Why I Forked the Git Frontend 'legit'

In a previous post, I introduced ’legit’, a fantastic git frontend originally written by icyphox. I’ve since decided to “hard-fork” the project to better suit my needs, creating a new, independent version.

Key Changes in the Fork

My primary goal was to make deployment simpler and more secure. The new version introduces a few changes:

• Self-Contained Application: Legit is now a single, self-contained binary. All necessary template and static files are embedded directly into the program, and the config.yaml file has been replaced by environment variables. This means you no longer need to manage separate configuration or asset folders.
• Enhanced Security: The .service file (for running legit on Linux) has been hardened. The program now has read-only access to the repository folder and is blocked from reading or writing to any other part of the file system. This sandboxing ensures that even if a vulnerability were found in legit, it couldn’t affect the rest of your system.

Why Create a Fork?

Normally, I believe it’s best to contribute changes back to the original (“upstream”) project. However, several pull requests in the original repository have gone unanswered. Furthermore, some external dependencies were outdated or pinned to old versions, which can create bugs and security risks.

Implementing my desired changes — like using environment variables exclusively for configuration and embedding all templates — would have been too complex to add to the original project without introducing breaking changes. I am grateful for the great foundation icyphox created, and I’m happy to build on top of it.

If you’re interested in contributing to this new version of legit, please get in touch to discuss the possibilities. You can find the source code of legit — in legit.