Compare commits

..

5 Commits

26 changed files with 93 additions and 6692 deletions

View File

@ -1,73 +0,0 @@
# Alpine Initramfs Dropbear
This script took a huge references from:
* [https://github.com/Deeplerg/fork-alpine-initramfs-dropbear](https://github.com/Deeplerg/fork-alpine-initramfs-dropbear)
* [https://github.com/mk-f/alpine-initramfs-dropbear](https://github.com/mk-f/alpine-initramfs-dropbear)
* [https://gitlab.alpinelinux.org/alpine/mkinitfs/-/blob/master/initramfs-init.in](https://gitlab.alpinelinux.org/alpine/mkinitfs/-/blob/master/initramfs-init.in)
This script is modified from [alpine/mkinitfs - initramfs-init.in](https://gitlab.alpinelinux.org/alpine/mkinitfs/-/blob/master/initramfs-init.in)
significant changes:
* Add dropbear
* After unlocked, kill all remainings dropbear and nlplug-findfs process, so no struck process reached the system.
* optional support IPv6 unlock
## Fileinfo:
`alpine-initramfs-base` : normal alpine initramfs file which the code is based on
`initramfs-dropbear` : normal dropbear version
`initramfs-dropbear-ipv6`: dropbear with IPv6 support
`*.patch` : patch file version of the code
## Install
Please install `dropbear` before continuing
1. copy `dropbear/unlock_disk` to `/etc/dropbear/unlock_disk`
* Also Make sure `/etc/dropbear/unlock_disk` is executable! else dropbear will exit with "failed child"W
2. copy `authorized_keys` to `/etc/dropbear/authorized_keys`
3. copy `features.d` to /`etc/mkinitfs/features.d`
* If using IPv6 mode, don't forget to also include `features.d` from `alpine-initramfs-ipv6` folder.
Note:
* if you're using Deeplerg/mk-f scripts before don't forget to change `unlock_disk` as i modified that one too.
* If you're using `grub` make sure to install `syslinux` and possibly checkout `/etc/default/grub` and commented CMDLINE that's conflicted with `update-extlinux` like `GRUB_CMDLINE_LINUX_DEFAULT` and `default_kernel_opts` after that `grub-mkconfig -o /boot/grub/grub.cfg`
### /etc/mkinitfs.conf
```
features="ata base ide scsi usb virtio ext4 cryptsetup keymap dropbear network"
```
* features+= `dropbear` `network`
* add `ip` if using in ipv6 mode
### /etc/update-extlinux.conf
```
modules=sd-mod,usb-storage,ext4,ata_piix,virtio_net,e1000e,virtio_pci
```
* if network is not working (/sys/class/net/*/address not found etc.) try adding `e1000e` or `virtio_net` `virtio_pci`
```
default_kernel_opts="cryptroot=UUID=xxx cryptdm=root quiet rootfstype=ext4 dropbear=<dropbear_port> ip=<ip> ip6=<ip6>"
```
* ip= can be both static and dhcp(if supported) `ip=<ip>::<gw>:<mask>::<interface>` `ip=dhcp`
* ip6= only static is supported `ip6=client-ip/gateway-ip/interface/dns1/dns2`
* `ip` and `ip6` is not compatible with each others! only use one.
```
update-extlinux
```
```
mkinitfs -i path/to/initramfs-dropbear <Kernel Version(from /lib/modules) incase in emergency CD>
```

File diff suppressed because it is too large Load Diff

View File

@ -1,29 +0,0 @@
#!/bin/sh
set -- $(cat /proc/cmdline)
for opt; do
case "$opt" in
cryptroot=*)
KOPT_cryptroot=${opt#cryptroot=}
continue
;;
cryptdm=*)
KOPT_cryptdm=${opt#cryptdm=}
continue
;;
root=*)
KOPT_root=${opt#root=}
continue
;;
esac
done
while [ ! -b /dev/mapper/${KOPT_cryptdm} ]; do
/sbin/nlplug-findfs -c ${KOPT_cryptroot} -m ${KOPT_cryptdm} ${KOPT_debug_init:+-d} -p /sbin/mdev ${KOPT_root}
sleep 2
done
# Kill all struck nlplug-findfs jobs and dropbear
killall -9 nlplug-findfs
killall -9 dropbear

View File

@ -1,3 +0,0 @@
/usr/sbin/dropbear
/sbin/cryptsetup
/etc/dropbear/*

View File

@ -1,3 +0,0 @@
kernel/crypto/*
kernel/arch/*/crypto/*
kernel/drivers/md/dm-crypt.ko

