prepare release

Merge pull request #2110 from msoedov/misspellings
Fix misspelled words
2026-03-01 09:40:55 +01:00 · 2015-12-06 15:34:17 -05:00 · 2015-12-06 15:27:11 -05:00 · 2015-12-06 16:42:23 +02:00 · 2015-12-05 17:49:46 -05:00 · 2015-12-05 17:39:29 -05:00
400 changed files with 26656 additions and 53266 deletions
--- a/.bra.toml
+++ b/.bra.toml
@@ -13,7 +13,7 @@ watch_dirs = [
 watch_exts = [".go"]
 build_delay = 1500
 cmds = [
-	["go", "install", "-tags", "sqlite tidb"],# redis memcache cert pam
-	["go", "build", "-tags", "sqlite tidb"],
+	["go", "install", "-race"], # sqlite redis memcache cert pam tidb
+	["go", "build", "-race"],
 	["./gogs", "web"]
 ]
--- a/.dockerignore
+++ b/.dockerignore
@@ -1,6 +1,14 @@
+.git
+.git/
 .git/*
+conf
+conf/
 conf/*
+packager
+packager/
 packager/*
+scripts
+scripts/
 scripts/*
 *.yml
 *.md
@@ -9,4 +17,4 @@ scripts/*
 .gitignore
 .gopmfile
 config.codekit
-LICENSE
+LICENSE
--- a/.gitignore
+++ b/.gitignore
@@ -35,3 +35,5 @@ docker/docker/Dockerfile
 docker/docker/init_gogs.sh
 gogs.sublime-project
 gogs.sublime-workspace
+.tags*
+release
--- a/.gopmfile
+++ b/.gopmfile
@@ -3,37 +3,46 @@ path = github.com/gogits/gogs

 [deps]
 github.com/bradfitz/gomemcache = commit:72a68649ba
-github.com/Unknwon/cae = commit:2e70a1351b
-github.com/Unknwon/com = commit:47d7d2b81a
-github.com/Unknwon/i18n = commit:7457d88830
-github.com/Unknwon/macaron = commit:05317cffe5
-github.com/Unknwon/paginater = commit:cab2d086fa
-github.com/codegangsta/cli = commit:142e6cd241
-github.com/go-sql-driver/mysql = commit:527bcd55aa
-github.com/go-xorm/core = commit:3e10003353
-github.com/go-xorm/xorm = commit:803f6db50c
+github.com/codegangsta/cli = commit:0302d39
+github.com/go-macaron/binding = commit:2502aaf
+github.com/go-macaron/cache = commit:5617353
+github.com/go-macaron/captcha = commit:8aa5919
+github.com/go-macaron/csrf = commit:715bca0
+github.com/go-macaron/gzip = commit:4938e9b
+github.com/go-macaron/i18n = commit:d2d3329
+github.com/go-macaron/inject = commit:c5ab7bf
+github.com/go-macaron/session = commit:66031fc
+github.com/go-macaron/toolbox = commit:ab30a81
+github.com/go-sql-driver/mysql = commit:d512f20
+github.com/go-xorm/core = commit:acb6f00
+github.com/go-xorm/xorm = commit:a8fba4d
 github.com/gogits/chardet = commit:2404f77725
-github.com/gogits/go-gogs-client = commit:519eee0af0
-github.com/lib/pq = commit:b269bd035a
-github.com/macaron-contrib/binding = commit:1935a991f2
-github.com/macaron-contrib/cache = commit:a139ea1eee
-github.com/macaron-contrib/captcha = commit:9a0a0b1468
-github.com/macaron-contrib/csrf = commit:98ddf5a710
-github.com/macaron-contrib/i18n = commit:da2b19e90b
-github.com/macaron-contrib/session = commit:e48134e803
-github.com/macaron-contrib/toolbox = commit:acbfe36e16
-github.com/mattn/go-sqlite3 = commit:b808f01f66
-github.com/mcuadros/go-version = commit:d52711f8d6
-github.com/microcosm-cc/bluemonday = commit:85ba47ef2c
-github.com/mssola/user_agent = commit:a163d6a569
-github.com/msteinert/pam = commit:6534f23b39
+github.com/gogits/git-shell = commit:de77627
+github.com/gogits/go-gogs-client = commit:4b541fa
+github.com/issue9/identicon = commit:f8c0d2c
+github.com/klauspost/compress = commit:bcd0709
+github.com/klauspost/cpuid = commit:8d9fe96
+github.com/klauspost/crc32 = commit:0aff1ea
+github.com/lib/pq = commit:11fc39a
+github.com/mattn/go-sqlite3 = commit:5651a9d
+github.com/mcuadros/go-version = commit:d52711f
+github.com/microcosm-cc/bluemonday = commit:4ac6f27
+github.com/msteinert/pam = commit:02ccfbf
 github.com/nfnt/resize = commit:dc93e1b98c
-github.com/russross/blackfriday = commit:8cec3a854e
-github.com/shurcooL/sanitized_anchor_name = commit:244f5ac324
+github.com/russross/blackfriday = commit:300106c
+github.com/shurcooL/sanitized_anchor_name = commit:10ef21a
+github.com/Unknwon/cae = commit:7f5e046
+github.com/Unknwon/com = commit:28b053d
+github.com/Unknwon/i18n = commit:3b48b66
+github.com/Unknwon/paginater = commit:7748a72
 golang.org/x/net = 
-golang.org/x/text = 
-gopkg.in/gomail.v2 = commit:b1e55520bf
-gopkg.in/ini.v1 = commit:e8c222fea7
+golang.org/x/text =
+golang.org/x/crypto =
+gopkg.in/asn1-ber.v1 = commit:4e86f43
+gopkg.in/gomail.v2 = commit:df6fc79
+gopkg.in/ini.v1 = commit:65f8c74
+gopkg.in/ldap.v2 = e9a325d
+gopkg.in/macaron.v1 = commit:1c6dd87
 gopkg.in/redis.v2 = commit:e617904962

 [res]
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,17 +1,18 @@
 language: go

 go:
-  - 1.2
  - 1.3
  - 1.4
  - 1.5
-  - tip

 before_install:
  - sudo apt-get update -qq
  - sudo apt-get install -y libpam-dev
  - go get github.com/msteinert/pam 

+install:
+  - go get -t -v ./...
+
 script: go build -v -tags "pam"

 notifications:
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -42,7 +42,7 @@ There is no standard form of making a feature request. Just try to describe the

 ### Pull Request

-Pull requests are always welcome, but note that **ALL PULL REQUESTS MUST APPLY TO THE `DEV` BRANCH**.
+Pull requests are always welcome, but note that **ALL PULL REQUESTS MUST APPLY TO THE `develop` BRANCH**.

 We are always thrilled to receive pull requests, and do our best to process them as fast as possible. Not sure if that typo is worth a pull request? Do it! We will appreciate it.

--- a/66
+++ b/66
@@ -1,54 +1,22 @@
-FROM google/debian:wheezy
-MAINTAINER u@gogs.io
+FROM alpine:3.2
+MAINTAINER roemer.jp@gmail.com

-RUN echo "deb http://ftp.debian.org/debian/ wheezy-backports main" >> /etc/apt/sources.list && \
-	apt-get update -qqy && \
-	apt-get install --no-install-recommends -qqy \
-	curl build-essential ca-certificates git \ 
-	openssh-server libpam-dev && \
-	apt-get autoclean && \
-    apt-get autoremove && \
-    rm -rf /var/lib/apt/lists/*
+# Install system utils & Gogs runtime dependencies
+ADD https://github.com/tianon/gosu/releases/download/1.6/gosu-amd64 /usr/sbin/gosu
+RUN echo "@edge http://dl-4.alpinelinux.org/alpine/edge/main" | tee -a /etc/apk/repositories \
+ && echo "@community http://dl-4.alpinelinux.org/alpine/edge/community" | tee -a /etc/apk/repositories \
+ && apk -U --no-progress upgrade \
+ && apk -U --no-progress add ca-certificates bash git linux-pam s6@edge curl openssh socat \
+ && chmod +x /usr/sbin/gosu

-ENV GOROOT /goroot
-ENV GOPATH /gopath
-ENV PATH $PATH:$GOROOT/bin:$GOPATH/bin
-
-COPY . /gopath/src/github.com/gogits/gogs/
-WORKDIR /gopath/src/github.com/gogits/gogs/
-
-# Build binary and clean up useless files
-RUN mkdir /goroot && \
-	curl https://storage.googleapis.com/golang/go1.5.linux-amd64.tar.gz | tar xzf - -C /goroot --strip-components=1 && \
-	go get -v -tags "sqlite redis memcache cert pam" && \
-	go build -tags "sqlite redis memcache cert pam" && \
-	mkdir /app/ && \
-	mv /gopath/src/github.com/gogits/gogs/ /app/gogs/ && \
-	rm -r $GOROOT $GOPATH
-
-WORKDIR /app/gogs/
-
-RUN useradd --shell /bin/bash --system --comment gogits git
-
-# SSH login fix, otherwise user is kicked off after login
-RUN mkdir /var/run/sshd && \
-	sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd && \
-	sed 's@UsePrivilegeSeparation yes@UsePrivilegeSeparation no@' -i /etc/ssh/sshd_config && \
-	echo "export VISIBLE=now" >> /etc/profile && \
-	echo "PermitUserEnvironment yes" >> /etc/ssh/sshd_config
-
-# Setup server keys on startup
-RUN sed 's@^HostKey@\#HostKey@' -i /etc/ssh/sshd_config && \
-	echo "HostKey /data/ssh/ssh_host_key" >> /etc/ssh/sshd_config && \
-	echo "HostKey /data/ssh/ssh_host_rsa_key" >> /etc/ssh/sshd_config && \
-	echo "HostKey /data/ssh/ssh_host_dsa_key" >> /etc/ssh/sshd_config && \
-	echo "HostKey /data/ssh/ssh_host_ecdsa_key" >> /etc/ssh/sshd_config && \
-	echo "HostKey /data/ssh/ssh_host_ed25519_key" >> /etc/ssh/sshd_config
-
-# Prepare data
 ENV GOGS_CUSTOM /data/gogs
-RUN echo "export GOGS_CUSTOM=/data/gogs" >> /etc/profile

+COPY . /app/gogs/
+WORKDIR /app/gogs/
+RUN ./docker/build.sh
+
+# Configure Docker Container
+VOLUME ["/data"]
 EXPOSE 22 3000
-ENTRYPOINT []
-CMD ["./docker/start.sh"]
+ENTRYPOINT ["docker/start.sh"]
+CMD ["/bin/s6-svscan", "/app/gogs/docker/s6/"]
--- a/Dockerfile.rpi
+++ b/Dockerfile.rpi
@@ -0,0 +1,22 @@
+FROM sander85/rpi-alpine:latest
+MAINTAINER roemer.jp@gmail.com, raxetul@gmail.com
+
+# Install system utils & Gogs runtime dependencies
+ADD https://github.com/tianon/gosu/releases/download/1.6/gosu-armhf /usr/sbin/gosu
+RUN echo "@edge http://dl-4.alpinelinux.org/alpine/edge/main" | tee -a /etc/apk/repositories \
+ && echo "@community http://dl-4.alpinelinux.org/alpine/edge/community" | tee -a /etc/apk/repositories \
+ && apk -U --no-progress upgrade \
+ && apk -U --no-progress add ca-certificates bash git linux-pam s6@edge curl openssh socat \
+ && chmod +x /usr/sbin/gosu
+
+ENV GOGS_CUSTOM /data/gogs
+
+COPY . /app/gogs/
+WORKDIR /app/gogs/
+RUN ./docker/build.sh
+
+# Configure Docker Container
+VOLUME ["/data"]
+EXPOSE 22 3000
+ENTRYPOINT ["docker/start.sh"]
+CMD ["/usr/bin/s6-svscan", "/app/gogs/docker/s6/"]
--- a/46
+++ b/46
@@ -0,0 +1,46 @@
+LDFLAGS += -X "github.com/gogits/gogs/modules/setting.BuildTime=$(shell date -u '+%Y-%m-%d %I:%M:%S %Z')"
+LDFLAGS += -X "github.com/gogits/gogs/modules/setting.BuildGitHash=$(shell git rev-parse HEAD)"
+
+DATA_FILES := $(shell find conf | sed 's/ /\\ /g')
+LESS_FILES := $(wildcard public/less/gogs.less public/less/_*.less)
+GENERATED  := modules/bindata/bindata.go public/css/gogs.css
+
+TAGS = ""
+
+RELEASE_ROOT = "release"
+RELEASE_GOGS = "release/gogs"
+NOW = $(shell date -u '+%Y%m%d%I%M%S')
+
+.PHONY: build pack release bindata clean
+
+build: $(GENERATED)
+	go install -ldflags '$(LDFLAGS)' -tags '$(TAGS)'
+	cp '$(GOPATH)/bin/gogs' .
+
+govet:
+	go tool vet -composites=false -methods=false -structtags=false .
+
+pack:
+	rm -rf $(RELEASE_GOGS)
+	mkdir -p $(RELEASE_GOGS)
+	cp -r gogs LICENSE README.md README_ZH.md templates public scripts $(RELEASE_GOGS)
+	rm -rf $(RELEASE_GOGS)/public/config.codekit $(RELEASE_GOGS)/public/less
+	cd $(RELEASE_ROOT) && zip -r gogs.$(NOW).zip "gogs"
+
+release: build pack
+
+bindata: modules/bindata/bindata.go
+
+modules/bindata/bindata.go: $(DATA_FILES)
+	go-bindata -o=$@ -ignore="\\.DS_Store|README.md" -pkg=bindata conf/...
+
+less: public/css/gogs.css
+
+public/css/gogs.css: $(LESS_FILES)
+	lessc $< $@
+
+clean:
+	go clean -i ./...
+
+clean-mac: clean
+	find . -name ".DS_Store" -print0 | xargs -0 rm
--- a/README.md
+++ b/README.md
@@ -5,70 +5,59 @@ Gogs - Go Git Service [![Build Status](https://travis-ci.org/gogits/gogs.svg?bra

 ![](public/img/gogs-large-resize.png)

-##### Current version: 0.6.15 Beta
+##### Current version: 0.7.33 Beta

-<table>
-    <tr>
-        <td width="33%"><img src="http://gogs.io/imgs/screenshoots/1.png"></td>
-        <td width="33%"><img src="http://gogs.io/imgs/screenshoots/2.png"></td>
-        <td width="33%"><img src="http://gogs.io/imgs/screenshoots/3.png"></td>
-    </tr>
-    <tr>
-        <td><img src="http://gogs.io/imgs/screenshoots/4.png"></td>
-        <td><img src="http://gogs.io/imgs/screenshoots/5.png"></td>
-        <td><img src="http://gogs.io/imgs/screenshoots/6.png"></td>
-    </tr>
-    <tr>
-        <td><img src="http://gogs.io/imgs/screenshoots/7.png"></td>
-        <td><img src="http://gogs.io/imgs/screenshoots/8.png"></td>
-        <td><img src="http://gogs.io/imgs/screenshoots/9.png"></td>
-    </tr>
-</table>
+| Web | UI  | Preview  |
+|:-------------:|:-------:|:-------:|
+|![Dashboard](https://gogs.io/img/screenshots/1.png)|![Repository](https://gogs.io/img/screenshots/2.png)|![Commits History](https://gogs.io/img/screenshots/3.png)|
+|![Profile](https://gogs.io/img/screenshots/4.png)|![Admin Dashboard](https://gogs.io/img/screenshots/5.png)|![Diff](https://gogs.io/img/screenshots/6.png)|
+|![Issues](https://gogs.io/img/screenshots/7.png)|![Releases](https://gogs.io/img/screenshots/8.png)|![Organization](https://gogs.io/img/screenshots/9.png)|

 ### NOTICES

 - Due to testing purpose, data of [try.gogs.io](https://try.gogs.io) has been reset in **Jan 28, 2015** and will reset multiple times after. Please do **NOT** put your important data on the site.
 - The demo site [try.gogs.io](https://try.gogs.io) is running under `develop` branch.
- :exclamation::exclamation::exclamation:<span style="color: red">You **MUST** read [CONTRIBUTING.md](CONTRIBUTING.md) before you start filing an issue or making a Pull Request, and **MUST** discuss with us on [Gitter](https://gitter.im/gogits/gogs) for UI changes and feature Pull Requests, otherwise it's high possibilities that we are not going to merge it.</span>:exclamation::exclamation::exclamation:
+- :bangbang:<span style="color: red">You **MUST** read [CONTRIBUTING.md](CONTRIBUTING.md) before you start filing an issue or making a Pull Request, and **MUST** discuss with us on [Gitter](https://gitter.im/gogits/gogs) for UI changes, otherwise it's high possibilities that we are not going to merge it.</span>:bangbang:
+- Please [start discussion](http://forum.gogs.io/category/2/general-discussion) or [ask a question](http://forum.gogs.io/category/4/getting-help) on [the forum](http://forum.gogs.io/). GitHub issue tracker only keeps **bugs** and **feature requests**, all other topics will be closed without reason.
 - If you think there are vulnerabilities in the project, please talk privately to **u@gogs.io**. Thanks!
+- If you're interested in using APIs, we have experimental support with [documentation](https://github.com/gogits/go-gogs-client/wiki).
+- If your team/company is using Gogs and would like to put your logo on [our website](http://gogs.io), contact us by any means.

-#### Other language version
-
- [简体中文](README_ZH.md)
+[简体中文](README_ZH.md)

 ## Purpose

-The goal of this project is to make the easiest, fastest, and most painless way to set up a self-hosted Git service. With Go, this can be done via an independent binary distribution across **ALL platforms** that Go supports, including Linux, Mac OS X, and Windows.
+The goal of this project is to make the easiest, fastest, and most painless way of setting up a self-hosted Git service. With Go, this can be done with an independent binary distribution across **ALL platforms** that Go supports, including Linux, Mac OS X, Windows and ARM.

