summaryrefslogtreecommitdiff
path: root/debconf.pin
diff options
context:
space:
mode:
Diffstat (limited to 'debconf.pin')
-rw-r--r--debconf.pin136
1 files changed, 77 insertions, 59 deletions
diff --git a/debconf.pin b/debconf.pin
index 33807a1..f31ded8 100644
--- a/debconf.pin
+++ b/debconf.pin
@@ -48,6 +48,7 @@ Who is it for?
Technology choices
# Git - odd to list, but I mean configuration is in git
+# rulesets are in git, etc.etc.etc.
# Lua - I like Lua, it's easy to prototype and write stuff
# libgit2/luagit2 - Way faster than invoking git commands
# although Gitano *can* operate without them
@@ -57,17 +58,18 @@ Technology choices
Lace - Lua Access Control Engine
-# ACL engine for rulesets. Most people who are at least technically
-# minded understand ACLs. Non-turing-complete means output more easily cached
-# Not using Lua means I *could* switch implementation language if I wanted.
+# ACL engine for rulesets. Most people who are at least
+# technically minded understand ACLs. Non-turing-complete
+# means output more easily cached Not using Lua means I
+# *could* switch implementation language if I wanted.
-- [font=Monospace 50px]
define ref_has_user_prefix ref prefix refs/heads/${user}/
allow "User branches are okay" op_is_reffy ref_has_user_prefix
-# Simple example showing definitions, prefix-matches, expansions (gitano
-# specific) and permission statements.
+# Simple example showing definitions, prefix-matches,
+# expansions (gitano specific) and permission statements.
# list of defined predicates on the allow line must all pass
-- [backing-cat-sunbathing.png]
@@ -75,9 +77,9 @@ allow "User branches are okay" op_is_reffy ref_has_user_prefix
Clod - Configuration Language Organised (by) Dots
# Designed to keep track of ordering of entries (and spaces)
-# Currently doesn't track comments (because that's super hard)
-# Humans and the library tend to edit files in similar ways meaning
-# diffs are sane
+# Currently doesn't track comments (because that's super
+# hard) Humans and the library tend to edit files in similar
+# ways meaning diffs are sane
-- [font=Monospace 50px]
@@ -85,8 +87,8 @@ project.head "refs/heads/master"
project.description "Black box testing of Unix programs"
project.owner "liw"
-# Three simple string entries as might be found in a repository configuration
-# in Gitano.
+# Three simple string entries as might be found in a
+# repository configuration in Gitano.
-- [font=Monospace 50px]
@@ -94,19 +96,21 @@ description "Gitano Instance Administrators"
members["*"] "dsilvers"
-# Clod also supports lists which remain ordered. This is an example group
-# file in a Gitano repository
+# Clod also supports lists which remain ordered. This is an
+# example group file in a Gitano repository
-- [backing-cat-sunbathing.png]
Supple - Sandbox [(for) Untrusted Procedure Partitioning (in) Lua] Engine
-# Supple allows me to run hooks provided by project owners safely without
-# risking them gaining access to the server in any unusual way.
+# Supple allows me to run hooks provided by project owners
+# safely without risking them gaining access to the server
+# in any unusual way.
-# Hooks are run as Lua code with a limited set of functions and only the data
-# relevant to the event they're hooking (along with a read-only repository
-# object they can use to interrogate other things a bit)
+# Hooks are run as Lua code with a limited set of functions
+# and only the data relevant to the event they're hooking
+# (along with a read-only repository object they can use to
+# interrogate other things a bit)
-- [backing-cat-sunbathing.png]
@@ -118,15 +122,17 @@ That sandbox is soft-limited in terms of VM opcodes and memory.
The sandbox is monitored and IO marshalled externally.
-# Your "untrusted" code is run inside a Lua sandbox which has only a limited
-# set of Lua's functionality exposed to it.
+# Your "untrusted" code is run inside a Lua sandbox which
+# has only a limited set of Lua's functionality exposed to
+# it.
-# That sandbox is soft-limited (optionally) in terms of VM opcodes and memory
-# allocated by Lua
+# That sandbox is soft-limited (optionally) in terms of VM
+# opcodes and memory allocated by Lua
-# The sandbox is run inside a monitoring Lua VM instance which is responsible
-# for carefully marshalling calls etc into and out of the sandbox. All your
-# comms go via this monitor.
+# The sandbox is run inside a monitoring Lua VM instance
+# which is responsible for carefully marshalling calls etc
+# into and out of the sandbox. All your comms go via this
+# monitor.
-- [backing-cat-sunbathing.png]
@@ -136,14 +142,17 @@ The monitor is a Lua VM anyway, and it's all inside a separate process.
The sandbox process is in an ephemeral chroot.
-# The monitor is, itself, a Lua VM anyway, inside a process which is separate
-# from the process you're doing untrusted work on behalf of.
+# The monitor is, itself, a Lua VM anyway, inside a process
+# which is separate from the process you're doing untrusted
+# work on behalf of.
