Merge branch 'master' of git://github.com/go-gitea/gitea

.drone.yml

@@ -4,7 +4,7 @@ workspace:
 
 clone:
   git:
-    image: plugins/git:1
+    image: plugins/git:next
     depth: 50
     tags: true
 
@@ -75,6 +75,7 @@ pipeline:
       - make lint
       - make fmt-check
       - make swagger-check
+      - make swagger-validate
       - make misspell-check
       - make test-vendor
       - make build
@@ -254,6 +255,18 @@ pipeline:
     when:
       event: [ push, tag ]
 
+  gpg-sign:
+    image: plugins/gpgsign:1
+    pull: true
+    secrets: [ gpgsign_key, gpgsign_passphrase ]
+    detach_sign: true
+    files:
+      - dist/release/*
+    excludes:
+      - dist/release/*.sha256
+    when:
+      event: [ push, tag ]
+
   release:
     image: plugins/s3:1
     pull: true

CHANGELOG.md

@@ -4,6 +4,18 @@ This changelog goes through all the changes that have been made in each release
 without substantial changes to our git log; to see the highlights of what has
 been added to each release, please refer to the [blog](https://blog.gitea.io).
 
+## [1.4.3](https://github.com/go-gitea/gitea/releases/tag/v1.4.3) - 2018-06-26
+* SECURITY
+  * HTML-escape plain-text READMEs (#4192) (#4214)
+  * Fix open redirect vulnerability on login screen (#4312) (#4312)
+* BUGFIXES
+  * Fix broken monitoring page when running processes are shown (#4203) (#4208)
+  * Fix delete comment bug (#4216) (#4228)
+  * Delete reactions added to issues and comments when deleting repository (#4232) (#4237)
+  * Fix wiki URL encoding bug (#4091) (#4254)
+  * Fix code tab link when viewing tags (#3908) (#4263)
+  * Fix webhook type conflation (#4285) (#4285)
+
 ## [1.4.2](https://github.com/go-gitea/gitea/releases/tag/v1.4.2) - 2018-06-04
 * BUGFIXES
   * Adjust z-index for floating labels (#3939) (#3950)

CONTRIBUTING.md

@@ -201,6 +201,10 @@ an advisor has time to code review, we will gladly welcome them back
 to the maintainers team. If a maintainer is inactive for more than 3
 months and forgets to leave the maintainers team, the owners may move
 him or her from the maintainers team to the advisors team.
+For security reasons, Maintainers should use 2FA for their accounts and
+if possible provide gpg signed commits. 
+https://help.github.com/articles/securing-your-account-with-two-factor-authentication-2fa/
+https://help.github.com/articles/signing-commits-with-gpg/
 
 ## Owners
 
@@ -211,6 +215,9 @@ be the main owner, and the other two the assistant owners. When the new
 owners have been elected, the old owners will give up ownership to the
 newly elected owners. If an owner is unable to do so, the other owners
 will assist in ceding ownership to the newly elected owners.
+For security reasons, Owners or any account with write access (like a bot)
+must use 2FA.
+https://help.github.com/articles/securing-your-account-with-two-factor-authentication-2fa/
 
 After the election, the new owners should proactively agree
 with our [CONTRIBUTING](CONTRIBUTING.md) requirements in the

README.md

@@ -12,13 +12,6 @@
 [![Help Contribute to Open Source](https://www.codetriage.com/go-gitea/gitea/badges/users.svg)](https://www.codetriage.com/go-gitea/gitea)
 [![Become a backer/sponsor of gitea](https://opencollective.com/gitea/tiers/backer/badge.svg?label=backer&color=brightgreen)](https://opencollective.com/gitea)
 
