cgitsb

cgit with patches for sandboxing using qssb

Go to file

Lars Hjemli 7f88d20823 ui-plain.c: fix html and links generated by print_dir() and print_dir_entry() This patch fixes the following issues: * the base argument usually isn't zero-terminated, so printing base without considering baselen will usually generate random garbage * when the current url represents a directory but doesn't end in a slash, relative urls would be incorrect * using unescaped paths allows XSS Signed-off-by: Lars Hjemli <hjemli@gmail.com>		2011-06-12 21:21:30 +00:00
filters	commit-links.sh: Seperate the expressions for filtering commit messages.	2010-07-22 23:49:23 +02:00
git@7ed863a85a	Use GIT-1.7.4	2011-02-19 13:55:43 +01:00
tests	ui-log.c: do not link from age column	2011-06-02 10:30:26 +00:00
.gitignore	Fix doc-related glitches in Makefile and .gitignore	2009-03-15 09:27:54 +01:00
.gitmodules	Delete submodules.sh and prepare for using git-submodule	2007-09-03 22:54:51 +02:00
COPYING	Add license file and copyright notices	2006-12-10 22:41:14 +01:00
Makefile	CGIT 0.9	2011-03-05 14:23:12 +01:00
README	Update README	2011-03-05 14:21:47 +01:00
cache.c	Fix some warnings to allow -Werror	2008-11-06 19:18:07 +01:00
cache.h	use __attribute__ to catch printf format mistakes	2010-09-04 11:11:40 -04:00
cgit-doc.css	Add cgit-doc.css	2009-02-12 10:24:25 +01:00
cgit.c	fix virtual-root if script-name is ""	2011-05-23 23:20:59 +02:00
cgit.css	Merge branch 'br/misc'	2011-02-19 14:51:00 +01:00
cgit.h	Merge branch 'br/misc'	2011-02-19 14:51:00 +01:00
cgit.png	Use transparent background for the cgit logo	2011-02-19 14:41:39 +01:00
cgitrc.5.txt	Add advice about scan-path in cgitrc.5.txt	2011-03-26 15:21:07 +01:00
cmd.c	ui-log: Line-wrap long commit subjects when showmsg is enabled	2010-11-16 08:18:37 +01:00
cmd.h	struct cgit_cmd: Differentiate between various usages of ctx.qry.path	2010-06-19 10:40:22 +02:00
configfile.c	Move function for configfile parsing into configfile.[ch]	2008-03-28 00:09:11 +01:00
configfile.h	Move function for configfile parsing into configfile.[ch]	2008-03-28 00:09:11 +01:00
gen-version.sh	gen-version.sh: don't sed the output from git describe	2007-10-01 12:09:41 +02:00
html.c	Properly escape ampersands inside HTML attributes	2011-05-30 23:55:19 +02:00
html.h	use __attribute__ to catch printf format mistakes	2010-09-04 11:11:40 -04:00
parsing.c	Avoid null pointer dereference in reencode().	2011-05-23 22:58:35 +02:00
scan-tree.c	scan-tree.c: avoid memory leak	2011-06-06 19:10:31 +00:00
scan-tree.h	Add support for 'project-list' option	2010-08-04 03:09:32 +02:00
shared.c	Remove unused variable from cgit_diff_tree().	2011-05-23 22:58:35 +02:00
ui-atom.c	Append path and branch to atom feed title	2010-11-07 16:35:54 +01:00
ui-atom.h	Add atom-support	2008-08-01 22:12:34 +02:00
ui-blob.c	prefer html_raw() to write()	2010-09-04 14:30:10 -04:00
ui-blob.h	Support refspecs in about-filter.	2010-08-20 18:57:30 +02:00
ui-clone.c	Supply status description to html_status()	2008-08-06 22:57:44 +02:00
ui-clone.h	Add support for cloning over http	2008-08-06 11:21:09 +02:00
ui-commit.c	Use GIT-1.7.2.2	2010-08-22 13:29:57 +02:00
ui-commit.h	ui-commit: Limit diff based on path limit in qry.path	2010-06-19 10:40:23 +02:00
ui-diff.c	Avoid null pointer dereference in cgit_print_diff().	2011-05-23 22:58:35 +02:00
ui-diff.h	ssdiff: anchors for ssdiff	2011-02-19 14:41:39 +01:00
ui-log.c	ui-log.c: do not link from age column	2011-06-02 10:30:26 +00:00
ui-log.h	ui-log: Line-wrap long commit subjects when showmsg is enabled	2010-11-16 08:18:37 +01:00
ui-patch.c	Add URL parameter 'ignorews' for optionally ignoring whitespace in diffs	2010-07-18 10:53:48 +02:00
ui-patch.h	ui-patch: Apply path limit to generated patch	2010-06-19 10:40:23 +02:00
ui-plain.c	ui-plain.c: fix html and links generated by print_dir() and print_dir_entry()	2011-06-12 21:21:30 +00:00
ui-plain.h	Implement plain view	2008-08-06 11:21:30 +02:00
ui-refs.c	Merge branch 'stable'	2010-08-03 22:52:11 +02:00
ui-refs.h	Add separate header-files for each page/view	2008-03-24 16:38:47 +01:00
ui-repolist.c	ui-repolist.c: do not return random/stale data from read_agefile	2011-05-23 23:17:10 +02:00
ui-repolist.h	Prepare for 'about site' page / add 'root-readme' option to cgitrc	2008-04-29 01:06:30 +02:00
ui-shared.c	Merge branch 'stable'	2011-03-05 14:01:59 +01:00
ui-shared.h	ui-commit: Preserve path limit in links to commit page	2010-06-19 10:40:24 +02:00
ui-snapshot.c	ui-snapshot.c: remove debug cruft	2011-06-02 10:26:41 +00:00
ui-snapshot.h	Set prefix in snapshots when using dwimmery	2008-11-30 13:39:53 +01:00
ui-ssdiff.c	ssdiff: anchors for ssdiff	2011-02-19 14:41:39 +01:00
ui-ssdiff.h	Polishing of how the side-by-side diff looks.	2009-09-16 20:17:56 +02:00
ui-stats.c	ui-stats: Remove unnecessary #include	2010-11-16 06:56:54 +01:00
ui-stats.h	Add and use cgit_find_stats_periodname() in print_repo()	2009-08-24 11:02:48 +02:00
ui-summary.c	ui-log: Line-wrap long commit subjects when showmsg is enabled	2010-11-16 08:18:37 +01:00
ui-summary.h	ui-summary: enable arbitrary paths below repo.readme	2009-08-09 13:41:54 +02:00
ui-tag.c	ui-tag: make output more similar to commit view	2009-10-06 20:33:04 +02:00
ui-tag.h	Add separate header-files for each page/view	2008-03-24 16:38:47 +01:00
ui-tree.c	source_filter: fix a memory leak	2011-03-26 15:13:35 +01:00
ui-tree.h	Add separate header-files for each page/view	2008-03-24 16:38:47 +01:00
vector.c	Add vector utility functions	2010-11-10 00:22:41 +01:00
vector.h	Add vector utility functions	2010-11-10 00:22:41 +01:00

