Update package version to 1.35.1

And port number
Found another location
2025-09-25 22:47:24 +00:00 · 2025-03-21 12:09:25 +00:00 · 2025-03-21 12:51:33 +01:00 · 2025-03-20 19:33:57 +00:00 · 2025-03-20 19:31:55 +00:00 · 2025-03-05 15:36:24 +00:00
5 changed files with 45 additions and 83 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1728,3 +1728,9 @@
 * Fix mCaptcha bug (#33659) (#33661)
 * Git graph: don't show detached commits (#33645) (#33650)

+[1.35.0]
+* Base image 5
+
+[1.35.1]
+* Fix hard coded mysql hostname
+
--- a/CloudronManifest.json
+++ b/CloudronManifest.json
@@ -4,7 +4,7 @@
  "author": "Gitea developers",
  "description": "file://DESCRIPTION.md",
  "tagline": "A painless self-hosted Git Service",
-  "version": "1.34.4",
+  "version": "1.35.1",
  "upstreamVersion": "1.23.5",
  "healthCheckPath": "/explore",
  "httpPort": 3000,
--- a/19
+++ b/19
@@ -1,19 +1,17 @@
-FROM cloudron/base:4.2.0@sha256:46da2fffb36353ef714f97ae8e962bd2c212ca091108d768ba473078319a47f4
+FROM cloudron/base:5.0.0@sha256:04fd70dbd8ad6149c19de39e35718e024417c3e01dc9c6637eaf4a41ec4e596c

 RUN apt-get update && \
-    apt-get install -y openssh-server git asciidoctor pandoc && \
+    apt-get install -y openssh-server git asciidoctor pandoc pipx && \
    rm -rf /etc/ssh_host_* && \
    rm -r /var/cache/apt /var/lib/apt/lists
-RUN pip3 install jupyter
+
+# pipx --global does not work, not sure why
+RUN PIPX_HOME=/opt/pipx PIPX_BIN_DIR=/usr/local/bin pipx install jupyter docutils --include-deps

 ADD supervisor/ /etc/supervisor/conf.d/

-RUN adduser --disabled-login --gecos 'Gitea' git
-# by default, git account is created as inactive which prevents login via openssh
-# https://github.com/gitlabhq/gitlabhq/issues/5304
-RUN passwd -d git
-
-RUN mkdir -p /home/git/gitea
+RUN useradd --comment "Gogs" --create-home --shell /bin/bash git
+RUN passwd -d git # by default, git account is created as inactive which prevents login via openssh. this disables password for account
 WORKDIR /home/git

 # for autosign feature
@@ -22,7 +20,8 @@ ENV GNUPGHOME="/app/data/gnupg"
 # renovate: datasource=github-releases depName=go-gitea/gitea versioning=semver extractVersion=^v(?<version>.+)$
 ARG GITEA_VERSION=1.23.5

-RUN curl -L https://dl.gitea.io/gitea/${GITEA_VERSION}/gitea-${GITEA_VERSION}-linux-amd64 -o /home/git/gitea/gitea \
+RUN mkdir -p /home/git/gitea && \
+    curl -L https://github.com/go-gitea/gitea/releases/download/v${GITEA_VERSION}/gitea-${GITEA_VERSION}-linux-amd64 -o /home/git/gitea/gitea \
    && chmod +x /home/git/gitea/gitea

 # setup config paths
--- a/97
+++ b/97
@@ -1,80 +1,37 @@
-# Package generated configuration file
-# See the sshd_config(5) manpage for details
-
-# What ports, IPs and protocols we listen for
 Port 29418
-# Use these options to restrict which interfaces/protocols sshd will bind to
+
+AddressFamily any
 ListenAddress 0.0.0.0
 ListenAddress ::
-Protocol 2
-# HostKeys for protocol version 2
+
 HostKey /app/data/sshd/ssh_host_rsa_key
-HostKey /app/data/sshd/ssh_host_dsa_key
 HostKey /app/data/sshd/ssh_host_ecdsa_key
 HostKey /app/data/sshd/ssh_host_ed25519_key

