From b3e5f0cab0f7dc35ff037b0ebc9d2b05e9896126 Mon Sep 17 00:00:00 2001 From: Monty Taylor Date: Thu, 24 Oct 2019 16:33:12 +0900 Subject: [PATCH] Update gitea to v1.10.0 1.10 introduces a PASSWORD_COMPLEXITY setting with a default value of lower,upper,digit,spec - which requires passwords to have an upper, lower, digit and special character. Our example password does not have this, so set the PASSWORD_COMPLEXITY setting. We could alternately leave it at the default and ensure that our passwords meet the spec. The sshd_config file is templated now, so we can set the listen port via env var. Change-Id: I6e4b595eabb9c6885d78fff1109ea9f602e89ef7 --- docker/gitea/Dockerfile | 4 +- .../gitea/custom/templates/repo/header.tmpl | 90 +++++++++---------- docker/gitea/sshd_config | 33 ------- playbooks/roles/gitea/tasks/main.yaml | 1 + playbooks/roles/gitea/templates/app.ini.j2 | 1 + .../gitea/templates/docker-compose.yaml.j2 | 2 + 6 files changed, 49 insertions(+), 82 deletions(-) delete mode 100644 docker/gitea/sshd_config diff --git a/docker/gitea/Dockerfile b/docker/gitea/Dockerfile index 16b6eae897..c33b98d136 100644 --- a/docker/gitea/Dockerfile +++ b/docker/gitea/Dockerfile @@ -26,7 +26,7 @@ FROM docker.io/library/golang:1.13-buster AS build-env LABEL maintainer="infra-root@openstack.org" -ARG GITEA_VERSION="v1.9.6" +ARG GITEA_VERSION="v1.10.0" ENV TAGS "bindata $TAGS" #Build deps @@ -70,8 +70,6 @@ RUN addgroup --system --gid 1000 git \ # Copy the /etc config files and entrypoint script COPY --from=build-env /go/src/code.gitea.io/gitea/docker/root / -# Copy our custom sshd_config -COPY sshd_config /etc/ssh/sshd_config # Copy the app COPY --from=build-env /go/src/code.gitea.io/gitea/gitea /app/gitea/gitea diff --git a/docker/gitea/custom/templates/repo/header.tmpl b/docker/gitea/custom/templates/repo/header.tmpl index 44c0a142ed..9f8e8ea0a0 100644 --- a/docker/gitea/custom/templates/repo/header.tmpl +++ b/docker/gitea/custom/templates/repo/header.tmpl @@ -12,62 +12,60 @@
/
{{.Name}} {{if .IsArchived}}{{end}} - {{if .IsMirror}}
{{$.i18n.Tr "repo.mirror_from"}} {{$.Mirror.Address}}
{{end}} + {{if .IsMirror}}
{{$.i18n.Tr "repo.mirror_from"}} {{MirrorAddress $.Mirror}}
{{end}} {{if .IsFork}}
{{$.i18n.Tr "repo.forked_from"}} {{SubStr .BaseRepo.RelLink 1 -1}}
{{end}} {{end}} -{{if not .IsDiffCompare}} -
-
- {{if .Permission.CanRead $.UnitTypeCode}} - - {{.i18n.Tr "repo.code"}} - - {{end}} +
+ {{if not .Repository.IsBeingCreated}} +
+ {{if .Permission.CanRead $.UnitTypeCode}} + + {{.i18n.Tr "repo.code"}} + + {{end}} - {{if .Permission.CanRead $.UnitTypeIssues}} - - {{.i18n.Tr "repo.issues"}} {{.Repository.NumOpenIssues}} - - {{end}} + {{if .Permission.CanRead $.UnitTypeIssues}} + + {{.i18n.Tr "repo.issues"}} {{.Repository.NumOpenIssues}} + + {{end}} - {{if .Permission.CanRead $.UnitTypeExternalTracker}} - - {{.i18n.Tr "repo.issues"}} - - {{end}} + {{if .Permission.CanRead $.UnitTypeExternalTracker}} + + {{.i18n.Tr "repo.issues"}} + + {{end}} - {{if