Update gitea to v1.10.0

1.10 introduces a PASSWORD_COMPLEXITY setting with a default value
of lower,upper,digit,spec - which requires passwords to have an
upper, lower, digit and special character. Our example password does
not have this, so set the PASSWORD_COMPLEXITY setting. We could
alternately leave it at the default and ensure that our passwords
meet the spec.

The sshd_config file is templated now, so we can set the listen port
via env var.

Change-Id: I6e4b595eabb9c6885d78fff1109ea9f602e89ef7
This commit is contained in:
Monty Taylor 2019-10-24 16:33:12 +09:00
parent 9f6df6deaf
commit b3e5f0cab0
6 changed files with 49 additions and 82 deletions

View File

@ -26,7 +26,7 @@ FROM docker.io/library/golang:1.13-buster AS build-env
LABEL maintainer="infra-root@openstack.org" LABEL maintainer="infra-root@openstack.org"
ARG GITEA_VERSION="v1.9.6" ARG GITEA_VERSION="v1.10.0"
ENV TAGS "bindata $TAGS" ENV TAGS "bindata $TAGS"
#Build deps #Build deps
@ -70,8 +70,6 @@ RUN addgroup --system --gid 1000 git \
# Copy the /etc config files and entrypoint script # Copy the /etc config files and entrypoint script
COPY --from=build-env /go/src/code.gitea.io/gitea/docker/root / COPY --from=build-env /go/src/code.gitea.io/gitea/docker/root /
# Copy our custom sshd_config
COPY sshd_config /etc/ssh/sshd_config
# Copy the app # Copy the app
COPY --from=build-env /go/src/code.gitea.io/gitea/gitea /app/gitea/gitea COPY --from=build-env /go/src/code.gitea.io/gitea/gitea /app/gitea/gitea

View File

@ -12,14 +12,14 @@
<div class="divider"> / </div> <div class="divider"> / </div>
<a href="{{$.RepoLink}}">{{.Name}}</a> <a href="{{$.RepoLink}}">{{.Name}}</a>
{{if .IsArchived}}<i class="archive icon archived-icon"></i>{{end}} {{if .IsArchived}}<i class="archive icon archived-icon"></i>{{end}}
{{if .IsMirror}}<div class="fork-flag">{{$.i18n.Tr "repo.mirror_from"}} <a target="_blank" rel="noopener noreferrer" href="{{$.Mirror.Address}}">{{$.Mirror.Address}}</a></div>{{end}} {{if .IsMirror}}<div class="fork-flag">{{$.i18n.Tr "repo.mirror_from"}} <a target="_blank" rel="noopener noreferrer" href="{{MirrorAddress $.Mirror}}">{{MirrorAddress $.Mirror}}</a></div>{{end}}
{{if .IsFork}}<div class="fork-flag">{{$.i18n.Tr "repo.forked_from"}} <a href="{{.BaseRepo.Link}}">{{SubStr .BaseRepo.RelLink 1 -1}}</a></div>{{end}} {{if .IsFork}}<div class="fork-flag">{{$.i18n.Tr "repo.forked_from"}} <a href="{{.BaseRepo.Link}}">{{SubStr .BaseRepo.RelLink 1 -1}}</a></div>{{end}}
</div> </div>
</div><!-- end grid --> </div><!-- end grid -->
</div><!-- end container --> </div><!-- end container -->
{{end}} {{end}}
{{if not .IsDiffCompare}}
<div class="ui tabs container"> <div class="ui tabs container">
{{if not .Repository.IsBeingCreated}}
<div class="ui tabular stackable menu navbar"> <div class="ui tabular stackable menu navbar">
{{if .Permission.CanRead $.UnitTypeCode}} {{if .Permission.CanRead $.UnitTypeCode}}
<a class="{{if .PageIsViewCode}}active{{end}} item" href="{{.RepoLink}}{{if (ne .BranchName .Repository.DefaultBranch)}}/src/{{.BranchNameSubURL | EscapePound}}{{end}}"> <a class="{{if .PageIsViewCode}}active{{end}} item" href="{{.RepoLink}}{{if (ne .BranchName .Repository.DefaultBranch)}}/src/{{.BranchNameSubURL | EscapePound}}{{end}}">
@ -35,7 +35,7 @@
{{if .Permission.CanRead $.UnitTypeExternalTracker}} {{if .Permission.CanRead $.UnitTypeExternalTracker}}
<a class="{{if .PageIsIssueList}}active{{end}} item" href="{{.RepoExternalIssuesLink}}" target="_blank" rel="noopener noreferrer"> <a class="{{if .PageIsIssueList}}active{{end}} item" href="{{.RepoExternalIssuesLink}}" target="_blank" rel="noopener noreferrer">
<i class="octicon octicon-link-external"></i> {{.i18n.Tr "repo.issues"}} <i class="octicon octicon-link-external"></i> {{.i18n.Tr "repo.issues"}} </span>
</a> </a>
{{end}} {{end}}
@ -65,9 +65,7 @@
</div> </div>
{{end}} {{end}}
</div> </div>
</div>
<div class="ui tabs divider"></div>
{{else}}
<div class="ui divider"></div>
{{end}} {{end}}
</div> </div>
<div class="ui tabs divider"></div>
</div>

View File

@ -1,33 +0,0 @@
Port 222
Protocol 2
AddressFamily any
ListenAddress 0.0.0.0
ListenAddress ::
LogLevel INFO
HostKey /data/ssh/ssh_host_ed25519_key
HostKey /data/ssh/ssh_host_rsa_key
HostKey /data/ssh/ssh_host_dsa_key
HostKey /data/ssh/ssh_host_ecdsa_key
AuthorizedKeysFile .ssh/authorized_keys
UseDNS no
AllowAgentForwarding no
AllowTcpForwarding no
PrintMotd no
PermitUserEnvironment yes
PermitRootLogin no
ChallengeResponseAuthentication no
PasswordAuthentication no
PermitEmptyPasswords no
AllowUsers git
Banner none
Subsystem sftp /usr/lib/ssh/sftp-server
AcceptEnv GIT_PROTOCOL

View File

@ -86,6 +86,7 @@
email: "gerrit@review.opendev.org" email: "gerrit@review.opendev.org"
full_name: Gerrit full_name: Gerrit
login_name: gerrit login_name: gerrit
must_change_password: false
password: "{{ gitea_gerrit_password }}" password: "{{ gitea_gerrit_password }}"
send_notify: false send_notify: false
source_id: 0 source_id: 0

View File

@ -56,6 +56,7 @@ LEVEL = Info
INSTALL_LOCK = true INSTALL_LOCK = true
SECRET_KEY = {{ gitea_secret_key }} SECRET_KEY = {{ gitea_secret_key }}
INTERNAL_TOKEN = {{ gitea_internal_token }} INTERNAL_TOKEN = {{ gitea_internal_token }}
PASSWORD_COMPLEXITY = lower,upper,digit
[service] [service]
DISABLE_REGISTRATION = true DISABLE_REGISTRATION = true

View File

@ -35,6 +35,8 @@ services:
gitea-ssh: gitea-ssh:
depends_on: depends_on:
- mariadb - mariadb
environment:
- SSH_LISTEN_PORT=222
image: opendevorg/gitea-openssh image: opendevorg/gitea-openssh
network_mode: host network_mode: host
restart: always restart: always