-# The sandbox process is created using a rootly helper so that it's put into an
-# isolation state consisting of a directory which is owned by root which is set
-# as your root via the chroot call, but which is also rmdir'd so it's
-# ephemeral. Your process drops privileges back to the calling UID so it cannot
-# do anything inside its CWD anyway.
+# The sandbox process is created using a rootly helper so
+# that it's put into an isolation state consisting of a
+# directory which is owned by root which is set as your root
+# via the chroot call, but which is also rmdir'd so it's
+# ephemeral. Your process drops privileges back to the
+# calling UID so it cannot do anything inside its CWD
+# anyway.
-- [backing-cat-sunbathing.png]
@@ -153,27 +162,32 @@ Solid rlimits in terms of memory and open FDs
And on Linux, memory is pre-allocated and we enter seccomp mode 1.
-# On top of that, the sandbox has some pretty solid rlimits set in terms of max
-# CPU usage, max VM size, max FDs open, and max size of any file it writes. As
-# such, it can't create > 0 byte files in the directory it doesn't have access
-# to, and could only do that if it closed the FD to the host process which is
-# its only communications avenue.
+# On top of that, the sandbox has some pretty solid rlimits
+# set in terms of max CPU usage, max VM size, max FDs open,
+# and max size of any file it writes. As such, it can't
+# create > 0 byte files in the directory it doesn't have
+# access to, and could only do that if it closed the FD to
+# the host process which is its only communications avenue.
-# Then, if you're on Linux, we go one step further and pre-allocate enough
-# memory for the interpreter to not hit the rlimit and then enter seccomp mode
-# 1 which limits the syscalls permissible to read, write, _exit and sigreturn
-# so even if you could have circumvented any/all of the limits above, you now
-# can't make syscalls to take advantage of them.
+# Then, if you're on Linux, we go one step further and
+# pre-allocate enough memory for the interpreter to not hit
+# the rlimit and then enter seccomp mode 1 which limits the
+# syscalls permissible to read, write, _exit and sigreturn
+# so even if you could have circumvented any/all of the
+# limits above, you now can't make syscalls to take
+# advantage of them.
-# If that's not sandbox enough, please tell me how to improve matters further.
+# If that's not sandbox enough, please tell me how to
+ improve matters further.
-- [backing-cat-sunbathing.png]
Gall - Git Abstraction Layer (in) Lua
-# Abstraction layer for accessing Git repositories from Lua. Focusses on
-# bare repositories and can operate using the git commandline or the libgit2
-# library (via the luagit2 binding).
+# Abstraction layer for accessing Git repositories from Lua.
+# Focusses on bare repositories and can operate using the
+# git commandline or the libgit2 library (via the luagit2
+# binding).
# Next comes inelegance, so "phew" goes here.
@@ -186,9 +200,10 @@ Putting it all together.
Gitano uses all of these libraries and adds utility commands
for managing repositories, users, rules, etc.
-# Using these libraries and with a small amount of code of its own
-# Gitano then provides a git service with important additional
-# commands such as creating and destroying repositories
+# Using these libraries and with a small amount of code of
+# its own Gitano then provides a git service with important
+# additional commands such as creating and destroying
+# repositories
-- [font=Monospace 50px] [no-markup]
@@ -223,12 +238,14 @@ OpenSSH server, Cgit (gitweb at a pinch), git-daemon
Outgoing HTTP calls from hooks
-# Horrifyingly shocking idea, but integrating with external services
-# is a good idea. As such, Gitano uses OpenSSH (nominally any other SSH too)
-# for authentication and secure connections.
-# Primarily focussed on cgit, we do generate the bits needed for gitweb
-# to operate too. And we produce the git-daemon-export-ok file for the
-# git daemon to be able to work.
+# Horrifyingly shocking idea, but integrating with external
+# services is a good idea. As such, Gitano uses OpenSSH
+# (nominally any other SSH too) for authentication and
+# secure connections.
+# Primarily focussed on cgit, we do generate the bits needed
+# for gitweb to operate too. And we produce the
+# git-daemon-export-ok file for the git daemon to be able to
+# work.
-- [backing-cat-shocked.png]
@@ -253,13 +270,13 @@ Lots of ideas for future content, see the Trello
- https://trello.com/b/l4Id6iiC/gitanow
- (Link is on www.gitano.org.uk)
-# I would welcome contributions to Gitano or the libraries behind it.
-# I would especially welcome contributions which increase the scenario test
-# suite coverage.
+# I would welcome contributions to Gitano or the libraries
+# behind it. I would especially welcome contributions which
+# increase the scenario test suite coverage.
-- [backing-cat-eat-you.png]
--- [command=gnome-terminal -e 'mutt'] [backing-cat-eat-you.png]
+-- [command=gnome-terminal] [backing-cat-eat-you.png]
Live demo and walkthrough
@@ -270,7 +287,8 @@ Live demo and walkthrough
- Commander Shore
-# I make no promises, but here goes a demo which might eat my face.
+# I make no promises, but here goes a demo which might eat
+# my face.
-- [backing-cat-flop.png]