Compare commits
35 Commits
Author | SHA1 | Date |
---|---|---|
Antoine Martin | 24c0156b97 | |
Antoine Martin | 298e895a0b | |
Antoine Martin | b6445e6707 | |
Antoine Martin | 926f48f979 | |
Antoine Martin | b04748a804 | |
Antoine Martin | 77e5214561 | |
Antoine Martin | 689c57a140 | |
Antoine Martin | 66d965beee | |
Antoine Martin | 708c350c9a | |
Antoine Martin | 075ca9a23c | |
Antoine Martin | 25eba69b16 | |
Antoine Martin | 88609b24fe | |
Antoine Martin | 26eefe2ebe | |
Antoine Martin | 58503cc8b9 | |
Antoine Martin | a48e59bedc | |
Antoine Martin | c37a390f6c | |
Antoine Martin | cd85ace566 | |
Antoine Martin | 964975bada | |
Antoine Martin | b78c486a0e | |
Antoine Martin | 7fad5a6a87 | |
Antoine Martin | 5f7d140b61 | |
Antoine Martin | 1f6fe74d03 | |
Antoine Martin | fd50523f11 | |
Antoine Martin | d942dc1098 | |
Antoine Martin | bc32f8a565 | |
Antoine Martin | 6c4a496ede | |
Antoine Martin | 264b7baccd | |
Antoine Martin | 776876233f | |
Bruno BELANYI | 3fedfa3342 | |
Antoine Martin | 378823a1fb | |
Antoine Martin | 56f82c6467 | |
Antoine Martin | 3a93d9f994 | |
Antoine Martin | da20e2c9ac | |
Antoine Martin | 29c0a4abdf | |
Antoine Martin | 1506ce1dac |
|
@ -0,0 +1,20 @@
|
|||
name: "Cachix build"
|
||||
on:
|
||||
workflow_dispatch:
|
||||
push:
|
||||
paths:
|
||||
- 'flake.nix'
|
||||
- 'flake.lock'
|
||||
|
||||
jobs:
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- uses: cachix/install-nix-action@v24
|
||||
- uses: cachix/cachix-action@v12
|
||||
with:
|
||||
name: alarsyo
|
||||
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
|
||||
- run: |
|
||||
nix build --verbose
|
|
@ -1,4 +1,4 @@
|
|||
on: [push, pull_request]
|
||||
on: [push, pull_request, workflow_dispatch]
|
||||
|
||||
name: CI
|
||||
|
||||
|
@ -8,62 +8,34 @@ jobs:
|
|||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout sources
|
||||
uses: actions/checkout@v2
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Install nightly toolchain
|
||||
uses: actions-rs/toolchain@v1
|
||||
with:
|
||||
profile: minimal
|
||||
toolchain: nightly
|
||||
override: true
|
||||
- name: Install stable toolchain
|
||||
uses: dtolnay/rust-toolchain@stable
|
||||
|
||||
- name: Run cargo check
|
||||
uses: actions-rs/cargo@v1
|
||||
with:
|
||||
command: check
|
||||
- run: cargo check
|
||||
|
||||
test:
|
||||
name: Test Suite
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout sources
|
||||
uses: actions/checkout@v2
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Install nightly toolchain
|
||||
uses: actions-rs/toolchain@v1
|
||||
with:
|
||||
profile: minimal
|
||||
toolchain: nightly
|
||||
override: true
|
||||
- name: Install stable toolchain
|
||||
uses: dtolnay/rust-toolchain@stable
|
||||
|
||||
- name: Run cargo test
|
||||
uses: actions-rs/cargo@v1
|
||||
with:
|
||||
command: test
|
||||
- run: cargo test
|
||||
|
||||
lints:
|
||||
name: Lints
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout sources
|
||||
uses: actions/checkout@v2
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Install nightly toolchain
|
||||
uses: actions-rs/toolchain@v1
|
||||
with:
|
||||
profile: minimal
|
||||
toolchain: nightly
|
||||
override: true
|
||||
components: rustfmt, clippy
|
||||
- name: Install stable toolchain
|
||||
uses: dtolnay/rust-toolchain@stable
|
||||
|
||||
- name: Run cargo fmt
|
||||
uses: actions-rs/cargo@v1
|
||||
with:
|
||||
command: fmt
|
||||
args: --all -- --check
|
||||
|
||||
- name: Run cargo clippy
|
||||
