mirror of
https://github.com/go-gitea/gitea.git
synced 2026-03-10 22:06:34 -05:00
Gitea should offer a configcheck command #1177
Open
opened 2025-11-02 03:51:28 -06:00 by GiteaMirror
·
13 comments
No Branch/Tag Specified
main
release/v1.25
release/v1.24
release/v1.23
release/v1.22
release/v1.21
release/v1.20
release/v1.19
release/v1.18
release/v1.17
release/v1.16
release/v1.15
release/v1.14
release/v1.13
release/v1.12
release/v1.11
release/v1.10
release/v1.9
release/v1.8
v1.25.3
v1.25.2
v1.25.1
v1.25.0
v1.24.7
v1.25.0-rc0
v1.26.0-dev
v1.24.6
v1.24.5
v1.24.4
v1.24.3
v1.24.2
v1.24.1
v1.24.0
v1.23.8
v1.24.0-rc0
v1.25.0-dev
v1.23.7
v1.23.6
v1.23.5
v1.23.4
v1.23.3
v1.23.2
v1.23.1
v1.23.0
v1.23.0-rc0
v1.24.0-dev
v1.22.6
v1.22.5
v1.22.4
v1.22.3
v1.22.2
v1.22.1
v1.22.0
v1.23.0-dev
v1.22.0-rc1
v1.21.11
v1.22.0-rc0
v1.21.10
v1.21.9
v1.21.8
v1.21.7
v1.21.6
v1.21.5
v1.21.4
v1.21.3
v1.21.2
v1.20.6
v1.21.1
v1.21.0
v1.21.0-rc2
v1.21.0-rc1
v1.20.5
v1.22.0-dev
v1.21.0-rc0
v1.20.4
v1.20.3
v1.20.2
v1.20.1
v1.20.0
v1.19.4
v1.21.0-dev
v1.20.0-rc2
v1.20.0-rc1
v1.20.0-rc0
v1.19.3
v1.19.2
v1.19.1
v1.19.0
v1.19.0-rc1
v1.20.0-dev
v1.19.0-rc0
v1.18.5
v1.18.4
v1.18.3
v1.18.2
v1.18.1
v1.18.0
v1.17.4
v1.18.0-rc1
v1.19.0-dev
v1.18.0-rc0
v1.17.3
v1.17.2
v1.17.1
v1.17.0
v1.17.0-rc2
v1.16.9
v1.17.0-rc1
v1.18.0-dev
v1.16.8
v1.16.7
v1.16.6
v1.16.5
v1.16.4
v1.16.3
v1.16.2
v1.16.1
v1.16.0
v1.15.11
v1.17.0-dev
v1.16.0-rc1
v1.15.10
v1.15.9
v1.15.8
v1.15.7
v1.15.6
v1.15.5
v1.15.4
v1.15.3
v1.15.2
v1.15.1
v1.14.7
v1.15.0
v1.15.0-rc3
v1.14.6
v1.15.0-rc2
v1.14.5
v1.16.0-dev
v1.15.0-rc1
v1.14.4
v1.14.3
v1.14.2
v1.14.1
v1.14.0
v1.13.7
v1.14.0-rc2
v1.13.6
v1.13.5
v1.14.0-rc1
v1.15.0-dev
v1.13.4
v1.13.3
v1.13.2
v1.13.1
v1.13.0
v1.12.6
v1.13.0-rc2
v1.14.0-dev
v1.13.0-rc1
v1.12.5
v1.12.4
v1.12.3
v1.12.2
v1.12.1
v1.11.8
v1.12.0
v1.11.7
v1.12.0-rc2
v1.11.6
v1.12.0-rc1
v1.13.0-dev
v1.11.5
v1.11.4
v1.11.3
v1.10.6
v1.12.0-dev
v1.11.2
v1.10.5
v1.11.1
v1.10.4
v1.11.0
v1.11.0-rc2
v1.10.3
v1.11.0-rc1
v1.10.2
v1.10.1
v1.10.0
v1.9.6
v1.9.5
v1.10.0-rc2
v1.11.0-dev
v1.10.0-rc1
v1.9.4
v1.9.3
v1.9.2
v1.9.1
v1.9.0
v1.9.0-rc2
v1.10.0-dev
v1.9.0-rc1
v1.8.3
v1.8.2
v1.8.1
v1.8.0
v1.8.0-rc3
v1.7.6
v1.8.0-rc2
v1.7.5
v1.8.0-rc1
v1.9.0-dev
v1.7.4
v1.7.3
v1.7.2
v1.7.1
v1.7.0
v1.7.0-rc3
v1.6.4
v1.7.0-rc2
v1.6.3
