summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Silverstone <dsilvers@digital-scurf.org>2013-11-13 23:48:23 +0000
committerDaniel Silverstone <dsilvers@digital-scurf.org>2013-11-13 23:48:23 +0000
commit0ded51898dfb07fbbd9bf21e51862582e051ab26 (patch)
treeb18d0ab236266de0b52081bc37530035b51e6d2a
parent3f9299d1cb2cdc4a1e2377b9f866a2d62edfac4a (diff)
downloadgitano-talk-0ded51898dfb07fbbd9bf21e51862582e051ab26.tar.bz2
Initial crap
-rw-r--r--.gitignore1
-rw-r--r--backing.pngbin0 -> 833351 bytes
-rw-r--r--backing.svg103
-rw-r--r--debconf.pin210
-rw-r--r--debian.jpgbin0 -> 542997 bytes
5 files changed, 314 insertions, 0 deletions
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..b25c15b
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+*~
diff --git a/backing.png b/backing.png
new file mode 100644
index 0000000..c8aba39
--- /dev/null
+++ b/backing.png
Binary files differ
diff --git a/backing.svg b/backing.svg
new file mode 100644
index 0000000..6a2f0cc
--- /dev/null
+++ b/backing.svg
@@ -0,0 +1,103 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:dc="http://purl.org/dc/elements/1.1/"
+ xmlns:cc="http://creativecommons.org/ns#"
+ xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ xmlns:xlink="http://www.w3.org/1999/xlink"
+ xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+ xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+ width="1280"
+ height="720"
+ id="svg2"
+ version="1.1"
+ inkscape:version="0.48.3.1 r9886"
+ sodipodi:docname="backing.svg"
+ inkscape:export-filename="/home/dsilvers/dev-git/gitano-talk/backing.png"
+ inkscape:export-xdpi="90"
+ inkscape:export-ydpi="90">
+ <defs
+ id="defs4" />
+ <sodipodi:namedview
+ id="base"
+ pagecolor="#ffffff"
+ bordercolor="#666666"
+ borderopacity="1.0"
+ inkscape:pageopacity="0.0"
+ inkscape:pageshadow="2"
+ inkscape:zoom="0.76168582"
+ inkscape:cx="638.57143"
+ inkscape:cy="355.71429"
+ inkscape:document-units="px"
+ inkscape:current-layer="layer1"
+ showgrid="false"
+ inkscape:window-width="1280"
+ inkscape:window-height="784"
+ inkscape:window-x="0"
+ inkscape:window-y="16"
+ inkscape:window-maximized="0" />
+ <metadata
+ id="metadata7">
+ <rdf:RDF>
+ <cc:Work
+ rdf:about="">
+ <dc:format>image/svg+xml</dc:format>
+ <dc:type
+ rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+ <dc:title></dc:title>
+ </cc:Work>
+ </rdf:RDF>
+ </metadata>
+ <g
+ inkscape:label="Layer 1"
+ inkscape:groupmode="layer"
+ id="layer1"
+ transform="translate(0,-332.36218)">
+ <image
+ y="139.50504"
+ x="-349.51208"
+ id="image3829"
+ xlink:href="file:///home/dsilvers/dev-git/gitano-talk/debian.jpg"
+ height="1080"
+ width="1920" />
+ <rect
+ style="fill:#0000ff;fill-opacity:0.38157899;stroke:none"
+ id="rect2985"
+ width="1125.1357"
+ height="91.901413"
+ x="-2.7055938e-07"
+ y="356.53723" />
+ <text
+ xml:space="preserve"
+ style="font-size:56px;font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;line-height:125%;letter-spacing:0px;word-spacing:0px;fill:#ffffff;fill-opacity:1;stroke:none;font-family:DejaVu Sans;-inkscape-font-specification:DejaVu Sans Bold"
+ x="38.073441"
+ y="422.18109"
+ id="text3755"
+ sodipodi:linespacing="125%"><tspan
+ sodipodi:role="line"
+ id="tspan3757"
+ x="38.073441"
+ y="422.18109">Gitano</tspan></text>
+ <rect
+ style="fill:#0000ff;fill-opacity:0.38157899;stroke:none"
+ id="rect2985-0"
+ width="1115.9457"
+ height="91.901413"
+ x="163.45325"
+ y="942.08051" />
+ <text
+ xml:space="preserve"
+ style="font-size:56px;font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;line-height:125%;letter-spacing:0px;word-spacing:0px;fill:#ffffff;fill-opacity:1;stroke:none;font-family:DejaVu Sans Mono;-inkscape-font-specification:DejaVu Sans Mono Bold"
+ x="424.05936"
+ y="1009.0372"
+ id="text3777"
+ sodipodi:linespacing="125%"><tspan
+ sodipodi:role="line"
+ id="tspan3779"
+ x="424.05936"
+ y="1009.0372">http://www.gitano.org.uk/</tspan></text>
+ </g>
+</svg>
diff --git a/debconf.pin b/debconf.pin
new file mode 100644
index 0000000..b612dc8
--- /dev/null
+++ b/debconf.pin
@@ -0,0 +1,210 @@
+# Debian conference Pinpoint talk about Gitano
+
+[backing.png]
+[center]
+[font=Sans 50px]
+
+--
+
+Gitano - A Git service configured in Git
+
+Daniel Silverstone <dsilvers@debian.org>
+
+# Burble like a tard about who you are
+
+--
+
+What is it?
+
+# Git Server
+# Written in Lua
+# Configured in Git where plausible
+
+--
+
+Why do it?