uses: actions-rs/clippy-check@v1
|
||||
with:
|
||||
token: ${{ secrets.GITHUB_TOKEN }}
|
||||
args: --all-features -- -D warnings
|
||||
- run: cargo fmt --all -- --check
|
||||
- run: cargo clippy --all-features -- -D warnings
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -1,12 +1,13 @@
|
|||
[package]
|
||||
name = "lohr"
|
||||
version = "0.3.2"
|
||||
version = "0.4.5"
|
||||
authors = ["Antoine Martin <antoine@alarsyo.net>"]
|
||||
edition = "2018"
|
||||
license = "Apache-2.0 OR MIT"
|
||||
description = "A Git mirroring daemon"
|
||||
homepage = "https://github.com/alarsyo/lohr"
|
||||
repository = "https://github.com/alarsyo/lohr"
|
||||
resolver = "2"
|
||||
|
||||
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
|
||||
|
||||
|
@ -23,7 +24,7 @@ serde_yaml = "0.8.17"
|
|||
sha2 = "0.9.3"
|
||||
|
||||
[dependencies.rocket]
|
||||
version = "0.4.7"
|
||||
version = "0.5.0"
|
||||
# don't need private-cookies
|
||||
default-features = false
|
||||
|
||||
|
|
|
@ -0,0 +1,138 @@
|
|||
# lohr
|
||||
|
||||
`lohr` is a Git mirroring tool.
|
||||
|
||||
I created it to solve a simple problem I had: I host my own git server at
|
||||
<https://git.alarsyo.net>, but want to mirror my public projects to GitHub /
|
||||
GitLab, for backup and visibility purposes.
|
||||
|
||||
GitLab has a mirroring setting, but it doesn't allow for multiple mirrors, as
|
||||
far as I know. I also wanted my instance to be the single source of truth.
|
||||
|
||||
## How it works
|
||||
|
||||
Gitea is setup to send webhooks to my `lohr` server on every push update. When
|
||||
`lohr` receives a push, it clones the concerned repository, or updates it if
|
||||
already cloned. Then it pushes the update to **all remotes listed** in the
|
||||
[.lohr](.lohr) file at the repo root.
|
||||
|
||||
### Destructive
|
||||
|
||||
This is a very destructive process: anything removed from the single source of
|
||||
truth is effectively removed from any mirror as well.
|
||||
|
||||
## Installing
|
||||
|
||||
`lohr` is [published on crates.io](https://crates.io/crates/lohr), so you can
|
||||
install it with `cargo install`:
|
||||
|
||||
$ cargo install lohr
|
||||
|
||||
Note: currently this method won't get you the latest version of `lohr`, as it
|
||||
depends on Rocket v0.5.0, which isn't released yet. Updated versions of `lohr`
|
||||
will be published on crates.io as soon as Rocket v0.5.0 releases.
|
||||
|
||||
## Setup
|
||||
|
||||
### Quickstart
|
||||
|
||||
Setting up `lohr` should be quite simple:
|
||||
|
||||
1. Create a `Rocket.toml` file and [add your
|
||||
configuration](https://rocket.rs/v0.4/guide/configuration/).
|
||||
|
||||
2. Export a secret variable:
|
||||
|
||||
$ export LOHR_SECRET=42 # please don't use this secret
|
||||
|
||||
3. Run `lohr`:
|
||||
|
||||
$ cargo run # or `cargo run --release` for production usage
|
||||
|
||||
4. Configure your favorite git server to send a webhook to `lohr`'s address on
|
||||
every push event.
|
||||
|
||||
I used [Gitea's webhooks format](https://docs.gitea.io/en-us/webhooks/), but
|
||||
I **think** they're similar to GitHub and GitLab's webhooks, so these should
|
||||
work too! (If they don't, **please** file an issue!)
|
||||
|
||||
Don't forget to set the webhook secret to the one you chose above.
|
||||
|
||||
5. Add a `.lohr` file containing the remotes you want to mirror this repo to:
|
||||
|
||||
git@github.com:you/your_repo
|
||||
|
||||
and push it. That's it! `lohr` is mirroring your repo now.