 ## Overview

- Please see the [Documentation](http://gogs.io/docs/intro/) for project design, known issues, and change log.
+- Please see the [Documentation](http://gogs.io/docs/intro) for common usages and change log.
 - See the [Trello Board](https://trello.com/b/uxAoeLUl/gogs-go-git-service) to follow the develop team.
- Want to try it before doing anything else? Do it [online](https://try.gogs.io/gogs/gogs) or go down to the **Installation -> Install from binary** section!
- Having trouble? Get help with [Troubleshooting](http://gogs.io/docs/intro/troubleshooting.md).
+- Want to try it before doing anything else? Do it [online](https://try.gogs.io/gogs/gogs)!
+- Having trouble? Get help with [Troubleshooting](http://gogs.io/docs/intro/troubleshooting.html).
 - Want to help with localization? Check out the [guide](http://gogs.io/docs/features/i18n.html)!

 ## Features

 - Activity timeline
- SSH/HTTP(S) protocol support
- SMTP/LDAP/reverse proxy authentication support
- Reverse proxy suburl support
- Account/Organization(with team)/Repository management
- Repository/Organization webhooks(including Slack)
+- SSH and HTTP/HTTPS protocols
+- SMTP/LDAP/Reverse proxy authentication
+- Reverse proxy with sub-path
+- Account/Organization/Repository management
+- Repository/Organization webhooks (including Slack)
 - Repository Git hooks/deploy keys
- Add/remove repository collaborators
- Gravatar and custom source support
+- Repository issues and pull requests
+- Add/Remove repository collaborators
+- Gravatar and custom source
 - Mail service
 - Administration panel
- CI integration: [Drone](https://github.com/drone/drone)
- Supports MySQL, PostgreSQL, SQLite3 and [TiDB](https://github.com/pingcap/tidb)
+- Supports MySQL, PostgreSQL, SQLite3 and [TiDB](https://github.com/pingcap/tidb) (experimental)
 - Multi-language support ([14 languages](https://crowdin.com/project/gogs))

 ## System Requirements

 - A cheap Raspberry Pi is powerful enough for basic functionality.
- At least 2 CPU cores and 1GB RAM would be the baseline for teamwork.
+- 2 CPU cores and 1GB RAM would be the baseline for teamwork.

 ## Browser Support

@@ -77,13 +66,13 @@ The goal of this project is to make the easiest, fastest, and most painless way

 ## Installation

-Make sure you install the [prerequisites](http://gogs.io/docs/installation/) first.
+Make sure you install the [prerequisites](http://gogs.io/docs/installation) first.

 There are 5 ways to install Gogs:

- [Install from binary](http://gogs.io/docs/installation/install_from_binary.md)
- [Install from source](http://gogs.io/docs/installation/install_from_source.md)
- [Install from packages](http://gogs.io/docs/installation/install_from_packages.md)
+- [Install from binary](http://gogs.io/docs/installation/install_from_binary.html)
+- [Install from source](http://gogs.io/docs/installation/install_from_source.html)
+- [Install from packages](http://gogs.io/docs/installation/install_from_packages.html)
 - [Ship with Docker](https://github.com/gogits/gogs/tree/master/docker)
 - [Install with Vagrant](https://github.com/geerlingguy/ansible-vagrant-examples/tree/master/gogs)

@@ -91,6 +80,7 @@ There are 5 ways to install Gogs:

 - [How To Set Up Gogs on Ubuntu 14.04](https://www.digitalocean.com/community/tutorials/how-to-set-up-gogs-on-ubuntu-14-04)
 - [Run your own GitHub-like service with the help of Docker](http://blog.hypriot.com/post/run-your-own-github-like-service-with-docker/)
+- [使用 Gogs 搭建自己的 Git 服务器](https://mynook.info/blog/post/host-your-own-git-server-using-gogs) (Chinese)
 - [阿里云上 Ubuntu 14.04 64 位安装 Gogs](http://my.oschina.net/luyao/blog/375654) (Chinese)
 - [Installing Gogs on FreeBSD](https://www.codejam.info/2015/03/installing-gogs-on-freebsd.html)
 - [Gogs on Raspberry Pi](http://blog.meinside.pe.kr/Gogs-on-Raspberry-Pi/)
@@ -104,18 +94,33 @@ There are 5 ways to install Gogs:
 - [OpenShift](https://github.com/tkisme/gogs-openshift)
 - [Cloudron](https://cloudron.io/appstore.html#io.gogs.cloudronapp)
 - [Scaleway](https://www.scaleway.com/imagehub/gogs/)
+- [Portal](https://portaldemo.xyz/cloud/)
+- [Sandstorm](https://github.com/cem/gogs-sandstorm)
+- [sloppy.io](https://github.com/sloppyio/quickstarters/tree/master/gogs)
+
+## Software and Service Support
+
+- [Drone](https://github.com/drone/drone) (CI)
+- [Fabric8](http://fabric8.io/) (DevOps)
+- [Taiga](https://taiga.io/) (Project Management)
+
+### Product Support
+
+- [Synology](https://www.synology.com) (Docker)
+- [One Space](http://www.onespace.cc) (App Store)

 ## Acknowledgments

- Router and middleware mechanism of [Macaron](https://github.com/Unknwon/macaron).
- Mail Service, modules design is inspired by [WeTalk](https://github.com/beego/wetalk).
+- Router and middleware mechanism of [Macaron](https://github.com/go-macaron/macaron).
+- Modules design is inspired by [WeTalk](https://github.com/beego/wetalk).
 - System Monitor Status is inspired by [GoBlog](https://github.com/fuxiaohei/goblog).
 - Thanks [lavachen](http://www.lavachen.cn/) and [Rocker](http://weibo.com/rocker1989) for designing Logo.
 - Thanks [Crowdin](https://crowdin.com/project/gogs) for providing open source translation plan.
+- Thanks [DigitalOcean](https://www.digitalocean.com) for hosting home and demo sites.

 ## Contributors

- Ex-team members [@lunny](https://github.com/lunny) and [@fuxiaohei](https://github.com/fuxiaohei).
+- Ex-team members [@lunny](https://github.com/lunny), [@fuxiaohei](https://github.com/fuxiaohei) and [@slene](https://github.com/slene).
 - See [contributors page](https://github.com/gogits/gogs/graphs/contributors) for full list of contributors.
 - See [TRANSLATORS](conf/locale/TRANSLATORS) for public list of translators.

--- a/README_ZH.md
+++ b/README_ZH.md
@@ -1,35 +1,35 @@
 Gogs - Go Git Service [![Build Status](https://travis-ci.org/gogits/gogs.svg?branch=master)](https://travis-ci.org/gogits/gogs)
 =====================

-Gogs (Go Git Service) 是一款可轻易搭建的自助 Git 服务。
+Gogs (Go Git Service) 是一款极易搭建的自助 Git 服务。

 ## 开发目的

-Gogs 的目标是打造一个最简单、最快速和最轻松的方式搭建自助 Git 服务。使用 Go 语言开发使得 Gogs 能够通过独立的二进制分发，并且支持 Go 语言支持的 **所有平台**，包括 Linux、Mac OS X 以及 Windows。
+Gogs 的目标是打造一个最简单、最快速和最轻松的方式搭建自助 Git 服务。使用 Go 语言开发使得 Gogs 能够通过独立的二进制分发，并且支持 Go 语言支持的 **所有平台**，包括 Linux、Mac OS X、Windows 以及 ARM 平台。

 ## 项目概览

- 有关项目设计、已知问题和变更日志，请通过 [使用手册](http://gogs.io/docs/intro/) 查看。
+- 有关基本用法和变更日志，请通过 [使用手册](http://gogs.io/docs/intro/) 查看。
 - 您可以到 [Trello Board](https://trello.com/b/uxAoeLUl/gogs-go-git-service) 跟随开发团队的脚步。
 - 想要先睹为快？通过 [在线体验](https://try.gogs.io/gogs/gogs) 或查看 **安装部署 -> 二进制安装** 小节。
- 使用过程中遇到问题？尝试从 [故障排查](http://gogs.io/docs/intro/troubleshooting.md) 页面获取帮助。
+- 使用过程中遇到问题？尝试从 [故障排查](http://gogs.io/docs/intro/troubleshooting.html) 页面获取帮助。
 - 希望帮助多国语言界面的翻译吗？请立即访问 [详情页面](http://gogs.io/docs/features/i18n.html)！

 ## 功能特性

 - 支持活动时间线
- 支持 SSH/HTTP(S) 协议
- 支持 SMTP/LDAP/反向代理的用户认证
+- 支持 SSH 以及 HTTP/HTTPS 协议
+- 支持 SMTP、LDAP 和反向代理的用户认证
 - 支持反向代理子路径
 - 支持用户、组织和仓库管理系统
 - 支持仓库和组织级别 Web 钩子（包括 Slack 集成）
 - 支持仓库 Git 钩子和部署密钥
- 支持 添加/删除 仓库协作者
+- 支持仓库工单（Issue）和合并请求（Pull Request）
+- 支持添加和删除仓库协作者
 - 支持 Gravatar 以及自定义源
 - 支持邮件服务
 - 支持后台管理面板
- 支持 CI 集成：[Drone](https://github.com/drone/drone)
- 支持 MySQL、PostgreSQL、SQLite3 和 [TiDB](https://github.com/pingcap/tidb) 数据库
+- 支持 MySQL、PostgreSQL、SQLite3 和 [TiDB](https://github.com/pingcap/tidb)（实验性支持） 数据库
 - 支持多语言本地化（[14 种语言]([more](https://crowdin.com/project/gogs))）

 ## 系统要求
@@ -44,27 +44,53 @@ Gogs 的目标是打造一个最简单、最快速和最轻松的方式搭建自

 ## 安装部署

-在安装 Gogs 之前，您需要先安装 [基本环境](http://gogs.io/docs/installation/)。
+在安装 Gogs 之前，您需要先安装 [基本环境](http://gogs.io/docs/installation)。

 然后，您可以通过以下 5 种方式来安装 Gogs：

- [二进制安装](http://gogs.io/docs/installation/install_from_binary.md)
- [源码安装](http://gogs.io/docs/installation/install_from_source.md)
- [包管理安装](http://gogs.io/docs/installation/install_from_packages.md)
+- [二进制安装](http://gogs.io/docs/installation/install_from_binary.html)
+- [源码安装](http://gogs.io/docs/installation/install_from_source.html)
+- [包管理安装](http://gogs.io/docs/installation/install_from_packages.html)
 - [采用 Docker 部署](https://github.com/gogits/gogs/tree/master/docker)
 - [通过 Vagrant 安装](https://github.com/geerlingguy/ansible-vagrant-examples/tree/master/gogs)

+### 使用教程
+
+- [使用 Gogs 搭建自己的 Git 服务器](https://mynook.info/blog/post/host-your-own-git-server-using-gogs)
+- [阿里云上 Ubuntu 14.04 64 位安装 Gogs](http://my.oschina.net/luyao/blog/375654)
+
+### 云端部署
+
+- [OpenShift](https://github.com/tkisme/gogs-openshift)
+- [Cloudron](https://cloudron.io/appstore.html#io.gogs.cloudronapp)
+- [Scaleway](https://www.scaleway.com/imagehub/gogs/)
+- [Portal](https://portaldemo.xyz/cloud/)
+- [Sandstorm](https://github.com/cem/gogs-sandstorm)
+- [sloppy.io](https://github.com/sloppyio/quickstarters/tree/master/gogs)
+
+## 软件及服务支持
+
+- [Drone](https://github.com/drone/drone)（CI）
+- [Fabric8](http://fabric8.io/)（DevOps）
+- [Taiga](https://taiga.io/)（项目管理）
+
+### 产品支持
+
+- [Synology](https://www.synology.com)（Docker）
+- [One Space](http://www.onespace.cc)（应用商店）
+
 ## 特别鸣谢

- 基于 [Macaron](https://github.com/Unknwon/macaron) 的路由与中间件机制。
- 基于 [WeTalk](https://github.com/beego/wetalk) 修改的邮件服务和模块设计。
+- 基于 [Macaron](https://github.com/go-macaron/macaron) 的路由与中间件机制。
+- 基于 [WeTalk](https://github.com/beego/wetalk) 修改的模块设计。
 - 基于 [GoBlog](https://github.com/fuxiaohei/goblog) 修改的系统监视状态。
 - 感谢 [lavachen](http://www.lavachen.cn/) 和 [Rocker](http://weibo.com/rocker1989) 设计的 Logo。
 - 感谢 [Crowdin](https://crowdin.com/project/gogs) 提供免费的开源项目本地化支持。
+- 感谢 [DigitalOcean](https://www.digitalocean.com) 提供主站和体验站点的服务器赞助。

 ## 贡献成员

- 前团队成员 [@lunny](https://github.com/lunny) 和 [@fuxiaohei](https://github.com/fuxiaohei)。
+- 前团队成员 [@lunny](https://github.com/lunny)、[@fuxiaohei](https://github.com/fuxiaohei) 和 [@slene](https://github.com/slene)。
 - 您可以通过查看 [贡献者页面](https://github.com/gogits/gogs/graphs/contributors) 获取完整的贡献者列表。
 - 您可以通过查看 [TRANSLATORS](conf/locale/TRANSLATORS) 文件获取公开的翻译人员列表。

--- a/cmd/cert.go
+++ b/cmd/cert.go
@@ -32,12 +32,12 @@ var CmdCert = cli.Command{
 Outputs to 'cert.pem' and 'key.pem' and will overwrite existing files.`,
 	Action: runCert,
 	Flags: []cli.Flag{
-		cli.StringFlag{"host", "", "Comma-separated hostnames and IPs to generate a certificate for", ""},
-		cli.StringFlag{"ecdsa-curve", "", "ECDSA curve to use to generate a key. Valid values are P224, P256, P384, P521", ""},
-		cli.IntFlag{"rsa-bits", 2048, "Size of RSA key to generate. Ignored if --ecdsa-curve is set", ""},
-		cli.StringFlag{"start-date", "", "Creation date formatted as Jan 1 15:04:05 2011", ""},
-		cli.DurationFlag{"duration", 365 * 24 * time.Hour, "Duration that certificate is valid for", ""},
-		cli.BoolFlag{"ca", "whether this cert should be its own Certificate Authority", ""},
+		stringFlag("host", "", "Comma-separated hostnames and IPs to generate a certificate for"),
+		stringFlag("ecdsa-curve", "", "ECDSA curve to use to generate a key. Valid values are P224, P256, P384, P521"),
+		intFlag("rsa-bits", 2048, "Size of RSA key to generate. Ignored if --ecdsa-curve is set"),
+		stringFlag("start-date", "", "Creation date formatted as Jan 1 15:04:05 2011"),
+		durationFlag("duration", 365*24*time.Hour, "Duration that certificate is valid for"),
+		boolFlag("ca", "whether this cert should be its own Certificate Authority"),
 	},
 }

@@ -114,7 +114,7 @@ func runCert(ctx *cli.Context) {
 		SerialNumber: serialNumber,
 		Subject: pkix.Name{
 			Organization: []string{"Acme Co"},
-			CommonName: "Gogs",
+			CommonName:   "Gogs",
 		},
 		NotBefore: notBefore,
 		NotAfter:  notAfter,
--- a/cmd/cmd.go
+++ b/cmd/cmd.go
@@ -0,0 +1,42 @@
+// Copyright 2015 The Gogs Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package cmd
+
+import (
+	"time"
+
+	"github.com/codegangsta/cli"
+)
+
+func stringFlag(name, value, usage string) cli.StringFlag {
+	return cli.StringFlag{
+		Name:  name,
+		Value: value,
+		Usage: usage,
+	}
+}
+
+func boolFlag(name, usage string) cli.BoolFlag {
+	return cli.BoolFlag{
+		Name:  name,
+		Usage: usage,
+	}
+}
+
+func intFlag(name string, value int, usage string) cli.IntFlag {
+	return cli.IntFlag{
+		Name:  name,
+		Value: value,
+		Usage: usage,
+	}
+}
+
+func durationFlag(name string, value time.Duration, usage string) cli.DurationFlag {
+	return cli.DurationFlag{
+		Name:  name,
+		Value: value,
+		Usage: usage,
+	}
+}
--- a/cmd/dump.go
+++ b/cmd/dump.go
@@ -11,6 +11,8 @@ import (
 	"path"
 	"time"

+	"io/ioutil"
+
 	"github.com/Unknwon/cae/zip"
 	"github.com/codegangsta/cli"

@@ -25,8 +27,8 @@ var CmdDump = cli.Command{
 It can be used for backup and capture Gogs server image to send to maintainer`,
 	Action: runDump,
 	Flags: []cli.Flag{
-		cli.StringFlag{"config, c", "custom/conf/app.ini", "Custom configuration file path", ""},
-		cli.BoolFlag{"verbose, v", "show process details", ""},
+		stringFlag("config, c", "custom/conf/app.ini", "Custom configuration file path"),
+		boolFlag("verbose, v", "show process details"),
 	},
 }

@@ -38,16 +40,23 @@ func runDump(ctx *cli.Context) {
 	models.LoadConfigs()
 	models.SetEngine()

+	TmpWorkDir, err := ioutil.TempDir(os.TempDir(), "gogs-dump-")
+	if err != nil {
+		log.Fatalf("Fail to create tmp work directory: %v", err)
+	}
+	log.Printf("Creating tmp work dir: %s", TmpWorkDir)
+
+	reposDump := path.Join(TmpWorkDir, "gogs-repo.zip")
+	dbDump := path.Join(TmpWorkDir, "gogs-db.sql")
+
 	log.Printf("Dumping local repositories...%s", setting.RepoRootPath)
 	zip.Verbose = ctx.Bool("verbose")
-	defer os.Remove("gogs-repo.zip")
-	if err := zip.PackTo(setting.RepoRootPath, "gogs-repo.zip", true); err != nil {
+	if err := zip.PackTo(setting.RepoRootPath, reposDump, true); err != nil {
 		log.Fatalf("Fail to dump local repositories: %v", err)
 	}

 	log.Printf("Dumping database...")
-	defer os.Remove("gogs-db.sql")
-	if err := models.DumpDatabase("gogs-db.sql"); err != nil {
+	if err := models.DumpDatabase(dbDump); err != nil {
 		log.Fatalf("Fail to dump database: %v", err)
 	}

