Version 1.7.0

Use latest base image
Avoid nxdomain during tests and always specify app id
2025-09-25 06:27:57 +00:00 · 2018-10-10 20:17:18 -07:00 · 2018-10-10 20:09:26 -07:00 · 2018-09-03 17:44:23 +02:00 · 2018-09-03 17:17:32 +02:00
7 changed files with 132 additions and 27 deletions
--- a/16
+++ b/16
@@ -174,3 +174,19 @@
  * Emoji Autocomplete (#3433)
  * Implements generator cli for secrets (#3531)

+[1.6.1]
+* Update Gitea to 1.5.1
+* Security
+  * Don't disclose emails of all users when sending out emails (#4784)
+  * Improve URL validation for external wiki and external issues (#4710) (#4740)
+  * Make cookies HttpOnly and obey COOKIE_SECURE flag (#4706) (#4707)
+* Bugfixes
+  * Fix missing release title in webhook (#4783) (#4800)
+  * Make sure to reset commit count in the cache on mirror syncing (#4770)
+  * Fixed bug where team with admin privelege type doesn't get any unit (#4759)
+  * Fix failure on creating pull request with assignees (#4583) (#4727)
+  * Hide org/create menu item in Dashboard if user has no rights (#4678) (#4686)
+
+[1.7.0]
+* Update base image
+
--- a/CloudronManifest.json
+++ b/CloudronManifest.json
@@ -4,7 +4,7 @@
  "author": "Gitea developers",
  "description": "file://DESCRIPTION.md",
  "tagline": "A painless self-hosted Git Service",
-  "version": "1.6.0",
+  "version": "1.7.0",
  "healthCheckPath": "/healthcheck",
  "httpPort": 3000,
  "addons": {
--- a/DESCRIPTION.md
+++ b/DESCRIPTION.md
@@ -1,4 +1,4 @@
-This app packages Gitea <upstream>1.5.0</upstream>
+This app packages Gitea <upstream>1.5.1</upstream>

 Gitea is a painless self-hosted Git service. It is similar to GitHub, Bitbucket or Gitlab.

--- a/10
+++ b/10
@@ -1,6 +1,4 @@
-FROM cloudron/base:0.10.0
-
-ENV VERSION 1.5.0
+FROM cloudron/base:1.0.0@sha256:147a648a068a2e746644746bbfb42eb7a50d682437cead3c67c933c546357617

 RUN apt-get update && \
    apt-get install -y openssh-server git && \
@@ -16,7 +14,7 @@ RUN passwd -d git

 RUN mkdir -p /home/git/gitea
 ## TODO: use redis as well
-RUN curl -L https://dl.gitea.io/gitea/${VERSION}/gitea-${VERSION}-linux-amd64 -o /home/git/gitea/gitea \
+RUN curl -L https://dl.gitea.io/gitea/1.5.1/gitea-1.5.1-linux-amd64 -o /home/git/gitea/gitea \
    && chmod +x /home/git/gitea/gitea

 # setup config paths
@@ -31,9 +29,7 @@ RUN ln -s /app/data/gitconfig /home/git/.gitconfig

 ADD start.sh /home/git/start.sh

-# disable pam authentication for sshd
-RUN sed -e 's/UsePAM yes/UsePAM no/' -e 's/UsePrivilegeSeparation yes/UsePrivilegeSeparation no/' -i /etc/ssh/sshd_config
-RUN echo "UseDNS no" >> /etc/ssh/sshd_config
+COPY sshd_config /etc/ssh/sshd_config

 CMD [ "/home/git/start.sh" ]

--- a/79
+++ b/79
@@ -0,0 +1,79 @@
+# Package generated configuration file
+# See the sshd_config(5) manpage for details
+
+# What ports, IPs and protocols we listen for
+Port 29418
+# Use these options to restrict which interfaces/protocols sshd will bind to
+ListenAddress 0.0.0.0
+Protocol 2
+# HostKeys for protocol version 2
+HostKey /app/data/sshd/ssh_host_rsa_key
+HostKey /app/data/sshd/ssh_host_dsa_key
+HostKey /app/data/sshd/ssh_host_ecdsa_key
+HostKey /app/data/sshd/ssh_host_ed25519_key
+
+# Logging
+SyslogFacility AUTH
+LogLevel INFO
+
+# Authentication:
+LoginGraceTime 120
+PermitRootLogin prohibit-password
+StrictModes yes
+
+PubkeyAuthentication yes
+#AuthorizedKeysFile	%h/.ssh/authorized_keys
+
+# Don't read the user's ~/.rhosts and ~/.shosts files
+IgnoreRhosts yes
+# similar for protocol version 2
+HostbasedAuthentication no
+# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
+#IgnoreUserKnownHosts yes
+
+# To enable empty passwords, change to yes (NOT RECOMMENDED)
+PermitEmptyPasswords no
+
+# Change to yes to enable challenge-response passwords (beware issues with
+# some PAM modules and threads)
+ChallengeResponseAuthentication no
+
+# Change to no to disable tunnelled clear text passwords
+#PasswordAuthentication yes
+
+# Kerberos options
+#KerberosAuthentication no
+#KerberosGetAFSToken no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+
+# GSSAPI options
+#GSSAPIAuthentication no
+#GSSAPICleanupCredentials yes
+
+X11Forwarding yes
+X11DisplayOffset 10
+PrintMotd no
+PrintLastLog yes
+TCPKeepAlive yes
+#UseLogin no
+
+#MaxStartups 10:30:60
+#Banner /etc/issue.net
+
+# Allow client to pass locale environment variables
+AcceptEnv LANG LC_*
+
+Subsystem sftp /usr/lib/openssh/sftp-server
+
+# Set this to 'yes' to enable PAM authentication, account processing,
+# and session processing. If this is enabled, PAM authentication will
+# be allowed through the ChallengeResponseAuthentication and
+# PasswordAuthentication.  Depending on your PAM configuration,
+# PAM authentication via ChallengeResponseAuthentication may bypass
+# the setting of "PermitRootLogin without-password".
+# If you just want the PAM account and session checks to run without
+# PAM authentication, then enable this but set PasswordAuthentication
+# and ChallengeResponseAuthentication to 'no'.
+UsePAM no
+UseDNS no
--- a/start.sh
+++ b/start.sh
@@ -2,7 +2,7 @@