|
||||
|
||||
|
||||
### Configuration
|
||||
|
||||
#### Home directory
|
||||
|
||||
`lohr` needs a place to clone repos and store its data. By default, it's the
|
||||
current directory, but you can set the `LOHR_HOME` environment variable to
|
||||
customize it.
|
||||
|
||||
#### Shared secret
|
||||
|
||||
As shown in the quickstart guide, you **must** set the `LOHR_SECRET` environment
|
||||
variable.
|
||||
|
||||
#### Extra remote configuration
|
||||
|
||||
You can provide `lohr` with a YAML file containing additional configuration. You
|
||||
can pass its path to the `--config` flag when launching `lohr`. If no
|
||||
configuration is provided via a CLI flag, `lohr` will check the `LOHR_CONFIG`
|
||||
environment variable. If the environment variable isn't set either, it will
|
||||
check in `LOHR_HOME` is a `lohr-config.yaml` file exists, and try to load it.
|
||||
|
||||
This file takes the following format:
|
||||
|
||||
``` yaml
|
||||
default_remotes:
|
||||
- "git@github:user"
|
||||
- "git@gitlab:user"
|
||||
|
||||
additional_remotes:
|
||||
- "git@git.sr.ht:~user"
|
||||
|
||||
blacklist:
|
||||
- "private-.*"
|
||||
```
|
||||
|
||||
- `default_remotes` is a list of remotes to use if no `.lohr` file is found in a
|
||||
repository.
|
||||
- `additional_remotes` is a list of remotes to add in any case, whether the
|
||||
original set of remotes is set via `default_remotes` or via a `.lohr` file.
|
||||
- `blacklist` is a list of regular expressions to match against the full
|
||||
repository names. Any that matches will not be mirrored, even if it contains a
|
||||
`.lohr` file.
|
||||
|
||||
Both settings take as input a list of "stems", i.e. incomplete remote addresses,
|
||||
to which the repo's name will be appended (so for example, if my
|
||||
`default_remotes` contains `git@github.com:alarsyo`, and a push event webhook is
|
||||
received for repository `git@gitlab.com:some/long/path/repo_name`, then the
|
||||
mirror destination will be `git@github.com:alarsyo/repo_name`.
|
||||
|
||||
## Contributing
|
||||
|
||||
I accept patches anywhere! Feel free to [open a GitHub Pull
|
||||
Request](https://github.com/alarsyo/lohr/pulls), [a GitLab Merge
|
||||
Request](https://gitlab.com/alarsyo/lohr/-/merge_requests), or [send me a patch
|
||||
by email](https://lists.sr.ht/~alarsyo/lohr-dev)!
|
||||
|
||||
## Why lohr?
|
||||
|
||||
I was looking for a cool name, and thought about the Magic Mirror in Snow White.
|
||||
Some **[furious wikipedia
|
||||
searching](https://en.wikipedia.org/wiki/Magic_Mirror_(Snow_White))** later, I
|
||||
found that the Magic Mirror was probably inspired by [the Talking Mirror in Lohr
|
||||
am Main](http://spessartmuseum.de/seiten/schneewittchen_engl.html). That's it,
|
||||
that's the story.
|
||||
|
||||
## License
|
||||
|
||||
`lohr` is distributed under the terms of both the MIT license and the Apache
|
||||
License (Version 2.0).
|
||||
|
||||
See [LICENSE-APACHE](LICENSE-APACHE) and [LICENSE-MIT](LICENSE-MIT) for details.
|
143
README.org
143
README.org
|
@ -1,143 +0,0 @@
|
|||
#+title: lohr
|
||||
|
||||
=lohr= is a Git mirroring tool.
|
||||
|
||||
I created it to solve a simple problem I had: I host my own git server at
|
||||
[[https://git.alarsyo.net]], but want to mirror my public projects to GitHub /
|
||||
GitLab, for backup and visibility purposes.
|
||||
|
||||
GitLab has a mirroring setting, but it doesn't allow for multiple mirrors, as
|
||||
far as I know. I also wanted my instance to be the single source of truth.