@@ -59,16 +68,30 @@ func runDump(ctx *cli.Context) {
 		log.Fatalf("Fail to create %s: %v", fileName, err)
 	}

-	workDir, _ := setting.WorkDir()
-	z.AddFile("gogs-repo.zip", path.Join(workDir, "gogs-repo.zip"))
-	z.AddFile("gogs-db.sql", path.Join(workDir, "gogs-db.sql"))
-	z.AddDir("custom", path.Join(workDir, "custom"))
-	z.AddDir("log", path.Join(workDir, "log"))
+	if err := z.AddFile("gogs-repo.zip", reposDump); err !=nil {
+		log.Fatalf("Fail to include gogs-repo.zip: %v", err)
+	}
+	if err := z.AddFile("gogs-db.sql", dbDump); err !=nil {
+		log.Fatalf("Fail to include gogs-db.sql: %v", err)
+	}
+	customDir, err := os.Stat(setting.CustomPath)
+	if err == nil && customDir.IsDir() {
+		if err := z.AddDir("custom", setting.CustomPath); err !=nil {
+			log.Fatalf("Fail to include custom: %v", err)
+	    }
+	} else {
+		log.Printf("Custom dir %s doesn't exist, skipped", setting.CustomPath)
+	}
+	if err := z.AddDir("log", setting.LogRootPath); err !=nil {
+		log.Fatalf("Fail to include log: %v", err)
+	}
 	// FIXME: SSH key file.
 	if err = z.Close(); err != nil {
 		os.Remove(fileName)
 		log.Fatalf("Fail to save %s: %v", fileName, err)
 	}

-	log.Println("Finish dumping!")
+	log.Printf("Removing tmp work dir: %s", TmpWorkDir)
+	os.RemoveAll(TmpWorkDir)
+	log.Printf("Finish dumping in file %s", fileName)
 }
--- a/cmd/serve.go
+++ b/cmd/serve.go
@@ -5,6 +5,7 @@
 package cmd

 import (
+	"crypto/tls"
 	"fmt"
 	"os"
 	"os/exec"
@@ -32,7 +33,7 @@ var CmdServ = cli.Command{
 	Description: `Serv provide access auth for repositories`,
 	Action:      runServ,
 	Flags: []cli.Flag{
-		cli.StringFlag{"config, c", "custom/conf/app.ini", "Custom configuration file path", ""},
+		stringFlag("config, c", "custom/conf/app.ini", "Custom configuration file path"),
 	},
 }

@@ -64,7 +65,7 @@ func parseCmd(cmd string) (string, string) {
 }

 var (
-	COMMANDS = map[string]models.AccessMode{
+	allowedCommands = map[string]models.AccessMode{
 		"git-upload-pack":    models.ACCESS_MODE_READ,
 		"git-upload-archive": models.ACCESS_MODE_READ,
 		"git-receive-pack":   models.ACCESS_MODE_WRITE,
@@ -73,7 +74,56 @@ var (

 func fail(userMessage, logMessage string, args ...interface{}) {
 	fmt.Fprintln(os.Stderr, "Gogs:", userMessage)
-	log.GitLogger.Fatal(3, logMessage, args...)
+
+	if len(logMessage) > 0 {
+		if !setting.ProdMode {
+			fmt.Fprintf(os.Stderr, logMessage+"\n", args...)
+		}
+		log.GitLogger.Fatal(3, logMessage, args...)
+		return
+	}
+
+	log.GitLogger.Close()
+	os.Exit(1)
+}
+
+func handleUpdateTask(uuid string, user *models.User, username, reponame string, isWiki bool) {
+	task, err := models.GetUpdateTaskByUUID(uuid)
+	if err != nil {
+		if models.IsErrUpdateTaskNotExist(err) {
+			log.GitLogger.Trace("No update task is presented: %s", uuid)
+			return
+		}
+		log.GitLogger.Fatal(2, "GetUpdateTaskByUUID: %v", err)
+	} else if err = models.DeleteUpdateTaskByUUID(uuid); err != nil {
+		log.GitLogger.Fatal(2, "DeleteUpdateTaskByUUID: %v", err)
+	}
+
+	if isWiki {
+		return
+	}
+
+	if err = models.Update(task.RefName, task.OldCommitID, task.NewCommitID,
+		user.Name, username, reponame, user.Id); err != nil {
+		log.GitLogger.Error(2, "Update: %v", err)
+	}
+
+	// Ask for running deliver hook and test pull request tasks.
+	reqURL := setting.AppUrl + username + "/" + reponame + "/tasks/trigger?branch=" +
+		strings.TrimPrefix(task.RefName, "refs/heads/")
+	log.GitLogger.Trace("Trigger task: %s", reqURL)
+
+	resp, err := httplib.Head(reqURL).SetTLSClientConfig(&tls.Config{
+		InsecureSkipVerify: true,
+	}).Response()
+	if err == nil {
+		resp.Body.Close()
+		if resp.StatusCode/100 != 2 {
+			log.GitLogger.Error(2, "Fail to trigger task: not 2xx response code")
+		}
+	} else {
+		log.GitLogger.Error(2, "Fail to trigger task: %v", err)
+	}
 }

 func runServ(c *cli.Context) {
@@ -94,35 +144,46 @@ func runServ(c *cli.Context) {
 	}

 	verb, args := parseCmd(cmd)
-	repoPath := strings.Trim(args, "'")
+	repoPath := strings.ToLower(strings.Trim(args, "'"))
 	rr := strings.SplitN(repoPath, "/", 2)
 	if len(rr) != 2 {
 		fail("Invalid repository path", "Invalid repository path: %v", args)
 	}
-	repoUserName := rr[0]
-	repoName := strings.TrimSuffix(rr[1], ".git")
+	username := strings.ToLower(rr[0])
+	reponame := strings.ToLower(strings.TrimSuffix(rr[1], ".git"))

-	repoUser, err := models.GetUserByName(repoUserName)
-	if err != nil {
-		if models.IsErrUserNotExist(err) {
-			fail("Repository owner does not exist", "Unregistered owner: %s", repoUserName)
-		}
-		fail("Internal error", "Failed to get repository owner(%s): %v", repoUserName, err)
+	isWiki := false
+	if strings.HasSuffix(reponame, ".wiki") {
+		isWiki = true
+		reponame = reponame[:len(reponame)-5]
 	}

-	repo, err := models.GetRepositoryByName(repoUser.Id, repoName)
+	repoUser, err := models.GetUserByName(username)
+	if err != nil {
+		if models.IsErrUserNotExist(err) {
+			fail("Repository owner does not exist", "Unregistered owner: %s", username)
+		}
+		fail("Internal error", "Failed to get repository owner(%s): %v", username, err)
+	}
+
+	repo, err := models.GetRepositoryByName(repoUser.Id, reponame)
 	if err != nil {
 		if models.IsErrRepoNotExist(err) {
-			fail(_ACCESS_DENIED_MESSAGE, "Repository does not exist: %s/%s", repoUser.Name, repoName)
+			fail(_ACCESS_DENIED_MESSAGE, "Repository does not exist: %s/%s", repoUser.Name, reponame)
 		}
 		fail("Internal error", "Failed to get repository: %v", err)
 	}

-	requestedMode, has := COMMANDS[verb]
+	requestedMode, has := allowedCommands[verb]
 	if !has {
 		fail("Unknown git command", "Unknown git command %s", verb)
 	}

+	// Prohibit push to mirror repositories.
+	if requestedMode > models.ACCESS_MODE_READ && repo.IsMirror {
+		fail("mirror repository is read-only", "")
+	}
+
 	// Allow anonymous clone for public repositories.
 	var (
 		keyID int64
@@ -131,12 +192,12 @@ func runServ(c *cli.Context) {
 	if requestedMode == models.ACCESS_MODE_WRITE || repo.IsPrivate {
 		keys := strings.Split(c.Args()[0], "-")
 		if len(keys) != 2 {
-			fail("Key ID format error", "Invalid key ID: %s", c.Args()[0])
+			fail("Key ID format error", "Invalid key argument: %s", c.Args()[0])
 		}

 		key, err := models.GetPublicKeyByID(com.StrTo(keys[1]).MustInt64())
 		if err != nil {
-			fail("Key ID format error", "Invalid key ID[%s]: %v", c.Args()[0], err)
+			fail("Invalid key ID", "Invalid key ID[%s]: %v", c.Args()[0], err)
 		}
 		keyID = key.ID

@@ -161,7 +222,7 @@ func runServ(c *cli.Context) {
 				fail("Internal error", "UpdateDeployKey: %v", err)
 			}
 		} else {
-			user, err = models.GetUserByKeyId(key.ID)
+			user, err = models.GetUserByKeyID(key.ID)
 			if err != nil {
 				fail("internal error", "Failed to get user by key ID(%d): %v", keyID, err)
 			}
@@ -184,6 +245,11 @@ func runServ(c *cli.Context) {
 	uuid := uuid.NewV4().String()
 	os.Setenv("uuid", uuid)

+	// Special handle for Windows.
+	if setting.IsWindows {
+		verb = strings.Replace(verb, "-", " ", 1)
+	}
+
 	var gitcmd *exec.Cmd
 	verbs := strings.Split(verb, " ")
 	if len(verbs) == 2 {
@@ -200,28 +266,7 @@ func runServ(c *cli.Context) {
 	}

 	if requestedMode == models.ACCESS_MODE_WRITE {
-		tasks, err := models.GetUpdateTasksByUuid(uuid)
-		if err != nil {
-			log.GitLogger.Fatal(2, "GetUpdateTasksByUuid: %v", err)
-		}
-
-		for _, task := range tasks {
-			err = models.Update(task.RefName, task.OldCommitId, task.NewCommitId,
-				user.Name, repoUserName, repoName, user.Id)
-			if err != nil {
-				log.GitLogger.Error(2, "Failed to update: %v", err)
-			}
-		}
-
-		if err = models.DelUpdateTasksByUuid(uuid); err != nil {
-			log.GitLogger.Fatal(2, "DelUpdateTasksByUuid: %v", err)
-		}
-	}
-
-	// Send deliver hook request.
-	resp, err := httplib.Head(setting.AppUrl + setting.AppSubUrl + repoUserName + "/" + repoName + "/hooks/trigger").Response()
-	if err == nil {
-		resp.Body.Close()
+		handleUpdateTask(uuid, user, username, reponame, isWiki)
 	}

 	// Update user key activity.
--- a/cmd/update.go
+++ b/cmd/update.go
@@ -20,7 +20,7 @@ var CmdUpdate = cli.Command{
 	Description: `Update get pushed info and insert into database`,
 	Action:      runUpdate,
 	Flags: []cli.Flag{
-		cli.StringFlag{"config, c", "custom/conf/app.ini", "Custom configuration file path", ""},
+		stringFlag("config, c", "custom/conf/app.ini", "Custom configuration file path"),
 	},
 }

@@ -42,16 +42,14 @@ func runUpdate(c *cli.Context) {
 		log.GitLogger.Fatal(2, "refName is empty, shouldn't use")
 	}

-	uuid := os.Getenv("uuid")
-
 	task := models.UpdateTask{
-		Uuid:        uuid,
+		UUID:        os.Getenv("uuid"),
 		RefName:     args[0],
-		OldCommitId: args[1],
-		NewCommitId: args[2],
+		OldCommitID: args[1],
+		NewCommitID: args[2],
 	}

 	if err := models.AddUpdateTask(&task); err != nil {
-		log.GitLogger.Fatal(2, err.Error())
+		log.GitLogger.Fatal(2, "AddUpdateTask: %v", err)
 	}
 }
--- a/cmd/web.go
+++ b/cmd/web.go
@@ -7,7 +7,7 @@ package cmd
 import (
 	"crypto/tls"
 	"fmt"
-	"html/template"
+	gotmpl "html/template"
 	"io/ioutil"
 	"net/http"
 	"net/http/fcgi"
@@ -15,33 +15,31 @@ import (
 	"path"
 	"strings"

-	"github.com/Unknwon/macaron"
 	"github.com/codegangsta/cli"
+	"github.com/go-macaron/binding"
+	"github.com/go-macaron/cache"
+	"github.com/go-macaron/captcha"
+	"github.com/go-macaron/csrf"
+	"github.com/go-macaron/gzip"
+	"github.com/go-macaron/i18n"
+	"github.com/go-macaron/session"
+	"github.com/go-macaron/toolbox"
 	"github.com/go-xorm/xorm"
-	"github.com/macaron-contrib/binding"
-	"github.com/macaron-contrib/cache"
-	"github.com/macaron-contrib/captcha"
-	"github.com/macaron-contrib/csrf"
-	"github.com/macaron-contrib/i18n"
-	"github.com/macaron-contrib/session"
-	"github.com/macaron-contrib/toolbox"
 	"github.com/mcuadros/go-version"
 	"gopkg.in/ini.v1"
-
-	api "github.com/gogits/go-gogs-client"
+	"gopkg.in/macaron.v1"

 	"github.com/gogits/gogs/models"
 	"github.com/gogits/gogs/modules/auth"
-	"github.com/gogits/gogs/modules/auth/apiv1"
 	"github.com/gogits/gogs/modules/avatar"
-	"github.com/gogits/gogs/modules/base"
 	"github.com/gogits/gogs/modules/bindata"
 	"github.com/gogits/gogs/modules/log"
 	"github.com/gogits/gogs/modules/middleware"
 	"github.com/gogits/gogs/modules/setting"
+	"github.com/gogits/gogs/modules/template"
 	"github.com/gogits/gogs/routers"
 	"github.com/gogits/gogs/routers/admin"
-	"github.com/gogits/gogs/routers/api/v1"
+	apiv1 "github.com/gogits/gogs/routers/api/v1"
 	"github.com/gogits/gogs/routers/dev"
 	"github.com/gogits/gogs/routers/org"
 	"github.com/gogits/gogs/routers/repo"
@@ -55,8 +53,8 @@ var CmdWeb = cli.Command{
 and it takes care of all the other things for you`,
 	Action: runWeb,
 	Flags: []cli.Flag{
-		cli.StringFlag{"port, p", "3000", "Temporary port number to prevent conflict", ""},
-		cli.StringFlag{"config, c", "custom/conf/app.ini", "Custom configuration file path", ""},
+		stringFlag("port, p", "3000", "Temporary port number to prevent conflict"),
+		stringFlag("config, c", "custom/conf/app.ini", "Custom configuration file path"),
 	},
 }

@@ -79,13 +77,14 @@ func checkVersion() {

 	// Check dependency version.
 	checkers := []VerChecker{
-		{"github.com/go-xorm/xorm", func() string { return xorm.Version }, "0.4.3.0806"},
+		{"github.com/go-xorm/xorm", func() string { return xorm.Version }, "0.4.4.1029"},
 		{"github.com/Unknwon/macaron", macaron.Version, "0.5.4"},
-		{"github.com/macaron-contrib/binding", binding.Version, "0.1.0"},
-		{"github.com/macaron-contrib/cache", cache.Version, "0.1.2"},
-		{"github.com/macaron-contrib/csrf", csrf.Version, "0.0.3"},
-		{"github.com/macaron-contrib/i18n", i18n.Version, "0.0.7"},
-		{"github.com/macaron-contrib/session", session.Version, "0.1.6"},
+		{"github.com/go-macaron/binding", binding.Version, "0.1.0"},
+		{"github.com/go-macaron/cache", cache.Version, "0.1.2"},
+		{"github.com/go-macaron/csrf", csrf.Version, "0.0.3"},
+		{"github.com/go-macaron/i18n", i18n.Version, "0.2.0"},
+		{"github.com/go-macaron/session", session.Version, "0.1.6"},
+		{"github.com/go-macaron/toolbox", toolbox.Version, "0.1.0"},
 		{"gopkg.in/ini.v1", ini.Version, "1.3.4"},
 	}
 	for _, c := range checkers {
@@ -103,7 +102,7 @@ func newMacaron() *macaron.Macaron {
 	}
 	m.Use(macaron.Recovery())
 	if setting.EnableGzip {
-		m.Use(macaron.Gziper())
+		m.Use(gzip.Gziper())
 	}
 	if setting.Protocol == setting.FCGI {
 		m.SetURLPrefix(setting.AppSubUrl)
@@ -123,7 +122,7 @@ func newMacaron() *macaron.Macaron {
 	))
 	m.Use(macaron.Renderer(macaron.RenderOptions{
 		Directory:  path.Join(setting.StaticRootPath, "templates"),
-		Funcs:      []template.FuncMap{base.TemplateFuncs},
+		Funcs:      []gotmpl.FuncMap{template.Funcs},
 		IndentJSON: macaron.Env != macaron.PROD,
 	}))

@@ -141,6 +140,7 @@ func newMacaron() *macaron.Macaron {
 		CustomDirectory: path.Join(setting.CustomPath, "conf/locale"),
 		Langs:           setting.Langs,
 		Names:           setting.Names,
+		DefaultLang:     "en-US",
 		Redirect:        true,
 	}))
 	m.Use(cache.Cacher(cache.Options{
@@ -184,7 +184,6 @@ func runWeb(ctx *cli.Context) {
 	ignSignInAndCsrf := middleware.Toggle(&middleware.ToggleOptions{DisableCsrf: true})
 	reqSignOut := middleware.Toggle(&middleware.ToggleOptions{SignOutRequire: true})

-	bind := binding.Bind
 	bindIgnErr := binding.BindIgnErr

 	// Routers.
@@ -195,52 +194,8 @@ func runWeb(ctx *cli.Context) {
 	m.Get("/^:type(issues|pulls)$", reqSignIn, user.Issues)