-| | | |
-|:---:|:---:|:---:|
-|![Dashboard](https://image.ibb.co/dms6DG/1.png)|![Repository](https://image.ibb.co/m6MSLw/2.png)|![Commits History](https://image.ibb.co/cjrSLw/3.png)|
-|![Branches](https://image.ibb.co/e6vbDG/4.png)|![Issues](https://image.ibb.co/bJTJSb/5.png)|![Pull Request View](https://image.ibb.co/e02dSb/6.png)|
-|![Releases](https://image.ibb.co/cUzgfw/7.png)|![Activity](https://image.ibb.co/eZgGDG/8.png)|![Wiki](https://image.ibb.co/dYV9YG/9.png)|
-|![Diff](https://image.ibb.co/ewA9YG/10.png)|![Organization](https://image.ibb.co/ceOwDG/11.png)|![Profile](https://image.ibb.co/c44Q7b/12.png)|
-
 ## Purpose
 
 The goal of this project is to make the easiest, fastest, and most
@@ -102,3 +95,13 @@ Gitea is pronounced [/ɡɪ’ti:/](https://youtu.be/EM71-2uDAoY) as in "gi-tea"
 This project is licensed under the MIT License.
 See the [LICENSE](https://github.com/go-gitea/gitea/blob/master/LICENSE) file
 for the full license text.
+
+## Screenshots
+Looking for an overview of the interface? Check it out!
+
+| | | |
+|:---:|:---:|:---:|
+|![Dashboard](https://image.ibb.co/dms6DG/1.png)|![Repository](https://image.ibb.co/m6MSLw/2.png)|![Commits History](https://image.ibb.co/cjrSLw/3.png)|
+|![Branches](https://image.ibb.co/e6vbDG/4.png)|![Issues](https://image.ibb.co/bJTJSb/5.png)|![Pull Request View](https://image.ibb.co/e02dSb/6.png)|
+|![Releases](https://image.ibb.co/cUzgfw/7.png)|![Activity](https://image.ibb.co/eZgGDG/8.png)|![Wiki](https://image.ibb.co/dYV9YG/9.png)|
+|![Diff](https://image.ibb.co/ewA9YG/10.png)|![Organization](https://image.ibb.co/ceOwDG/11.png)|![Profile](https://image.ibb.co/c44Q7b/12.png)|

cmd/admin.go

@@ -73,6 +73,11 @@ var (
 				Value: "",
 				Usage: "New password to set for user",
 			},
+			cli.StringFlag{
+				Name:  "config, c",
+				Value: "custom/conf/app.ini",
+				Usage: "Custom configuration file path",
+			},
 		},
 	}
 
@@ -123,6 +128,10 @@ func runChangePassword(c *cli.Context) error {
 		return err
 	}
 
+	if c.IsSet("config") {
+		setting.CustomConf = c.String("config")
+	}
+
 	if err := initDB(); err != nil {
 		return err
 	}

contrib/init/sunos/gitea.xml

@@ -0,0 +1,46 @@
+<?xml version="1.0"?>
+<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
+<service_bundle type="manifest" name="export">
+	<service name="gitea" type="service" version="1">
+		<create_default_instance enabled="false"/>
+
+		<dependency name="network" grouping="require_all" restart_on="refresh" type="service">
+			<service_fmri value="svc:/milestone/network:default"/>
+		</dependency>
+
+		<dependency name="filesystem" grouping="require_all" restart_on="refresh" type="service">
+			<service_fmri value="svc:/system/filesystem/local"/>
+		</dependency>
+
+		<exec_method
+		    type="method"
+		    name="start"
+		    exec="/opt/local/bin/gitea web"
+		    timeout_seconds="60">
+		  <method_context>
+		    <method_credential user="git" group="git" />
+		    <method_environment>
+		      <envvar name='GITEA_WORK_DIR' value='/opt/local/share/gitea'/>
+		      <envvar name='GITEA_CUSTOM' value='/opt/local/etc/gitea'/>
+		      <envvar name='HOME' value='/var/db/gitea'/>
+		      <envvar name='PATH' value='/opt/local/bin:${PATH}'/>
+		      <envvar name='USER' value='git'/>
+		    </method_environment>
+		  </method_context>
+		</exec_method>
+		<exec_method type="method" name="stop"	exec=":kill" timeout_seconds="60"/>
+
+		<property_group name="application" type="application"></property_group>
+		<property_group name="startd" type="framework">
+		  <propval name="duration" type="astring" value="child"/>
+		  <propval name="ignore_error" type="astring" value="core,signal"/>
+		</property_group>
+
+		<template>
+			<common_name>
+			  <loctext xml:lang="C">A painless, self-hosted Git service</loctext>
+			</common_name>
+		</template>
+
+	</service>
+</service_bundle>

