Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
50 check-ins by user wyoung occurring around b3b2c1ab916585d0.
|
2022-08-14
| ||
| 19:53 | The chown -R bit added to the Dockerfile touches /jail/bin/fossil, which causes "docker build" to promote it back into a new layer, nearly doubling the container size. Doing a chown now only on two directories, restoring it to its sub-9M size. ... (check-in: 00cc9c3eb1 user: wyoung tags: trunk) | |
| 19:42 | Fossil's chroot feature drops root permissions based on file ownership, but since the container was built with everything-root, its HTTP hit handling children would run as whatever host-side UID/GID pair you used for file ownership. What happened next was complex. If you let the container create the repo internally, it would be owned as root, so it would drop root permissions for…root! This isn't super-bad, since Fossil is presumed secure and is double-jailed besides. The risk is, if anyone works out an RCE for Fossil, they might be able to get it to create raw sockets or do various other types of escapes despite the double-jail dance. Attaching a Docker volume brings external permisssions into the container. We were recommending a "chown 0" command on the shared volume to make it similar to the in-container case, but that opens you to the same risks above. If you ignored this and used host-side UID/GID pairs, Fossil would then be left running under IDs that didn't exist internally, which could cause assorted weirdness. We're now creating an explicit "fossil" user/group pair inside the container and recommending that Docker volumes use these IDs for copied-in files to batten down something that shouldn't've been left flapping. Updated build.wiki to cover all this. ... (check-in: ba21bc0b8f user: wyoung tags: trunk) | |
| 18:48 | Moved the SIGTERM handler up before the "fossil server" HTTP hit handler. We had it clustered with the other signal() calls, but those are to handle signals intended to occur only during CGI processing. This one will normally occur while we're blocked, waiting for the HTTP hit to occur, so it had no useful effect where it was. ... (check-in: d3c55fe024 user: wyoung tags: trunk) | |
| 18:01 | Changed previous to call fossil_exit() instead of exit(3) so we close our databases before dying. ... (check-in: 7c857d2233 user: wyoung tags: trunk) | |
| 17:59 | The parent process now handles SIGTERM with an explicit exit(3) call when its PID is 1, as when it's running as "fossil server" in a Docker container. Without this, the container host's shutdown process takes a long time because it's waiting on PID 1 to die and eventually has to time out and kill it. ... (check-in: 1d09e60739 user: wyoung tags: trunk) | |
| 16:19 | Markup fix ... (check-in: cf1497877a user: wyoung tags: trunk) | |
| 16:18 | Clarified the fact that the "docker cp" command is changing the name of the repository DB file. ... (check-in: f0b15a37fc user: wyoung tags: trunk) | |
| 16:15 | Slight emphasis fix in previous ... (check-in: 1441c2e6d3 user: wyoung tags: trunk) | |
| 16:13 | Edit pass on §5.1 of build.wiki, fixing a number of unclear bits, particularly with regard to images vs containers. ... (check-in: e2b9114b18 user: wyoung tags: trunk) | |
|
2022-08-13
| ||
| 23:39 | Using the preceding --chroot fixes to make the Docker container serve the repo from /jail/museum/repo.fossil rather than from the chroot dir, /jail. This then allows us to mount a Docker volume at /jail/museum, which has an independent persistence from the container proper, so we can now rebuild the container without destroying the presumably precious repo. Updated build.wiki to track this change and document the lessons gleaned from doing all of this. ... (check-in: f76e762fb7 user: wyoung tags: trunk) | |
| 22:15 | Moved the chdir() call within enter_chroot_jail() down below the new repo name canonicalization code to allow use of relative path names. Before, you had to give an absolute path to the repo, since we'd cd'd away from that directory before we started to validate the path. ... (check-in: e94621186f user: wyoung tags: trunk) | |
| 22:14 | Moved the setting of g.fJail flag into the repo = "/" case since it exists only to communicate the chroot status to --repolist mode. (This confirms the speculation in the prior commit's comment: the prior behavior existed to serve repolist mode only.) ... (check-in: 324d232c25 user: wyoung tags: trunk) | |
| 21:21 | Fixed the --chroot flag to "fossil server" and "fossil http" to allow it to work in conjunction with the single-repository case. Before, it blindly assumed --repolist mode. ... (check-in: 6f92ad99d9 user: wyoung tags: trunk) | |
|
2022-08-12
| ||
