| File README.vm changed (mode: 100644) (index a29cbbe..37efcc0) |
| 1 |
1 |
How to customize Fedora virtual machine image |
How to customize Fedora virtual machine image |
| 2 |
2 |
|
|
| 3 |
|
- Generate SSL keys |
|
|
3 |
|
- Generate new SSL keys |
| 4 |
4 |
- Update the virtual machine to the latest version: "yum -y update". |
- Update the virtual machine to the latest version: "yum -y update". |
| 5 |
|
- Edit /etc/sysconfig/clock to set the timezone |
|
| 6 |
|
- Change root password: run 'passwd' (initial password is 'aaaa') |
|
|
5 |
|
- Edit /etc/sysconfig/clock to set the timezone (needs a restart of services |
|
6 |
|
or reboot). |
|
7 |
|
- Change root password: run 'passwd' (initial password is empty) |
| 7 |
8 |
|
|
| 8 |
9 |
- Allow this virtual machine to send mail (add it to the relay allow list). |
- Allow this virtual machine to send mail (add it to the relay allow list). |
| 9 |
10 |
- You may want to set to it a static IP address instead of DHCP. |
- You may want to set to it a static IP address instead of DHCP. |
| 10 |
11 |
- You may want to add it to the DNS server |
- You may want to add it to the DNS server |
| 11 |
12 |
- Add a RNG device inside virtual machine? |
- Add a RNG device inside virtual machine? |
|
13 |
|
- |
| 12 |
14 |
|
|
| 13 |
15 |
It takes around 2 minutes for the first boot to setup needed things to run. |
It takes around 2 minutes for the first boot to setup needed things to run. |
| File TODO changed (mode: 100644) (index da7761b..5ad51c5) |
| 17 |
17 |
[ ] Use a cache var to signal all daemons that we are ready to go. |
[ ] Use a cache var to signal all daemons that we are ready to go. |
| 18 |
18 |
Or better, a file in /var/lib/rocketgit? |
Or better, a file in /var/lib/rocketgit? |
| 19 |
19 |
[ ] Recheck what may be run as root in scripts/ folder |
[ ] Recheck what may be run as root in scripts/ folder |
| 20 |
|
[ ] We need to be able to delete old files! We cannot release the vm without |
|
| 21 |
|
this! |
|
|
20 |
|
[ ] We need to be able to delete old log files! We cannot release the vm |
|
21 |
|
without this! |
| 22 |
22 |
[ ] Upload kvm image to downloads.rocketgit.com. Sign it? sha256 it? |
[ ] Upload kvm image to downloads.rocketgit.com. Sign it? sha256 it? |
| 23 |
|
[ ] Secutiry: validate sparas! |
|
|
23 |
|
[ ] Security: validate sparas! |
|
24 |
|
[ ] Add "Spread the word!" on website. |
|
25 |
|
[ ] Add an invite form (only for logged-in people - because of spam) that |
|
26 |
|
will send mail to a friend with all the details. |
|
27 |
|
[ ] Menus - change color for selected items, not the background color. |
| 24 |
28 |
[ ] |
[ ] |
| 25 |
29 |
|
|
| 26 |
30 |
== BEFORE NEXT RELEASE == |
== BEFORE NEXT RELEASE == |
| 27 |
31 |
[ ] Warn users on the first page for behind-the-firewall installations |
[ ] Warn users on the first page for behind-the-firewall installations |
| 28 |
|
that a new version is avilable. Maybe also the severity level. |
|
|
32 |
|
that a new version is available. Maybe also the severity level. |
| 29 |
33 |
[ ] Add unit test for 'copy to' into git_log1. There is already one but does |
[ ] Add unit test for 'copy to' into git_log1. There is already one but does |
| 30 |
34 |
not trigger the detection. Maybe we need a bigger file. |
not trigger the detection. Maybe we need a bigger file. |
| 31 |
35 |
[ ] Make the blob show nicer and remove rg_template_list (replace |
[ ] Make the blob show nicer and remove rg_template_list (replace |
| File rocketgit.spec.in changed (mode: 100644) (index 145e8fc..cbd7d45) |
| 1 |
1 |
%global selinux_types %(%{__awk} '/^#[[:space:]]*SELINUXTYPE=/,/^[^#]/ { if ($3 == "-") printf "%s ", $2 }' /etc/selinux/config 2>/dev/null) |
%global selinux_types %(%{__awk} '/^#[[:space:]]*SELINUXTYPE=/,/^[^#]/ { if ($3 == "-") printf "%s ", $2 }' /etc/selinux/config 2>/dev/null) |
| 2 |
2 |
%global selinux_variants %([ -z "%{selinux_types}" ] && echo mls strict targeted || echo %{selinux_types}) |
%global selinux_variants %([ -z "%{selinux_types}" ] && echo mls strict targeted || echo %{selinux_types}) |
| 3 |
3 |
|
|
| 4 |
|
# Seems this is needed for Fedora <= 19 |
|
| 5 |
|
#%global selinux_policyver %(%{__sed} -e 's,.*selinux-policy-\\([^/]*\\)/.*,\\1,' /usr/share/selinux/devel/policyhelp || echo 0.0.0) |
|
| 6 |
4 |
%global selinux_policyver 0.0.0 |
%global selinux_policyver 0.0.0 |
| 7 |
5 |
|
|
| 8 |
6 |
Summary: Light and fast Git hosting solution |
Summary: Light and fast Git hosting solution |
| |
| ... |
... |
Requires: util-linux |
| 22 |
20 |
# https://fedoraproject.org/wiki/SELinux_Policy_Modules_Packaging_Draft?rd=PackagingDrafts/SELinux/PolicyModules |
# https://fedoraproject.org/wiki/SELinux_Policy_Modules_Packaging_Draft?rd=PackagingDrafts/SELinux/PolicyModules |
| 23 |