-# Logging
-SyslogFacility AUTH
 LogLevel INFO

-# Authentication:
-LoginGraceTime 120
-PermitRootLogin prohibit-password
-StrictModes yes
-
-PubkeyAuthentication yes
-#AuthorizedKeysFile	%h/.ssh/authorized_keys
-
-# Don't read the user's ~/.rhosts and ~/.shosts files
-IgnoreRhosts yes
-# similar for protocol version 2
-HostbasedAuthentication no
-# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
-#IgnoreUserKnownHosts yes
-
-# To enable empty passwords, change to yes (NOT RECOMMENDED)
-PermitEmptyPasswords no
-
-# Change to yes to enable challenge-response passwords (beware issues with
-# some PAM modules and threads)
-ChallengeResponseAuthentication no
-
-# Change to no to disable tunnelled clear text passwords
-#PasswordAuthentication yes
-
-# Kerberos options
-#KerberosAuthentication no
-#KerberosGetAFSToken no
-#KerberosOrLocalPasswd yes
-#KerberosTicketCleanup yes
-
-# GSSAPI options
-#GSSAPIAuthentication no
-#GSSAPICleanupCredentials yes
-
-X11Forwarding yes
-X11DisplayOffset 10
-PrintMotd no
-PrintLastLog yes
-TCPKeepAlive yes
-#UseLogin no
-
-#MaxStartups 10:30:60
-#Banner /etc/issue.net
-
-# Allow client to pass locale environment variables
-AcceptEnv LANG LC_*
-
-Subsystem sftp /usr/lib/openssh/sftp-server
-
-# Set this to 'yes' to enable PAM authentication, account processing,
-# and session processing. If this is enabled, PAM authentication will
-# be allowed through the ChallengeResponseAuthentication and
-# PasswordAuthentication.  Depending on your PAM configuration,
-# PAM authentication via ChallengeResponseAuthentication may bypass
-# the setting of "PermitRootLogin without-password".
-# If you just want the PAM account and session checks to run without
-# PAM authentication, then enable this but set PasswordAuthentication
-# and ChallengeResponseAuthentication to 'no'.
-UsePAM no
+# no reverse DNS lookup
 UseDNS no
+UsePAM no
+AllowAgentForwarding no
+AllowTcpForwarding no
+PrintMotd no
+PrintLastLog no
+
+LoginGraceTime 120
+StrictModes yes
+PubkeyAuthentication yes
+PermitUserEnvironment yes
+PermitRootLogin no
+ChallengeResponseAuthentication no
+PasswordAuthentication no
+PermitEmptyPasswords no
+HostbasedAuthentication no
+
+AllowUsers git
+
+Banner none
+Subsystem sftp /usr/lib/ssh/sftp-server
+
+AcceptEnv GIT_PROTOCOL LANG LC_*
+
--- a/start.sh
+++ b/start.sh
@@ -11,7 +11,7 @@ setup_oidc_source() {
    echo "==> Setup OIDC source"

    now=$(date +%s)
-    mysql -u"${CLOUDRON_MYSQL_USERNAME}" -p"${CLOUDRON_MYSQL_PASSWORD}" -h mysql --database="${CLOUDRON_MYSQL_DATABASE}" -e \
+    mysql -u"${CLOUDRON_MYSQL_USERNAME}" -p"${CLOUDRON_MYSQL_PASSWORD}" -h"${CLOUDRON_MYSQL_HOST}" -P"${CLOUDRON_MYSQL_PORT}" --database="${CLOUDRON_MYSQL_DATABASE}" -e \
        "REPLACE INTO login_source (id, type, name, is_active, cfg, created_unix, updated_unix) VALUES (1,6,'cloudron', 1,'{\"Provider\":\"openidConnect\",\"ClientID\":\"${CLOUDRON_OIDC_CLIENT_ID}\",\"ClientSecret\":\"${CLOUDRON_OIDC_CLIENT_SECRET}\",\"OpenIDConnectAutoDiscoveryURL\":\"${CLOUDRON_OIDC_ISSUER}/.well-known/openid-configuration\",\"CustomURLMapping\":null,\"IconURL\":\"\",\"Scopes\":[\"openid email profile\"],\"RequiredClaimName\":\"\",\"RequiredClaimValue\":\"\",\"GroupClaimName\":\"\",\"AdminGroup\":\"\",\"GroupTeamMap\":\"\",\"GroupTeamMapRemoval\":false,\"RestrictedGroup\":\"\"}','${now}','${now}')"
 }

@@ -41,7 +41,7 @@ setup_auth() {
        setup_oidc_source
    fi

-    user_count=$(mysql -u"${CLOUDRON_MYSQL_USERNAME}" -p"${CLOUDRON_MYSQL_PASSWORD}" -h mysql --database="${CLOUDRON_MYSQL_DATABASE}" -N -B -e "SELECT count(*) FROM user")
+    user_count=$(mysql -u"${CLOUDRON_MYSQL_USERNAME}" -p"${CLOUDRON_MYSQL_PASSWORD}" -h"${CLOUDRON_MYSQL_HOST}" -P"${CLOUDRON_MYSQL_PORT}" --database="${CLOUDRON_MYSQL_DATABASE}" -N -B -e "SELECT count(*) FROM user")
    # be careful, not to create root user for existing LDAP based installs
    if [[ "${user_count}" == "0" ]]; then
        echo "==> Setting up root user for first run"
Author	SHA1	Message	Date
Package Updates	94f2007015	Update package version to 1.35.1	2025-03-21 12:09:25 +00:00
Ian Fijolek	1110ee23e2	And port number	2025-03-21 12:51:33 +01:00
Ian Fijolek	ccaa24df33	Found another location	2025-03-20 19:33:57 +00:00
Ian Fijolek	9c4f201845	Fix hard coded mysql hostname	2025-03-20 19:31:55 +00:00
Package Updates	2f0edb0cb4	Update package version to 1.35.0	2025-03-05 15:36:24 +00:00
Girish Ramakrishnan	217b6ad97d	need to create path	2025-03-05 15:58:05 +01:00
Girish Ramakrishnan	cb0adb4d95	use pipx to install pip binaries	2025-03-05 15:46:19 +01:00
Girish Ramakrishnan	574bb07847	git user must be enabled	2025-03-05 14:13:26 +01:00
Girish Ramakrishnan	d259e03bee	Update base image to 5.0.0	2025-03-05 14:12:14 +01:00