| 17:01 | Fixed pointless use of interwiki link in the new section 2.2 material of fossil-v-git. ... (check-in: 73c95307c9 user: wyoung tags: trunk) | |
|
2022-08-06
| ||
| 22:13 | Fixed a few stray parens in the new material in the fossil-v-git doc, left behind from a prior edit. ... (check-in: ea13701cbf user: wyoung tags: trunk) | |
| 22:08 | Typo fix ... (check-in: b628a883b1 user: wyoung tags: trunk) | |
| 20:30 | Fixed a problem in image naming in the new Docker container doc in build.wiki [forum:/forumpost/2fd50423377d0f51 | reported on the forum]. ... (check-in: 509447a2d7 user: wyoung tags: trunk) | |
| 19:56 | Did away with the temporary src.tar.gz file in the new Docker container by streaming the output of wget straight into tar's stdin. This cuts the build time by about five seconds, presumably due to the saving from unnecessary file I/O. Also replaced the explicit "cd src" afterward with an out-of-tree build configuration, since it doesn't matter if we clutter the first stage's /tmp dir. ... (check-in: 289c9b501c user: wyoung tags: trunk) | |
| 19:34 | The build docs for "./configure --static" now reference the section further down on Docker, since you may need to use this indirection to get --static to produce something suitable. ... (check-in: 7bfd741355 user: wyoung tags: trunk) | |
| 04:24 | Replaced Jan Nijtman's Dockerfile with a new one that does a 2-stage build. The first stage runs atop Alpine Linux instead of Fedora, reducing the initial build from ~635 MiB to about 16. Rather than stop there, I then made it multi-stage, copying two key static binaries — Fossil and Busybox — over from the first stage into a fresh-from-scratch container and set it up to run the former jailed away from the latter. The result is under 9 MiB, and it's as secure as one can hope, given that it starts up in "PUBLIC" mode. The new build doesn't have all the extra features turned on that the old one did, but it seems right to build the container with Fossil in its default configuration. If you want something else, copy the Dockerfile, hack it, and make it do what you want instead. Having done all this, I replaced the one-off Dockerfile inline in section 5.0 of the build doc with a reference to this new Dockerfile and rewrote the section in terms of the new capabilities. Finally, this lets us brag on how small the container can be, as compared to the Gitlab-CE container. Before, we were comparing a standalone binary to the container, which wan't entirely fair. (The desire to produce such a container was the spark that kicked this project off.) ... (check-in: 77d603c6a1 user: wyoung tags: trunk) | |
|
2022-08-05
| ||
| 12:05 | Assorted improvements to the first few sections of the fossil-v-git doc, mainly in updating them to track changes to world facts and to clarify the presentation. ... (check-in: c7afd68b94 user: wyoung tags: trunk) | |
|
2022-07-18
| ||
| 01:39 | Still moer grammar fixes in fossil-v-git ... (check-in: e28c25e497 user: wyoung tags: trunk) | |
| 01:08 | More grammar fixes ... (check-in: 9f135f2f4c user: wyoung tags: trunk) | |
| 01:07 | Grammar fix to the fossil-v-git doc ... (check-in: f36fb951ee user: wyoung tags: trunk) | |
|
2022-07-17
| ||
| 23:48 | Changed a number of "a" articles followed by vowels in docs and comments to "an", per [forum:/forumpost/3e6e40293f03f089 | a forum post]. ... (check-in: 99a319bdbf user: wyoung tags: trunk) | |
| 23:23 | Mentioned "fnc stash" at the end of the section of gitusers where it talks about alternatives to "git add -p" and such. ... (check-in: b3b2c1ab91 user: wyoung tags: trunk) | |
|
2022-07-11
| ||
| 19:49 | Continued the edit pass on the main body of the gitusers doc, shy of the case studies, mainly doing minor style tweaks. Biggest substantial change is to rewrite the colorized diff section to cover the changes in Fossil 2.17, and to present the alternatives in a more logical order. ... (check-in: c026fb9ad9 user: wyoung tags: trunk) | |
| 18:50 | Fix to the fix. :( ... (check-in: e3f9584e3f user: wyoung tags: trunk) | |
| 18:50 | Fixed a broken internal link in the gitusers doc resulting from moving the museum tree pikchr into the glossary. ... (check-in: 116d8c7583 user: wyoung tags: trunk) | |
|
2022-04-20
| ||
| 14:59 | Rewrote the login-groups doc, making it both more clear and more detailed. This started out as clarifying a confusion brought up [forum:/forumpost/beba7d4e78c943d0 | on the forum], but experimentation kept bringing up new and interesting restrictions and interactions that I felt were worth documenting. ... (check-in: 697cf6fb35 user: wyoung tags: trunk) | |
|
2022-04-11
| ||
| 09:33 | Brought the "Fossil grep vs POSIX grep" doc up to date relative to the [/info/f5f4471323d44a82 | merged grep-enhancements branch]. ... (check-in: caba4b0188 user: wyoung tags: trunk) | |