21 |
BuildRequires: checkpolicy, selinux-policy-devel, hardlink |
BuildRequires: checkpolicy, selinux-policy-devel, hardlink |
| 24 |
22 |
# Needed for Fedora <= 19 |
# Needed for Fedora <= 19 |
| 25 |
|
#BuildRequires: /usr/share/selinux/devel/policyhelp |
|
| 26 |
23 |
%if "%{selinux_policyver}" != "" |
%if "%{selinux_policyver}" != "" |
| 27 |
24 |
Requires: selinux-policy >= %{selinux_policyver} |
Requires: selinux-policy >= %{selinux_policyver} |
| 28 |
25 |
%endif |
%endif |
| File root/themes/default/download.html changed (mode: 100644) (index 13f9b92..1d60ff9) |
| 13 |
13 |
<div class="island_cell"> |
<div class="island_cell"> |
| 14 |
14 |
<div class="island"> |
<div class="island"> |
| 15 |
15 |
<div class="island_title">Fedora</div> |
<div class="island_title">Fedora</div> |
| 16 |
|
From here you can download all the RPMs needed for a Fedora instalation. |
|
|
16 |
|
From here you can download all the RPMs needed for a Fedora installation. |
| 17 |
17 |
Allow us few days to prepare the packages. |
Allow us few days to prepare the packages. |
| 18 |
18 |
</div> |
</div> |
| 19 |
19 |
</div> |
</div> |
| |
| 23 |
23 |
<div class="island_cell"> |
<div class="island_cell"> |
| 24 |
24 |
<div class="island"> |
<div class="island"> |
| 25 |
25 |
<div class="island_title">Other distributions</div> |
<div class="island_title">Other distributions</div> |
| 26 |
|
In the near future, we will provide packages ready for instalation |
|
|
26 |
|
In the near future, we will provide packages ready for installation |
| 27 |
27 |
for all major distributions. If you know how to do a package, please |
for all major distributions. If you know how to do a package, please |
| 28 |
28 |
help us. Thank you. |
help us. Thank you. |
| 29 |
29 |
</div> |
</div> |
| File root/themes/default/features.html changed (mode: 100644) (index 472bdd0..ffd3922) |
| 98 |
98 |
<div class="island"> |
<div class="island"> |
| 99 |
99 |
<div class="island_title">Powerful rights management</div> |
<div class="island_title">Powerful rights management</div> |
| 100 |
100 |
You have a lot of possibilities to block access to a repository. |
You have a lot of possibilities to block access to a repository. |
| 101 |
|
You can filter by IPv4/IPv6 addresses (including prefix lenght), |
|
|
101 |
|
You can filter by IPv4/IPv6 addresses (including prefix length), |
| 102 |
102 |
by reference path (regex), by path (regex). You can reject commits |
by reference path (regex), by path (regex). You can reject commits |
| 103 |
103 |
based on size, bad whitespace or operation (create/update/delete) of |
based on size, bad whitespace or operation (create/update/delete) of |
| 104 |
104 |
branches/tags. You can control the non fast-forwards pushes and the |
branches/tags. You can control the non fast-forwards pushes and the |
| File root/themes/default/main.html changed (mode: 100644) (index f748fad..fd000f8) |
| 58 |
58 |
<a href="http://rocketgit.com/user/catalinux/rocketgit/source">RocketGit repo</a> |
<a href="http://rocketgit.com/user/catalinux/rocketgit/source">RocketGit repo</a> |
| 59 |
59 |
and follow the instructions. It only takes two minutes. |
and follow the instructions. It only takes two minutes. |
| 60 |
60 |
In the near future we will provide pre-made virtual machine images to |
In the near future we will provide pre-made virtual machine images to |
| 61 |
|
achieve under 10 seconds install time. |
|
|
61 |
|
achieve under 60 seconds install time. |
| 62 |
62 |
</div> |
</div> |
| 63 |
63 |
</div> |
</div> |
| 64 |
64 |
</div> |
</div> |
| File selinux/rocketgit.te changed (mode: 100644) (index c4340f2..d34f495) |
| 1 |
|
policy_module(rocketgit,1.0.76) |
|
|
1 |
|
policy_module(rocketgit,1.0.77) |
| 2 |
2 |
|
|
| 3 |
3 |
######################################## |
######################################## |
| 4 |
4 |
# |
# |
| |
| ... |
... |
optional_policy(` |
| 42 |
42 |
# Force ssh to transition to rocketgit_t |
# Force ssh to transition to rocketgit_t |
| 43 |
43 |
domain_auto_trans(unconfined_t, rocketgit_exec_t, rocketgit_t) |
domain_auto_trans(unconfined_t, rocketgit_exec_t, rocketgit_t) |
| 44 |
44 |
|
|
| 45 |
|
# Allow event.sh to access /home/rocketgit |
|
| 46 |
|
userdom_list_user_home_content(rocketgit_t) |
|
|
45 |
|
# Allow events.php to manage /home/rocketgit/.ssh |
|
46 |
|
userdom_manage_user_home_content(rocketgit_t) |
| 47 |
47 |
|
|
| 48 |
48 |
# Allow PHP to read /proc/meminfo, probably other files |
# Allow PHP to read /proc/meminfo, probably other files |
| 49 |
49 |
# Seems a little bit too much. TODO |
# Seems a little bit too much. TODO |