|
||||
|
||||
** How it works
|
||||
|
||||
Gitea is setup to send webhooks to my =lohr= server on every push update. When
|
||||
=lohr= receives a push, it clones the concerned repository, or updates it if
|
||||
already cloned. Then it pushes the update to *all remotes listed* in the [[file:.lohr][.lohr]]
|
||||
file at the repo root.
|
||||
|
||||
*** Destructive
|
||||
|
||||
This is a very destructive process: anything removed from the single source of
|
||||
truth is effectively removed from any mirror as well.
|
||||
|
||||
** Installing
|
||||
|
||||
=lohr= is [[https://crates.io/crates/lohr][published on crates.io]], so you can install it with ~cargo install~:
|
||||
|
||||
#+begin_src sh
|
||||
$ cargo +nightly install lohr
|
||||
#+end_src
|
||||
|
||||
We currently require a nightly compiler because [[https://github.com/SergioBenitez/Rocket][Rocket]] needs one to compile (a
|
||||
0.5.0 which compiles on stable Rust is in the making, stay tuned!). You can
|
||||
install a nightly toolchain with the following command:
|
||||
|
||||
#+begin_src sh
|
||||
$ rustup install nightly
|
||||
#+end_src
|
||||
|
||||
** Setup
|
||||
|
||||
*** Quickstart
|
||||
|
||||
Setting up =lohr= should be quite simple:
|
||||
|
||||
1. Create a =Rocket.toml= file and [[https://rocket.rs/v0.4/guide/configuration/][add your configuration]].
|
||||
|
||||
2. Export a secret variable:
|
||||
|
||||
#+begin_src sh
|
||||
$ export LOHR_SECRET=42 # please don't use this secret
|
||||
#+end_src
|
||||
|
||||
3. Run =lohr=:
|
||||
|
||||
#+begin_src sh
|
||||
$ cargo run # or `cargo run --release` for production usage
|
||||
#+end_src
|
||||
|
||||
4. Configure your favorite git server to send a webhook to =lohr='s address on
|
||||
every push event.
|
||||
|
||||
I used [[https://docs.gitea.io/en-us/webhooks/][Gitea's webhooks format]], but I *think* they're similar to GitHub and
|
||||
GitLab's webhooks, so these should work too! (If they don't, *please* file an
|
||||
issue!)
|
||||
|
||||
Don't forget to set the webhook secret to the one you chose above.
|
||||
|
||||
5. Add a =.lohr= file containing the remotes you want to mirror this repo to:
|
||||
|
||||
#+begin_example
|
||||
git@github.com:you/your_repo
|
||||
#+end_example
|
||||
|
||||
and push it. That's it! =lohr= is mirroring your repo now.
|
||||
|
||||
*** Configuration
|
||||
|
||||
**** Home directory
|
||||
|
||||
=lohr= needs a place to clone repos and store its data. By default, it's the
|
||||
current directory, but you can set the =LOHR_HOME= environment variable to
|
||||
customize it.
|
||||
|
||||
**** Shared secret
|
||||
|
||||
As shown in the quickstart guide, you *must* set the =LOHR_SECRET= environment
|
||||
variable.
|
||||
|
||||
**** Extra remote configuration
|
||||
|
||||
You can provide =lohr= with a YAML file containing additional configuration. You
|
||||
can pass its path to the =--config= flag when launching =lohr=. If no
|
||||
configuration is provided via a CLI flag, =lohr= will check the =LOHR_CONFIG=
|
||||
environment variable. If the environment variable isn't set either, it will
|
||||
check in =LOHR_HOME= is a =lohr-config.yaml= file exists, and try to load it.
|
||||
|
||||
This file takes the following format:
|
||||
|
||||
#+begin_src yaml
|
||||
default_remotes:
|
||||
- "git@github:user"
|
||||
- "git@gitlab:user"
|
||||
|
||||
additional_remotes:
|
||||
- "git@git.sr.ht:~user"
|
||||
|
||||
blacklist:
|
||||
- "private-.*"
|
||||
#+end_src
|
||||
|
||||
- ~default_remotes~ is a list of remotes to use if no ~.lohr~ file is found in a
|
||||
repository.
|
||||
- ~additional_remotes~ is a list of remotes to add in any case, whether the
|
||||
original set of remotes is set via ~default_remotes~ or via a =.lohr= file.
|
||||
- ~blacklist~ is a list of regular expressions to match against the full
|
||||
repository names. Any that matches will not be mirrored, even if it contains a
|
||||
`.lohr` file.
|
||||
|
||||
Both settings take as input a list of "stems", i.e. incomplete remote addresses,
|
||||
to which the repo's name will be appended (so for example, if my
|
||||
~default_remotes~ contains ~git@github.com:alarsyo~, and a push event webhook
|
||||
is received for repository =git@gitlab.com:some/long/path/repo_name=, then the
|
||||
mirror destination will be =git@github.com:alarsyo/repo_name=.
|
||||
|
||||
** Contributing
|
||||
|
||||
I accept patches anywhere! Feel free to [[https://github.com/alarsyo/lohr/pulls][open a GitHub Pull Request]], [[https://gitlab.com/alarsyo/lohr/-/merge_requests][a GitLab
|
||||
Merge Request]], or [[https://lists.sr.ht/~alarsyo/lohr-dev][send me a patch by email]]!
|
||||
|
||||
** Why lohr?
|
||||
|
||||
I was looking for a cool name, and thought about the Magic Mirror in Snow White.
|
||||
Some *[[https://en.wikipedia.org/wiki/Magic_Mirror_(Snow_White)][furious wikipedia searching]]* later, I found that the Magic Mirror was
|
||||
probably inspired by [[http://spessartmuseum.de/seiten/schneewittchen_engl.html][the Talking Mirror in Lohr am Main]]. That's it, that's the
|
||||
story.
|
||||
|
||||
** License
|
||||
|
||||
=lohr= is distributed under the terms of both the MIT license and the Apache
|
||||
License (Version 2.0).
|
||||
|
||||
See [[file:LICENSE-APACHE][LICENSE-APACHE]] and [[file:LICENSE-MIT][LICENSE-MIT]] for details.
|
79
flake.lock
79
flake.lock
|
@ -3,11 +3,11 @@
|
|||
"flake-compat": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1606424373,
|
||||
"narHash": "sha256-oq8d4//CJOrVj+EcOaSXvMebvuTkmBJuT5tzlfewUnQ=",
|
||||
"lastModified": 1696426674,
|
||||
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"rev": "99f1c2157fba4bfe6211a321fd0ee43199025dbf",
|
||||
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -17,64 +17,30 @@
|
|||
}
|
||||
},
|
||||
"flake-utils": {
|
||||
"locked": {
|
||||
"lastModified": 1614513358,
|
||||
"narHash": "sha256-LakhOx3S1dRjnh0b5Dg3mbZyH0ToC9I8Y2wKSkBaTzU=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "5466c5bbece17adaab2d82fae80b46e807611bf3",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"mozillapkgs": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1603906276,
|
||||
"narHash": "sha256-RsNPnEKd7BcogwkqhaV5kI/HuNC4flH/OQCC/4W5y/8=",
|
||||
"owner": "mozilla",
|
||||
"repo": "nixpkgs-mozilla",
|
||||
"rev": "8c007b60731c07dd7a052cce508de3bb1ae849b4",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "mozilla",
|
||||
"repo": "nixpkgs-mozilla",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"naersk": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
"systems": "systems"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1614785451,
|
||||
"narHash": "sha256-TPw8kQvr2UNCuvndtY+EjyXp6Q5GEW2l9UafXXh1XmI=",
|
||||
"owner": "nmattia",
|
||||
"repo": "naersk",
|
||||
"rev": "e0fe990b478a66178a58c69cf53daec0478ca6f9",
|
||||
"lastModified": 1701680307,
|
||||
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nmattia",
