From dbeab2a0c32b3dc869518e4fbf2d9c3c1f352333 Mon Sep 17 00:00:00 2001 From: "Panagiotis \"Ivory\" Vasilopoulos" Date: Mon, 31 Mar 2025 16:35:20 +0000 Subject: [PATCH] chore: introduce gitNeeded bool in setup (#7348) There are various commands of the Forgejo CLI that do not actually need Git, because i.e. they only issue network requests. Matter of fact, most occurrences do not actually require Git. By removing the Git initialization, operations by e.g. the manager will not fail in the absence of a Git binary. This is mostly relevant for an in-the-works Landlock implementation, which aims to minimize access to paths depending on the situation. Although we should expect that Git will be installed on the same system that the user is running Forgejo from, it somewhat slows things down, whereas the same edge cases that we are trying to protect the user from _could_ be achieved by keeping the `setting.RepoRootPath` check. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7348 Reviewed-by: Gusted Co-authored-by: Panagiotis "Ivory" Vasilopoulos Co-committed-by: Panagiotis "Ivory" Vasilopoulos --- cmd/hook.go | 6 +++--- cmd/keys.go | 2 +- cmd/manager.go | 10 +++++----- cmd/manager_logging.go | 14 +++++++------- cmd/serv.go | 11 +++++++---- 5 files changed, 23 insertions(+), 20 deletions(-) diff --git a/cmd/hook.go b/cmd/hook.go index 26064c2f4d..935c1b08ea 100644 --- a/cmd/hook.go +++ b/cmd/hook.go @@ -168,7 +168,7 @@ func runHookPreReceive(c *cli.Context) error { ctx, cancel := installSignals() defer cancel() - setup(ctx, c.Bool("debug")) + setup(ctx, c.Bool("debug"), true) if len(os.Getenv("SSH_ORIGINAL_COMMAND")) == 0 { if setting.OnlyAllowPushIfGiteaEnvironmentSet { @@ -327,7 +327,7 @@ func runHookPostReceive(c *cli.Context) error { ctx, cancel := installSignals() defer cancel() - setup(ctx, c.Bool("debug")) + setup(ctx, c.Bool("debug"), true) // First of all run update-server-info no matter what if _, _, err := git.NewCommand(ctx, "update-server-info").RunStdString(nil); err != nil { @@ -491,7 +491,7 @@ func runHookProcReceive(c *cli.Context) error { ctx, cancel := installSignals() defer cancel() - setup(ctx, c.Bool("debug")) + setup(ctx, c.Bool("debug"), true) if len(os.Getenv("SSH_ORIGINAL_COMMAND")) == 0 { if setting.OnlyAllowPushIfGiteaEnvironmentSet { diff --git a/cmd/keys.go b/cmd/keys.go index b12daee1bc..2d241984c4 100644 --- a/cmd/keys.go +++ b/cmd/keys.go @@ -71,7 +71,7 @@ func runKeys(c *cli.Context) error { ctx, cancel := installSignals() defer cancel() - setup(ctx, c.Bool("debug")) + setup(ctx, c.Bool("debug"), true) authorizedString, extra := private.AuthorizedPublicKeyByContent(ctx, content) // do not use handleCliResponseExtra or cli.NewExitError, if it exists immediately, it breaks some tests like Test_CmdKeys diff --git a/cmd/manager.go b/cmd/manager.go index 0cb1e60f73..56089947fd 100644 --- a/cmd/manager.go +++ b/cmd/manager.go @@ -112,7 +112,7 @@ func runShutdown(c *cli.Context) error { ctx, cancel := installSignals() defer cancel() - setup(ctx, c.Bool("debug")) + setup(ctx, c.Bool("debug"), false) extra := private.Shutdown(ctx) return handleCliResponseExtra(extra) } @@ -121,7 +121,7 @@ func runRestart(c *cli.Context) error { ctx, cancel := installSignals() defer cancel() - setup(ctx, c.Bool("debug")) + setup(ctx, c.Bool("debug"), false) extra := private.Restart(ctx) return handleCliResponseExtra(extra) } @@ -130,7 +130,7 @@ func runReloadTemplates(c *cli.Context) error { ctx, cancel := installSignals() defer cancel() - setup(ctx, c.Bool("debug")) + setup(ctx, c.Bool("debug"), false) extra := private.ReloadTemplates(ctx) return handleCliResponseExtra(extra) } @@ -139,7 +139,7 @@ func runFlushQueues(c *cli.Context) error { ctx, cancel := installSignals() defer