custom/conf/app.ini.sample

@@ -603,9 +603,9 @@ ko-KR = ko
 [U2F]
 ; Two Factor authentication with security keys
 ; https://developers.yubico.com/U2F/App_ID.html
-APP_ID = %(PROTOCOL)s://%(DOMAIN)s:%(HTTP_PORT)s
+APP_ID = %(PROTOCOL)s://%(DOMAIN)s:%(HTTP_PORT)s/
 ; Comma seperated list of truisted facets
-TRUSTED_FACETS = %(PROTOCOL)s://%(DOMAIN)s:%(HTTP_PORT)s
+TRUSTED_FACETS = %(PROTOCOL)s://%(DOMAIN)s:%(HTTP_PORT)s/
 
 ; Extension mapping to highlight class
 ; e.g. .toml=ini

docker/etc/s6/gitea/setup

@@ -1,7 +1,5 @@
 #!/bin/bash
 
-/usr/sbin/update-ca-certificates
-
 if [ ! -d /data/gitea/git/.ssh ]; then
     mkdir -p /data/gitea/git/.ssh
     chmod 700 /data/gitea/git/.ssh

docs/content/doc/advanced/api-usage.en-us.md

@@ -0,0 +1,75 @@
+---
+date: "2018-06-24:00:00+02:00"
+title: "API Usage"
+slug: "api-usage"
+weight: 40
+toc: true
+draft: false
+menu:
+  sidebar:
+    parent: "advanced"
+    name: "API Usage"
+    weight: 40
+    identifier: "api-usage"
+---
+
+# Gitea API Usage
+
+## Enabling/configuring API access
+
+By default, `ENABLE_SWAGGER_ENDPOINT` is true, and
+`MAX_RESPONSE_ITEMS` is set to 50.  See [Config Cheat
+Sheet](https://docs.gitea.io/en-us/config-cheat-sheet/) for more
+information.
+
+## Authentication via the API
+
+Gitea supports these methods of API authentication:
+
+- HTTP basic authentication
+- `token=...` parameter in URL query string
+- `access_token=...` parameter in URL query string
+- `Authorization: token ...` header in HTTP headers
+
+All of these methods accept the same apiKey token type.  You can
+better understand this by looking at the code -- as of this writing,
+Gitea parses queries and headers to find the token in
+[modules/auth/auth.go](https://github.com/go-gitea/gitea/blob/6efdcaed86565c91a3dc77631372a9cc45a58e89/modules/auth/auth.go#L47).
+
+You can create an apiKey token via your gitea install's web interface:
+`Settings | Applications | Generate New Token`.
+
+### More on the `Authorization:` header
+
+For historical reasons, Gitea needs the word `token` included before
+the apiKey token in an authorization header, like this:
+
+```
+Authorization: token 65eaa9c8ef52460d22a93307fe0aee76289dc675
+```
+
+In a `curl` command, for instance, this would look like:
+
+```
+curl -X POST "http://localhost:4000/api/v1/repos/test1/test1/issues" \
+    -H "accept: application/json" \
+    -H "Authorization: token 65eaa9c8ef52460d22a93307fe0aee76289dc675" \
+    -H "Content-Type: application/json" -d "{ \"body\": \"testing\", \"title\": \"test 20\"}" -i
+```
+
+As mentioned above, the token used is the same one you would use in
+the `token=` string in a GET request.
+
+## Listing your issued tokens via the API
+
+As mentioned in
+[#3842](https://github.com/go-gitea/gitea/issues/3842#issuecomment-397743346),
+`/users/:name/tokens` is special and requires you to authenticate
+using BasicAuth, as follows:
+
+### Using basic authentication:
+
+```
+$ curl --request GET --url https://yourusername:yourpassword@gitea.your.host/api/v1/users/yourusername/tokens
+[{"name":"test","sha1":"..."},{"name":"dev","sha1":"..."}]
+```