|
2022-04-10
| ||
| 18:56 | Added the "--page wcontent" bit to the new wiki versioning example in the glossary. ... (check-in: b05a07a9a2 user: wyoung tags: trunk) | |
| 18:53 | Grammar tweaks to previous ... (check-in: ccd5cacc51 user: wyoung tags: trunk) | |
| 18:49 | Added "Embedded Documentation" section to the glossary per larrybr's request in /chat. It's a Fossil-specific term of art. It also gives us a place to contrast with the wiki; that could live in the docs for the wiki or embedded docs instead, but the glossary is where newbies go to get oriented on terms, so the "but which should I use" question falls right out of the terminology. ... (check-in: e583b48a04 user: wyoung tags: trunk) | |
|
2022-03-28
| ||
| 08:34 | Updated a reference to macOS 11 from the backup doc: the condition it warns against is still true as of macOS 12.3. ... (check-in: 1bb4147fd2 user: wyoung tags: trunk) | |
|
2022-02-28
| ||
| 23:32 | Calling db_open() to determine if a given repository is valid rather than a hand-rolled sqlite3_open() call. This then allows us to call db_looks_like_a_repository() to determine if the DB is a valid repo rather than duplicate the checks it already has in another nearby context. This is part of the apndvfs vs normal-case stuff done in prior commits, consolidating the notion of "valid" to a single spot in the code. ... (check-in: 69145d9d99 user: wyoung tags: trunk) | |
| 20:35 | Simplified an overly-clever test for a file size being an even multiple of 512 bytes. Compiler Explorer says GCC 11 generates the same code both ways, at least, and it isn't in a CPU-critical code path anyway. Also added a comment referring to this new, simplified code, to prevent a recurrence of the problem fixed by the prior commit. ... (check-in: c67d54010d user: wyoung tags: trunk) | |
| 19:23 | Reverted a check for the repository size being an even multiple of 512 bytes as a test for validity. Introduced in [/info/bd7f2727ba25912e | an omnibus commit] for obscure reasons, it causes some valid clone operations to fail, as originally reported [forum:/forumpost/16880a28aad1a868 | on the forum]. ... (check-in: 4a2d0e7878 user: wyoung tags: trunk) | |
|
2022-01-16
| ||
| 18:42 | The output of "fossil configuration --help" had two different ways -R was described, one wrong. The newer one was of a more consistent format with the rest of the help ([decd537016 | thus why it was added]) so removed the older one and reworked the newer one to be more accurate. ... (check-in: 6cb0fc2591 user: wyoung tags: trunk) | |
|
2022-01-08
| ||
| 04:58 | Moved the GitHub forking stats down in the fossil-v-git doc to a spot where it fits better. Updated the stats, and tightened up the prose. ... (check-in: c0269e3477 user: wyoung tags: trunk) | |
| 04:19 | Fixed a Markdown-ism in a Fossil wiki doc. ... (check-in: ab48b9da17 user: wyoung tags: trunk) | |
| 04:19 | Made the "scale" issue in fossil-v-git less of a false dichotomy. ... (check-in: 5171e59120 user: wyoung tags: trunk) | |
|
2021-12-22
| ||
| 09:18 | Added more reasons not to use Fossil as a whole-system configuration backup utility in the glossary point about not using Fossil to store files scattered hither-and-yon over a filesystem. ... (check-in: 7994809763 user: wyoung tags: trunk) | |
| 09:14 | A few clarifications to the new glossary. ... (check-in: 78aa439407 user: wyoung tags: trunk) | |
|
2021-12-12
| ||
| 16:18 | The "Summary Line Convention In Commit Comments" section in gitusers.md now covers the related setting under Admin -> Timeline. ... (check-in: c33ffed3eb user: wyoung tags: trunk) | |
| 15:41 | Extracted the glossary to a new document from the old "why use Fossil" doc, expanded it considerably, converted it from Wiki to Markdown, and updated the links to point to its new location. ... (check-in: a58d952fa6 user: wyoung tags: trunk) | |
|
2021-10-07
| ||
| 13:01 | Fixed a copy/paste error in www/sync.wiki per [forum:/forumpost/3fd51c58d0 | an anonymous forum post]. ... (check-in: 3f736de986 user: wyoung tags: trunk) | |
|
2021-09-21
| ||
| 16:42 | Fixed a paren nesting bug that prevented multi-character hashtags from being processed. It would stop at the second character. ... (check-in: e211f1ab42 user: wyoung tags: markdown-tagrefs) | |
| 16:38 | Added '@' and '#' prefixes in spans. Initial commit ate them. ... (check-in: 398cfa0be0 user: wyoung tags: markdown-tagrefs) | |
| 16:19 | Initial implementation of "span data-foo" wrappers around @name and #tag references. Seems functional on a test-markdown-render basis, but the definitions of what counts as a reference and what to do with them still remains to be handled. ... (check-in: 31a607d33c user: wyoung tags: markdown-tagrefs) | |