v1.7.0-rc1
v1.7.0-dev
v1.6.2
v1.6.1
v1.6.0
v1.6.0-rc2
v1.5.3
v1.6.0-rc1
v1.6.0-dev
v1.5.2
v1.5.1
v1.5.0
v1.5.0-rc2
v1.5.0-rc1
v1.5.0-dev
v1.4.3
v1.4.2
v1.4.1
v1.4.0
v1.4.0-rc3
v1.4.0-rc2
v1.3.3
v1.4.0-rc1
v1.3.2
v1.3.1
v1.3.0
v1.3.0-rc2
v1.3.0-rc1
v1.2.3
v1.2.2
v1.2.1
v1.2.0
v1.2.0-rc3
v1.2.0-rc2
v1.1.4
v1.2.0-rc1
v1.1.3
v1.1.2
v1.1.1
v1.1.0
v1.0.2
v1.0.1
v1.0.0
v0.9.99
Labels
Clear labels
$20
$250
$50
$500
backport/done
💎 Bounty
docs-update-needed
good first issue
hacktoberfest
issue/bounty
issue/confirmed
issue/critical
issue/duplicate
issue/needs-feedback
issue/not-a-bug
issue/regression
issue/stale
issue/workaround
lgtm/need 2
modifies/api
modifies/translation
outdated/backport/v1.18
outdated/theme/markdown
outdated/theme/timetracker
performance/bigrepo
performance/cpu
performance/memory
performance/speed
pr/breaking
proposal/accepted
proposal/rejected
pr/wip
pull-request
reviewed/wontfix
💰 Rewarded
skip-changelog
status/blocked
topic/accessibility
topic/api
topic/authentication
topic/build
topic/code-linting
topic/commit-signing
topic/content-rendering
topic/deployment
topic/distribution
topic/federation
topic/gitea-actions
topic/issues
topic/lfs
topic/mobile
topic/moderation
topic/packages
topic/pr
topic/projects
topic/repo
topic/repo-migration
topic/security
topic/theme
topic/ui
topic/ui-interaction
topic/ux
topic/webhooks
topic/wiki
type/bug
type/deprecation
type/docs
type/enhancement
type/feature
type/miscellaneous
type/proposal
type/question
type/refactoring
type/summary
type/testing
type/upstream
Mirrored from GitHub Pull Request
No Label
type/proposal
Milestone
No items
No Milestone
Projects
Clear projects
No project
No Assignees
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: github-starred/gitea#1177
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @stblassitude on GitHub (Oct 22, 2017).
Using the FreeBSD port for Gitea on FreeBSD 11.1.
Description
After upgrading to Gitea 1.2, Gitea won't start if the config file cannot be written by the user Gitea is running under:
This is due to the security/INTERNAL_TOKEN option not being set, and Gitea being unable to add it to the config itself.
Start scripts should be able to verify the configuration and print appropriate error messages, before trying to start Gitea as a daemon.
