commit 7196cfe5eb781e511f09e0c51d40405642cbdc93 from: Stefan Sperling date: Mon Sep 09 14:18:04 2024 UTC sync manual pages commit - 1e23e5fea0a2e03b1461fa0733401b1a7314eb85 commit + 7196cfe5eb781e511f09e0c51d40405642cbdc93 blob - 67184c461579ade5363aa4f17fac8478553935c3 blob + ce521293df622d4582bafca29f0bb23972e7092a --- git-repository.5.html +++ git-repository.5.html @@ -215,7 +215,7 @@
August 14, - 2024 OpenBSD 7.6
+ line">September 9, + 2024 OpenBSD 7.5 blob - df887d569f16159279ffa36be4e83690a1c2fdb5 blob + ae92734f6791758902da2c8f0a925a766cd0eb6b --- gitwrapper.1.html +++ gitwrapper.1.html @@ -142,7 +142,7 @@
August 14, - 2024 OpenBSD 7.6
+ line">September 9, + 2024 OpenBSD 7.5 blob - ab3930be32d497ecbca8bb88d8cf9e3a7677680a blob + f09a60b50a3f0d0bb0d338717fe5dfbc4a21b573 --- got-worktree.5.html +++ got-worktree.5.html @@ -187,7 +187,7 @@
August 14, - 2024 OpenBSD 7.6
+ line">September 9, + 2024 OpenBSD 7.5 blob - 0a79cf06575e50a73dae80b876db41afaa617642 blob + b8086c3303d7eff33add62ef51daa8fa12957d73 --- got.1.html +++ got.1.html @@ -3612,7 +3612,7 @@ remote "origin" {
August 14, - 2024 OpenBSD 7.6
+ line">September 9, + 2024 OpenBSD 7.5 blob - 0fa58670e2aaa224bc744d20d54afe8622b3cea7 blob + a581c147fc0b99a9f4dee3d2c6f6ccd00d0ea1c3 --- got.conf.5.html +++ got.conf.5.html @@ -325,7 +325,7 @@
August 14, - 2024 OpenBSD 7.6
+ line">September 9, + 2024 OpenBSD 7.5 blob - d19b0b1fa9363a73ca04e1f89daac9ee6183589b blob + 9b61a16ff3a2476eb47561046855d009629d6522 --- gotadmin.1.html +++ gotadmin.1.html @@ -443,7 +443,7 @@
August 14, - 2024 OpenBSD 7.6
+ line">September 9, + 2024 OpenBSD 7.5 blob - 299cb470f66fcfa85ab79428dfded30a51e23b32 blob + cc0b1d4974ae9d6b54b7e238b9c36b7c1e08a472 --- gotctl.8.html +++ gotctl.8.html @@ -86,7 +86,7 @@
August 14, - 2024 OpenBSD 7.6
+ line">September 9, + 2024 OpenBSD 7.5 blob - 00ac07931cfd6e6f0ac567d23b85704c67564316 blob + e85f4582fefb36ac04b29079b9cbd491dcf9dea5 --- gotd.8.html +++ gotd.8.html @@ -37,7 +37,8 @@ gotd [-dnv] [-f - config-file] + config-file] [-s + secrets] @@ -68,6 +69,11 @@ /etc/gotd.conf will be used.
Configtest mode. Only check the configuration file for validity.
+
+ secrets
+
Set the path to the secrets file. If not specified, the file + /etc/gotd-secrets.conf will be used if it + exists.
Verbose mode. Verbosity increases if this option is used multiple times.
@@ -119,7 +125,9 @@

got(1), gotsh(1), git-repository(5), - gotd.conf(5)

+ gotd.conf(5) + gotd-secrets.conf(5)

@@ -135,7 +143,7 @@
August 14, - 2024 OpenBSD 7.6
+ line">September 9, + 2024 OpenBSD 7.5 blob - /dev/null blob + 0f965be93b65e42deb38741a2afdf867341c3582 (mode 644) --- /dev/null +++ gotd-secrets.conf.5.html @@ -0,0 +1,118 @@ + + + + + + + GOTD-SECRETS.CONF(5) + + + +
GOTD-SECRETS.CONF(5) + File Formats Manual + GOTD-SECRETS.CONF(5)
+
+
+

+

gotd-secrets.conf — + gotd secrets file

+
+
+

+

gotd-secrets.conf contains authentication + credentials for use with gotd(8) notifications. This file must be owned by the root user and + must not be readable by any other users.

+

The file format is line-based, with one entry per line. Comments + can appear at the start of a line using a hash mark (‘#’), and + extend to the end of the line. Empty lines are ignored.

+

Each entry consists of whitespace-separated tokens and defines a + set of credentials. Any credential parameters containing whitespace should + be surrounded by single or double quotes.

+

Each set of credentials must be given a + label which can be used to refer to credentials in + gotd.conf(5). This + label must be unique among all credentials of the same + type.

