~nabijaczleweli

Kraków, Poland

https://nabijaczleweli.xyz

Trackers

~nabijaczleweli/ratrun

Last active 2 months ago

~nabijaczleweli/voreutils

Last active 1 year, 7 months ago

~nabijaczleweli/febug

Last active 2 years ago

~nabijaczleweli/yaxpeax-superh

Last active 2 years ago

~nabijaczleweli/tzpfms

Last active 2 years ago

~nabijaczleweli/klapki

Last active 2 years ago

#370 uploadArtifact() returns Artifact with obviously fake URL 2 months ago

Comment by ~nabijaczleweli on ~sircmpwn/git.sr.ht

I think it was correct until I found it was equally correct to guess the URL without auth, which I posted privately to Drew as msgid <20200820213847.voimtr2f7ymf7ckh@tarta.nabijaczleweli.xyz>, and resulted in this advisory and this git.sr.ht commit.

This URL, as returned by the HTTP API is equally meaningless as the broken URL returned by the GraphQL one, and has been for >2yrs. Given that, I think it very much makes sense to:

Because as it stands, regardless of if we fill it out to match the HTTP-API-returned URL, it's still just pure padding.

#371 Artifacts for digit-only tags accepted, but not shown 2 months ago

Comment by ~nabijaczleweli on ~sircmpwn/git.sr.ht

As a work-around, you can abuse the sourcehutism of uploading-to-commit by setting revspec to the SHA instead of the tag name.

#371 Artifacts for digit-only tags accepted, but not shown 2 months ago

Comment by ~nabijaczleweli on ~sircmpwn/git.sr.ht

Just guessing the URL doesn't work (404), so I guess it really isn't uploaded? Despite returning success?

Uploading from the web UI does work.

#371 Artifacts for digit-only tags accepted, but not shown 2 months ago

Ticket created by ~nabijaczleweli on ~sircmpwn/git.sr.ht

Consider:

build@build:~$ for f in *.tbz2 *.ps *.pdf; do
>         curl -F operations='{
>                "query": "mutation($id: Int!, $rev: String!, $file: Upload!) {uploadArtifact(repoId: $id, revspec: $rev, file: $file) { created, filename, checksum } }",
>                "variables": { "file": null, "rev": "'"$rev"'", "id": '"$id"' }
>              }' \
>              -F map='{
>                "a": ["variables.file"]
>              }' \
>              -F a=@"$f" \
>              https://git.sr.ht/query
>         echo
>       done
+ for f in *.tbz2 *.ps *.pdf
+ curl --oauth2-bearer stripped -F 'operations={
               "query": "mutation($id: Int!, $rev: String!, $file: Upload!) {uploadArtifact(repoId: $id, revspec: $rev, file: $file) { created, filename, checksum } }",
               "variables": { "file": null, "rev": "2", "id": 210654 }
             }' -F 'map={
               "a": ["variables.file"]
             }' -F a=@ratrun-2-man.tbz2 https://git.sr.ht/query
{"errors":[{"message":"Put \"https://patchouli.sr.ht/git.sr.ht/\": context deadline exceeded","path":["uploadArtifact"]}],"data":null}+ echo

+ for f in *.tbz2 *.ps *.pdf
+ curl --oauth2-bearer stripped -F 'operations={
               "query": "mutation($id: Int!, $rev: String!, $file: Upload!) {uploadArtifact(repoId: $id, revspec: $rev, file: $file) { created, filename, checksum } }",
               "variables": { "file": null, "rev": "2", "id": 210654 }
             }' -F 'map={
               "a": ["variables.file"]
             }' -F a=@ratrun-2.ps https://git.sr.ht/query
{"data":{"uploadArtifact":{"created":"2022-11-03T16:42:29.336543Z","filename":"ratrun-2.ps","checksum":"sha256:5679f0773ecb6b468c890fabb9bafdc832521de9a12024b968208496e1daa586"}}}+ echo

+ for f in *.tbz2 *.ps *.pdf
+ curl --oauth2-bearer stripped -F 'operations={
               "query": "mutation($id: Int!, $rev: String!, $file: Upload!) {uploadArtifact(repoId: $id, revspec: $rev, file: $file) { created, filename, checksum } }",
               "variables": { "file": null, "rev": "2", "id": 210654 }
             }' -F 'map={
               "a": ["variables.file"]
             }' -F a=@ratrun-2.pdf https://git.sr.ht/query
{"data":{"uploadArtifact":{"created":"2022-11-03T16:42:29.842201Z","filename":"ratrun-2.pdf","checksum":"sha256:ec185cac6982bbd065bc3ff58d92369453500f05c1ec7b09d338a2c49434b9a1"}}}+ echo

and

+ for f in *.tbz2 *.ps *.pdf
+ curl --oauth2-bearer stripped -F 'operations={
               "query": "mutation($id: Int!, $rev: String!, $file: Upload!) {uploadArtifact(repoId: $id, revspec: $rev, file: $file) { created, filename, checksum } }",
               "variables": { "file": null, "rev": "1", "id": 210654 }
             }' -F 'map={
               "a": ["variables.file"]
             }' -F a=@ratrun-1-man.tbz2 https://git.sr.ht/query
{"data":{"uploadArtifact":{"created":"2022-11-03T16:38:51.637655Z","filename":"ratrun-1-man.tbz2","checksum":"sha256:eace89e8f756b0b3acdfc00b0d3dc2c983a4278a7dd70259ffec2c57f8db3e7d"}}}+ echo

+ for f in *.tbz2 *.ps *.pdf
+ curl --oauth2-bearer stripped -F 'operations={
               "query": "mutation($id: Int!, $rev: String!, $file: Upload!) {uploadArtifact(repoId: $id, revspec: $rev, file: $file) { created, filename, checksum } }",
               "variables": { "file": null, "rev": "1", "id": 210654 }
             }' -F 'map={
               "a": ["variables.file"]
             }' -F a=@ratrun-1.ps https://git.sr.ht/query
{"data":{"uploadArtifact":{"created":"2022-11-03T16:38:52.118896Z","filename":"ratrun-1.ps","checksum":"sha256:5679f0773ecb6b468c890fabb9bafdc832521de9a12024b968208496e1daa586"}}}+ echo

+ for f in *.tbz2 *.ps *.pdf
+ curl --oauth2-bearer stripped -F 'operations={
               "query": "mutation($id: Int!, $rev: String!, $file: Upload!) {uploadArtifact(repoId: $id, revspec: $rev, file: $file) { created, filename, checksum } }",
               "variables": { "file": null, "rev": "1", "id": 210654 }
             }' -F 'map={
               "a": ["variables.file"]
             }' -F a=@ratrun-1.pdf https://git.sr.ht/query
{"data":{"uploadArtifact":{"created":"2022-11-03T16:38:52.517419Z","filename":"ratrun-1.pdf","checksum":"sha256:ec185cac6982bbd065bc3ff58d92369453500f05c1ec7b09d338a2c49434b9a1"}}}+ echo

So why are they not showing up in https://git.sr.ht/~nabijaczleweli/ratrun/refs/1 or https://git.sr.ht/~nabijaczleweli/ratrun/refs/2?

(There are some there, for v2 and 2b tags – which work fine – which I've created later as a test; do observe there are no ratrun-[12]-* files!)

#370 uploadArtifact() returns Artifact with obviously fake URL 2 months ago

Ticket created by ~nabijaczleweli on ~sircmpwn/git.sr.ht

Consider the given:

$ curl -F operations='{ "query": "mutation($file: Upload!) {uploadArtifact(repoId: 210654, revspec: \"test\", file: $file) { id, created, filename, checksum, url} }", "variables": {"file": null} }' -F map='{"0":["variables.file"]}}' -F 0=@a https://git.sr.ht/query | jq
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   806  100   224  100   582    440   1143 --:--:-- --:--:-- --:--:--  1583
{
  "data": {
    "uploadArtifact": {
      "id": 3232,
      "created": "2022-10-31T22:14:21.793509Z",
      "filename": "a",
      "checksum": "sha256:87428fc522803d31065e7bce3cf03fe475096631e5e07bbd7a0fde60c4cf25c7",
      "url": "https://patchouli.sr.ht/git.sr.ht//a"
    }
  }
}
$ curl -F operations='{ "query": "mutation($file: Upload!) {uploadArtifact(repoId: 210654, revspec: \"test\", file: $file) { id, created, filename, checksum, url} }", "variables": {"file": null} }' -F map='{"0":["variables.file"]}}' -F 0=@b https://git.sr.ht/query | jq
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   805  100   223  100   582    400   1044 --:--:-- --:--:-- --:--:--  1445
{
  "data": {
    "uploadArtifact": {
      "id": 3233,
      "created": "2022-10-31T22:15:20.59545Z",
      "filename": "b",
      "checksum": "sha256:0263829989b6fd954f72baaf2fc64bc2e2f01d692d4de72986ea808f6e99813f",
      "url": "https://patchouli.sr.ht/git.sr.ht//b"
    }
  }
}

What's the point of the URL here?

Admittedly, even on the old POST /api/repos/voreutils/artifacts API that did return an actual non-fake URL, like https://patchouli.sr.ht/git.sr.ht/artifacts/~nabijaczleweli/tzpfms/tzpfms-v0.3.1-manual.ps, which is still useless because it prompts for credentials, but at least that pretends it did something.

#357 Blame view shards at (arbitrary?) porcelain boundary instead of at SHAs 1 year, 5 days ago

Ticket created by ~nabijaczleweli on ~sircmpwn/git.sr.ht

Consider this blame (L296): https://git.sr.ht/~nabijaczleweli/foreports/blame/14c7148c0cfa0da4d3d2fae30c136c5e4d9c89e2/ar.c#L296 which reads

14c7148c наб 4 months ago  296 int tcmd(void)
08def261 наб 4 months ago  297 {
08def261 наб 4 months ago  298 	if(getaf())
                           299 		noar();

&c. ‒ in multiple places I've found these to be doubled, for no Actual reason. This is odd and confusing, esp. with the side-bar colouring.

A normal blame is as-expected:

14c7148c (наб 2021-09-11 15:10:48 +0200 296) int tcmd(void)
^08def26 (наб 2021-09-11 15:03:21 +0200 297) {
^08def26 (наб 2021-09-11 15:03:21 +0200 298) 	if(getaf())
^08def26 (наб 2021-09-11 15:03:21 +0200 299) 		noar();

But the porcelain one (-p) shards the exact same way (the final number is the amount of lines in a block):

14c7148c0cfa0da4d3d2fae30c136c5e4d9c89e2 296 296 1
	int tcmd(void)
08def261ae73dc292ed344d65ddc45a1787207fd 269 297 1
	{
08def261ae73dc292ed344d65ddc45a1787207fd 271 298 10
		if(getaf())
08def261ae73dc292ed344d65ddc45a1787207fd 272 299
			noar();

Why this shards is beyond me (line number in original/line number now being non-consecutive, maybe, with the 2nd and 3rd numbers?), but it should be relatively simple to weld them in a post-processing step on libgit output.

I'll probably do it, but there's no telling when, so noting this down for future.

#310 Support for non-UTF-8 refs 1 year, 10 months ago

Comment by ~nabijaczleweli on ~sircmpwn/git.sr.ht

Landed in 0.72.12, closing

REPORTED RESOLVED FIXED

#338 Line numbering script violates CSP 1 year, 10 months ago

Comment by ~nabijaczleweli on ~sircmpwn/git.sr.ht

The current CSP is content-security-policy: default-src 'none'; style-src 'self' 'unsafe-inline'; img-src *; script-src 'self', you need script-src 'self' 'unself-inline'; similar thing for inline images.

#1 febug-pkgsrc relies on fusefs-libs3 from FreeBSD ports 2 years ago

Ticket created by ~nabijaczleweli on ~nabijaczleweli/febug

But shouldn't. However, I didn't find a way to make it properly eat pkgsrc fuse, so.

#33 Generated archives have unstable checksum due to changing timestamps 2 years ago

Comment by ~nabijaczleweli on ~sircmpwn/hg.sr.ht

Unless I'm more blind than usual, the fix has required and still requires patching the upstream mercurial server, since the actual packaging call is

hg_repo.client.archive(path.encode(),
    rev=rev,
    prefix=basename,
    type="tgz")

and mercurial uses a homebrew archiver (https://www.mercurial-scm.org/repo/hg/file/d42809b6b10f/mercurial/archival.py#l134), which shouldn't be too difficult to fix if you have a repro, which it looks like you do.