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

View File

@ -1,40 +0,0 @@
325a326,340
> setup_dropbear() {
> local port="${KOPT_dropbear}"
> local keys=""
>
> # set the unlock_disc script as shell for root
> sed -i 's|\(root:x:0:0:root:/root:\).*$|\1/etc/dropbear/unlock_disk|' /etc/passwd
> echo '/etc/dropbear/unlock_disk' > /etc/shells
>
> # transfer authorized_keys
> mkdir /root/.ssh
> cp /etc/dropbear/authorized_keys /root/.ssh/authorized_keys
>
> dropbear -R -E -s -j -k -p $port
> }
>
513a529
> dropbear
642c658,666
< if [ -n "$KOPT_cryptroot" ]; then
---
> if [ -n "$KOPT_dropbear" ]; then
> if [ -n "$KOPT_cryptroot" ]; then
> configure_ip
> setup_dropbear
> fi
> fi
>
> # Add Workaround for dropbear
> if [ -n "$KOPT_cryptroot" ] && [ ! -b /dev/mapper/"${KOPT_cryptdm}" ]; then
706a731,734
> # Kill all struck nlplug-findfs jobs and dropbear
> killall -9 nlplug-findfs
> killall -9 dropbear
>
789a818,821
>
> # Kill all struck nlplug-findfs jobs and dropbear
> killall -9 nlplug-findfs
> killall -9 dropbear

View File

@ -1,16 +0,0 @@
# alpine-initramfs-ipv6
This add ipv6 support for alpine initramfs.
# /etc/mkinitfs/mkinitfs.conf
```
features+= ip
```
* copy `features.d` `/etc/mkinitfs/features.d`
# /etc/update-extlinux.conf
```
ip6=client-ip/gateway-ip/interface/dns/dns
```

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

View File

@ -1,82 +0,0 @@
271a272,350
> # configure ipv6 on initramfs
> # Valid syntaxes:
> # ip6=client-ip/gateway-ip/interface/dns1/dns2
> #
> configure_ip6() {
> [ -n "$MAC_ADDRESS" ] && return
>
> $MOCK modprobe -a ipv6
>
> local IFS='/'
> # shellcheck disable=SC2086
> set -- ${KOPT_ip6}
> unset IFS
>
> local client6_ip="$1"
> local gw6_ip="$2"
> local iface="$3"
> local dns1="$4"
> local dns2="$5"
>
> if [ -e "$ROOT"/etc/mactab ]; then
> $MOCK nameif -s
> fi
>
> if [ -z "$iface" ] && [ -n "$KOPT_BOOTIF" ]; then
> mac=$(printf "%s\n" "$KOPT_BOOTIF"|sed 's/^01-//;s/-/:/g')
> iface=$(grep -l "$mac" "$ROOT"/sys/class/net/*/address | awk -F/ '{print $(NF-1); exit}')
> fi
>
> # Bring interface up
> if [ -n "$iface" ]; then
> $MOCK ip link set dev "$iface" up
> sleep 3 # wait for interface to fully up.
> fi
>
> if [ -z "$iface" ]; then
> # shellcheck disable=SC2046
> set -- $(ethernets)
> for i in "$@"; do
> $MOCK ip link set dev "$i" up
> done
> iface=$(find_first_interface_up "$@") || iface="$1"
>
> # we will use the found interface later so lets keep it up
> for i in "$@"; do
> if [ "$i" != "$iface" ]; then
> $MOCK ip link set dev "$i" down
> fi
> done
> fi
>
> if [ -z "$iface" ]; then
> echo "ERROR: IP requested but no network interface was found"
> return 1
> fi
>
> if [ -z "$client6_ip" ] && [ -z "$netmask" ]; then
> return
> fi
> ebegin "Setting IP ($iface)"
>
> if ip -6 addr add $client6_ip dev $iface; then
> # this is definitely not required by all ipv6 implementation
> # but it's better to keep things working for all deployment possible
> #
> # metric is mandatory!
> [ -z "$gw6_ip" ] || ip -6 route add "$gw6_ip" dev $iface metric 256
> [ -z "$gw6_ip" ] || ip -6 route add ::0/0 via "$gw6_ip" dev "$iface" metric 128
> fi
> eend $?
>
> # Never executes if variables are empty
> for i in $dns1 $dns2; do
> echo "nameserver $i" >> /etc/resolv.conf
> done
>
> MAC_ADDRESS=$(cat "$ROOT/sys/class/net/$iface/address")
> }
>
513a593
> ip6