@bkcsoft commented on GitHub (Nov 1, 2017):
In this case, there's nothing wrong with the config file itself, so a verification wouldn't help. The issue is that Gitea can't write to the config-file, hence it fails. With that said, having a
gitea admin configcommand for verification (and maybe other things) would be nice.@stblassitude commented on GitHub (Nov 1, 2017):
A mandatory config key missing is an error in the config file. The fact that Gitea might be able to fix that automatically doesn't mean its not an error. Otherwise, Gitea would continue to run without the key being set.
@bkcsoft commented on GitHub (Nov 1, 2017):
Gitea needs to generate and write this token on each start-up, having the config file in read-only is the error.
@stblassitude commented on GitHub (Nov 1, 2017):
That makes even less sense. Why would it need to be written to the config file, if it is recomputed at every start?
And why do you insist that Gitea must be able to write the config file?
@bkcsoft commented on GitHub (Nov 1, 2017):
It needs to be written to a file (the config was available so it ended up there) because
gitea servneeds to know about it. I don't remember why it had to be recomputed on every restart, but my guess is #becausesecurity 🙄As for Gitea needing to write the config, that's because the initial setup in only available in the WebUI (therefore needs to be managed by Gitea itself), and that one needs to write the config to disk afterwards
Edit: It's not perfect, but it's what we have. PRs welcome :trollface:
@lunny commented on GitHub (Nov 2, 2017):
Another reason except installation is because Gitea in fact provides serval sub command,
gitea web,gitea serve,gitea hook. They are comminuted each other via the same database at pastand should be via internal HTTP in future(partially implementation). This token is the key to keep the communication more secure. Any better idea about it then we can avoid to write data to the config file. Or maybe we could write the token to another standalone file.
@lafriks commented on GitHub (Nov 2, 2017):
@lunny or let's move such data to database
settingtable@lunny commented on GitHub (Nov 2, 2017):
@lafriks don't want
gitea serv / update / hookto visit database directly in future.@stblassitude commented on GitHub (Nov 2, 2017):
Storing this secret in the config file is acceptable, but there should be documentation on what it is used for, and how to create one yourself, if you prefer to keep the config file readonly and managed outside of Gitea.
From reading the source, it appears that the only requirement for a value is a non-empty string; however, a sensibly complex random string is preferreable. In the FreeBSD port, a random number is generated with openssl, producing a similar value to the code in modules/setting/setting.go.
To get back to the original feature request: while it's nice that Gitea can be set up through a web browser, there a re scenarios in which it is preferrable for the config file to be read-only to the Gitea user, and the config file contents being managed by some configuration management tool. It would be great if Gitea would support this scenario with appropriate error messages.
The standard
gitea weboutput is extremely verbose and will likely be logged at debug level or not at all. This is why a seperate command to check the configuration and present appropriate hints on configuration problems is desirable.Alternatively, the output form
gitea webshould be reduced to major events only, so that it can be logged as syslog daemon.notice or higher. If this can be configured already, I apologize, but I did not find a log setting that seems to apply to the console output.@stblassitude commented on GitHub (Nov 2, 2017):
@lunny For
gitea servetc. to communicate with the daemon, you could consider HTTP over unix socket. This way, access is controlled by file system permissions.A quick google suggest for example: https://gist.github.com/teknoraver/5ffacb8757330715bcbcc90e6d46ac74
@lunny commented on GitHub (Nov 3, 2017):
@stblassitude thanks, I will check that.
@lafriks commented on GitHub (Nov 3, 2017):
@lunny @stblassitude gitea does that already if gitea is set to listen on socket using fcgi
@ghost commented on GitHub (Jan 5, 2018):
Writing the configuration file automatically, which is meant to be customized by the user, is very bad practise which I'd consider being a bug. In fact, like @stblassitude said, it's very complex to automate configuration deployment in an idempotent manner. If there was a hard requirement to write such information into a file, it might get written into another file, but not in the configuration file, which is meant for the user to customize the runtime of gitea. Furthermore +1 on this feature request. It would be very nice to verify the configuration before restarting a service automatically on a configuration file update.