|
||||
"ref": "master",
|
||||
"repo": "naersk",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1616670887,
|
||||
"narHash": "sha256-wn+l9qJfR5sj5Gq4DheJHAcBDfOs9K2p9seW2f35xzs=",
|
||||
"lastModified": 1702272962,
|
||||
"narHash": "sha256-D+zHwkwPc6oYQ4G3A1HuadopqRwUY/JkMwHz1YF7j4Q=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "c0e881852006b132236cbf0301bd1939bb50867e",
|
||||
"rev": "e97b3e4186bcadf0ef1b6be22b8558eab1cdeb5d",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -88,10 +54,23 @@
|
|||
"inputs": {
|
||||
"flake-compat": "flake-compat",
|
||||
"flake-utils": "flake-utils",
|
||||
"mozillapkgs": "mozillapkgs",
|
||||
"naersk": "naersk",
|
||||
"nixpkgs": "nixpkgs"
|
||||
}
|
||||
},
|
||||
"systems": {
|
||||
"locked": {
|
||||
"lastModified": 1681028828,
|
||||
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"type": "github"
|
||||
}
|
||||
}
|
||||
},
|
||||
"root": "root",
|
||||
|
|
35
flake.nix
35
flake.nix
|
@ -1,13 +1,5 @@
|
|||
{
|
||||
inputs = {
|
||||
naersk = {
|
||||
url = "github:nmattia/naersk/master";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
mozillapkgs = {
|
||||
url = "github:mozilla/nixpkgs-mozilla";
|
||||
flake = false;
|
||||
};
|
||||
nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
|
||||
flake-utils.url = "github:numtide/flake-utils";
|
||||
flake-compat = {
|
||||
|
@ -16,27 +8,19 @@
|
|||
};
|
||||
};
|
||||
|
||||
outputs = { self, naersk, mozillapkgs, nixpkgs, flake-utils, ... }:
|
||||
outputs = { self, nixpkgs, flake-utils, ... }:
|
||||
flake-utils.lib.eachDefaultSystem (system:
|
||||
let
|
||||
pkgs = import nixpkgs { inherit system; };
|
||||
|
||||
mozilla = pkgs.callPackage (mozillapkgs + "/package-set.nix") { };
|
||||
rustNightly = (mozilla.rustChannelOf {
|
||||
date = "2021-03-29";
|
||||
channel = "nightly";
|
||||
sha256 = "sha256-Y94CnslybZgiZlNVV6Cg0TUPV2OeDXakPev1kqdt9Kk=";
|
||||
}).rust;
|
||||
|
||||
naersk-lib = pkgs.callPackage naersk {
|
||||
cargo = rustNightly;
|
||||
rustc = rustNightly;
|
||||
};
|
||||
in
|
||||
{
|
||||
defaultPackage = naersk-lib.buildPackage {
|
||||
src = ./.;
|
||||
defaultPackage = pkgs.rustPlatform.buildRustPackage {
|
||||
pname = "lohr";
|
||||
version = "0.4.5";
|
||||
|
||||
src = ./.;
|
||||
|
||||
cargoHash = "sha256-hext0S0o9D9pN9epzXtD5dwAYMPCLpBBOBT4FX0mTMk=";
|
||||
|
||||
meta = with pkgs.lib; {
|
||||
description = "A Git mirroring tool";
|
||||
|
@ -52,11 +36,14 @@
|
|||
|
||||
devShell = pkgs.mkShell {
|
||||
buildInputs = with pkgs; [
|
||||
cargo
|
||||
clippy
|
||||
nixpkgs-fmt
|
||||
pre-commit
|
||||
rustPackages.clippy
|
||||
rustNightly
|
||||
rustc
|
||||
rustfmt
|
||||
rust-analyzer
|
||||
];
|
||||
|
||||
RUST_SRC_PATH = pkgs.rustPlatform.rustLibSrc;
|
||||
|
|
|
@ -1 +0,0 @@
|
|||
nightly
|
|
@ -0,0 +1,2 @@
|
|||
[toolchain]
|
||||
channel = "stable"
|
|
@ -2,9 +2,8 @@ use serde::Deserialize;
|
|||
|
||||
#[derive(Clone, Deserialize)]
|
||||
pub(crate) struct Repository {
|
||||
pub(crate) name: String,
|
||||
pub(crate) full_name: String,
|
||||
pub(crate) clone_url: String,
|
||||
pub(crate) ssh_url: String,
|
||||
}
|
||||
|