View File

@ -1 +0,0 @@
/sbin/ip

View File

@ -1,2 +0,0 @@
kernel/net/ipv4
kernel/net/ipv6

File diff suppressed because it is too large Load Diff

View File

@ -1,32 +0,0 @@
#!/sbin/openrc-run
supervisor=supervise-daemon
name=gitea
command="/usr/bin/gitea"
command_user="${GITEA_USER:-gitea}"
command_args="web --config '${GITEA_CONF:-/etc/gitea/app.ini}'"
supervise_daemon_args="--env GITEA_WORK_DIR='${GITEA_WORK_DIR:-/var/lib/gitea}' --chdir '${GITEA_WORK_DIR:-/var/lib/gitea}' --stdout '${GITEA_LOG_FILE:-/var/log/gitea/http.log}' --stderr '${GITEA_LOG_FILE:-/var/log/gitea/http.log}'"
pidfile="/run/gitea.pid"
extra_started_commands="reopen_log"
capabilities="^cap_net_bind_service"
depend() {
use logger dns
need net
after firewall mysql postgresql
}
#https://github.com/go-gitea/gitea/issues/17976
#reload() {
# ebegin "Reloading ${RC_SVCNAME}"
# ${supervisor} ${RC_SVCNAME} --signal HUP --pidfile "${pidfile}"
# eend $?
#}
reopen_log() {
ebegin "Reopening logfile for ${RC_SVCNAME}"
${supervisor} ${RC_SVCNAME} --signal USR1 --pidfile "${pidfile}"
eend $?
}
# Taken from https://gitlab.alpinelinux.org/alpine/aports/-/blob/master/community/gitea/gitea.initd