README

                       cgit - cgi for git


This is an attempt to create a fast web interface for the git scm, using a
builtin cache to decrease server io-pressure.


Installation

Building cgit involves building a proper version of git. How to do this
depends on how you obtained the cgit sources:

a) If you're working in a cloned cgit repository, you first need to
initialize and update the git submodule:

  $ git submodule init     # register the git submodule in .git/config
  $ $EDITOR .git/config    # if you want to specify a different url for git
  $ git submodule update   # clone/fetch and checkout correct git version

b) If you're building from a cgit tarball, you can download a proper git
version like this:

  $ make get-git


When either a) or b) has been performed, you can build and install cgit like
this:

  $ make
  $ sudo make install

This will install cgit.cgi and cgit.css into "/var/www/htdocs/cgit". You can
configure this location (and a few other things) by providing a "cgit.conf"
file (see the Makefile for details).


Dependencies:
  -git 1.7.4
  -zip lib
  -crypto lib
  -openssl lib


Apache configuration

A new Directory-section must probably be added for cgit, possibly something
like this:

  <Directory "/var/www/htdocs/cgit/">
      AllowOverride None
      Options +ExecCGI
      Order allow,deny
      Allow from all
  </Directory>


Runtime configuration

The file /etc/cgitrc is read by cgit before handling a request. In addition
to runtime parameters, this file also contains a list of the repositories
displayed by cgit.

A template cgitrc is shipped with the sources, and all parameters and default
values are documented in this file.


The cache

When cgit is invoked it looks for a cachefile matching the request and
returns it to the client. If no such cachefile exist (or if it has expired),
the content for the request is written into the proper cachefile before the
file is returned.

If the cachefile has expired but cgit is unable to obtain a lock for it, the
stale cachefile is returned to the client. This is done to favour page
throughput over page freshness.

The generated content contains the complete response to the client, including
the http-headers "Modified" and "Expires".


The missing features

* Submodule links in the directory listing page have a fixed format per
  repository. This should probably be extended to a generic map between
  submodule path and url.

* The log-page should have more/better search options (author, committer,
  pickaxe, paths) and possibly support arbitrary revision specifiers.

* A set of test-scripts is required before cgit-1.0 can be released.

Patches/bugreports/suggestions/comments are always welcome, please feel free
to contact the author: hjemli@gmail.com