and .Repository.CanEnablePulls (.Permission.CanRead $.UnitTypePullRequests)}} - - {{.i18n.Tr "repo.pulls"}} {{.Repository.NumOpenPulls}} - - {{end}} + {{if and .Repository.CanEnablePulls (.Permission.CanRead $.UnitTypePullRequests)}} + + {{.i18n.Tr "repo.pulls"}} {{.Repository.NumOpenPulls}} + + {{end}} - - Proposed changes - + + Proposed changes + - {{if or (.Permission.CanRead $.UnitTypeWiki) (.Permission.CanRead $.UnitTypeExternalWiki)}} - - {{.i18n.Tr "repo.wiki"}} - - {{end}} + {{if or (.Permission.CanRead $.UnitTypeWiki) (.Permission.CanRead $.UnitTypeExternalWiki)}} + + {{.i18n.Tr "repo.wiki"}} + + {{end}} - {{template "custom/extra_tabs" .}} + {{template "custom/extra_tabs" .}} - {{if .Permission.IsAdmin}} -
- - {{.i18n.Tr "repo.settings"}} - -
- {{end}} -
-
-
-{{else}} -
-{{end}} + {{if .Permission.IsAdmin}} +
+ + {{.i18n.Tr "repo.settings"}} + +
+ {{end}} +
+ {{end}} +
+
diff --git a/docker/gitea/sshd_config b/docker/gitea/sshd_config deleted file mode 100644 index 5ae3a6b163..0000000000 --- a/docker/gitea/sshd_config +++ /dev/null @@ -1,33 +0,0 @@ -Port 222 -Protocol 2 - -AddressFamily any -ListenAddress 0.0.0.0 -ListenAddress :: - -LogLevel INFO - -HostKey /data/ssh/ssh_host_ed25519_key -HostKey /data/ssh/ssh_host_rsa_key -HostKey /data/ssh/ssh_host_dsa_key -HostKey /data/ssh/ssh_host_ecdsa_key - -AuthorizedKeysFile .ssh/authorized_keys - -UseDNS no -AllowAgentForwarding no -AllowTcpForwarding no -PrintMotd no - -PermitUserEnvironment yes -PermitRootLogin no -ChallengeResponseAuthentication no -PasswordAuthentication no -PermitEmptyPasswords no - -AllowUsers git - -Banner none -Subsystem sftp /usr/lib/ssh/sftp-server - -AcceptEnv GIT_PROTOCOL diff --git a/playbooks/roles/gitea/tasks/main.yaml b/playbooks/roles/gitea/tasks/main.yaml index 3947119f20..d57b531b3f 100644 --- a/playbooks/roles/gitea/tasks/main.yaml +++ b/playbooks/roles/gitea/tasks/main.yaml @@ -86,6 +86,7 @@ email: "gerrit@review.opendev.org" full_name: Gerrit login_name: gerrit + must_change_password: false password: "{{ gitea_gerrit_password }}" send_notify: false source_id: 0 diff --git a/playbooks/roles/gitea/templates/app.ini.j2 b/playbooks/roles/gitea/templates/app.ini.j2 index b50a689fdc..b33c20a502 100644 --- a/playbooks/roles/gitea/templates/app.ini.j2 +++ b/playbooks/roles/gitea/templates/app.ini.j2 @@ -56,6 +56,7 @@ LEVEL = Info INSTALL_LOCK = true SECRET_KEY = {{ gitea_secret_key }} INTERNAL_TOKEN = {{ gitea_internal_token }} +PASSWORD_COMPLEXITY = lower,upper,digit [service] DISABLE_REGISTRATION = true diff --git a/playbooks/roles/gitea/templates/docker-compose.yaml.j2 b/playbooks/roles/gitea/templates/docker-compose.yaml.j2 index ecb4061fd8..2e9cd8802f 100644 --- a/playbooks/roles/gitea/templates/docker-compose.yaml.j2 +++ b/playbooks/roles/gitea/templates/docker-compose.yaml.j2 @@ -35,6 +35,8 @@ services: gitea-ssh: depends_on: - mariadb + environment: + - SSH_LISTEN_PORT=222 image: opendevorg/gitea-openssh network_mode: host restart: always