 	// ***** START: API *****
-	// FIXME: custom form error response.
 	m.Group("/api", func() {
-		m.Group("/v1", func() {
-			// Miscellaneous.
-			m.Post("/markdown", bindIgnErr(apiv1.MarkdownForm{}), v1.Markdown)
-			m.Post("/markdown/raw", v1.MarkdownRaw)
-
-			// Users.
-			m.Group("/users", func() {
-				m.Get("/search", v1.SearchUsers)
-
-				m.Group("/:username", func() {
-					m.Get("", v1.GetUserInfo)
-
-					m.Group("/tokens", func() {
-						m.Combo("").Get(v1.ListAccessTokens).
-							Post(bind(v1.CreateAccessTokenForm{}), v1.CreateAccessToken)
-					}, middleware.ApiReqBasicAuth())
-				})
-			})
-
-			// Repositories.
-			m.Combo("/user/repos", middleware.ApiReqToken()).Get(v1.ListMyRepos).
-				Post(bind(api.CreateRepoOption{}), v1.CreateRepo)
-			m.Post("/org/:org/repos", middleware.ApiReqToken(), bind(api.CreateRepoOption{}), v1.CreateOrgRepo)
-
-			m.Group("/repos", func() {
-				m.Get("/search", v1.SearchRepos)
-
-				m.Group("", func() {
-					m.Post("/migrate", bindIgnErr(auth.MigrateRepoForm{}), v1.MigrateRepo)
-				}, middleware.ApiReqToken())
-
-				m.Group("/:username/:reponame", func() {
-					m.Combo("/hooks").Get(v1.ListRepoHooks).
-						Post(bind(api.CreateHookOption{}), v1.CreateRepoHook)
-					m.Patch("/hooks/:id:int", bind(api.EditHookOption{}), v1.EditRepoHook)
-					m.Get("/raw/*", middleware.RepoRef(), v1.GetRepoRawFile)
-					m.Get("/archive/*", v1.GetRepoArchive)
-				}, middleware.ApiRepoAssignment(), middleware.ApiReqToken())
-			})
-
-			m.Any("/*", func(ctx *middleware.Context) {
-				ctx.HandleAPI(404, "Page not found")
-			})
-		})
+		apiv1.RegisterRoutes(m)
 	}, ignSignIn)
 	// ***** END: API *****

@@ -312,7 +267,8 @@ func runWeb(ctx *cli.Context) {
 		})

 		m.Group("/repos", func() {
-			m.Get("", admin.Repositories)
+			m.Get("", admin.Repos)
+			m.Post("/delete", admin.DeleteRepo)
 		})

 		m.Group("/auths", func() {
@@ -326,7 +282,8 @@ func runWeb(ctx *cli.Context) {

 		m.Group("/notices", func() {
 			m.Get("", admin.Notices)
-			m.Get("/:id:int/delete", admin.DeleteNotice)
+			m.Post("/delete", admin.DeleteNotices)
+			m.Get("/empty", admin.EmptyNotices)
 		})
 	}, adminReq)
 	// ***** END: Admin *****
@@ -367,6 +324,7 @@ func runWeb(ctx *cli.Context) {
 	}

 	reqRepoAdmin := middleware.RequireRepoAdmin()
+	reqRepoPusher := middleware.RequireRepoPusher()

 	// ***** START: Organization *****
 	m.Group("/org", func() {
@@ -382,9 +340,9 @@ func runWeb(ctx *cli.Context) {
 			m.Get("/teams", org.Teams)
 			m.Get("/teams/:team", org.TeamMembers)
 			m.Get("/teams/:team/repositories", org.TeamRepositories)
-			m.Get("/teams/:team/action/:action", org.TeamsAction)
-			m.Get("/teams/:team/action/repo/:action", org.TeamsRepoAction)
-		}, middleware.OrgAssignment(true, true))
+			m.Route("/teams/:team/action/:action", "GET,POST", org.TeamsAction)
+			m.Route("/teams/:team/action/repo/:action", "GET,POST", org.TeamsRepoAction)
+		}, middleware.OrgAssignment(true))

 		m.Group("/:org", func() {
 			m.Get("/teams/new", org.NewTeam)
@@ -413,11 +371,8 @@ func runWeb(ctx *cli.Context) {
 			})

 			m.Route("/invitations/new", "GET,POST", org.Invitation)
-		}, middleware.OrgAssignment(true, true, true))
+		}, middleware.OrgAssignment(true, true))
 	}, reqSignIn)
-	m.Group("/org", func() {
-		m.Get("/:org", org.Home)
-	}, ignSignIn, middleware.OrgAssignment(true))
 	// ***** END: Organization *****

 	// ***** START: Repository *****
@@ -443,6 +398,7 @@ func runWeb(ctx *cli.Context) {
 				m.Post("/gogs/new", bindIgnErr(auth.NewWebhookForm{}), repo.WebHooksNewPost)
 				m.Post("/slack/new", bindIgnErr(auth.NewSlackHookForm{}), repo.SlackHooksNewPost)
 				m.Get("/:id", repo.WebHooksEdit)
+				m.Post("/:id/test", repo.TestWebhook)
 				m.Post("/gogs/:id", bindIgnErr(auth.NewWebhookForm{}), repo.WebHooksEditPost)
 				m.Post("/slack/:id", bindIgnErr(auth.NewSlackHookForm{}), repo.SlackHooksEditPost)

@@ -459,14 +415,16 @@ func runWeb(ctx *cli.Context) {
 				m.Post("/delete", repo.DeleteDeployKey)
 			})

+		}, func(ctx *middleware.Context) {
+			ctx.Data["PageIsSettings"] = true
 		})
-	}, reqSignIn, middleware.RepoAssignment(true), reqRepoAdmin)
+	}, reqSignIn, middleware.RepoAssignment(), reqRepoAdmin, middleware.RepoRef())

 	m.Group("/:username/:reponame", func() {
 		m.Get("/action/:action", repo.Action)

 		m.Group("/issues", func() {
-			m.Combo("/new").Get(repo.NewIssue).
+			m.Combo("/new", repo.MustEnableIssues).Get(middleware.RepoRef(), repo.NewIssue).
 				Post(bindIgnErr(auth.CreateIssueForm{}), repo.NewIssuePost)

 			m.Combo("/:index/comments").Post(bindIgnErr(auth.CreateCommentForm{}), repo.NewComment)
@@ -486,61 +444,81 @@ func runWeb(ctx *cli.Context) {
 			m.Post("/new", bindIgnErr(auth.CreateLabelForm{}), repo.NewLabel)
 			m.Post("/edit", bindIgnErr(auth.CreateLabelForm{}), repo.UpdateLabel)
 			m.Post("/delete", repo.DeleteLabel)
-		}, reqRepoAdmin)
+		}, reqRepoAdmin, middleware.RepoRef())
 		m.Group("/milestones", func() {
-			m.Get("/new", repo.NewMilestone)
-			m.Post("/new", bindIgnErr(auth.CreateMilestoneForm{}), repo.NewMilestonePost)
+			m.Combo("/new").Get(repo.NewMilestone).
+				Post(bindIgnErr(auth.CreateMilestoneForm{}), repo.NewMilestonePost)
 			m.Get("/:id/edit", repo.EditMilestone)
 			m.Post("/:id/edit", bindIgnErr(auth.CreateMilestoneForm{}), repo.EditMilestonePost)
 			m.Get("/:id/:action", repo.ChangeMilestonStatus)
 			m.Post("/delete", repo.DeleteMilestone)
-		}, reqRepoAdmin)
+		}, reqRepoAdmin, middleware.RepoRef())

 		m.Group("/releases", func() {
 			m.Get("/new", repo.NewRelease)
 			m.Post("/new", bindIgnErr(auth.NewReleaseForm{}), repo.NewReleasePost)
 			m.Get("/edit/:tagname", repo.EditRelease)
 			m.Post("/edit/:tagname", bindIgnErr(auth.EditReleaseForm{}), repo.EditReleasePost)
+			m.Post("/delete", repo.DeleteRelease)
 		}, reqRepoAdmin, middleware.RepoRef())

-		m.Combo("/compare/*").Get(repo.CompareAndPullRequest).
+		m.Combo("/compare/*", repo.MustEnablePulls).Get(repo.CompareAndPullRequest).
 			Post(bindIgnErr(auth.CreateIssueForm{}), repo.CompareAndPullRequestPost)
-	}, reqSignIn, middleware.RepoAssignment(true))
+	}, reqSignIn, middleware.RepoAssignment())

 	m.Group("/:username/:reponame", func() {
-		m.Get("/releases", middleware.RepoRef(), repo.Releases)
-		m.Get("/^:type(issues|pulls)$", repo.RetrieveLabels, repo.Issues)
-		m.Get("/^:type(issues|pulls)$/:index", repo.ViewIssue)
-		m.Get("/labels/", repo.RetrieveLabels, repo.Labels)
-		m.Get("/milestones", repo.Milestones)
-		m.Get("/branches", repo.Branches)
+		m.Group("", func() {
+			m.Get("/releases", repo.Releases)
+			m.Get("/^:type(issues|pulls)$", repo.RetrieveLabels, repo.Issues)
+			m.Get("/^:type(issues|pulls)$/:index", repo.ViewIssue)
+			m.Get("/labels/", repo.RetrieveLabels, repo.Labels)
+			m.Get("/milestones", repo.Milestones)
+		}, middleware.RepoRef())
+
+		// m.Get("/branches", repo.Branches)
+
+		m.Group("/wiki", func() {
+			m.Get("/?:page", repo.Wiki)
+			m.Get("/_pages", repo.WikiPages)
+
+			m.Group("", func() {
+				m.Combo("/_new").Get(repo.NewWiki).
+					Post(bindIgnErr(auth.NewWikiForm{}), repo.NewWikiPost)
+				m.Combo("/:page/_edit").Get(repo.EditWiki).
+					Post(bindIgnErr(auth.NewWikiForm{}), repo.EditWikiPost)
+			}, reqSignIn, reqRepoPusher)
+		}, repo.MustEnableWiki, middleware.RepoRef())
+
 		m.Get("/archive/*", repo.Download)

 		m.Group("/pulls/:index", func() {
 			m.Get("/commits", repo.ViewPullCommits)
 			m.Get("/files", repo.ViewPullFiles)
 			m.Post("/merge", reqRepoAdmin, repo.MergePullRequest)
-		})
+		}, repo.MustEnablePulls)

 		m.Group("", func() {
 			m.Get("/src/*", repo.Home)
 			m.Get("/raw/*", repo.SingleDownload)
 			m.Get("/commits/*", repo.RefCommits)
 			m.Get("/commit/*", repo.Diff)
+			m.Get("/stars", repo.Stars)
+			m.Get("/watchers", repo.Watchers)
+			m.Get("/forks", repo.Forks)
 		}, middleware.RepoRef())

 		m.Get("/compare/:before([a-z0-9]{40})...:after([a-z0-9]{40})", repo.CompareDiff)
-	}, ignSignIn, middleware.RepoAssignment(true))
+	}, ignSignIn, middleware.RepoAssignment())

 	m.Group("/:username", func() {
 		m.Group("/:reponame", func() {
 			m.Get("", repo.Home)
 			m.Get("\\.git$", repo.Home)
-		}, ignSignIn, middleware.RepoAssignment(true, true), middleware.RepoRef())
+		}, ignSignIn, middleware.RepoAssignment(true), middleware.RepoRef())

 		m.Group("/:reponame", func() {
-			m.Any("/*", ignSignInAndCsrf, repo.Http)
-			m.Head("/hooks/trigger", repo.TriggerHook)
+			m.Any("/*", ignSignInAndCsrf, repo.HTTP)
+			m.Head("/tasks/trigger", repo.TriggerTask)
 		})
 	})
 	// ***** END: Repository *****
--- a/conf/app.ini
+++ b/conf/app.ini
@@ -11,6 +11,12 @@ RUN_MODE = dev
 [repository]
 ROOT =
 SCRIPT_TYPE = bash
+; Default ANSI charset
+ANSI_CHARSET = 
+; Force every new repository to be private
+FORCE_PRIVATE = false
+; Patch test queue length, make it as large as possible
+PULL_REQUEST_QUEUE_LENGTH = 10000

 [ui]
 ; Number of repositories that are showed in one explore page
@@ -26,7 +32,7 @@ USER_PAGING_NUM = 50
 ; Number of repos that are showed in one page
 REPO_PAGING_NUM = 50
 ; Number of notices that are showed in one page
-NOTICE_PAGING_NUM = 50
+NOTICE_PAGING_NUM = 25
 ; Number of organization that are showed in one page
 ORG_PAGING_NUM = 50

@@ -42,6 +48,8 @@ HTTP_ADDR =
 HTTP_PORT = 3000
 ; Disable SSH feature when not available
 DISABLE_SSH = false
+; Whether use builtin SSH server or not.
+START_SSH_SERVER = false
 SSH_PORT = 22
 ; Disable CDN even in "prod" mode
 OFFLINE_MODE = false
@@ -110,6 +118,16 @@ DISABLE_MINIMUM_KEY_SIZE_CHECK = false
 ; Enable captcha validation for registration
 ENABLE_CAPTCHA = true

+; used to filter keys which are too short
+[service.minimum_key_sizes]
+ED25519 = 256
+ECDSA   = 256
+NTRU    = 1087
+MCE     = 1702
+McE     = 1702
+RSA     = 1024
+DSA     = 1024
+
 [webhook]
 ; Hook task queue length
 QUEUE_LENGTH = 1000
@@ -316,3 +334,5 @@ it-IT = it

 [other]
 SHOW_FOOTER_BRANDING = false
+; Show version information about gogs and go in the footer
+SHOW_FOOTER_VERSION = true
--- a/conf/gitignore/Clojure.gitignore
+++ b/conf/gitignore/Clojure.gitignore
@@ -1 +0,0 @@
-Leiningen.gitignore
--- a/conf/gitignore/Fortran.gitignore
+++ b/conf/gitignore/Fortran.gitignore
@@ -1 +0,0 @@
-C++.gitignore
--- a/conf/locale/TRANSLATORS
+++ b/conf/locale/TRANSLATORS
@@ -1,20 +1,30 @@
 # This file lists all PUBLIC individuals having contributed content to the translation.
-# Order of name is meaningless.
+# Entries are in alphabetical order.

-Akihiro YAGASAKI <yaggytter@momiage.com>
-Alexander Steinhöfer <kontakt@lx-s.de>
-Alexandre Magno <alexandre.mbm@gmail.com>
-Barış Arda Yılmaz <ardayilmazgamer@gmail.com>
-Christoph Kisfeld <christoph.kisfeld@gmail.com>
-Daniel Speichert <daniel@speichert.pl>
-Gregor Santner <gdev@live.de>
-Huimin Wang <wanghm2009@hotmail.co.jp>
-ilko <email>
-Thomas Fanninger <gogs.thomas@fanninger.at>
-Łukasz Jan Niemier <lukasz@niemier.pl>
-Lafriks <lafriks@gmail.com>
-Luc Stepniewski <luc@stepniewski.fr>
-Miguel de la Cruz <miguel@mcrx.me>
-Marc Schiller <marc@schiller.im>
-Morten Sørensen <klim8d@gmail.com>
-Natan Albuquerque <natanalbuquerque5@gmail.com>
+Akihiro YAGASAKI <yaggytter AT momiage DOT com>
+Alexander Steinhöfer <kontakt AT lx-s DOT de>
+Alexandre Magno <alexandre DOT mbm AT gmail DOT com>
+Andrey Nering <andrey AT nering DOT com DOT br>
+Arthur Aslanyan <arthur DOT e DOT aslanyan AT gmail DOT com>
+Barış Arda Yılmaz <ardayilmazgamer AT gmail DOT com>
+Christoph Kisfeld <christoph DOT kisfeld AT gmail DOT com>
+Daniel Speichert <daniel AT speichert DOT pl>
+Dmitriy Nogay <me AT catwhocode DOT ga>
+Gregor Santner <gdev AT live DOT de>
+Hamid Feizabadi <hamidfzm AT gmail DOT com>
+Huimin Wang <wanghm2009 AT hotmail DOT co DOT jp>
+ilko
+Lafriks <lafriks AT gmail DOT com>
+Lauri Ojansivu <x AT xet7 DOT org>
+Luc Stepniewski <luc AT stepniewski DOT fr>
+Marc Schiller <marc AT schiller DOT im>
+Miguel de la Cruz <miguel AT mcrx DOT me>
+Morten Sørensen <klim8d AT gmail DOT com>
+Nakao Takamasa <at.mattenn AT gmail DOT com>
+Natan Albuquerque <natanalbuquerque5 AT gmail DOT com>
+Odilon Junior <odilon DOT junior93 AT gmail DOT com>
+Thomas Fanninger <gogs DOT thomas AT fanninger DOT at>
+Tilmann Bach <tilmann AT outlook DOT com>
+Vladimir Vissoultchev <wqweto AT gmail DOT com>
+YJSoft <yjsoft AT yjsoft DOT pe DOT kr>
+Łukasz Jan Niemier <lukasz AT niemier DOT pl>
--- a/conf/locale/locale_bg-BG.ini
+++ b/conf/locale/locale_bg-BG.ini
--- a/conf/locale/locale_de-DE.ini
+++ b/conf/locale/locale_de-DE.ini
--- a/conf/locale/locale_en-US.ini
+++ b/conf/locale/locale_en-US.ini
@@ -18,7 +18,7 @@ user_profile_and_more = User profile and more
 signed_in_as = Signed in as

 username = Username
-email = E-mail
+email = Email
 password = Password
 re_type = Re-Type
 captcha = Captcha
@@ -84,14 +84,14 @@ ssh_port_helper = Port number which your SSH server is using, leave it empty to
 http_port = HTTP Port
 http_port_helper = Port number which application will listen on.
 app_url = Application URL
-app_url_helper = This affects HTTP/HTTPS clone URL and somewhere in e-mail.
+app_url_helper = This affects HTTP/HTTPS clone URL and somewhere in email.

 optional_title = Optional Settings
-email_title = E-mail Service Settings
+email_title = Email Service Settings
 smtp_host = SMTP Host
 smtp_from = From
 smtp_from_helper = Mail from address, RFC 5322. It can be just an email address, or the "Name" <email@example.com> format.
-mailer_user = Sender E-mail
+mailer_user = Sender Email
 mailer_password = Sender Password
 register_confirm = Enable Register Confirmation
 mail_notify = Enable Mail Notification
@@ -111,7 +111,7 @@ admin_title = Admin Account Settings
 admin_name = Username
 admin_password = Password
 confirm_password = Confirm Password
-admin_email = E-mail
+admin_email = Admin Email
 install_gogs = Install Gogs
 test_git_failed = Fail to test 'git' command: %v
 sqlite3_not_available = Your release version does not support SQLite3, please download the official binary version from %s, NOT the gobuild version.
@@ -123,7 +123,7 @@ invalid_admin_setting = Admin account setting is invalid: %v
 install_success = Welcome! We're glad that you chose Gogs, have fun and take care.

 [home]
-uname_holder = Username or E-mail
+uname_holder = Username or email
 password_holder = Password
 switch_dashboard_context = Switch Dashboard Context
 my_repos = My Repositories
@@ -147,14 +147,13 @@ remember_me = Remember Me
 forgot_password= Forgot Password
 forget_password = Forgot password?
 sign_up_now = Need an account? Sign up now.
-confirmation_mail_sent_prompt = A new confirmation e-mail has been sent to <b>%s</b>, please check your inbox within the next %d hours to complete the registration process.
-sign_in_to_account = Sign in to your account
+confirmation_mail_sent_prompt = A new confirmation email has been sent to <b>%s</b>, please check your inbox within the next %d hours to complete the registration process.
 active_your_account = Activate Your Account
 resent_limit_prompt = Sorry, you already requested an activation email recently. Please wait 3 minutes then try again.
-has_unconfirmed_mail = Hi %s, you have an unconfirmed e-mail address (<b>%s</b>). If you haven't received a confirmation e-mail or need to resend a new one, please click on the button below.
-resend_mail = Click here to resend your activation e-mail
-email_not_associate = This e-mail address is not associated with any account.
-send_reset_mail = Click here to (re)send your password reset e-mail
+has_unconfirmed_mail = Hi %s, you have an unconfirmed email address (<b>%s</b>). If you haven't received a confirmation email or need to resend a new one, please click on the button below.
+resend_mail = Click here to resend your activation email
+email_not_associate = This email address is not associated with any account.
+send_reset_mail = Click here to (re)send your password reset email
 reset_password = Reset Your Password
 invalid_code = Sorry, your confirmation code has expired or not valid.
 reset_password_helper = Click here to reset your password
@@ -162,9 +161,10 @@ password_too_short = Password length cannot be less then 6.

 [mail]
 activate_account = Please activate your account
-activate_email = Verify your e-mail address
+activate_email = Verify your email address
 reset_password = Reset your password
-register_success = Register success, Welcome
+register_success = Registration successful, welcome
+register_notify = Welcome on board

 [modal]
 yes = Yes
@@ -174,7 +174,7 @@ modify = Modify
 [form]
 UserName = Username
 RepoName = Repository name
-Email = E-mail address
+Email = Email address
 Password = Password
 Retype = Re-type password
 SSHTitle = SSH key name
@@ -182,7 +182,7 @@ HttpsUrl = HTTPS URL
 PayloadUrl = Payload URL
 TeamName = Team name
 AuthName = Authorization name
-AdminEmail = Admin E-mail
+AdminEmail = Admin email

 require_error = ` cannot be empty.`
 alpha_dash_error = ` must be valid alpha or numeric or dash(-_) characters.`
@@ -190,17 +190,18 @@ alpha_dash_dot_error = ` must be valid alpha or numeric or dash(-_) or dot chara
 size_error  = ` must be size %s.`
 min_size_error = ` must contain at least %s characters.`
 max_size_error = ` must contain at most %s characters.`
-email_error = ` is not a valid e-mail address.`
+email_error = ` is not a valid email address.`
 url_error = ` is not a valid URL.`
+include_error = ` must contain substring '%s'.`
 unknown_error = Unknown error:
 captcha_incorrect = Captcha didn't match.
 password_not_match = Password and confirm password are not same.

-username_been_taken = Username has been already taken.
-repo_name_been_taken = Repository name has been already taken.
-org_name_been_taken = Organization name has been already taken.
-team_name_been_taken = Team name has been already taken.
-email_been_used = E-mail address has been already used.
+username_been_taken = Username has already been taken.
+repo_name_been_taken = Repository name has already been taken.
+org_name_been_taken = Organization name has already been taken.
+team_name_been_taken = Team name has already been taken.
+email_been_used = Email address has already been used.
 illegal_team_name = Team name contains illegal characters.
 username_password_incorrect = Username or password is not correct.
 enterred_invalid_repo_name = Please make sure that the repository name you entered is correct.
@@ -217,7 +218,7 @@ still_own_repo = Your account still has ownership over at least one repository,
 still_has_org = Your account still has membership in at least one organization, you have to leave or delete your memberships first.
 org_still_own_repo = This organization still have ownership of repository, you have to delete or transfer them first.

-still_own_user = This authentication still is in use by at least one user, please remove them from the authentication and try again.
+still_own_user = This authentication is still in use by at least one user, please remove them from the authentication and try again.

 target_branch_not_exist = Target branch does not exist.

@@ -245,7 +246,7 @@ delete = Delete Account
 uid = Uid

 public_profile = Public Profile
-profile_desc = Your E-mail address is public and will be used for any account related notifications, and any web based operations made via the site.
+profile_desc = Your email address is public and will be used for any account related notifications, and any web based operations made via the site.
 full_name = Full Name
 website = Website
 location = Location
@@ -257,7 +258,7 @@ continue = Continue
 cancel = Cancel

 enable_custom_avatar = Enable Custom Avatar
-enable_custom_avatar_helper = Enable this to disable fetch from Gravatar
+enable_custom_avatar_helper = Disable fetch from Gravatar
 choose_new_avatar = Choose new avatar
 update_avatar = Update Avatar Setting
 uploaded_avatar_not_a_image = Uploaded file is not a image.
@@ -271,19 +272,19 @@ retype_new_password = Retype New Password
 password_incorrect = Current password is not correct.
 change_password_success = Your password was successfully changed. You can now sign using this new password.

-emails = E-mail Addresses
-manage_emails = Manage e-mail addresses
-email_desc = Your primary e-mail address will be used for notifications and other operations.
+emails = Email Addresses
+manage_emails = Manage email addresses
+email_desc = Your primary email address will be used for notifications and other operations.
 primary = Primary
 primary_email = Set as primary
 delete_email = Delete
-email_deletion = E-mail Deletion
-email_deletion_desc = Delete this e-mail address will remove related information from your account. Do you want to continue?
-email_deletion_success = E-mail has been deleted successfully!
-add_new_email = Add new e-mail address
-add_email = Add e-mail
-add_email_confirmation_sent = A new confirmation e-mail has been sent to '%s', please check your inbox within the next %d hours to complete the confirmation process.
-add_email_success = Your new E-mail address was successfully added.
+email_deletion = Email Deletion
+email_deletion_desc = Deleting this email address will remove related information from your account. Do you want to continue?
+email_deletion_success = Email has been deleted successfully!
+add_new_email = Add new email address
+add_email = Add email
+add_email_confirmation_sent = A new confirmation email has been sent to '%s', please check your inbox within the next %d hours to complete the confirmation process.
+add_email_success = Your new email address was successfully added.

 manage_ssh_keys = Manage SSH Keys
 add_key = Add Key
@@ -334,7 +335,9 @@ repo_name = Repository Name
 repo_name_helper = A good repository name is usually composed of short, memorable and unique keywords.
 visibility = Visibility
 visiblity_helper = This repository is <span class="ui red text">Private</span>
+visiblity_helper_forced = Site admin has forced all new repositories to be <span class="ui red text">Private</span>
 visiblity_fork_helper = (Change of this value will affect all forks)
+clone_helper = Need help cloning? Visit <a target="_blank" href="%s">Help</a>!
 fork_repo = Fork Repository
 fork_from = Fork From
 fork_visiblity_helper = You cannot alter the visibility of a forked repository.
@@ -349,6 +352,9 @@ auto_init = Initialize this repository with selected files and template
 create_repo = Create Repository
 default_branch = Default Branch
 mirror_interval = Mirror Interval (hour)
+watchers = Watchers
+stargazers = Stargazers
+forks = Forks

 form.name_reserved = Repository name '%s' is reserved.
 form.name_pattern_not_allowed = Repository name pattern '%s' is not allowed.
@@ -359,14 +365,16 @@ migrate_type_helper = This repository will be a <span class="text blue">mirror</
 migrate_repo = Migrate Repository
 migrate.clone_address = Clone Address
 migrate.clone_address_desc = This can be a HTTP/HTTPS/GIT URL or local server path.
+migrate.permission_denied = You are not allowed to import local repositories.
 migrate.invalid_local_path = Invalid local path, it does not exist or not a directory.
+migrate.failed = Migration failed: %v

 forked_from = forked from
-fork_from_self = You cannot fork repository you already owned!
+fork_from_self = You cannot fork a repository you already own!
 copy_link = Copy
-click_to_copy = Copy to clipboard
+copy_link_success = Copied!
+copy_link_error = Press ⌘-C or Ctrl-C to copy
 copied = Copied OK
-clone_helper = Need help cloning? Visit <a target="_blank" href="%s">Help</a>!
 unwatch = Unwatch
 watch = Watch
 unstar = Unstar
@@ -378,10 +386,12 @@ quick_guide = Quick Guide
 clone_this_repo = Clone this repository
 create_new_repo_command = Create a new repository on the command line
 push_exist_repo = Push an existing repository from the command line
+repo_is_empty = This repository is empty, please come back later!

+code = Code
 branch = Branch
 tree = Tree
-branch_and_tags = Branches & Tags
+filter_branch_and_tag = Filter branch or tag
 branches = Branches
 tags = Tags
 issues = Issues
@@ -450,9 +460,9 @@ issues.num_comments = %d comments
 issues.commented_at = `commented <a id="%[1]s" href="#%[1]s">%[2]s</a>`
 issues.no_content = There is no content yet.
 issues.close_issue = Close
-issues.close_comment_issue = Close and comment
+issues.close_comment_issue = Comment and close
 issues.reopen_issue = Reopen
-issues.reopen_comment_issue = Reopen and comment
+issues.reopen_comment_issue = Comment and reopen
 issues.create_comment = Comment
 issues.closed_at = `closed <a id="%[1]s" href="#%[1]s">%[2]s</a>`
 issues.reopened_at = `reopened <a id="%[1]s" href="#%[1]s">%[2]s</a>`
@@ -473,9 +483,10 @@ issues.label_edit = Edit
 issues.label_delete = Delete
 issues.label_modify = Label Modification
 issues.label_deletion = Label Deletion
-issues.label_deletion_desc = Delete this label will remove its information in all related issues. Do you want to continue?
+issues.label_deletion_desc = Deleting this label will remove its information in all related issues. Do you want to continue?
 issues.label_deletion_success = Label has been deleted successfully!

+pulls.new = New Pull Request
 pulls.compare_changes = Compare Changes
 pulls.compare_changes_desc = Compare two branches and make a pull request for changes.
 pulls.compare_base = base
@@ -494,10 +505,12 @@ pulls.reopen_to_merge = Please reopen this pull request to perform merge operati
 pulls.merged = Merged
 pulls.has_merged = This pull request has been merged successfully!
 pulls.data_broken = Data of this pull request has been broken due to deletion of fork information.
+pulls.is_checking = The conflict checking is still in progress, please refresh page in few moments.
 pulls.can_auto_merge_desc = You can perform auto-merge operation on this pull request.
 pulls.cannot_auto_merge_desc = You can't perform auto-merge operation because there are conflicts between commits.
 pulls.cannot_auto_merge_helper = Please use command line tool to solve it.
 pulls.merge_pull_request = Merge Pull Request
+pulls.open_unmerged_pull_exists = `You can't perform reopen operation because there is already an open pull request (#%d) from same repository with same merge information and is waiting for merging.`

 milestones.new = New Milestone
 milestones.open_tab = %d Open
@@ -512,27 +525,50 @@ milestones.title = Title
 milestones.desc = Description
 milestones.due_date = Due Date (optional)
 milestones.clear = Clear
-milestones.invalid_due_date_format = Due date format is invalid, must be 'year-mm-dd'.
+milestones.invalid_due_date_format = Due date format is invalid, must be 'yyyy-mm-dd'.
 milestones.create_success = Milestone '%s' has been created successfully!
 milestones.edit = Edit Milestone
-milestones.edit_subheader = Use better description for milestones so people won't be confused.
+milestones.edit_subheader = Use a better description for milestones so people won't be confused.
 milestones.cancel = Cancel
 milestones.modify = Modify Milestone
 milestones.edit_success = Changes of milestone '%s' has been saved successfully!
 milestones.deletion = Milestone Deletion
-milestones.deletion_desc = Delete this milestone will remove its information in all related issues. Do you want to continue?
+milestones.deletion_desc = Deleting this milestone will remove its information in all related issues. Do you want to continue?
 milestones.deletion_success = Milestone has been deleted successfully!

+wiki = Wiki
+wiki.welcome = Welcome to Wiki!
+wiki.welcome_desc = Wiki is the place where you would like to document your project together and make it better.
+wiki.create_first_page = Create the first page
+wiki.page = Page
+wiki.filter_page = Filter page
+wiki.new_page = Create New Page
+wiki.default_commit_message = Write a note about this update (optional).
+wiki.save_page = Save Page
+wiki.last_commit_info = %s edited this page %s
+wiki.edit_page_button = Edit
+wiki.new_page_button = New Page
+wiki.page_already_exists = Wiki page with same name already exists.
+wiki.pages = Pages
+wiki.last_updated = Last updated %s
+
 settings = Settings
 settings.options = Options
 settings.collaboration = Collaboration
 settings.hooks = Webhooks
 settings.githooks = Git Hooks
 settings.basic_settings = Basic Settings
-settings.danger_zone = Danger Zone
 settings.site = Official Site
 settings.update_settings = Update Settings
 settings.change_reponame_prompt = This change will affect how links relate to the repository.
+settings.advanced_settings = Advanced Settings
+settings.wiki_desc = Enable wiki to allow people write documents
+settings.issues_desc = Enable builtin lightweight issue tracker 
+settings.use_external_issue_tracker = Use external issue tracker
+settings.tracker_url_format = External Issue Tracker URL Format
+settings.tracker_url_format_desc = You can use placeholder <code>{user} {repo} {index}</code> for user name, repository name and issue index.
+settings.pulls_desc = Enable pull requests to accept public contributions
+settings.danger_zone = Danger Zone
 settings.transfer = Transfer Ownership
 settings.transfer_desc = Transfer this repository to another user or to an organization in which you have admin rights.
 settings.new_owner_has_same_repo = The new owner already has a repository with same name. Please choose another name.
@@ -546,6 +582,7 @@ settings.delete_notices_2 = - This operation will permanently delete the everyth
 settings.delete_notices_fork_1 = - If this repository is public, all forks will be became independent after deletion.
 settings.delete_notices_fork_2 = - If this repository is private, all forks will be removed at the same time.
 settings.delete_notices_fork_3 = - If you want to keep all forks after deletion, please change visibility of this repository to public first.
+settings.deletion_success = Repository has been deleted successfully!
 settings.update_settings_success = Repository options has been updated successfully.
 settings.transfer_owner = New Owner
 settings.make_transfer = Make Transfer
@@ -554,12 +591,16 @@ settings.confirm_delete = Confirm Deletion
 settings.add_collaborator = Add New Collaborator
 settings.add_collaborator_success = New collaborator has been added.
 settings.remove_collaborator_success = Collaborator has been removed.
+settings.search_user_placeholder = Search user...
 settings.user_is_org_member = User is organization member who cannot be added as a collaborator.
 settings.add_webhook = Add Webhook
 settings.hooks_desc = Webhooks are much like basic HTTP POST event triggers. Whenever something occurs in Gogs, we will handle the notification to the target host you specify. Learn more in this <a target="_blank" href="%s">Webhooks Guide</a>.
 settings.webhook_deletion = Delete Webhook
 settings.webhook_deletion_desc = Delete this webhook will remove its information and all delivery history. Do you want to continue?
 settings.webhook_deletion_success = Webhook has been deleted successfully!
+settings.webhook.test_delivery = Test Delivery
+settings.webhook.test_delivery_desc = Send a fake push event delivery to test your webhook settings
+settings.webhook.test_delivery_success = Test webhook has been added to delivery queue. It may taks few seconds before it shows up in the delivery history.
 settings.webhook.request = Request
 settings.webhook.response = Response
 settings.webhook.headers = Headers
@@ -599,14 +640,15 @@ settings.slack_domain = Domain
 settings.slack_channel = Channel
 settings.deploy_keys = Deploy Keys
 settings.add_deploy_key = Add Deploy Key
+settings.deploy_key_desc = Deploy key only has read-only access. It is not same as personal account SSH keys.
 settings.no_deploy_keys = You haven't added any deploy key.
 settings.title = Title
 settings.deploy_key_content = Content
 settings.key_been_used = Deploy key content has been used.
-settings.key_name_used = Deploy key with same name has already existed.
+settings.key_name_used = Deploy key with the same name already exists.
 settings.add_key_success = New deploy key '%s' has been added successfully!
 settings.deploy_key_deletion = Delete Deploy Key
-settings.deploy_key_deletion_desc = Delete this deploy key will remove all related accesses for this repository. Do you want to continue?
+settings.deploy_key_deletion_desc = Deleting this deploy key will remove all related accesses for this repository. Do you want to continue?
 settings.deploy_key_deletion_success = Deploy key has been deleted successfully!

 diff.browse_source = Browse Source
@@ -626,24 +668,32 @@ release.stable = Stable
 release.edit = edit
 release.ahead = <strong>%d</strong> commits to %s since this release
 release.source_code = Source Code
+release.new_subheader = Publish releases to iterate product.
+release.edit_subheader = Detailed change log can help users understand what has been improved.
 release.tag_name = Tag name
 release.target = Target
 release.tag_helper = Choose an existing tag, or create a new tag on publish.
-release.release_title = Release title
-release.content_with_md = Content with <a href="%s">Markdown</a>
+release.title = Title
+release.content = Content
 release.write = Write
 release.preview = Preview
-release.content_placeholder = Write some content
 release.loading = Loading...
 release.prerelease_desc = This is a pre-release
-release.prerelease_helper = We’ll point out that this release is not production-ready.
+release.prerelease_helper = We'll point out that this release is not production-ready.
+release.cancel = Cancel
 release.publish = Publish Release
 release.save_draft = Save Draft
 release.edit_release = Edit Release
-release.tag_name_already_exist = Release with this tag name has already existed.
+release.delete_release = Delete This Release
+release.deletion = Release Deletion
+release.deletion_desc = Deleting this release will delete the corresponding Git tag. Do you want to continue?
+release.deletion_success = Release has been deleted successfully!
+release.tag_name_already_exist = Release with this tag name already exists.
+release.downloads = Downloads

 [org]
 org_name_holder = Organization Name
+org_full_name_holder = Organization Full Name
 org_name_helper = Great organization names are short and memorable.
 create_org = Create Organization
 repo_updated = Updated
@@ -680,16 +730,17 @@ settings.delete_org_title = Organization Deletion
 settings.delete_org_desc = This organization is going to be deleted permanently, do you want to continue?
 settings.hooks_desc = Add webhooks that will be triggered for <strong>all repositories</strong> under this organization.

+members.membership_visibility = Membership Visibility:
 members.public = Public
 members.public_helper = make private
 members.private = Private
 members.private_helper = make public
+members.member_role = Member Role:
 members.owner = Owner
 members.member = Member
-members.conceal = Conceal
 members.remove = Remove
 members.leave = Leave
-members.invite_desc = Start typing a username to invite a new member to %s:
+members.invite_desc = Add a new member to %s:
 members.invite_now = Invite Now

 teams.join = Join
@@ -714,6 +765,7 @@ teams.read_permission_desc = This team grants <strong>Read</strong> access: memb
 teams.write_permission_desc = This team grants <strong>Write</strong> access: members can read from and push to the team's repositories.
 teams.admin_permission_desc = This team grants <strong>Admin</strong> access: members can read from, push to, and add collaborators to the team's repositories.
 teams.repositories = Team Repositories
+teams.search_repo_placeholder = Search repository...
 teams.add_team_repository = Add Team Repository
 teams.remove_repo = Remove
 teams.add_nonexistent_repo = The repository you're trying to add does not exist, please create it first.
@@ -744,6 +796,8 @@ dashboard.delete_inactivate_accounts = Delete all inactive accounts
 dashboard.delete_inactivate_accounts_success = All inactivate accounts have been deleted successfully.
 dashboard.delete_repo_archives = Delete all repositories archives
 dashboard.delete_repo_archives_success = All repositories archives have been deleted successfully.
+dashboard.delete_missing_repos = Delete all repository records that lost Git files
+dashboard.delete_missing_repos_success = All repository records that lost Git files have been deleted successfully.
 dashboard.git_gc_repos = Do garbage collection on repositories
 dashboard.git_gc_repos_success = All repositories have done garbage collection successfully.
 dashboard.resync_all_sshkeys = Rewrite '.ssh/authorized_keys' file (caution: non-Gogs keys will be lost)
@@ -800,6 +854,7 @@ users.edit_account = Edit Account
 users.is_activated = This account is activated
 users.is_admin = This account has administrator permissions
 users.allow_git_hook = This account has permissions to create Git hooks
+users.allow_import_local = This account has permissions to import local repositories
 users.update_profile = Update Account Profile
 users.delete_account = Delete This Account
 users.still_own_repo = This account still has ownership over at least one repository, you have to delete or transfer them first.
@@ -835,9 +890,11 @@ auths.bind_password = Bind Password
 auths.bind_password_helper = Warning: This password is stored in plain text. Do not use a high privileged account.
 auths.user_base = User Search Base
 auths.user_dn = User DN
+auths.attribute_username = Username attribute
+auths.attribute_username_placeholder = Leave empty to use sign-in form field value for user name.
 auths.attribute_name = First name attribute
 auths.attribute_surname = Surname attribute
-auths.attribute_mail = E-mail attribute
+auths.attribute_mail = Email attribute
 auths.filter = User Filter
 auths.admin_filter = Admin Filter
 auths.ms_ad_sa = Ms Ad SA
@@ -885,7 +942,7 @@ config.db_ssl_mode_helper = (for "postgres" only)
 config.db_path = Path
 config.db_path_helper = (for "sqlite3" and "tidb")
 config.service_config = Service Configuration
-config.register_email_confirm = Require E-mail Confirmation
+config.register_email_confirm = Require Email Confirmation
 config.disable_register = Disable Registration
 config.show_registration_button = Show Register Button
 config.require_sign_in_view = Require Sign In View
@@ -938,16 +995,23 @@ monitor.start = Start Time
 monitor.execute_time = Execution Time

 notices.system_notice_list = System Notices
+notices.view_detail_header = View Notice Detail
+notices.actions = Actions
+notices.select_all = Select All
+notices.deselect_all = Deselect All
+notices.inverse_selection = Inverse Selection
+notices.delete_selected = Delete Selected
+notices.delete_all = Delete All Notices
 notices.type = Type
 notices.type_1 = Repository
 notices.desc = Description
 notices.op = Op.
-notices.delete_success = System notice has been deleted successfully.
+notices.delete_success = System notices have been deleted successfully.

 [action]
 create_repo = created repository <a href="%s">%s</a>
 rename_repo = renamed repository from <code>%[1]s</code> to <a href="%[2]s">%[3]s</a>
-commit_repo = pushed to <a href="%s/src/%s">%[2]s</a> at <a href="%[1]s">%[3]s</a>
+commit_repo = pushed to <a href="%[1]s/src/%[2]s">%[3]s</a> at <a href="%[1]s">%[4]s</a>
 create_issue = `opened issue <a href="%s/issues/%s">%s#%[2]s</a>`
 create_pull_request = `created pull request <a href="%s/pulls/%s">%s#%[2]s</a>`
 comment_issue = `commented on issue <a href="%s/issues/%s">%s#%[2]s</a>`
--- a/conf/locale/locale_es-ES.ini
+++ b/conf/locale/locale_es-ES.ini
--- a/conf/locale/locale_fr-FR.ini
+++ b/conf/locale/locale_fr-FR.ini
--- a/conf/locale/locale_it-IT.ini
+++ b/conf/locale/locale_it-IT.ini
--- a/conf/locale/locale_ja-JP.ini
+++ b/conf/locale/locale_ja-JP.ini
--- a/conf/locale/locale_lv-LV.ini
+++ b/conf/locale/locale_lv-LV.ini
--- a/conf/locale/locale_nl-NL.ini
+++ b/conf/locale/locale_nl-NL.ini
--- a/conf/locale/locale_pl-PL.ini
+++ b/conf/locale/locale_pl-PL.ini
--- a/conf/locale/locale_pt-BR.ini
+++ b/conf/locale/locale_pt-BR.ini
--- a/conf/locale/locale_ru-RU.ini
+++ b/conf/locale/locale_ru-RU.ini
--- a/conf/locale/locale_zh-CN.ini
+++ b/conf/locale/locale_zh-CN.ini
--- a/conf/locale/locale_zh-HK.ini
+++ b/conf/locale/locale_zh-HK.ini
--- a/config.codekit
+++ b/config.codekit
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,12 +0,0 @@
-web:
-  build: .
-  links:
-    - mysql
-  ports:
-    - "3000:3000"
-
-mysql:
-  image: mysql
-  environment:
-    - MYSQL_ROOT_PASSWORD=gogs
-    - MYSQL_DATABASE=gogs
--- a/docker/README.md
+++ b/docker/README.md
@@ -17,12 +17,12 @@ $ mkdir -p /var/gogs
 $ docker run --name=gogs -p 10022:22 -p 10080:3000 -v /var/gogs:/data gogs/gogs

 # Use `docker start` if you have stopped it.
-$ docker start gogs 
+$ docker start gogs
 ```

 Files will be store in local path `/var/gogs` in my case.

-Directory `/var/gogs` keeps Git repoistories and Gogs data:
+Directory `/var/gogs` keeps Git repositories and Gogs data:

    /var/gogs
    |-- git
@@ -33,7 +33,17 @@ Directory `/var/gogs` keeps Git repoistories and Gogs data:
        |-- conf
        |-- data
        |-- log
-        |-- templates
+
+### Volume with data container
+
+If you're more comfortable with mounting data to a data container, the commands you execute at the first time will look like as follows:
+
+```
+# Create data container
+docker run --name=gogs-data --entrypoint /bin/true gogs/gogs
+# Use `docker run` for the first time.
+docker run --name=gogs --volumes-from gogs-data -p 10022:22 -p 10080:3000 gogs/gogs
+```

 ## Settings

@@ -44,7 +54,7 @@ Most of settings are obvious and easy to understand, but there are some settings
 - **Domain**: fill in with Docker container IP(e.g. `192.168.99.100`). But if you want to access your Gogs instance from a different physical machine, please fill in with the hostname or IP address of the Docker host machine.
 - **SSH Port**: Use the exposed port from Docker container. For example, your SSH server listens on `22` inside Docker, but you expose it by `10022:22`, then use `10022` for this value.
 - **HTTP Port**: Use port you want Gogs to listen on inside Docker container. For example, your Gogs listens on `3000` inside Docker, and you expose it by `10080:3000`, but you still use `3000` for this value.
- **Application URL**: Use combination of **Domain** and **exposed HTTP Port** values(e.g. `http://192.168.99.100:10080/`). 
+- **Application URL**: Use combination of **Domain** and **exposed HTTP Port** values(e.g. `http://192.168.99.100:10080/`).

 Full documentation of settings can be found [here](http://gogs.io/docs/advanced/configuration_cheat_sheet.html).

@@ -59,16 +69,6 @@ Steps to upgrade Gogs with Docker:
 - `docker rm gogs`
 - Finally, create container as the first time and don't forget to do same volume and port mapping.

-## Troubleshooting
-
-If you see the following error:
-
-```
-checkVersion()] [E] Binary and template file version does not match
-```
-
-Run `rm -fr /var/gogs/gogs/templates/` should fix this it. Just remember to backup templates file if you have made modifications youself.
-
 ## Known Issues

- [Use ctrl+c when clone through SSH makes Docker exit unexpectedly](https://github.com/gogits/gogs/issues/1499)
+- `.dockerignore` seems to be ignored during Docker Hub Automated build
--- a/docker/build.sh
+++ b/docker/build.sh
@@ -0,0 +1,27 @@
+#!/bin/sh
+set -x
+set -e
+
+# Set temp environment vars
+export GOPATH=/tmp/go
+export PATH=${PATH}:${GOPATH}/bin
+
+# Install build deps
+apk -U --no-progress add linux-pam-dev go@community gcc musl-dev
+
+# Init go environment to build Gogs
+mkdir -p ${GOPATH}/src/github.com/gogits/
+ln -s /app/gogs/ ${GOPATH}/src/github.com/gogits/gogs
+cd ${GOPATH}/src/github.com/gogits/gogs
+go get -v -tags "sqlite redis memcache cert pam"
+go build -tags "sqlite redis memcache cert pam"
+
+# Cleanup GOPATH
+rm -r $GOPATH
+
+# Remove build deps
+apk --no-progress del linux-pam-dev go gcc musl-dev
+
+# Create git user for Gogs
+adduser -H -D -g 'Gogs Git User' git -h /data/git -s /bin/bash && passwd -u git
+echo "export GOGS_CUSTOM=${GOGS_CUSTOM}" >> /etc/profile
--- a/docker/s6/.s6-svscan/finish
+++ b/docker/s6/.s6-svscan/finish
@@ -0,0 +1,5 @@
+#!/bin/sh
+
+# Cleanup SOCAT services and s6 event folder
+rm -rf $(find /app/gogs/docker/s6/ -name 'event')
+rm -rf /app/gogs/docker/s6/SOCAT_*
--- a/docker/s6/gogs/run
+++ b/docker/s6/gogs/run
@@ -0,0 +1,8 @@
+#!/bin/sh
+
+if test -f ./setup; then
+    source ./setup
+fi
+
+export USER=git
+exec gosu $USER /app/gogs/gogs web
--- a/docker/s6/gogs/setup
+++ b/docker/s6/gogs/setup
@@ -0,0 +1,23 @@
+#!/bin/sh
+
+if ! test -d ~git/.ssh; then
+    mkdir -p ~git/.ssh
+    chmod 700 ~git/.ssh
+fi
+
+if ! test -f ~git/.ssh/environment; then
+    echo "GOGS_CUSTOM=${GOGS_CUSTOM}" > ~git/.ssh/environment
+    chmod 600 ~git/.ssh/environment
+fi
+
+cd /app/gogs
+
+# Link volumed data with app data
+ln -sf /data/gogs/log  ./log
+ln -sf /data/gogs/data ./data
+
+# Backward Compatibility with Gogs Container v0.6.15
+ln -sf /data/git /home/git
+
+chown -R git:git /data /app/gogs ~git/
+chmod 0755 /data /data/gogs ~git/
--- a/docker/s6/openssh/run
+++ b/docker/s6/openssh/run
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+if test -f ./setup; then
+    source ./setup
+fi
+
+exec gosu root /usr/sbin/sshd -D -f /app/gogs/docker/sshd_config
--- a/docker/s6/openssh/setup
+++ b/docker/s6/openssh/setup
@@ -0,0 +1,27 @@
+#!/bin/sh
+
+# Check if host keys are present, else create them
+if ! test -f /data/ssh/ssh_host_key; then
+    ssh-keygen -q -f /data/ssh/ssh_host_key -N '' -t rsa1
+fi
+
+if ! test -f /data/ssh/ssh_host_rsa_key; then
+    ssh-keygen -q -f /data/ssh/ssh_host_rsa_key -N '' -t rsa
+fi
+
+if ! test -f /data/ssh/ssh_host_dsa_key; then
+    ssh-keygen -q -f /data/ssh/ssh_host_dsa_key -N '' -t dsa
+fi
+
+if ! test -f /data/ssh/ssh_host_ecdsa_key; then
+    ssh-keygen -q -f /data/ssh/ssh_host_ecdsa_key -N '' -t ecdsa
+fi
+
+if ! test -f /data/ssh/ssh_host_ed25519_key; then
+    ssh-keygen -q -f /data/ssh/ssh_host_ed25519_key -N '' -t ed25519
+fi
+
+# Set correct right to ssh keys
+chown -R root:root /data/ssh/*
+chmod 0700 /data/ssh
+chmod 0600 /data/ssh/*
--- a/docker/s6/syslogd/run
+++ b/docker/s6/syslogd/run
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+if test -f ./setup; then
+    source ./setup
+fi
+
+exec gosu root /sbin/syslogd -nS -O-
--- a/docker/sshd_config
+++ b/docker/sshd_config
@@ -0,0 +1,17 @@
+Port 22
+AddressFamily any
+ListenAddress 0.0.0.0
+ListenAddress ::
+Protocol 2
+LogLevel INFO
+HostKey /data/ssh/ssh_host_key
+HostKey /data/ssh/ssh_host_rsa_key
+HostKey /data/ssh/ssh_host_dsa_key
+HostKey /data/ssh/ssh_host_ecdsa_key
+HostKey /data/ssh/ssh_host_ed25519_key
+PermitRootLogin no
+AuthorizedKeysFile	.ssh/authorized_keys
+PasswordAuthentication no
+UsePrivilegeSeparation no
+PermitUserEnvironment yes
+AllowUsers git
--- a/docker/start.sh
+++ b/docker/start.sh
@@ -1,43 +1,56 @@
-#!/bin/bash -
-#
+#!/bin/sh

-if ! test -d /data/gogs
-then
-	mkdir -p /var/run/sshd
-	mkdir -p /data/gogs/data /data/gogs/conf /data/gogs/log /data/git
+create_socat_links() {
+    # Bind linked docker container to localhost socket using socat
+    USED_PORT="3000:22"
+    while read NAME ADDR PORT; do
+        if test -z "$NAME$ADDR$PORT"; then
+            continue
+        elif echo $USED_PORT | grep -E "(^|:)$PORT($|:)" > /dev/null; then
+            echo "init:socat  | Can't bind linked container ${NAME} to localhost, port ${PORT} already in use" 1>&2
+        else
+            SERV_FOLDER=/app/gogs/docker/s6/SOCAT_${NAME}_${PORT}
+            mkdir -p ${SERV_FOLDER}
+            CMD="socat -ls TCP4-LISTEN:${PORT},fork,reuseaddr TCP4:${ADDR}:${PORT}"
+            echo -e "#!/bin/sh\nexec $CMD" > ${SERV_FOLDER}/run
+            chmod +x ${SERV_FOLDER}/run
+            USED_PORT="${USED_PORT}:${PORT}"
+            echo "init:socat  | Linked container ${NAME} will be binded to localhost on port ${PORT}" 1>&2
+        fi
+    done << EOT
+    $(env | sed -En 's|(.*)_PORT_([0-9]+)_TCP=tcp://(.*):([0-9]+)|\1 \3 \4|p')
+EOT
+}
+
+cleanup() {
+    # Cleanup SOCAT services and s6 event folder
+    # On start and on shutdown in case container has been killed
+    rm -rf $(find /app/gogs/docker/s6/ -name 'event')
+    rm -rf /app/gogs/docker/s6/SOCAT_*
+}
+
+create_volume_subfolder() {
+    # Create VOLUME subfolder
+    for f in /data/gogs/data /data/gogs/conf /data/gogs/log /data/git /data/ssh; do
+        if ! test -d $f; then
+            mkdir -p $f
+        fi
+    done
+}
+
+cleanup
+create_volume_subfolder
+
+LINK=$(echo "$SOCAT_LINK" | tr '[:upper:]' '[:lower:]')
+if [ "$LINK" = "false" -o "$LINK" = "0" ]; then
+    echo "init:socat  | Will not try to create socat links as requested" 1>&2
+else
+    create_socat_links
 fi

-if ! test -d /data/ssh
-then
-	mkdir /data/ssh
-	ssh-keygen -q -f /data/ssh/ssh_host_key -N '' -t rsa1
-	ssh-keygen -q -f /data/ssh/ssh_host_rsa_key -N '' -t rsa
-	ssh-keygen -q -f /data/ssh/ssh_host_dsa_key -N '' -t dsa
-	ssh-keygen -q -f /data/ssh/ssh_host_ecdsa_key -N '' -t ecdsa
-	ssh-keygen -q -f /data/ssh/ssh_host_ed25519_key -N '' -t ed25519
-	chown -R root:root /data/ssh/*
-	chmod 600 /data/ssh/*
+# Exec CMD or S6 by default if nothing present
+if [ $# -gt 0 ];then
+    exec "$@"
+else
+    exec /bin/s6-svscan /app/gogs/docker/s6/
 fi
-
-service ssh start
-
-ln -sf /data/gogs/log ./log
-ln -sf /data/gogs/data ./data
-ln -sf /data/git /home/git
-
-
-if ! test -d ~git/.ssh
-then
-  mkdir ~git/.ssh
-  chmod 700 ~git/.ssh
-fi
-
-if ! test -f ~git/.ssh/environment
-then
-  echo "GOGS_CUSTOM=/data/gogs" > ~git/.ssh/environment
-  chown git:git ~git/.ssh/environment
-  chown 600 ~git/.ssh/environment
-fi
-
-chown -R git:git /data .
-exec su git -c "./gogs web"
--- a/gogs.go
+++ b/gogs.go
@@ -1,10 +1,10 @@
-// +build go1.2
+// +build go1.3

 // Copyright 2014 The Gogs Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.

-// Gogs(Go Git Service) is a painless self-hosted Git Service written in Go.
+// Gogs (Go Git Service) is a painless self-hosted Git Service.
 package main

 import (
@@ -17,7 +17,7 @@ import (
 	"github.com/gogits/gogs/modules/setting"
 )

-const APP_VER = "0.6.15.0926 Beta"
+const APP_VER = "0.7.33.1205 Beta"

 func init() {
 	runtime.GOMAXPROCS(runtime.NumCPU())
--- a/models/access.go
+++ b/models/access.go
@@ -36,19 +36,19 @@ func accessLevel(e Engine, u *User, repo *Repository) (AccessMode, error) {
 		mode = ACCESS_MODE_READ
 	}

-	if u != nil {
-		if u.Id == repo.OwnerID {
-			return ACCESS_MODE_OWNER, nil
-		}
-
-		a := &Access{UserID: u.Id, RepoID: repo.ID}
-		if has, err := e.Get(a); !has || err != nil {
-			return mode, err
-		}
-		return a.Mode, nil
+	if u == nil {
+		return mode, nil
 	}

-	return mode, nil
+	if u.Id == repo.OwnerID {
+		return ACCESS_MODE_OWNER, nil
+	}
+
+	a := &Access{UserID: u.Id, RepoID: repo.ID}
+	if has, err := e.Get(a); !has || err != nil {
+		return mode, err
+	}
+	return a.Mode, nil
 }

 // AccessLevel returns the Access a user has to a repository. Will return NoneAccess if the
@@ -67,9 +67,8 @@ func HasAccess(u *User, repo *Repository, testMode AccessMode) (bool, error) {
 	return hasAccess(x, u, repo, testMode)
 }

-// GetAccessibleRepositories finds all repositories where a user has access to,
-// besides he/she owns.
-func (u *User) GetAccessibleRepositories() (map[*Repository]AccessMode, error) {
+// GetRepositoryAccesses finds all repositories with their access mode where a user has access but does not own.
+func (u *User) GetRepositoryAccesses() (map[*Repository]AccessMode, error) {
 	accesses := make([]*Access, 0, 10)
 	if err := x.Find(&accesses, &Access{UserID: u.Id}); err != nil {
 		return nil, err
@@ -80,7 +79,7 @@ func (u *User) GetAccessibleRepositories() (map[*Repository]AccessMode, error) {
 		repo, err := GetRepositoryByID(access.RepoID)
 		if err != nil {
 			if IsErrRepoNotExist(err) {
-				log.Error(4, "%v", err)
+				log.Error(4, "GetRepositoryByID: %v", err)
 				continue
 			}
 			return nil, err
@@ -92,11 +91,28 @@ func (u *User) GetAccessibleRepositories() (map[*Repository]AccessMode, error) {
 		}
 		repos[repo] = access.Mode
 	}
-
-	// FIXME: should we generate an ordered list here? Random looks weird.
 	return repos, nil
 }

+// GetAccessibleRepositories finds all repositories where a user has access but does not own.
+func (u *User) GetAccessibleRepositories() ([]*Repository, error) {
+	accesses := make([]*Access, 0, 10)
+	if err := x.Find(&accesses, &Access{UserID: u.Id}); err != nil {
+		return nil, err
+	}
+
+	if len(accesses) == 0 {
+		return []*Repository{}, nil
+	}
+
+	repoIDs := make([]int64, 0, len(accesses))
+	for _, access := range accesses {
+		repoIDs = append(repoIDs, access.RepoID)
+	}
+	repos := make([]*Repository, 0, len(repoIDs))
+	return repos, x.Where("owner_id != ?", u.Id).In("id", repoIDs).Desc("updated").Find(&repos)
+}
+
 func maxAccessMode(modes ...AccessMode) AccessMode {
 	max := ACCESS_MODE_NONE
 	for _, mode := range modes {
--- a/models/action.go
+++ b/models/action.go
@@ -14,6 +14,7 @@ import (
 	"time"
 	"unicode"

+	"github.com/Unknwon/com"
 	"github.com/go-xorm/xorm"

 	api "github.com/gogits/go-gogs-client"
@@ -136,6 +137,26 @@ func (a Action) GetIssueInfos() []string {
 	return strings.SplitN(a.Content, "|", 2)
 }

+func (a Action) GetIssueTitle() string {
+	index := com.StrTo(a.GetIssueInfos()[0]).MustInt64()
+	issue, err := GetIssueByIndex(a.RepoID, index)
+	if err != nil {
+		log.Error(4, "GetIssueByIndex: %v", err)
+		return "500 when get issue"
+	}
+	return issue.Name
+}
+
+func (a Action) GetIssueContent() string {
+	index := com.StrTo(a.GetIssueInfos()[0]).MustInt64()
+	issue, err := GetIssueByIndex(a.RepoID, index)
+	if err != nil {
+		log.Error(4, "GetIssueByIndex: %v", err)
+		return "500 when get issue"
+	}
+	return issue.Content
+}
+
 func newRepoAction(e Engine, u *User, repo *Repository) (err error) {
 	if err = notifyWatchers(e, &Action{
 		ActUserID:    u.Id,
@@ -147,7 +168,7 @@ func newRepoAction(e Engine, u *User, repo *Repository) (err error) {
 		RepoName:     repo.Name,
 		IsPrivate:    repo.IsPrivate,
 	}); err != nil {
-		return fmt.Errorf("notify watchers '%d/%s': %v", u.Id, repo.ID, err)
+		return fmt.Errorf("notify watchers '%d/%d': %v", u.Id, repo.ID, err)
 	}

 	log.Trace("action.newRepoAction: %s/%s", u.Name, repo.Name)
@@ -187,8 +208,48 @@ func issueIndexTrimRight(c rune) bool {
 	return !unicode.IsDigit(c)
 }

+type PushCommit struct {
+	Sha1        string
+	Message     string
+	AuthorEmail string
+	AuthorName  string
+}
+
+type PushCommits struct {
+	Len        int
+	Commits    []*PushCommit
+	CompareUrl string
+
+	avatars map[string]string
+}
+
+func NewPushCommits() *PushCommits {
+	return &PushCommits{
+		avatars: make(map[string]string),
+	}
+}
+
+// AvatarLink tries to match user in database with e-mail
+// in order to show custom avatar, and falls back to general avatar link.
+func (push *PushCommits) AvatarLink(email string) string {
+	_, ok := push.avatars[email]
+	if !ok {
+		u, err := GetUserByEmail(email)
+		if err != nil {
+			push.avatars[email] = base.AvatarLink(email)
+			if !IsErrUserNotExist(err) {
+				log.Error(4, "GetUserByEmail: %v", err)
+			}
+		} else {
+			push.avatars[email] = u.AvatarLink()
+		}
+	}
+
+	return push.avatars[email]
+}
+
 // updateIssuesCommit checks if issues are manipulated by commit message.
-func updateIssuesCommit(u *User, repo *Repository, repoUserName, repoName string, commits []*base.PushCommit) error {
+func updateIssuesCommit(u *User, repo *Repository, repoUserName, repoName string, commits []*PushCommit) error {
 	// Commits are appended in the reverse order.
 	for i := len(commits) - 1; i >= 0; i-- {
 		c := commits[i]
@@ -322,7 +383,7 @@ func CommitRepoAction(
 	repoID int64,
 	repoUserName, repoName string,
 	refFullName string,
-	commit *base.PushCommits,
+	commit *PushCommits,
 	oldCommitID string, newCommitID string) error {

 	u, err := GetUserByID(userID)
@@ -337,12 +398,18 @@ func CommitRepoAction(
 		return fmt.Errorf("GetOwner: %v", err)
 	}

+	// Change repository bare status and update last updated time.
+	repo.IsBare = false
+	if err = UpdateRepository(repo, false); err != nil {
+		return fmt.Errorf("UpdateRepository: %v", err)
+	}
+
 	isNewBranch := false
 	opType := COMMIT_REPO
 	// Check it's tag push or branch.
 	if strings.HasPrefix(refFullName, "refs/tags/") {
 		opType = PUSH_TAG
-		commit = &base.PushCommits{}
+		commit = &PushCommits{}
 	} else {
 		// if not the first commit, set the compareUrl
 		if !strings.HasPrefix(oldCommitID, "0000000") {
@@ -351,12 +418,10 @@ func CommitRepoAction(
 			isNewBranch = true
 		}

-		// Change repository bare status and update last updated time.
-		repo.IsBare = false
-		if err = UpdateRepository(repo, false); err != nil {
-			return fmt.Errorf("UpdateRepository: %v", err)
+		// NOTE: limit to detect latest 100 commits.
+		if len(commit.Commits) > 100 {
+			commit.Commits = commit.Commits[len(commit.Commits)-100:]
 		}
-
 		if err = updateIssuesCommit(u, repo, repoUserName, repoName, commit.Commits); err != nil {
 			log.Error(4, "updateIssuesCommit: %v", err)
 		}
@@ -386,24 +451,9 @@ func CommitRepoAction(
 		IsPrivate:    repo.IsPrivate,
 	}); err != nil {
 		return fmt.Errorf("NotifyWatchers: %v", err)
-
 	}

-	repoLink := fmt.Sprintf("%s%s/%s", setting.AppUrl, repoUserName, repoName)
-	payloadRepo := &api.PayloadRepo{
-		ID:          repo.ID,
-		Name:        repo.LowerName,
-		URL:         repoLink,
-		Description: repo.Description,
-		Website:     repo.Website,
-		Watchers:    repo.NumWatches,
-		Owner: &api.PayloadAuthor{
-			Name:     repo.Owner.DisplayName(),
-			Email:    repo.Owner.Email,
-			UserName: repo.Owner.Name,
-		},
-		Private: repo.IsPrivate,
-	}
+	payloadRepo := repo.ComposePayload()

 	pusher_email, pusher_name := "", ""
 	pusher, err := GetUserByName(userName)
@@ -429,7 +479,7 @@ func CommitRepoAction(
 			commits[i] = &api.PayloadCommit{
 				ID:      cmt.Sha1,
 				Message: cmt.Message,
-				URL:     fmt.Sprintf("%s/commit/%s", repoLink, cmt.Sha1),
+				URL:     fmt.Sprintf("%s/commit/%s", repo.RepoLink(), cmt.Sha1),
 				Author: &api.PayloadAuthor{
 					Name:     cmt.AuthorName,
 					Email:    cmt.AuthorEmail,
@@ -488,7 +538,7 @@ func transferRepoAction(e Engine, actUser, oldOwner, newOwner *User, repo *Repos
 		IsPrivate:    repo.IsPrivate,
 		Content:      path.Join(oldOwner.LowerName, repo.LowerName),
 	}); err != nil {
-		return fmt.Errorf("notify watchers '%d/%s': %v", actUser.Id, repo.ID, err)
+		return fmt.Errorf("notify watchers '%d/%d': %v", actUser.Id, repo.ID, err)
