From 8924d15dec7bfc988f97175547a06e8909785603 Mon Sep 17 00:00:00 2001 From: Earl Warren Date: Thu, 8 Jun 2023 13:50:38 +0200 Subject: [PATCH 1/2] [GITEA] silently ignore obsolete sudo scope Fixes: https://codeberg.org/forgejo/forgejo/issues/820 (cherry picked from commit 6a7022ebbb83bda162974028cff01ebcc7c574ec) (cherry picked from commit 764eac47b50688d76fe90aad4819a426444ddb4a) (cherry picked from commit 14480339f091ffbd5f8e9391e7472a60f52a2620) (cherry picked from commit fb930bd719a12cf51fa8f4d685b306caeb201e8a) (cherry picked from commit 97d1166ababd41491edee2da89f42d8f9df52e17) (cherry picked from commit 97b2abc767c4bc32794bbf51676ccfbab9e7e2e0) (cherry picked from commit 3854c9112fa29448802e97678fa919590f65ccf0) --- models/auth/token_scope.go | 2 +- models/auth/token_scope_test.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/models/auth/token_scope.go b/models/auth/token_scope.go index 61e684ea27..19d512dad4 100644 --- a/models/auth/token_scope.go +++ b/models/auth/token_scope.go @@ -250,7 +250,7 @@ func (s AccessTokenScope) parse() (accessTokenScopeBitmap, error) { remainingScopes = remainingScopes[i+1:] } singleScope := AccessTokenScope(v) - if singleScope == "" { + if singleScope == "" || singleScope == "sudo" { continue } if singleScope == AccessTokenScopeAll { diff --git a/models/auth/token_scope_test.go b/models/auth/token_scope_test.go index a6097e45d7..d11c5e6a3d 100644 --- a/models/auth/token_scope_test.go +++ b/models/auth/token_scope_test.go @@ -20,7 +20,7 @@ func TestAccessTokenScope_Normalize(t *testing.T) { tests := []scopeTestNormalize{ {"", "", nil}, {"write:misc,write:notification,read:package,write:notification,public-only", "public-only,write:misc,write:notification,read:package", nil}, - {"all", "all", nil}, + {"all,sudo", "all", nil}, {"write:activitypub,write:admin,write:misc,write:notification,write:organization,write:package,write:issue,write:repository,write:user", "all", nil}, {"write:activitypub,write:admin,write:misc,write:notification,write:organization,write:package,write:issue,write:repository,write:user,public-only", "public-only,all", nil}, } From 50158ca8e1b3dbbc815838124ccfc8883195162d Mon Sep 17 00:00:00 2001 From: Earl Warren Date: Sat, 24 Jun 2023 00:44:32 +0200 Subject: [PATCH 2/2] [GITEA] environment-to-ini fails if run as root (cherry picked from commit 494f11afe81442f0b1b4d59f182e28c40b1842ac) (cherry picked from commit 883d3f3f0f2f6036033c1cfce4ee0e451d340ad6) (cherry picked from commit ec2b69b0ecf8a179de70c7e38bb6531eca52dcfc) --- docker/root/etc/s6/gitea/setup | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docker/root/etc/s6/gitea/setup b/docker/root/etc/s6/gitea/setup index b801ef4e03..90f9078d9f 100755 --- a/docker/root/etc/s6/gitea/setup +++ b/docker/root/etc/s6/gitea/setup @@ -56,11 +56,11 @@ if [ ! -f ${GITEA_CUSTOM}/conf/app.ini ]; then chown ${USER}:git ${GITEA_CUSTOM}/conf/app.ini fi -# Replace app.ini settings with env variables in the form GITEA__SECTION_NAME__KEY_NAME -environment-to-ini --config ${GITEA_CUSTOM}/conf/app.ini - # only chown if current owner is not already the gitea ${USER}. No recursive check to save time if ! [[ $(ls -ld /data/gitea | awk '{print $3}') = ${USER} ]]; then chown -R ${USER}:git /data/gitea; fi if ! [[ $(ls -ld /app/gitea | awk '{print $3}') = ${USER} ]]; then chown -R ${USER}:git /app/gitea; fi if ! [[ $(ls -ld /data/git | awk '{print $3}') = ${USER} ]]; then chown -R ${USER}:git /data/git; fi chmod 0755 /data/gitea /app/gitea /data/git + +# Replace app.ini settings with env variables in the form GITEA__SECTION_NAME__KEY_NAME +su $USER -c "environment-to-ini --config ${GITEA_CUSTOM}/conf/app.ini"