+

The supported credential types and their parameters are:

+
+
+ label user + user password + password
+
The auth type represents HTTP Basic Authentication + credentials consisting of a user and a + password.
+
+ label secret
+
The hmac type represents shared secrets for use + with HMAC signatures of HTTP request bodies. A suitable + secret can be generated with + openssl(1) as follows: +

+
$ openssl rand -base64 + 32
+
+
+
+
+

+
+
/etc/gotd-secrets.conf
+
Location of the gotd-secrets.conf configuration + file.
+
+
+
+

+

Define credentials for HTTP basic authentication and HMAC + signatures:

+
+
# /etc/gotd-secrets.conf
+auth mochi user "flan" password "super-strong-password!"
+hmac hacker q0tcl8QhjYs7U75MW/2rwB30CpdbAhONkfLGxFHm/+8=
+
+

These credentials can be referenced in + gotd.conf(5) as + follows:

+
+
# /etc/gotd.conf
+repository "openbsd/src" {
+	path "/var/git/src.git"
+	permit rw :hackers
+
+	notify {
+		url https://example.com/ci/ auth mochi hmac hacker
+	}
+}
+
+
+
+

+

got(1), + gotsh(1), + gotd.conf(5), + gotd(8)

+
+
+
September 9, + 2024 OpenBSD 7.5
+ + blob - 54a84d085d90ab56faf623ce1243c92c888ef5c2 blob + 349270870029ca349527ccbf2e2ea708fa4df411 --- gotd.conf.5.html +++ gotd.conf.5.html @@ -275,9 +275,9 @@ and port.

- URL [user - user password - password [insecure]]
+ URL [auth + label [insecure]] + [hmac label]
Send notifications via HTTP. This directive may be specified multiple times to build a list of HTTP servers to send notifications to.

The notification will be sent as a POST request to the @@ -285,15 +285,25 @@ begin with either “http://” or “https://”. If HTTPS is used, sending of notifications will only succeed if no TLS errors occur.

-

The optional user and - password directives enable HTTP Basic - authentication. If used, both a user and a - password must be specified. The - password must not be an empty string. Unless - the insecure option is specified the +

The optional auth directive + enables HTTP Basic authentication. Authentication credentials must + be specified in the separate + gotd-secrets.conf(5) file, using the + label as identifier. Unless the + insecure option is specified the notification target URL must be a “https://” URL to avoid leaking of authentication credentials.

+

If a hmac secret is provided, the + request body will be signed using HMAC, allowing the receiver to + verify the notification message's authenticity and integrity. The + HMAC secret to use must be specified in the separate + gotd-secrets.conf(5) file, using the + label as identifier. The signature uses + HMAC-SHA256 and will be sent in the HTTP header + “X-Gotd-Signature”.

The request body contains a JSON object with a “notifications” property containing an array of notification objects. The following notification object properties @@ -475,11 +485,13 @@ connection { ALSO

got(1), gotsh(1), - gotd(8)

+ gotd-secrets.conf(5), gotd(8)

August 14, - 2024 OpenBSD 7.6
+ line">September 9, + 2024 OpenBSD 7.5 blob - d8be79134153495c16b4f68121a60f4a9a8c60fa blob + 456ac6912b392fc857dd53f02921289da6670a4c --- gotsh.1.html +++ gotsh.1.html @@ -157,7 +157,7 @@
August 14, - 2024 OpenBSD 7.6
+ line">September 9, + 2024 OpenBSD 7.5 blob - ce821ea610009f53d0563fada6bc0547abefe814 blob + e77673c6ee389a819f7311a93d6f0a67dbc3db9a --- gotwebd.8.html +++ gotwebd.8.html @@ -191,7 +191,7 @@ server "example.com" {
August 14, - 2024 OpenBSD 7.6
+ line">September 9, + 2024 OpenBSD 7.5 blob - 632578648df57a231351bf6f968d1d59055d1069 blob + b9d8027a441f5b208b163c1c7064115bec754cc9 --- gotwebd.conf.5.html +++ gotwebd.conf.5.html @@ -242,7 +242,7 @@ server "localhost" {
August 14, - 2024 OpenBSD 7.6
+ line">September 9, + 2024 OpenBSD 7.5 blob - 90565568006df54fe0d0ae49965a26963dd25314 blob + 00a4a0957eadf47f6a8a7abe9c37189abb8aa0bd --- manual.html +++ manual.html @@ -31,6 +31,7 @@ Manual pages installed by the gotwebd pac Manual pages installed by the gotd package:
+
+
Write the currently viewed diff to a patch file in + /tmp. The patch pathname is drawn to the + status line.
Prompt for a search pattern and start searching for matching lines. The search pattern is an extended regular expression. Regular @@ -473,7 +477,7 @@
Reload the blame view with the version of the file as found in the currently selected line's commit.
-
+
Reload the blame view with the version of the file as found in the parent commit of the currently selected line's commit.
@@ -855,7 +859,7 @@
August 14, - 2024 OpenBSD 7.6
+ line">September 9, + 2024 OpenBSD 7.5