 set -eu -o pipefail

-mkdir -p /run/gitea/tmp/uploads
+mkdir -p /run/gitea/tmp/uploads /run/sshd

 setup_ldap_source() {
    set -eu
@@ -50,10 +50,7 @@ fi
 chmod 0600 /app/data/sshd/*_key
 chmod 0644 /app/data/sshd/*.pub

-sed -e "s/^Port .*/Port ${SSH_PORT}/" \
-    -e "s/^#ListenAddress .*/ListenAddress 0.0.0.0/" \
-    -e "s,^HostKey /etc/ssh/,HostKey /app/data/sshd/," \
-    /etc/ssh/sshd_config > /run/gitea/sshd_config
+sed -e "s/^Port .*/Port ${SSH_PORT}/" /etc/ssh/sshd_config > /run/gitea/sshd_config

 cp /home/git/app.ini.template "/run/gitea/app.ini"

--- a/test/test.js
+++ b/test/test.js
@@ -234,8 +234,8 @@ return done();

    function addCustomFile(done) {
        fs.writeFileSync('/tmp/customfile.txt', 'GOGS TEST', 'utf8');
-        execSync('cloudron exec -- mkdir -p /app/data/custom/public');
-        execSync('cloudron push /tmp/customfile.txt /app/data/custom/public/customfile.txt');
+        execSync(`cloudron exec --app ${app.id} -- mkdir -p /app/data/custom/public`);
+        execSync(`cloudron push --app ${app.id} /tmp/customfile.txt /app/data/custom/public/customfile.txt`);
        fs.unlinkSync('/tmp/customfile.txt');
        done();
    }
@@ -351,12 +351,17 @@ return done();
    it('can clone the url', cloneRepo);
    it('file exists in repo', function () { expect(fs.existsSync(repodir + '/newfile')).to.be(true); });

-    it('move to different location', function () {
+    it('move to different location', function (done) {
        //browser.manage().deleteAllCookies(); // commented because of error "'Network.deleteCookie' wasn't found"
-        execSync('cloudron configure --wait --location ' + LOCATION + '2 --app ' + app.id, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
-        var inspect = JSON.parse(execSync('cloudron inspect'));
-        app = inspect.apps.filter(function (a) { return a.location === LOCATION + '2'; })[0];
-        expect(app).to.be.an('object');
+        // ensure we don't hit NXDOMAIN in the mean time
+        browser.get('about:blank').then(function () {
+            execSync('cloudron configure --wait --location ' + LOCATION + '2 --app ' + app.id, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
+            var inspect = JSON.parse(execSync('cloudron inspect'));
+            app = inspect.apps.filter(function (a) { return a.location === LOCATION + '2'; })[0];
+            expect(app).to.be.an('object');
+
+            done();
+        });
    });

    it('can login', login);
@@ -365,8 +370,12 @@ return done();
    it('can clone the url', cloneRepo);
    it('file exists in repo', function () { expect(fs.existsSync(repodir + '/newfile')).to.be(true); });

-    it('uninstall app', function () {
-        execSync('cloudron uninstall --app ' + app.id, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
+    it('uninstall app', function (done) {
+        // ensure we don't hit NXDOMAIN in the mean time
+        browser.get('about:blank').then(function () {
+            execSync('cloudron uninstall --app ' + app.id, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
+            done();
+        });
    });

    // check if the _first_ login via email succeeds
@@ -379,8 +388,12 @@ return done();

        login(function (error) {
            if (error) return done(error);
-            execSync('cloudron uninstall --app ' + app.id, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
-            done();
+
+            // ensure we don't hit NXDOMAIN in the mean time
+            browser.get('about:blank').then(function () {
+                execSync('cloudron uninstall --app ' + app.id, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
+                done();
+            });
        });
    });

@@ -408,7 +421,11 @@ return done();
    it('can clone the url', cloneRepo);
    it('file exists in cloned repo', fileExists);

-    it('uninstall app', function () {
-        execSync('cloudron uninstall --app ' + app.id, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
+    it('uninstall app', function (done) {
+        // ensure we don't hit NXDOMAIN in the mean time
+        browser.get('about:blank').then(function () {
+            execSync('cloudron uninstall --app ' + app.id, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
+            done();
+        });
    });
 });
Author	SHA1	Message	Date
Girish Ramakrishnan	278116abdb	Version 1.7.0	2018-10-10 20:17:18 -07:00
Girish Ramakrishnan	8a942dc8f7	Use latest base image	2018-10-10 20:09:26 -07:00
Johannes Zellner	1b15db85e3	Avoid nxdomain during tests and always specify app id	2018-09-03 17:44:23 +02:00
Johannes Zellner	d37044f8e0	Bump version for 1.5.1	2018-09-03 17:17:32 +02:00