||||
#[derive(Deserialize)]
|
||||
|
|
|
@ -38,7 +38,7 @@ impl Job {
|
|||
let output = Command::new("git")
|
||||
.arg("clone")
|
||||
.arg("--mirror")
|
||||
.arg(&self.repo.clone_url)
|
||||
.arg(&self.repo.ssh_url)
|
||||
.arg(format!("{}", self.local_path.as_ref().unwrap().display()))
|
||||
.output()?;
|
||||
|
||||
|
|
18
src/main.rs
18
src/main.rs
|
@ -1,5 +1,3 @@
|
|||
#![feature(proc_macro_hygiene, decl_macro)]
|
||||
|
||||
use std::env;
|
||||
use std::fs::File;
|
||||
use std::path::{Path, PathBuf};
|
||||
|
@ -10,7 +8,7 @@ use std::sync::{
|
|||
use std::thread;
|
||||
|
||||
use anyhow::Context;
|
||||
use clap::{App, Arg};
|
||||
use clap::{crate_version, App, Arg};
|
||||
use log::{error, info};
|
||||
use rocket::{http::Status, post, routes, State};
|
||||
|
||||
|
@ -32,8 +30,8 @@ struct Secret(String);
|
|||
#[post("/", data = "<payload>")]
|
||||
fn gitea_webhook(
|
||||
payload: SignedJson<GiteaWebHook>,
|
||||
sender: State<JobSender>,
|
||||
config: State<GlobalSettings>,
|
||||
sender: &State<JobSender>,
|
||||
config: &State<GlobalSettings>,
|
||||
) -> Status {
|
||||
if config
|
||||
.blacklist
|
||||
|
@ -92,9 +90,10 @@ fn parse_config(home: &Path, flags: &clap::ArgMatches) -> anyhow::Result<GlobalS
|
|||
serde_yaml::from_reader(file).context("could not parse configuration file")
|
||||
}
|
||||
|
||||
fn main() -> anyhow::Result<()> {
|
||||
#[rocket::main]
|
||||
async fn main() -> anyhow::Result<()> {
|
||||
let matches = App::new("lohr")
|
||||
.version("0.3.2")
|
||||
.version(crate_version!())
|
||||
.about("Git mirroring daemon")
|
||||
.arg(
|
||||
Arg::with_name("config")
|
||||
|
@ -122,12 +121,13 @@ fn main() -> anyhow::Result<()> {
|
|||
repo_updater(receiver, homedir, config);
|
||||
});
|
||||
|
||||
rocket::ignite()
|
||||
rocket::build()
|
||||
.mount("/", routes![gitea_webhook])
|
||||
.manage(JobSender(Mutex::new(sender)))
|
||||
.manage(Secret(secret))
|
||||
.manage(config_state)
|
||||
.launch();
|
||||
.launch()
|
||||
.await?;
|
||||
|
||||
Ok(())
|
||||
}
|
||||
|
|
|
@ -1,20 +1,17 @@
|
|||
use std::{
|
||||
io::Read,
|
||||
io,
|
||||
ops::{Deref, DerefMut},
|
||||
};
|
||||
|
||||
use rocket::{
|
||||
data::{FromData, Outcome},
|
||||
data::{ByteUnit, FromData, Outcome},
|
||||
http::ContentType,
|
||||
State,
|
||||
};
|
||||
use rocket::{
|
||||
data::{Transform, Transformed},
|
||||
http::Status,
|
||||
};
|
||||
use rocket::{http::Status, request::local_cache};
|
||||
use rocket::{Data, Request};
|
||||
|
||||
use anyhow::anyhow;
|
||||
use anyhow::{anyhow, Context};
|
||||
use serde::Deserialize;
|
||||
|
||||
use crate::Secret;
|
||||
|
@ -53,70 +50,65 @@ impl<T> DerefMut for SignedJson<T> {
|
|||
}
|
||||
}
|
||||
|
||||
const LIMIT: u64 = 1 << 20;
|
||||
const LIMIT: ByteUnit = ByteUnit::Mebibyte(1);
|
||||
|
||||
impl<'r, T: Deserialize<'r>> SignedJson<T> {
|
||||
fn from_str(s: &'r str) -> anyhow::Result<Self> {
|
||||
serde_json::from_str(s)
|
||||
.map(SignedJson)
|
||||
.context("could not parse json")
|
||||
}
|
||||
}
|
||||
|
||||
// This is a one to one implementation of request_contrib::Json's FromData, but with HMAC
|
||||
// validation.
