summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2018-09-24libpiny: Piny::Repo: Restrict iwiwiki srcdirsJoe Rayhawk1-0/+2
We would optimally like Ikiwiki source directories to be at least as restrictive as the git repositories they came from. For now, maximal restriction seems like a perfectly fine way to achieve this.
2018-09-24libpiny: Piny::Repo: chmod and chgrp snowflakesJoe Rayhawk1-4/+4
The snowflakes directory has mutable files such as packed-refs that need to be group writable.
2018-09-24libpiny: Piny::Repo: Symlink files out of rootJoe Rayhawk1-0/+14
Due to insecurities surrounding core.hooksPath and git's insistence upon locking files it doesn't even intend to update, it's necessary to symbolicly link several files into their own namespaces. We specifically do this with HEAD and packed refs, but there might eventually be others to worry about.
2018-09-23pinyshell: use zsh and restrict read builtinJoe Rayhawk4-2/+7
Along with rbash careening towards crazytown, rksh has some problematic behavior around HISTFILE creation that forces us to use zsh. We are additionally disabling the "read" builtin for extra safety. Other builtins should maybe also be disabled in the future.
2018-09-22Repo.pm: Migrate to new PAM and unixgroup modulesJoe Rayhawk2-9/+8
Apache 2.2->2.4 upgrade changed module names and configuration directives for various PAM authentication features; with this patch we can successfully autogenerate those.
2018-01-21Piny::Repo: Initial read-only repository support.Joe Rayhawk1-3/+8
Not all systems want us to manage git repositories: we can still provide ikiwiki/apache support for existing read-only repositories. This would probably be better done with some sort of configuration variable, but a simple access() W_OK writability check will have to do for now.
2015-07-02pinyweb: newuser.cgi: fix recaptcha logicJoe Rayhawk1-21/+20
2014-12-15docs/install_notes.txt: add libcaptcha-recaptcha-perlJoe Rayhawk1-1/+1
2014-12-15pinyweb/debian/control: add libcaptcha-recaptcha-perlJoe Rayhawk1-1/+1
2014-12-15pinyweb: newuser.cgi: add recaptcha supportjrayhawk+piny.be@omgwallhack.org1-0/+22
2014-10-29install notes: adding ksh to list of package dependenciesJoe Rayhawk1-1/+1
2014-10-29pinyadmin: bash -r -> ksh -r because the bash people apparently like to ↵Joe Rayhawk5-5/+5
deprecate security features without bothering to tell anyone
2014-05-26install notes: the git binary should not be hereJoe Rayhawk1-1/+0
2014-03-16Default ikiwiki.setup: remove "Preferences" link.Joe Rayhawk1-0/+1
2014-03-16Merge remote-tracking branch 'origin/master'Joe Rayhawk2-4/+13
2014-03-16Repo.pm: whoops, wrong objectJoe Rayhawk1-1/+1
2014-03-16libpiny.key should be owned by www-data, not shadowJoe Rayhawk1-1/+1
2013-04-12libpiny: whoops, missed apachereload check on destroy_apachejrayhawk+piny.be@omgwallhack.org1-1/+3
2013-04-12libpiny: renaming reloadapache to apachereloadjrayhawk+piny.be@omgwallhack.org2-2/+2
2013-04-12libpiny: add piny.reloadapache configuration variablejrayhawk+piny.be@omgwallhack.org2-1/+4
2013-04-12libpiny: further corrections to piny.gitpathjrayhawk+piny.be@omgwallhack.org1-3/+7
2013-04-12libpiny: making git path configurable (default: /srv/git)Joe Rayhawk3-4/+6
2013-01-09ugh fine i guess my bugfix should actually fix a bugJulian Blake Kongslie1-3/+5
2013-01-09When setting description with pinyconfig, we need to verify differently.Julian Blake Kongslie1-1/+4
2013-01-09Completely untested support in pinyconfig for repo description.Julian Blake Kongslie1-2/+14
2013-01-03pinyadmin: new lsusers commandJoe Rayhawk1-0/+39
2012-09-14Piny::Repo: do not rely on trailing slashes in user-configurable ikiwikisrcdirJoe Rayhawk1-1/+1
2012-09-12docs: user facing infrastructure: updatesJoe Rayhawk1-7/+7
2012-08-30pinyconfig: FIXME for rebuild-on-unchanged-valuejrayhawk+piny.be@omgwallhack.org1-1/+1
2012-08-30pinyconfig: explicitly declare short optsjrayhawk+piny.be@omgwallhack.org1-3/+3
Getopt::Long does not appear to auto_abbrev properly ;\
2012-08-30pinyconfig: actually check for --fastjrayhawk+piny.be@omgwallhack.org1-1/+1
2012-08-30pinyconfig: adding 'rebuild unless told not to' logicjrayhawk+piny.be@omgwallhack.org1-4/+33
2012-08-30Migrate Config::Simple over to Config::GitLikejrayhawk+piny.be@omgwallhack.org3-40/+21
Fixes problems parsing complex option statements, particularly url.<base>.pushInsteadOf
2012-08-30install notes: fix various small oversightsJoe Rayhawk1-6/+6
2012-08-14Piny::Config: add receive.denydeletes to list of tweakablesJoe Rayhawk1-0/+1
2012-06-13Merge branch 'master' of piny.be:/srv/git/piny-codeJoe Rayhawk3-4/+15
2012-06-01pinyadmin: pinyconfig: allow --user to actually set thingsjrayhawk+piny.be@omgwallhack.org1-1/+1
2012-05-01Adding check for UID 0 to pinyadmin commands so root can actually do thingsjrayhawk+piny.be@omgwallhack.org3-4/+15
2012-04-23install notes: libdigest-sha1-perl has been renamed to libdigest-sha-perlJoe Rayhawk1-2/+3
2012-04-11doc: initial install notesJoe Rayhawk1-0/+101
2012-04-11cgit: moving over to new static resources URLJoe Rayhawk2-2/+4
2012-04-11pinyconfigs: apache2: move /srv/www to /srv/http and /srv/httpsJoe Rayhawk1-4/+4
2012-04-11pinyadmin: newrepo: remove extraneous Piny::Repo ikiwiki_rebuild().Joe Rayhawk1-1/+0
2012-04-11pinyadmin: newrepo: use full Piny::Repo rebuild();Joe Rayhawk1-2/+2
This fixes a bug where apache_rebuild was skipped.
2012-04-10libpiny/debian/control: adding alternate package name for Digest::SHA1 in wheezyJoe Rayhawk1-1/+1
2012-03-31pinyconfig: Get rid of piny.svcs.cs.pdx.edu redirect in default configJoe Rayhawk1-5/+0
2012-02-01newpasshash: calling usermod with the correct flag might helpJoe Rayhawk1-1/+1
2012-01-27Initial shot at web-friendly (sadly PAM unfriendly...) password modification.Joe Rayhawk3-0/+58
2012-01-11Piny::Repo: whoops, wrong reference nameJoe Rayhawk1-1/+1
2012-01-11Piny::Repo: Adding support for 0640+searchJoe Rayhawk2-1/+5