[ANNOUNCE] CGIT v0.10 Released with Lua Scripting, Authentication Support, and more

Jason A. Donenfeld Jason at zx2c4.com
Fri Jan 17 16:18:32 CET 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi everyone,

CGit 0.10 has been another huge release cycle, containg quite a few major new
features, including the much anticipated authentication support and Lua
scripting, as well as extensive under-the-hood changes and fixes: we're moving
very close to git's codebase, integrating with its build system and using more
and more of its internal classes.

== CGit on the Web ==

+ homepage: http://git.zx2c4.com/cgit/about/
+ git repository: http://git.zx2c4.com/cgit/
+ git clone: git://git.zx2c4.com/cgit
+ mailing list: cgit at lists.zx2c4.com
+ mailing list subscribe: http://lists.zx2c4.com/mailman/listinfo/cgit

== ChangeLog v0.10 ==

64 files changed, 2214 insertions(+), 991 deletions(-)

Features:
+ **Lua scripting support**:
  This is huge! Before, filters would do a fork() and an exec() on each
  invocation of the shell script or external program. This meant that for
  filters that are called many times during cgit's excution (such as the
  email-filter, below), performance would drop drastically. So, we've
  integrated support for Lua scripts with a built-in interpreter that can use
  either mainline Lua or LuaJIT. We also ship with a few sample Lua scripts.
  No forking is required, as these run right inside cgit. A Lua script can be
  specified in the config by prefixing it with "lua:", as opposed to the older
  "exec:" scripts.

+ **Authentication support**:
  This also is huge! Now repositories can be password protected. In fact, it's
  not just "repositories" and it's not just "password protected". The new
  authentication infrastructure uses our shiny new Lua scripting engine, which
  means you can restrict access to any cgit resource -- be it a repo, a tag,
  anything -- using any form of authentication -- passwords, tokens, oauth.
  The system is very modular. We've written filters/simple-authentication.lua
  which should cover most simple needs for basic password authentication, but
  this script can easily be modified for a very wide variety of needs. The new
  "auth-filter" option handles this.

+ **Email filter support**:
  At many places in cgit, we display an author or tagger name, and these names
  are always connected to an email address. We therefore have a new email
  filter, which filters the display of this text and receives the author's
  email address as an argument. This makes it possible to add features like
  Gravatars (see filters/email-gravatar.lua). It was requested by the
  kernel.org sysadmins for connecting cgit to a new key platform they're
  developing based on commit authors.

+ filter infrastructure revamp:
  Filters can now return values, can persist throughout the execution of
  cgit, can be constructed and destructed lazily, and in general received
  essentially a complete rewrite and rearchitecting. We now do things like
  hook libc's write() so that we can give certain outputs directly from git to
  various in-memory or out-of-process filters, depending on our needs.

+ support "rawdiff" command:
  This can be used to generate raw diffs between arbitrary revisions using
  something like: http://git.zx2c4.com/cgit/rawdiff/?id=v0.9.2&id2=v0.10

+ likewise, the "patch" command now supports taking an id2:
  This allows for specifying a revision range using the id2 parameter of
  /patch/. The output that is produced is similar to
      $ git format-patch --stdout id2..id

+ enable caching for rendered about pages with the cache-about-ttl option
+ move about tab to the left to highlight its new importance
+ the owner column in the repo list is now clickable to initiate a search of
  all repos with that owner, requested by repo.or.cz

+ largely expanded test suite, with support for patches, filters, and valgrind
  Valgrind can be run with the test suite using the new option:
      $ make test CGIT_TEST_OPTS=--valgrind

+ we now ship with a favicon
+ disallow snapshots from search engines

+ upgrade to git 1.8.5
+ use git's strbuf many places, such as reading config files
+ use git's array helper classes in many places
+ use git's prefixcmp and suffixcmp functions instead of strncmp

+ support latest highlight binaries in highlight.sh
+ much improved syntax-highlighting.py in terms of autodetection of file
  format


Behavior changes:
+ by default, the package prefix is now /usr/local:
  Package managers should take note of this and adjust accordingly.

+ we now disallow undocumented snapshot delminators:
  Since the introduction of selective snapshot format configuration in
  dc3c9b5 (allow selective enabling of snapshots, 2007-07-21), we allowed
  seven different delimiters for snapshot formats, while the documentation
  has always been clear about spaces being the only valid delimiter:
      The value is a space-separated list of zero or more of the values
          "tar", "tar.gz", "tar.bz2", "tar.xz" and "zip".
  Supporting the undocumented delimiters makes the code unnecessarily complex.

+ due to bugs in pygments, syntax-highlighting.py now requires python2 instead
  of python3. This will be reverted in the next release.


Bug fixes:
+ numerous memleaks plugged, as well as use-after-free bugs
+ utf8 fixes in markdown and syntax highlighting filters
+ document negative cache ttl values
+ fix dynamic vs static cache ttl values
+ do not show negative age
+ fix tight loop on section-from-path > 1 with slashes
+ document usefulness of agefile:
  Sometimes it is quite nice to have the "age: 6 minutes" update on various
  conditions. CGit has long supported the "agefile" option. Little known was
  that a nice way to use this option is in a post-receive git hook that
  touches info/web/last-modified.
+ numerous documentation spelling errors and errata
+ don't append charset for binary MIME types
+ reduced line number bloat and a working line hover effect:
  For a file with 2000 lines, this yields a saving of 40%.
+ do not rely on bash in about-formatting.sh
+ do not branch on uninitialized variable in cache slot system
+ remember to html escape various URLs

== Downloading ==

+ http://git.zx2c4.com/cgit/snapshot/cgit-0.10.tar.xz
  83f20cbccb04dfcc4307383eb8744c262945eac8 (sha1)
  19944c17ecea1b1d1944718ce8ce6b61 (md5)

+ For verification, git tag v0.10 is signed with my public key: 0xA5DE03AE
  http://pgp.mit.edu:11371/pks/lookup?op=vindex&search=0x49FC7012A5DE03AE

== Moving Forward ==

We'd like to have this set of features in our next releases:

+ FastCGI support
+ More malloc()/free() cleanups
+ git-blame support
+ git-grep support
+ HTML5 compliance
+ More filters everywhere
+ Expanded test suite
+ Line number anchors highlighting the current line

- --
Jason A. Donenfeld
www.zx2c4.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQIcBAEBAgAGBQJS2UlSAAoJEEn8cBKl3gOuc9gP/A4qiq2XAP8jP40WnTfN2pID
A4KVF8CFSpWFAFaCrjMAoKx17Unr61zorbCJKfna3x2CL5gNvtW9LhHVxn90r+i6
uluhLJ2Y/k0sMyxfm2OSngB7RKltymiBd7INw5J87IKQ3HIo0Pj2j/DHULgmGtH6
neja0rrRZU9//+ImgzbMoPpofHiuu8rfmGv3a3bBO1Mq9/9lKVPghdzD9UGTVOE2
Y9Zo3COwYLVpZuFaYmAWNMCUb5e/v9ImJkqxNXrUtLx3YAldmtORZzn/mVcu5kfX
xH33PYQSOtYiA0BqczR7Fysrt/T1F1yC/stKUzJdJskigO7XBw+bCEkEXBS19FoE
i9WTAMJkiMiZmH1ZgblzmA5wtQR+J17cYYDFZe1rbAHOGZ8QwHylz5WXYvXlCBin
lcBgqYUjgYDl4mccbbaYr8ab2H7SfRuifJf4y5zn3DxpT03ol8ltxtOHZ9H7IGVH
S6WbrpEKZQ1wcqkixlcvdlOivWLV+NEPxgdy57zdVlR8PPM0Tw4cVY5xMq/o8NFI
EJLQrapj8AOlx3JDVH/coQPqXTGYzNYvCr502FAcubL8K9TLLJINoXtzizSaEtul
XiGUFcQvduHhsm52TVufaOViTjf29LgJrSbBIrcn9gGxhspxH9NmtKgM3a4SAHW4
T/c62OmvHom7Ou/3eRpp
=hmZ9
-----END PGP SIGNATURE-----


More information about the CGit mailing list