make it harder to leak notification credentials over plaintext HTTP ok op@

got-notify-http: implement basic authentication ok stsp

remove outdated TOOD item and tweak test accordingly The default deny policy is working as expected according to newly added regression test. Tweak this test to use an implicit read-only rule, rather than an explicit one, as stated in the TODO item.

add test for read-only access on empty repository

add got-notify-http ok stsp@

add initial support for commit notifications to gotd(8) At present only email notifications are implemented. Code for HTTP notifications is not yet finished, hence HTTP-related documentation remains hidden for now. This adds a new 'notify' process which has an "exec" pledge. It runs helper programs which implement the notification transport layer, such as got-notify-email which speaks SMTP. This design avoids having to link all of gotd with network libraries and related crypto libraries. Notification content is generated by the 'repo_write' process. Commit log messages and diffstats are written to a file which the 'notify' process will pass on to its helpers on stdin. The default output looks similar to 'got log -d'. If too many new commits are present the output looks similar to 'got log -s' instead. Tags always look like 'got tag -l'. The session process coordinates generation of notifications. It maintains a notification queue which holds one notification per updated reference, and passes notification requests from this queue to the 'repo_write' process for notification content creation and then to the 'notify' process for notification delivery. Only one notification can be in flight at a time to avoid file descriptor starvation if many references get updated in a single client session. ok op@

consistently use ten Xs in mkstemp(3) templates patch from Josiah Frentsos, thanks!

add support for protecting references against 'got send -f' to gotd ok op@

add gotd regress gotd.conf to CLEANFILES to remove it during 'make clean'

switch gotd.conf syntax from 'unix_socket' to 'listen on' ok op@

remove the gotsh group requirement from gotd; any user can now connect Repository access is now controlled by access rules in gotd.conf, and concurrent connections to the gotd socket by local users are limited by the listen process. We should keep refining our anti-DoS measures in the future, but at least we have something in place now. ok jamsek, op

fork gotd repo_read/repo_write children on demand ok op, jamsek

add more gotd regression tests for bad requests; patch by Mikhail And rename req_wrong_commit.sh to request_bad.sh to reflect the broader scope of this test script.

rename repo_req_wrong_commit.sh to req_wrong_commit.sh for consistency

tweak naming in new gotd regress test for consistency

add a gotd regression test which requests a non-existent commit Patch by Mikhail

in gotd regress, use USER instead of USERNAME and check for sudo/doas users Problem where USERNAME is not usually set on OpenBSD reported by Mikhail ok jamsek

make it easier to run gotd regress via doas(1); ok kn, tracey

add a gotd auth test case for an explicitly denied group ok op@

add a gotd auth test case for explicitly denied users ok op@

add a test case for requests from users not listed in gotd.conf ok op@

fix group membership check in gotd auth ok op@

implement per-repository read/write authorization rules in gotd ok op@

add a regression test for sending to an empty repository via gotd ok op@

awk ftw! no need to grep, awk can filter lines by itself ok stsp@