cancel() - setup(ctx, c.Bool("debug")) + setup(ctx, c.Bool("debug"), false) extra := private.FlushQueues(ctx, c.Duration("timeout"), c.Bool("non-blocking")) return handleCliResponseExtra(extra) } @@ -148,7 +148,7 @@ func runProcesses(c *cli.Context) error { ctx, cancel := installSignals() defer cancel() - setup(ctx, c.Bool("debug")) + setup(ctx, c.Bool("debug"), false) extra := private.Processes(ctx, os.Stdout, c.Bool("flat"), c.Bool("no-system"), c.Bool("stacktraces"), c.Bool("json"), c.String("cancel")) return handleCliResponseExtra(extra) } diff --git a/cmd/manager_logging.go b/cmd/manager_logging.go index ac2c1eb418..c6db2bb05a 100644 --- a/cmd/manager_logging.go +++ b/cmd/manager_logging.go @@ -199,7 +199,7 @@ func runRemoveLogger(c *cli.Context) error { ctx, cancel := installSignals() defer cancel() - setup(ctx, c.Bool("debug")) + setup(ctx, c.Bool("debug"), false) logger := c.String("logger") if len(logger) == 0 { logger = log.DEFAULT @@ -214,7 +214,7 @@ func runAddConnLogger(c *cli.Context) error { ctx, cancel := installSignals() defer cancel() - setup(ctx, c.Bool("debug")) + setup(ctx, c.Bool("debug"), false) vals := map[string]any{} mode := "conn" vals["net"] = "tcp" @@ -244,7 +244,7 @@ func runAddFileLogger(c *cli.Context) error { ctx, cancel := installSignals() defer cancel() - setup(ctx, c.Bool("debug")) + setup(ctx, c.Bool("debug"), false) vals := map[string]any{} mode := "file" if c.IsSet("filename") { @@ -311,7 +311,7 @@ func runPauseLogging(c *cli.Context) error { ctx, cancel := installSignals() defer cancel() - setup(ctx, c.Bool("debug")) + setup(ctx, c.Bool("debug"), false) userMsg := private.PauseLogging(ctx) _, _ = fmt.Fprintln(os.Stdout, userMsg) return nil @@ -321,7 +321,7 @@ func runResumeLogging(c *cli.Context) error { ctx, cancel := installSignals() defer cancel() - setup(ctx, c.Bool("debug")) + setup(ctx, c.Bool("debug"), false) userMsg := private.ResumeLogging(ctx) _, _ = fmt.Fprintln(os.Stdout, userMsg) return nil @@ -331,7 +331,7 @@ func runReleaseReopenLogging(c *cli.Context) error { ctx, cancel := installSignals() defer cancel() - setup(ctx, c.Bool("debug")) + setup(ctx, c.Bool("debug"), false) userMsg := private.ReleaseReopenLogging(ctx) _, _ = fmt.Fprintln(os.Stdout, userMsg) return nil @@ -340,7 +340,7 @@ func runReleaseReopenLogging(c *cli.Context) error { func runSetLogSQL(c *cli.Context) error { ctx, cancel := installSignals() defer cancel() - setup(ctx, c.Bool("debug")) + setup(ctx, c.Bool("debug"), false) extra := private.SetLogSQL(ctx, !c.Bool("off")) return handleCliResponseExtra(extra) diff --git a/cmd/serv.go b/cmd/serv.go index 9d9e86992d..4b288632d2 100644 --- a/cmd/serv.go +++ b/cmd/serv.go @@ -57,19 +57,22 @@ var CmdServ = &cli.Command{ }, } -func setup(ctx context.Context, debug bool) { +func setup(ctx context.Context, debug, gitNeeded bool) { if debug { setupConsoleLogger(log.TRACE, false, os.Stderr) } else { setupConsoleLogger(log.FATAL, false, os.Stderr) } setting.MustInstalled() + // Sanity check to ensure path is not relative, see: https://github.com/go-gitea/gitea/pull/19317 if _, err := os.Stat(setting.RepoRootPath); err != nil { _ = fail(ctx, "Unable to access repository path", "Unable to access repository path %q, err: %v", setting.RepoRootPath, err) return } - if err := git.InitSimple(context.Background()); err != nil { - _ = fail(ctx, "Failed to init git", "Failed to init git, err: %v", err) + if gitNeeded { + if err := git.InitSimple(context.Background()); err != nil { + _ = fail(ctx, "Failed to init git", "Failed to init git, err: %v", err) + } } } @@ -133,7 +136,7 @@ func runServ(c *cli.Context) error { defer cancel() // FIXME: This needs to internationalised - setup(ctx, c.Bool("debug")) + setup(ctx, c.Bool("debug"), true) if setting.SSH.Disabled { fmt.Println("Forgejo: SSH has been disabled")