|
||||
//
|
||||
// Tracking issue for chaining Data guards to avoid this:
|
||||
// https://github.com/SergioBenitez/Rocket/issues/775
|
||||
impl<'a, T> FromData<'a> for SignedJson<T>
|
||||
#[rocket::async_trait]
|
||||
impl<'r, T> FromData<'r> for SignedJson<T>
|
||||
where
|
||||
T: Deserialize<'a>,
|
||||
T: Deserialize<'r>,
|
||||
{
|
||||
type Error = anyhow::Error;
|
||||
type Owned = String;
|
||||
type Borrowed = str;
|
||||
|
||||
fn transform(
|
||||
request: &Request,
|
||||
data: Data,
|
||||
) -> rocket::data::Transform<Outcome<Self::Owned, Self::Error>> {
|
||||
let size_limit = request.limits().get("json").unwrap_or(LIMIT);
|
||||
let mut s = String::with_capacity(512);
|
||||
match data.open().take(size_limit).read_to_string(&mut s) {
|
||||
Ok(_) => Transform::Borrowed(Outcome::Success(s)),
|
||||
Err(e) => Transform::Borrowed(Outcome::Failure((
|
||||
Status::BadRequest,
|
||||
anyhow!("couldn't read json: {}", e),
|
||||
))),
|
||||
}
|
||||
}
|
||||
|
||||
fn from_data(request: &Request, o: Transformed<'a, Self>) -> Outcome<Self, Self::Error> {
|
||||
async fn from_data(request: &'r Request<'_>, data: Data<'r>) -> Outcome<'r, Self> {
|
||||
let json_ct = ContentType::new("application", "json");
|
||||
if request.content_type() != Some(&json_ct) {
|
||||
return Outcome::Failure((Status::BadRequest, anyhow!("wrong content type")));
|
||||
return Outcome::Error((Status::BadRequest, anyhow!("wrong content type")));
|
||||
}
|
||||
|
||||
let signatures = request.headers().get(X_GITEA_SIGNATURE).collect::<Vec<_>>();
|
||||
if signatures.len() != 1 {
|
||||
return Outcome::Failure((
|
||||
return Outcome::Error((
|
||||
Status::BadRequest,
|
||||
anyhow!("request header needs exactly one signature"),
|
||||
));
|
||||
}
|
||||
|
||||
let signature = signatures[0];
|
||||
|
||||
let content = o.borrowed()?;
|
||||
|
||||
let secret = request.guard::<State<Secret>>().unwrap();
|
||||
|
||||
if !validate_signature(&secret.0, &signature, content) {
|
||||
return Outcome::Failure((Status::BadRequest, anyhow!("couldn't verify signature")));
|
||||
}
|
||||
|
||||
let content = match serde_json::from_str(content) {
|
||||
Ok(content) => content,
|
||||
Err(e) => {
|
||||
return Outcome::Failure((
|
||||
Status::BadRequest,
|
||||
anyhow!("couldn't parse json: {}", e),
|
||||
))
|
||||
let size_limit = request.limits().get("json").unwrap_or(LIMIT);
|
||||
let content = match data.open(size_limit).into_string().await {
|
||||
Ok(s) if s.is_complete() => s.into_inner(),
|
||||
Ok(_) => {
|
||||
let eof = io::ErrorKind::UnexpectedEof;
|
||||
return Outcome::Error((
|
||||
Status::PayloadTooLarge,
|
||||
io::Error::new(eof, "data limit exceeded").into(),
|
||||
));
|
||||
}
|
||||
Err(e) => return Outcome::Error((Status::BadRequest, e.into())),
|
||||
};
|
||||
|
||||
Outcome::Success(SignedJson(content))
|
||||
let signature = signatures[0];
|
||||
let secret = request.guard::<&State<Secret>>().await.unwrap();
|
||||
|
||||
if !validate_signature(&secret.0, signature, &content) {
|
||||
return Outcome::Error((Status::BadRequest, anyhow!("couldn't verify signature")));
|
||||
}
|
||||
|
||||
match Self::from_str(local_cache!(request, content)) {
|
||||
Ok(content) => Outcome::Success(content),
|
||||
Err(e) => Outcome::Error((Status::BadRequest, e)),
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue