1
0
Fork 0
Beyond coding. We forge. https://codeberg.org/forgejo/forgejo
Find a file
Michael Kuhn 0222623be9 Explicitly disable Git credential helper (#5367)
* Explicitly disable Git credential helper

If the user running Gitea has configured a credential helper, Git
credentials might leak out of Gitea.

There are two problems with credential helpers when combined with Gitea:

1. Credentials entered by a user when doing a migration or setting up a
   mirror will end up in the credential store. In the worst case, this
   is the plain text file ~/.git-credentials.
2. Credentials in the credential store will be used for migrations and
   mirrors by all users. For example, if user A sets up a mirror, their
   credentials will be stored. If user B later sets up a mirror from the
   same host and does not enter any credentials, user A's credentials
   will be used.

This PR prepends -c credential.helper= to all Git commands to clear the
list of helpers. This requires at least Git version 2.9, as previous
versions will try to load an empty helper instead. For more details, see
24321375cd

* Update git module
2018-11-28 09:00:25 +02:00
.github Comment help text for issues (#2281) 2017-08-09 12:13:33 +08:00
assets Add task to generate images from SVG and change to new logo (#2194) 2017-07-28 13:51:20 +08:00
cmd fix password variable shadowing (#5405) 2018-11-26 17:00:38 +02:00
contrib k8s deployment (#5046) 2018-10-28 21:28:06 -04:00
custom/conf Refactor heatmap to vue component (#5401) 2018-11-27 10:36:54 +01:00
docker only chown directories during docker setup if necessary. Fix #4425 (#5064) 2018-10-30 11:41:41 -04:00
docs Explicitly decide whether to use TLS in mailer's configuration (#5024) 2018-11-26 14:21:41 -05:00
integrations Implement git refs API for listing references (branches, tags and other) (#5354) 2018-11-27 16:52:20 -05:00
models show only opened milestones on issues page milestone filter (#5051) 2018-11-26 16:45:42 +08:00
modules Explicitly disable Git credential helper (#5367) 2018-11-28 09:00:25 +02:00
options [skip ci] Updated translations via Crowdin 2018-11-26 19:24:15 +00:00
public Create Progressive Web App (#4730) 2018-11-27 10:18:26 -05:00
routers Implement git refs API for listing references (branches, tags and other) (#5354) 2018-11-27 16:52:20 -05:00
scripts Update gitignore list (#5258) 2018-11-03 18:06:09 -04:00
snap Update build tags for sqlite_unlock_notify (#5144) 2018-10-23 19:47:59 +08:00
templates Implement git refs API for listing references (branches, tags and other) (#5354) 2018-11-27 16:52:20 -05:00
vendor Explicitly disable Git credential helper (#5367) 2018-11-28 09:00:25 +02:00
.changelog.yml Add changelog config file for generate changelog (#2461) 2017-09-04 13:07:57 +03:00
.drone.yml Set ACL on uploads (#5344) 2018-11-16 11:44:13 -05:00
.editorconfig switch gitter to discord for drone. (#1971) 2017-06-15 10:47:42 +08:00
.gitattributes ignore static files statstics for linguist 2016-12-27 16:49:25 +01:00
.gitignore snap-packaging for gitea (#2568) 2018-05-09 22:52:51 +08:00
.lgtm refactor: ignore LGTM from author of pull request. (#3283) 2018-01-02 06:13:49 -06:00
BSDmakefile Add BSDmakefile to prevent errors when make is called under FreeBSD (#4446) 2018-07-16 20:45:51 +02:00
CHANGELOG.md Backport 1.6.0 changelog to master (#5384) 2018-11-23 15:14:34 +08:00
CONTRIBUTING.md Update process to include tag vX.Y.0-dev on master branch (#5091) 2018-10-16 22:50:11 +02:00
DCO follow the advisor: add DCO and some improvements 2016-11-04 16:43:41 +08:00
Dockerfile Update golang version in Dockerfile (#5246) 2018-11-01 12:43:17 -04:00
Gopkg.lock Explicitly disable Git credential helper (#5367) 2018-11-28 09:00:25 +02:00
Gopkg.toml Remove x/net/context vendor by using std package (#5202) 2018-11-10 18:55:36 -05:00
LICENSE Fix typo 2016-11-08 08:42:05 +01:00
main.go Create AuthorizedKeysCommand (#5236) 2018-11-01 09:41:07 -04:00
MAINTAINERS Add zeripath to maintainers (#5273) 2018-11-04 16:41:23 +01:00
Makefile Create Progressive Web App (#4730) 2018-11-27 10:18:26 -05:00
package-lock.json Update npm dependencies, regenerate CSS (#4415) 2018-07-11 10:54:28 -04:00
package.json Update npm dependencies, regenerate CSS (#4415) 2018-07-11 10:54:28 -04:00
README.md Update API link in README (#5241) 2018-10-31 20:18:28 -04:00
README_ZH.md Move README_ZH.md Screenshots to Bottom (#4895) 2018-09-09 12:13:48 +08:00

简体中文

Gitea - Git with a cup of tea

Build Status Join the Discord chat at https://discord.gg/NsatcWJ codecov Go Report Card GoDoc GitHub release Help Contribute to Open Source Become a backer/sponsor of gitea

Purpose

The goal of this project is to make the easiest, fastest, and most painless way of setting up a self-hosted Git service. Using Go, this can be done with an independent binary distribution across all platforms which Go supports, including Linux, macOS, and Windows on x86, amd64, ARM and PowerPC architectures. Want to try it before doing anything else? Do it with the online demo! This project has been forked from Gogs since 2016.11 but changed a lot.

Building

From the root of the source tree, run:

TAGS="bindata" make generate all

More info: https://docs.gitea.io/en-us/install-from-source/

Using

./gitea web

NOTE: If you're interested in using our APIs, we have experimental support with documentation.

Contributing

Expected workflow is: Fork -> Patch -> Push -> Pull Request

NOTES:

  1. YOU MUST READ THE CONTRIBUTORS GUIDE BEFORE STARTING TO WORK ON A PULL REQUEST.
  2. If you have found a vulnerability in the project, please write privately to security@gitea.io. Thanks!

Further information

For more information and instructions about how to install Gitea, please look at our documentation. If you have questions that are not covered by the documentation, you can get in contact with us on our Discord server, or forum!

Authors

Backers

Thank you to all our backers! 🙏 [Become a backer]

Sponsors

Support this project by becoming a sponsor. Your logo will show up here with a link to your website. [Become a sponsor]

FAQ

How do you pronounce Gitea?

Gitea is pronounced /ɡɪti:/ as in "gi-tea" with a hard g.

Why is this not hosted on a Gitea instance?

We're working on it.

License

This project is licensed under the MIT License. See the LICENSE file for the full license text.

Screenshots

Looking for an overview of the interface? Check it out!

Dashboard Repository Commits History
Branches Issues Pull Request View
Releases Activity Wiki
Diff Organization Profile