View File

@ -15,63 +15,21 @@ curl -L https://github.com/minoplhy/scriptbox/raw/main/build_gitea/Linux/build.s
```bash
while [ ${#} -gt 0 ]; do
case "$1" in
--git-tag | -v)
--git-tag | -v)
shift
GITEA_GIT_TAG=$1
;; # Gitea Git Tag
--golang-version | -g)
--golang-version | -g)
shift
GO_VERSION=$1
GO_VERSION=$1
;; # GOLANG Version
--nodejs-version | -n)
--nodejs-version | -n)
shift
NODEJS_VERSION=$1
NODEJS_VERSION=$1
;; # NodeJS Version
--static | -s)
BUILD_STATIC=true
;; # Also Build Static Assets file
--type=* )
BUILD_TYPE="${1#*=}"
BUILD_TYPE="${BUILD_TYPE,,}"
case $BUILD_TYPE in
"gitea") BUILD_TYPE="gitea" ;;
"forgejo") BUILD_TYPE="forgejo" ;;
"")
echo "ERROR : --type= is empty!"
exit 1
;;
*)
echo "ERROR : Vaild values for --type are -> gitea, forgejo"
exit 1
;;
esac
;;
--patch=* )
PATCH_FILES="${1#*=}"
case $PATCH_FILES in
"")
echo "ERROR: --patch= is empty!"
exit 1
;;
*)
;;
esac # Add Patches to your Gitea build. Format -> patch1.patch or patch1.patch,https://patch (Absolute path)
;;
--build-arch=* )
BUILD_ARCH="${1#*=}"
case $BUILD_ARCH in
"x86_64") BUILD_ARCH="x86_64" ;;
"aarch64") BUILD_ARCH="aarch64" ;;
"")
echo "ERROR : --build-arch= is empty!"
exit 1
;;
*)
echo "ERROR : Vaild values for --build-arch are -> x86_64, aarch64"
exit 1
;;
esac # Architect for your binary to be build. This is for Cross-compiling etc.
;;
--static | -s)
BUILD_STATIC=true
;; # Build as Static Assets file
*)
;;
esac
@ -81,5 +39,4 @@ done
# Known Issues
- For Alpine Linux: to get `npm` installation working, please ensure community package is enable in `/etc/apk/repositories`
- This script required root privileges because of dependencies installation, which is hard to avoid.

View File

@ -1,94 +0,0 @@
#!/bin/bash
# Veracrypt Cryptsetup script.
#
# Mount Veracrypt drive using cryptsetup
# Currently, only working as promting script, CLI style is not Yet supported.
mount(){
${SUDOERS} cryptsetup --type tcrypt --veracrypt open /dev/$drive $container_name
if [ -e "/dev/mapper/$container_name" ]; then
${SUDOERS} mkdir -p "/mnt/$container_name"
printf "Directory /mnt/%s created.\n" $container_name
else
printf "Device /dev/mapper/%s does not exist.\n" $container_name
exit 1
fi
${SUDOERS} mount ${MOUNT_PARAMETERS[@]} /dev/mapper/$container_name /mnt/$container_name
}
unmount(){
${SUDOERS} umount /mnt/$container_name
if [ -e "/dev/mapper/$container_name" ]; then
DIRECTORY_CLEANUP=true
else
printf "Device /dev/mapper/%s does not exist.\n" $container_name
exit 1
fi
${SUDOERS} cryptsetup close /dev/mapper/$container_name
if [[ "$DIRECTORY_CLEANUP" == true ]]; then
${SUDOERS} rmdir /mnt/$container_name
fi
}
prompting() {
MODE=$1
printf "Available Disks:\n%s\n\nChoose: " "$DISKS"
read drive
printf "\nSelect Container Name: "
read container_name
MOUNT_PARAMETERS+="-o "
case $MODE in
"mount") mount_parameters_prompt && mount;;
"unmount") unmount;;
esac
}
mount_parameters_prompt() {
printf "Mounting with Permission?\n"
printf "000 - umask 000\nuser/<username> - owner of this device\n"
read mount_parameters_ask
case $mount_parameters_ask in
"000") MOUNT_PARAMETERS+="umask=000" ;;
user/*)
local user="${mount_parameters_ask#user/}"
local user_uid=$(id -u "$user" 2>/dev/null)
local group_uid=$(id -g "$user" 2>/dev/null)
if [ $? -eq 0 ] && [ -n "$user_uid" ] && [ -n "$group_uid" ]; then
# mount with owner,group and umask is owner r/w/e only
MOUNT_PARAMETERS+="gid=$user_uid,uid=$group_uid,umask=077"
else
printf "User id for %s not found!\n" $user
mount_parameters_prompt
fi ;;
*) mount_parameters_prompt ;;
esac
}
if sudo --validate; then
SUDOERS=sudo
else
SUDOERS=""
fi
DISKS=$(lsblk -n -o NAME,SIZE,TYPE)
MOUNT_PARAMETERS=()
printf "NOTICE! This script is intended to work with Veracrypt drives in linux only!\n"
printf "Mode: mount/unmount -> "
read MODE
MODE="${MODE,,}"
case $MODE in
"mount") prompting "mount";;
"unmount"|"umount") prompting "unmount";;
esac

View File

@ -1,7 +0,0 @@
# Gitea Patches
`gitea-v1.22.3-activitypub.patch` Security/Privacy improvement for Gitea and Forgejo(the patch is focused on Gitea but should've work on forgejo too!). Return a fake 404 Page when user visiblity is either "private" or "limited"
`gitea-v1.22.3-no-contributorStats.patch` Gitea's Activity: "Recent Commit" "Code Frequency" "Contributors" is a resource-intensive tasks. This could turn small device into flames! This patch is remove 'ContributorStats'.
`gitea-v1.22.3-no-contributorStats-all.patch` same as above, But this patch also remove paths from web.go and templates

View File

@ -1,27 +0,0 @@
diff --git a/routers/api/v1/activitypub/person.go b/routers/api/v1/activitypub/person.go
index 995a148f0b..10043fcbe1 100644
--- a/routers/api/v1/activitypub/person.go
+++ b/routers/api/v1/activitypub/person.go
@@ -8,6 +8,7 @@ import (
"net/http"
"strings"
+ user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/modules/activitypub"
"code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/setting"
@@ -36,6 +37,14 @@ func Person(ctx *context.APIContext) {
// TODO: the setting.AppURL during the test doesn't follow the definition: "It always has a '/' suffix"
link := fmt.Sprintf("%s/api/v1/activitypub/user-id/%d", strings.TrimSuffix(setting.AppURL, "/"), ctx.ContextUser.ID)
+
+ // Fake 404 Error when user visiblity is private/limited
+ if ctx.ContextUser.Visibility.IsPrivate() || ctx.ContextUser.Visibility.IsLimited() {
+ // ctx.Error(status, title, obj)
+ ctx.Error(http.StatusNotFound, "", user_model.ErrUserNotExist{UID: ctx.ContextUser.ID}.Error())
+ return
+ }
+
person := ap.PersonNew(ap.IRI(link))
person.Name = ap.NaturalLanguageValuesNew()

File diff suppressed because it is too large Load Diff

View File

@ -1,23 +0,0 @@
diff --git a/routers/web/web.go b/routers/web/web.go
index bd2da620e2..733f84cd3f 100644
--- a/routers/web/web.go
+++ b/routers/web/web.go
@@ -1436,18 +1436,6 @@ func registerRoutes(m *web.Route) {
m.Group("/{username}/{reponame}/activity", func() {
m.Get("", repo.Activity)
m.Get("/{period}", repo.Activity)
- m.Group("/contributors", func() {
- m.Get("", repo.Contributors)
- m.Get("/data", repo.ContributorsData)
- })
- m.Group("/code-frequency", func() {
- m.Get("", repo.CodeFrequency)
- m.Get("/data", repo.CodeFrequencyData)
- })
- m.Group("/recent-commits", func() {
- m.Get("", repo.RecentCommits)
- m.Get("/data", repo.RecentCommitsData)
- })
},
ignSignIn, context.RepoAssignment, context.RequireRepoReaderOr(unit.TypePullRequests, unit.TypeIssues, unit.TypeReleases),
context.RepoRef(), repo.MustBeNotEmpty,

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff