diff --git a/roles/aurweb/defaults/main.yml b/roles/aurweb/defaults/main.yml
index c7fe0c27fe09e04128f79ab6f8adfbc88862f1f5..3a5d346f6b76cbf196ea8e1d6d5d109d1f70141b 100644
--- a/roles/aurweb/defaults/main.yml
+++ b/roles/aurweb/defaults/main.yml
@@ -8,7 +8,7 @@ aurweb_conf_dir: '/etc/aurweb'
aurweb_git_dir: "{{ aurweb_dir }}/aur.git"
aurweb_git_hook: '/usr/local/bin/aurweb-git-update'
aurweb_nginx_conf: '/etc/nginx/nginx.d/aurweb.conf'
-aurweb_version: 'v6.1.4'
+aurweb_version: 'v6.1.7'
aurweb_pgp_keys: ['0F985B6F99B6686854C44EC3F7E46DED420788F3', 'DB650286BD9EAE39890D3FE6FE3DC1668CB24956']
aurweb_db: 'aur'
diff --git a/roles/aurweb/tasks/main.yml b/roles/aurweb/tasks/main.yml
index 957ddb77adde3c9f208f4c548db16447426f01c4..1264f0c117738ec81b2a623b20a01e122bc328df 100644
--- a/roles/aurweb/tasks/main.yml
+++ b/roles/aurweb/tasks/main.yml
@@ -74,6 +74,8 @@
with_items:
- aurweb-git.service
- aurweb-git.timer
+ - aurweb-git-archive.service
+ - aurweb-git-archive.timer
- aurweb-aurblup.service
- aurweb-aurblup.timer
- aurweb-mkpkglists.service
@@ -95,6 +97,7 @@
service: name={{ item }} enabled=yes state=stopped
with_items:
- aurweb-git.timer
+ - aurweb-git-archive.timer
- aurweb-aurblup.timer
- aurweb-mkpkglists.timer
- aurweb-pkgmaint.timer
@@ -305,8 +308,10 @@
service: name={{ item }} enabled=yes state=started daemon_reload=yes
with_items:
- aurweb-git.timer
+ - aurweb-git-archive.timer
- aurweb-aurblup.timer
- aurweb-mkpkglists.timer
+ - aurweb-git-archive.timer
- aurweb-pkgmaint.timer
- aurweb-popupdate.timer
- aurweb-tuvotereminder.timer
diff --git a/roles/aurweb/templates/aurweb-git-archive.service.j2 b/roles/aurweb/templates/aurweb-git-archive.service.j2
new file mode 100644
index 0000000000000000000000000000000000000000..aff4f8a5d35697f1640e24da749990eaaa15ac0d
--- /dev/null
+++ b/roles/aurweb/templates/aurweb-git-archive.service.j2
@@ -0,0 +1,40 @@
+[Unit]
+Description=Generate and update Git Archive repositories
+Requires=mysqld.service
+After=mysqld.service
+
+[Service]
+Type=oneshot
+User={{ aurweb_user }}
+WorkingDirectory={{ aurweb_dir }}
+ExecStart=/usr/bin/poetry run aurweb-git-archive --spec metadata
+ExecStart=/usr/bin/poetry run aurweb-git-archive --spec users
+ExecStart=/usr/bin/poetry run aurweb-git-archive --spec pkgbases
+ExecStart=/usr/bin/poetry run aurweb-git-archive --spec pkgnames
+
+NoNewPrivileges=true
+LockPersonality=true
+CapabilityBoundingSet=
+ReadWritePaths={{ aurweb_dir }}
+
+PrivateDevices=true
+PrivateTmp=true
+ProtectSystem=strict
+
+MemoryDenyWriteExecute=true
+RemoveIPC=true
+RestrictRealtime=true
+RestrictNamespaces=true
+RestrictSUIDSGID=true
+
+RestrictAddressFamilies=AF_UNIX
+
+ProtectHostname=true
+ProtectControlGroups=true
+ProtectKernelLogs=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectClock=true
+ProtectProc=noaccess
+
+SystemCallArchitectures=native
diff --git a/roles/aurweb/templates/aurweb-git-archive.timer.j2 b/roles/aurweb/templates/aurweb-git-archive.timer.j2
new file mode 100644
index 0000000000000000000000000000000000000000..b4d95de0fe75085a638a562c8fe938975e3494b7
--- /dev/null
+++ b/roles/aurweb/templates/aurweb-git-archive.timer.j2
@@ -0,0 +1,13 @@
+[Unit]
+Description=Generate and update Git Archive repositories
+
+[Timer]
+# This is set to 10m intervals as of 09/26/2022. We'll be keeping
+# aurweb-mkpkglists around for two months after v6.1.5 deployment.
+# At that time (two months after deploy), this should be changed
+# to 5m intervals and aurweb-mkpkglists should be removed from use.
+OnStartupSec=10m
+OnUnitActiveSec=10m
+
+[Install]
+WantedBy=timers.target
diff --git a/roles/aurweb/templates/config.j2 b/roles/aurweb/templates/config.j2
index 3544fe1ab8d74e26f11337fcb1ef63ba7f078674..5079f041b16add68fee78a54aeab5b0282a2c432 100644
--- a/roles/aurweb/templates/config.j2
+++ b/roles/aurweb/templates/config.j2
@@ -51,6 +51,16 @@ packagesmetaextfile = {{ aurweb_dir }}/web/html/packages-meta-ext-v1.json.gz
pkgbasefile = {{ aurweb_dir }}/web/html/pkgbase.gz
userfile = {{ aurweb_dir }}/web/html/users.gz
+[git-archive]
+; One week in seconds
+popularity-interval = 604800
+
+; Git Archive repository locations
+metadata-repo = {{ aurweb_dir }}/metadata.git
+users-repo = {{ aurweb_dir }}/users.git
+pkgbases-repo = {{ aurweb_dir }}/pkgbases.git
+pkgnames-repo = {{ aurweb_dir }}/pkgnames.git
+
[notifications]
notify-cmd = aurweb-notify
{# Gitlab project and token used for traceback reports. #}
diff --git a/roles/aurweb/templates/nginx.d.conf.j2 b/roles/aurweb/templates/nginx.d.conf.j2
index 891bd75343e894b2420525fa7c1e11fd99766090..6369d5db1bb805bf0f98e98ed2a709856e1ca522 100644
--- a/roles/aurweb/templates/nginx.d.conf.j2
+++ b/roles/aurweb/templates/nginx.d.conf.j2
@@ -51,6 +51,32 @@ server {
return 301 https://tu-bylaws.aur.archlinux.org;
}
+ #
+ # smartgit location for Git Archive repositories
+ # Should be shallow-cloned:
+ # `git clone --depth=1 https://aur_location/archives/metadata.git`
+ #
+ # Routes:
+ # - /archives/metadata.git
+ # - /archives/users.git
+ # - /archives/pkgbases.git
+ # - /archives/pkgnames.git
+ #
+ location ~ "^/archives/(metadata|users|pkgbases|pkgnames)(\.git)/(git-(receive|upload)-pack|HEAD|info/refs|objects/(info/(http-)?alternates|packs)|[0-9a-f]{2}/[0-9a-f]{38}|pack/pack-[0-9a-f]{40}\.(pack|idx))" {
+ include uwsgi_params;
+ uwsgi_pass smartgit;
+ uwsgi_modifier1 9;
+ uwsgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend;
+ uwsgi_param PATH_INFO /$1.git/$3;
+ uwsgi_param GIT_HTTP_EXPORT_ALL "";
+ uwsgi_param GIT_PROJECT_ROOT {{ aurweb_dir }};
+ }
+
+ #
+ # smartgit location for AUR package git repository
+ # Clone packages:
+ # `git clone https://aur_location/pkgname.git`
+ #
location ~ "^/([a-z0-9][a-z0-9.+_-]*?)(\.git)?/(git-(receive|upload)-pack|HEAD|info/refs|objects/(info/(http-)?alternates|packs)|[0-9a-f]{2}/[0-9a-f]{38}|pack/pack-[0-9a-f]{40}\.(pack|idx))$" {
limit_req zone=aurwebgitlimit burst=900 nodelay;
include uwsgi_params;