")) setup(ctx, c.Bool("debug"), false)
vals := map[string]any{} vals := map[string]any{}
mode := "conn" mode := "conn"
vals["net"] = "tcp" vals["net"] = "tcp"
@ -244,7 +244,7 @@ func runAddFileLogger(c *cli.Context) error {
ctx, cancel := installSignals() ctx, cancel := installSignals()
defer cancel() defer cancel()
setup(ctx, c.Bool("debug")) setup(ctx, c.Bool("debug"), false)
vals := map[string]any{} vals := map[string]any{}
mode := "file" mode := "file"
if c.IsSet("filename") { if c.IsSet("filename") {
@ -311,7 +311,7 @@ func runPauseLogging(c *cli.Context) error {
ctx, cancel := installSignals() ctx, cancel := installSignals()
defer cancel() defer cancel()
setup(ctx, c.Bool("debug")) setup(ctx, c.Bool("debug"), false)
userMsg := private.PauseLogging(ctx) userMsg := private.PauseLogging(ctx)
_, _ = fmt.Fprintln(os.Stdout, userMsg) _, _ = fmt.Fprintln(os.Stdout, userMsg)
return nil return nil
@ -321,7 +321,7 @@ func runResumeLogging(c *cli.Context) error {
ctx, cancel := installSignals() ctx, cancel := installSignals()
defer cancel() defer cancel()
setup(ctx, c.Bool("debug")) setup(ctx, c.Bool("debug"), false)
userMsg := private.ResumeLogging(ctx) userMsg := private.ResumeLogging(ctx)
_, _ = fmt.Fprintln(os.Stdout, userMsg) _, _ = fmt.Fprintln(os.Stdout, userMsg)
return nil return nil
@ -331,7 +331,7 @@ func runReleaseReopenLogging(c *cli.Context) error {
ctx, cancel := installSignals() ctx, cancel := installSignals()
defer cancel() defer cancel()
setup(ctx, c.Bool("debug")) setup(ctx, c.Bool("debug"), false)
userMsg := private.ReleaseReopenLogging(ctx) userMsg := private.ReleaseReopenLogging(ctx)
_, _ = fmt.Fprintln(os.Stdout, userMsg) _, _ = fmt.Fprintln(os.Stdout, userMsg)
return nil return nil
@ -340,7 +340,7 @@ func runReleaseReopenLogging(c *cli.Context) error {
func runSetLogSQL(c *cli.Context) error { func runSetLogSQL(c *cli.Context) error {
ctx, cancel := installSignals() ctx, cancel := installSignals()
defer cancel() defer cancel()
setup(ctx, c.Bool("debug")) setup(ctx, c.Bool("debug"), false)
extra := private.SetLogSQL(ctx, !c.Bool("off")) extra := private.SetLogSQL(ctx, !c.Bool("off"))
return handleCliResponseExtra(extra) return handleCliResponseExtra(extra)

11
cmd/serv.go
View file

@ -57,19 +57,22 @@ var CmdServ = &cli.Command{
}, },
} }
func setup(ctx context.Context, debug bool) { func setup(ctx context.Context, debug, gitNeeded bool) {
if debug { if debug {
setupConsoleLogger(log.TRACE, false, os.Stderr) setupConsoleLogger(log.TRACE, false, os.Stderr)
} else { } else {
setupConsoleLogger(log.FATAL, false, os.Stderr) setupConsoleLogger(log.FATAL, false, os.Stderr)
} }
setting.MustInstalled() setting.MustInstalled()
// Sanity check to ensure path is not relative, see: https://github.com/go-gitea/gitea/pull/19317
if _, err := os.Stat(setting.RepoRootPath); err != nil { if _, err := os.Stat(setting.RepoRootPath); err != nil {
_ = fail(ctx, "Unable to access repository path", "Unable to access repository path %q, err: %v", setting.RepoRootPath, err) _ = fail(ctx, "Unable to access repository path", "Unable to access repository path %q, err: %v", setting.RepoRootPath, err)
return return
} }
if err := git.InitSimple(context.Background()); err != nil { if gitNeeded {
_ = fail(ctx, "Failed to init git", "Failed to init git, err: %v", err) if err := git.InitSimple(context.Background()); err != nil {
_ = fail(ctx, "Failed to init git", "Failed to init git, err: %v", err)
}
} }
} }
@ -133,7 +136,7 @@ func runServ(c *cli.Context) error {
defer cancel() defer cancel()
// FIXME: This needs to internationalised // FIXME: This needs to internationalised
setup(ctx, c.Bool("debug")) setup(ctx, c.Bool("debug"), true)
if setting.SSH.Disabled { if setting.SSH.Disabled {
fmt.Println("Forgejo: SSH has been disabled") fmt.Println("Forgejo: SSH has been disabled")