+
+# Looked at gitolite and decided I could do
+# better or nicer or whatever
+
+--
+
+Who is it for?
+
+# People who would like to run their own git server
+# Github is a more effective centralised version control
+# system than Subversion could ever hope to be.
+# Gitorious is a large unwieldy pile of crap
+# Both of them rely on data stores which are not Git
+
+--
+
+Technology choices
+
+# Git - odd to list, but I mean configuration is in git
+# Lua - I like Lua, it's easy to prototype and write stuff
+# libgit2/luagit2 - Way faster than invoking git commands
+# although Gitano *can* operate without them
+# cgit rather than gitweb - much faster, caches, prettier
+
+--
+
+Lace - Lua Access Control Engine
+
+# ACL engine for rulesets. Most people who are at least technically
+# minded understand ACLs. Non-turing-complete means output more easily cached
+# Not using Lua means I *could* switch implementation language if I wanted.
+
+-- [font=Sans Mono 50px]
+
+define ref_has_user_prefix ref prefix refs/heads/${user}/
+allow "User branches are okay" op_is_reffy ref_has_user_prefix
+
+# Simple example showing definitions, prefix-matches, expansions (gitano
+# specific) and permission statements.
+# list of defined predicates on the allow line must all pass
+
+--
+
+Clod - Configuration Language Organised (by) Dots
+
+# Designed to keep track of ordering of entries (and spaces)
+# Currently doesn't track comments (because that's super hard)
+# Humans and the library tend to edit files in similar ways meaning
+# diffs are sane
+
+-- [font=Sans Mono 50px]
+
+project.head "refs/heads/master"
+project.description "Black box testing of Unix programs"
+project.owner "liw"
+
+# Three simple string entries as might be found in a repository configuration
+# in Gitano.
+
+-- [font=Sans Mono 50px]
+
+description "Gitano Instance Administrators"
+
+members["*"] "dsilvers"
+
+# Clod also supports lists which remain ordered. This is an example group
+# file in a Gitano repository
+
+--
+
+Supple - Sandbox [(for) Untrusted Procedure Partitioning (in) Lua] Engine
+
+
+
+--
+
+To limit the attack surface...
+
+The "untrusted" code runs in a (limited) Lua sandbox.
+
+That sandbox is soft-limited in terms of VM opcodes and memory.
+
+The sandbox is monitored and IO marshalled externally.
+
+# Your "untrusted" code is run inside a Lua sandbox which has only a limited
+# set of Lua's functionality exposed to it.
+
+# That sandbox is soft-limited (optionally) in terms of VM opcodes and memory
+# allocated by Lua
+
+# The sandbox is run inside a monitoring Lua VM instance which is responsible
+# for carefully marshalling calls etc into and out of the sandbox. All your
+# comms go via this monitor.
+
+--
+
+Just in case...
+
+The monitor is a Lua VM anyway, and it's all inside a separate process.
+
+The sandbox process is in an ephemeral chroot.
+
+# The monitor is, itself, a Lua VM anyway, inside a process which is separate
+# from the process you're doing untrusted work on behalf of.
+
+# The sandbox process is created using a rootly helper so that it's put into an
+# isolation state consisting of a directory which is owned by root which is set
+# as your root via the chroot call, but which is also rmdir'd so it's
+# ephemeral. Your process drops privileges back to the calling UID so it cannot
+# do anything inside its CWD anyway.
+
+--
+
+And if that's not enough...
+
+Solid rlimits in terms of memory and open FDs
+
+And on Linux, memory is pre-allocated and we enter seccomp mode 1.
+
+# On top of that, the sandbox has some pretty solid rlimits set in terms of max
+# CPU usage, max VM size, max FDs open, and max size of any file it writes. As
+# such, it can't create > 0 byte files in the directory it doesn't have access
+# to, and could only do that if it closed the FD to the host process which is
+# its only communications avenue.
+
+# Then, if you're on Linux, we go one step further and pre-allocate enough
+# memory for the interpreter to not hit the rlimit and then enter seccomp mode
+# 1 which limits the syscalls permissible to read, write, _exit and sigreturn
+# so even if you could have circumvented any/all of the limits above, you now
+# can't make syscalls to take advantage of them.
+
+# If that's not sandbox enough, please tell me how to improve matters further.
+
+--
+
+Gall - Git Abstraction Layer (in) Lua
+
+# Abstraction layer for accessing Git repositories from Lua. Focusses on
+# bare repositories and can operate using the git commandline or the libgit2
+# library (via the luagit2 binding).
+
+--
+
+Putting it all together.
+
+Gitano uses all of these libraries and adds utilities.
+
+--
+
+Integrating with external apps and services
+
+OpenSSH server, Cgit (gitweb at a pinch), git-daemon
+
+Outgoing HTTP calls from hooks
+
+--
+
+Real users of Gitano
+
+ - git.gitano.org.uk, git.liw.fi
+ - git.netsurf-browser.org, richard.maw.name/git
+ - Codethink and Baserock
+
+--
+
+Future plans
+
+Lots of ideas for future content, see the Trello
+
+ - https://trello.com/b/l4Id6iiC/gitano
+ - (Link is on www.gitano.org.uk)
+
+-- [command=gnome-terminal -e 'mutt']
+
+Live demo
+
+
+
+--
+
+Any questions?
+
+--
+
+Thank you
diff --git a/debian.jpg b/debian.jpg
new file mode 100644
index 0000000..985b0fc
--- /dev/null
+++ b/debian.jpg
Binary files differ