 	}

 	// Remove watch for organization.
--- a/models/admin.go
+++ b/models/admin.go
@@ -5,9 +5,12 @@
 package models

 import (
+	"strings"
 	"time"

 	"github.com/Unknwon/com"
+
+	"github.com/gogits/gogs/modules/base"
 )

 type NoticeType int
@@ -18,7 +21,7 @@ const (

 // Notice represents a system notice for admin.
 type Notice struct {
-	Id          int64
+	ID          int64 `xorm:"pk autoincr"`
 	Type        NoticeType
 	Description string    `xorm:"TEXT"`
 	Created     time.Time `xorm:"CREATED"`
@@ -61,3 +64,22 @@ func DeleteNotice(id int64) error {
 	_, err := x.Id(id).Delete(new(Notice))
 	return err
 }
+
+// DeleteNotices deletes all notices with ID from start to end (inclusive).
+func DeleteNotices(start, end int64) error {
+	sess := x.Where("id >= ?", start)
+	if end > 0 {
+		sess.And("id <= ?", end)
+	}
+	_, err := sess.Delete(new(Notice))
+	return err
+}
+
+// DeleteNoticesByIDs deletes notices by given IDs.
+func DeleteNoticesByIDs(ids []int64) error {
+	if len(ids) == 0 {
+		return nil
+	}
+	_, err := x.Where("id IN (" + strings.Join(base.Int64sToStrings(ids), ",") + ")").Delete(new(Notice))
+	return err
+}
--- a/models/error.go
+++ b/models/error.go
@@ -18,7 +18,7 @@ func IsErrNameReserved(err error) bool {
 }

 func (err ErrNameReserved) Error() string {
-	return fmt.Sprintf("name is reserved: [name: %s]", err.Name)
+	return fmt.Sprintf("name is reserved [name: %s]", err.Name)
 }

 type ErrNamePatternNotAllowed struct {
@@ -31,7 +31,7 @@ func IsErrNamePatternNotAllowed(err error) bool {
 }

 func (err ErrNamePatternNotAllowed) Error() string {
-	return fmt.Sprintf("name pattern is not allowed: [pattern: %s]", err.Pattern)
+	return fmt.Sprintf("name pattern is not allowed [pattern: %s]", err.Pattern)
 }

 //  ____ ___
@@ -51,7 +51,7 @@ func IsErrUserAlreadyExist(err error) bool {
 }

 func (err ErrUserAlreadyExist) Error() string {
-	return fmt.Sprintf("user already exists: [name: %s]", err.Name)
+	return fmt.Sprintf("user already exists [name: %s]", err.Name)
 }

 type ErrUserNotExist struct {
@@ -65,7 +65,7 @@ func IsErrUserNotExist(err error) bool {
 }

 func (err ErrUserNotExist) Error() string {
-	return fmt.Sprintf("user does not exist: [uid: %d, name: %s]", err.UID, err.Name)
+	return fmt.Sprintf("user does not exist [uid: %d, name: %s]", err.UID, err.Name)
 }

 type ErrEmailAlreadyUsed struct {
@@ -78,7 +78,7 @@ func IsErrEmailAlreadyUsed(err error) bool {
 }

 func (err ErrEmailAlreadyUsed) Error() string {
-	return fmt.Sprintf("e-mail has been used: [email: %s]", err.Email)
+	return fmt.Sprintf("e-mail has been used [email: %s]", err.Email)
 }

 type ErrUserOwnRepos struct {
@@ -91,7 +91,7 @@ func IsErrUserOwnRepos(err error) bool {
 }

 func (err ErrUserOwnRepos) Error() string {
-	return fmt.Sprintf("user still has ownership of repositories: [uid: %d]", err.UID)
+	return fmt.Sprintf("user still has ownership of repositories [uid: %d]", err.UID)
 }

 type ErrUserHasOrgs struct {
@@ -104,7 +104,27 @@ func IsErrUserHasOrgs(err error) bool {
 }

 func (err ErrUserHasOrgs) Error() string {
-	return fmt.Sprintf("user still has membership of organizations: [uid: %d]", err.UID)
+	return fmt.Sprintf("user still has membership of organizations [uid: %d]", err.UID)
+}
+
+//  __      __.__ __   .__
+// /  \    /  \__|  | _|__|
+// \   \/\/   /  |  |/ /  |
+//  \        /|  |    <|  |
+//   \__/\  / |__|__|_ \__|
+//        \/          \/
+
+type ErrWikiAlreadyExist struct {
+	Title string
+}
+
+func IsErrWikiAlreadyExist(err error) bool {
+	_, ok := err.(ErrWikiAlreadyExist)
+	return ok
+}
+
+func (err ErrWikiAlreadyExist) Error() string {
+	return fmt.Sprintf("wiki page already exists [title: %s]", err.Title)
 }

 // __________     ___.   .__  .__          ____  __.
@@ -114,6 +134,19 @@ func (err ErrUserHasOrgs) Error() string {
 //  |____|   |____/|___  /____/__|\___  > |____|__ \___  > ____|
 //                     \/             \/          \/   \/\/

+type ErrKeyUnableVerify struct {
+	Result string
+}
+
+func IsErrKeyUnableVerify(err error) bool {
+	_, ok := err.(ErrKeyUnableVerify)
+	return ok
+}
+
+func (err ErrKeyUnableVerify) Error() string {
+	return fmt.Sprintf("Unable to verify key content [result: %s]", err.Result)
+}
+
 type ErrKeyNotExist struct {
 	ID int64
 }
@@ -124,7 +157,7 @@ func IsErrKeyNotExist(err error) bool {
 }

 func (err ErrKeyNotExist) Error() string {
-	return fmt.Sprintf("public key does not exist: [id: %d]", err.ID)
+	return fmt.Sprintf("public key does not exist [id: %d]", err.ID)
 }

 type ErrKeyAlreadyExist struct {
@@ -138,7 +171,7 @@ func IsErrKeyAlreadyExist(err error) bool {
 }

 func (err ErrKeyAlreadyExist) Error() string {
-	return fmt.Sprintf("public key already exists: [owner_id: %d, content: %s]", err.OwnerID, err.Content)
+	return fmt.Sprintf("public key already exists [owner_id: %d, content: %s]", err.OwnerID, err.Content)
 }

 type ErrKeyNameAlreadyUsed struct {
@@ -152,7 +185,38 @@ func IsErrKeyNameAlreadyUsed(err error) bool {
 }

 func (err ErrKeyNameAlreadyUsed) Error() string {
-	return fmt.Sprintf("public key already exists: [owner_id: %d, name: %s]", err.OwnerID, err.Name)
+	return fmt.Sprintf("public key already exists [owner_id: %d, name: %s]", err.OwnerID, err.Name)
+}
+
+type ErrKeyAccessDenied struct {
+	UserID int64
+	KeyID  int64
+	Note   string
+}
+
+func IsErrKeyAccessDenied(err error) bool {
+	_, ok := err.(ErrKeyAccessDenied)
+	return ok
+}
+
+func (err ErrKeyAccessDenied) Error() string {
+	return fmt.Sprintf("user does not have access to the key [user_id: %d, key_id: %d, note: %s]",
+		err.UserID, err.KeyID, err.Note)
+}
+
+type ErrDeployKeyNotExist struct {
+	ID     int64
+	KeyID  int64
+	RepoID int64
+}
+
+func IsErrDeployKeyNotExist(err error) bool {
+	_, ok := err.(ErrDeployKeyNotExist)
+	return ok
+}
+
+func (err ErrDeployKeyNotExist) Error() string {
+	return fmt.Sprintf("Deploy key does not exist [id: %d, key_id: %d, repo_id: %d]", err.ID, err.KeyID, err.RepoID)
 }

 type ErrDeployKeyAlreadyExist struct {
@@ -166,7 +230,7 @@ func IsErrDeployKeyAlreadyExist(err error) bool {
 }

 func (err ErrDeployKeyAlreadyExist) Error() string {
-	return fmt.Sprintf("public key already exists: [key_id: %d, repo_id: %d]", err.KeyID, err.RepoID)
+	return fmt.Sprintf("public key already exists [key_id: %d, repo_id: %d]", err.KeyID, err.RepoID)
 }

 type ErrDeployKeyNameAlreadyUsed struct {
@@ -180,7 +244,7 @@ func IsErrDeployKeyNameAlreadyUsed(err error) bool {
 }

 func (err ErrDeployKeyNameAlreadyUsed) Error() string {
-	return fmt.Sprintf("public key already exists: [repo_id: %d, name: %s]", err.RepoID, err.Name)
+	return fmt.Sprintf("public key already exists [repo_id: %d, name: %s]", err.RepoID, err.Name)
 }

 //    _____                                   ___________     __
@@ -200,7 +264,7 @@ func IsErrAccessTokenNotExist(err error) bool {
 }

 func (err ErrAccessTokenNotExist) Error() string {
-	return fmt.Sprintf("access token does not exist: [sha: %s]", err.SHA)
+	return fmt.Sprintf("access token does not exist [sha: %s]", err.SHA)
 }

 // ________                            .__                __  .__
@@ -220,7 +284,7 @@ func IsErrLastOrgOwner(err error) bool {
 }

 func (err ErrLastOrgOwner) Error() string {
-	return fmt.Sprintf("user is the last member of owner team: [uid: %d]", err.UID)
+	return fmt.Sprintf("user is the last member of owner team [uid: %d]", err.UID)
 }

 // __________                           .__  __
@@ -259,6 +323,62 @@ func (err ErrRepoAlreadyExist) Error() string {
 	return fmt.Sprintf("repository already exists [uname: %s, name: %s]", err.Uname, err.Name)
 }

+type ErrInvalidCloneAddr struct {
+	IsURLError         bool
+	IsInvalidPath      bool
+	IsPermissionDenied bool
+}
+
+func IsErrInvalidCloneAddr(err error) bool {
+	_, ok := err.(ErrInvalidCloneAddr)
+	return ok
+}
+
+func (err ErrInvalidCloneAddr) Error() string {
+	return fmt.Sprintf("invalid clone address [is_url_error: %v, is_invalid_path: %v, is_permission_denied: %v]",
+		err.IsURLError, err.IsInvalidPath, err.IsPermissionDenied)
+}
+
+type ErrUpdateTaskNotExist struct {
+	UUID string
+}
+
+func IsErrUpdateTaskNotExist(err error) bool {
+	_, ok := err.(ErrUpdateTaskNotExist)
+	return ok
+}
+
+func (err ErrUpdateTaskNotExist) Error() string {
+	return fmt.Sprintf("update task does not exist [uuid: %s]", err.UUID)
+}
+
+type ErrReleaseAlreadyExist struct {
+	TagName string
+}
+
+func IsErrReleaseAlreadyExist(err error) bool {
+	_, ok := err.(ErrReleaseAlreadyExist)
+	return ok
+}
+
+func (err ErrReleaseAlreadyExist) Error() string {
+	return fmt.Sprintf("Release tag already exist [tag_name: %s]", err.TagName)
+}
+
+type ErrReleaseNotExist struct {
+	ID      int64
+	TagName string
+}
+
+func IsErrReleaseNotExist(err error) bool {
+	_, ok := err.(ErrReleaseNotExist)
+	return ok
+}
+
+func (err ErrReleaseNotExist) Error() string {
+	return fmt.Sprintf("Release tag does not exist [id: %d, tag_name: %s]", err.ID, err.TagName)
+}
+
 //  __      __      ___.   .__                   __
 // /  \    /  \ ____\_ |__ |  |__   ____   ____ |  | __
 // \   \/\/   // __ \| __ \|  |  \ /  _ \ /  _ \|  |/ /
@@ -310,7 +430,7 @@ func (err ErrIssueNotExist) Error() string {

 type ErrPullRequestNotExist struct {
 	ID         int64
-	PullID     int64
+	IssueID    int64
 	HeadRepoID int64
 	BaseRepoID int64
 	HeadBarcnh string
@@ -323,8 +443,8 @@ func IsErrPullRequestNotExist(err error) bool {
 }

 func (err ErrPullRequestNotExist) Error() string {
-	return fmt.Sprintf("pull request does not exist [id: %d, pull_id: %d, head_repo_id: %d, base_repo_id: %d, head_branch: %s, base_branch: %s]",
-		err.ID, err.PullID, err.HeadRepoID, err.BaseRepoID, err.HeadBarcnh, err.BaseBranch)
+	return fmt.Sprintf("pull request does not exist [id: %d, issue_id: %d, head_repo_id: %d, base_repo_id: %d, head_branch: %s, base_branch: %s]",
+		err.ID, err.IssueID, err.HeadRepoID, err.BaseRepoID, err.HeadBarcnh, err.BaseBranch)
 }

 // _________                                       __
@@ -408,3 +528,23 @@ func IsErrAttachmentNotExist(err error) bool {
 func (err ErrAttachmentNotExist) Error() string {
 	return fmt.Sprintf("attachment does not exist [id: %d, uuid: %s]", err.ID, err.UUID)
 }
+
+//    _____          __  .__                   __  .__               __  .__
+//   /  _  \  __ ___/  |_|  |__   ____   _____/  |_|__| ____ _____ _/  |_|__| ____   ____
+//  /  /_\  \|  |  \   __\  |  \_/ __ \ /    \   __\  |/ ___\\__  \\   __\  |/  _ \ /    \
+// /    |    \  |  /|  | |   Y  \  ___/|   |  \  | |  \  \___ / __ \|  | |  (  <_> )   |  \
+// \____|__  /____/ |__| |___|  /\___  >___|  /__| |__|\___  >____  /__| |__|\____/|___|  /
+//         \/                 \/     \/     \/             \/     \/                    \/
+
+type ErrAuthenticationNotExist struct {
+	ID int64
+}
+
+func IsErrAuthenticationNotExist(err error) bool {
+	_, ok := err.(ErrAuthenticationNotExist)
+	return ok
+}
+
+func (err ErrAuthenticationNotExist) Error() string {
+	return fmt.Sprintf("Authentication does not exist [id: %d]", err.ID)
+}
--- a/models/git_diff.go
+++ b/models/git_diff.go
@@ -12,15 +12,14 @@ import (
 	"os"
 	"os/exec"
 	"strings"
-	"time"

+	"github.com/Unknwon/com"
 	"golang.org/x/net/html/charset"
 	"golang.org/x/text/transform"

-	"github.com/Unknwon/com"
+	"github.com/gogits/git-shell"

 	"github.com/gogits/gogs/modules/base"
-	"github.com/gogits/gogs/modules/git"
 	"github.com/gogits/gogs/modules/log"
 	"github.com/gogits/gogs/modules/process"
 )
@@ -37,6 +36,7 @@ const (
 	DIFF_FILE_ADD = iota + 1
 	DIFF_FILE_CHANGE
 	DIFF_FILE_DEL
+	DIFF_FILE_RENAME
 )

 type DiffLine struct {
@@ -57,12 +57,14 @@ type DiffSection struct {

 type DiffFile struct {
 	Name               string
+	OldName            string
 	Index              int
 	Addition, Deletion int
 	Type               int
 	IsCreated          bool
 	IsDeleted          bool
 	IsBin              bool
+	IsRenamed          bool
 	Sections           []*DiffSection
 }

@@ -77,39 +79,53 @@ func (diff *Diff) NumFiles() int {

 const DIFF_HEAD = "diff --git "

-func ParsePatch(pid int64, maxlines int, cmd *exec.Cmd, reader io.Reader) (*Diff, error) {
-	scanner := bufio.NewScanner(reader)
+func ParsePatch(maxlines int, reader io.Reader) (*Diff, error) {
 	var (
+		diff = &Diff{Files: make([]*DiffFile, 0)}
+
 		curFile    *DiffFile
 		curSection = &DiffSection{
 			Lines: make([]*DiffLine, 0, 10),
 		}

 		leftLine, rightLine int
-		isTooLong           bool
-		// FIXME: Should use cache in the future.
-		buf bytes.Buffer
+		lineCount           int
 	)

-	diff := &Diff{Files: make([]*DiffFile, 0)}
-	var i int
-	for scanner.Scan() {
-		line := scanner.Text()
-		// fmt.Println(i, line)
+	input := bufio.NewReader(reader)
+	isEOF := false
+	for {
+		if isEOF {
+			break
+		}
+
+		line, err := input.ReadString('\n')
+		if err != nil {
+			if err == io.EOF {
+				isEOF = true
+			} else {
+				return nil, fmt.Errorf("ReadString: %v", err)
+			}
+		}
+
+		if len(line) > 0 && line[len(line)-1] == '\n' {
+			// Remove line break.
+			line = line[:len(line)-1]
+		}
+
 		if strings.HasPrefix(line, "+++ ") || strings.HasPrefix(line, "--- ") {
 			continue
-		}
-
-		if line == "" {
+		} else if len(line) == 0 {
 			continue
 		}

-		i = i + 1
+		lineCount++

 		// Diff data too large, we only show the first about maxlines lines
-		if i == maxlines {
-			isTooLong = true
+		if lineCount >= maxlines {
 			log.Warn("Diff data too large")
+			diff.Files = nil
+			return diff, nil
 		}

 		switch {
@@ -120,10 +136,6 @@ func ParsePatch(pid int64, maxlines int, cmd *exec.Cmd, reader io.Reader) (*Diff
 			curSection.Lines = append(curSection.Lines, diffLine)
 			continue
 		case line[0] == '@':
-			if isTooLong {
-				break
-			}
-
 			curSection = &DiffSection{}
 			curFile.Sections = append(curFile.Sections, curSection)
 			ss := strings.Split(line, "@@")
@@ -162,21 +174,27 @@ func ParsePatch(pid int64, maxlines int, cmd *exec.Cmd, reader io.Reader) (*Diff

 		// Get new file.
 		if strings.HasPrefix(line, DIFF_HEAD) {
-			if isTooLong {
-				break
+			middle := -1
+
+			// Note: In case file name is surrounded by double quotes (it happens only in git-shell).
+			// e.g. diff --git "a/xxx" "b/xxx"
+			hasQuote := line[len(DIFF_HEAD)] == '"'
+			if hasQuote {
+				middle = strings.Index(line, ` "b/`)
+			} else {
+				middle = strings.Index(line, " b/")
 			}

 			beg := len(DIFF_HEAD)
-			a := line[beg : (len(line)-beg)/2+beg]
-
-			// In case file name is surrounded by double quotes(it happens only in git-shell).
-			if a[0] == '"' {
-				a = a[1 : len(a)-1]
-				a = strings.Replace(a, `\"`, `"`, -1)
+			a := line[beg+2 : middle]
+			b := line[middle+3:]
+			if hasQuote {
+				a = string(git.UnescapeChars([]byte(a[1 : len(a)-1])))
+				b = string(git.UnescapeChars([]byte(b[1 : len(b)-1])))
 			}

 			curFile = &DiffFile{
-				Name:     a[strings.Index(a, "/")+1:],
+				Name:     a,
 				Index:    len(diff.Files) + 1,
 				Type:     DIFF_FILE_CHANGE,
 				Sections: make([]*DiffSection, 0, 10),
@@ -184,20 +202,30 @@ func ParsePatch(pid int64, maxlines int, cmd *exec.Cmd, reader io.Reader) (*Diff
 			diff.Files = append(diff.Files, curFile)

 			// Check file diff type.
-			for scanner.Scan() {
+			for {
+				line, err := input.ReadString('\n')
+				if err != nil {
+					if err == io.EOF {
+						isEOF = true
+					} else {
+						return nil, fmt.Errorf("ReadString: %v", err)
+					}
+				}
+
 				switch {
-				case strings.HasPrefix(scanner.Text(), "new file"):
+				case strings.HasPrefix(line, "new file"):
 					curFile.Type = DIFF_FILE_ADD
-					curFile.IsDeleted = false
 					curFile.IsCreated = true
-				case strings.HasPrefix(scanner.Text(), "deleted"):
+				case strings.HasPrefix(line, "deleted"):
 					curFile.Type = DIFF_FILE_DEL
-					curFile.IsCreated = false
 					curFile.IsDeleted = true
-				case strings.HasPrefix(scanner.Text(), "index"):
+				case strings.HasPrefix(line, "index"):
 					curFile.Type = DIFF_FILE_CHANGE
-					curFile.IsCreated = false
-					curFile.IsDeleted = false
+				case strings.HasPrefix(line, "similarity index 100%"):
+					curFile.Type = DIFF_FILE_RENAME
+					curFile.IsRenamed = true
+					curFile.OldName = curFile.Name
+					curFile.Name = b
 				}
 				if curFile.Type > 0 {
 					break
@@ -206,6 +234,8 @@ func ParsePatch(pid int64, maxlines int, cmd *exec.Cmd, reader io.Reader) (*Diff
 		}
 	}

+	// FIXME: detect encoding while parsing.
+	var buf bytes.Buffer
 	for _, f := range diff.Files {
 		buf.Reset()
 		for _, sec := range f.Sections {
@@ -232,61 +262,55 @@ func ParsePatch(pid int64, maxlines int, cmd *exec.Cmd, reader io.Reader) (*Diff
 	return diff, nil
 }

-func GetDiffRange(repoPath, beforeCommitId string, afterCommitId string, maxlines int) (*Diff, error) {
+func GetDiffRange(repoPath, beforeCommitID string, afterCommitID string, maxlines int) (*Diff, error) {
 	repo, err := git.OpenRepository(repoPath)
 	if err != nil {
 		return nil, err
 	}

-	commit, err := repo.GetCommit(afterCommitId)
+	commit, err := repo.GetCommit(afterCommitID)
 	if err != nil {
 		return nil, err
 	}

-	rd, wr := io.Pipe()
 	var cmd *exec.Cmd
 	// if "after" commit given
-	if beforeCommitId == "" {
+	if len(beforeCommitID) == 0 {
 		// First commit of repository.
 		if commit.ParentCount() == 0 {
-			cmd = exec.Command("git", "show", afterCommitId)
+			cmd = exec.Command("git", "show", afterCommitID)
 		} else {
 			c, _ := commit.Parent(0)
-			cmd = exec.Command("git", "diff", c.Id.String(), afterCommitId)
+			cmd = exec.Command("git", "diff", "-M", c.ID.String(), afterCommitID)
 		}
 	} else {
-		cmd = exec.Command("git", "diff", beforeCommitId, afterCommitId)
+		cmd = exec.Command("git", "diff", "-M", beforeCommitID, afterCommitID)
 	}
 	cmd.Dir = repoPath
-	cmd.Stdout = wr
-	cmd.Stdin = os.Stdin
 	cmd.Stderr = os.Stderr

-	done := make(chan error)
-	go func() {
-		cmd.Start()
-		done <- cmd.Wait()
-		wr.Close()
-	}()
-	defer rd.Close()
+	stdout, err := cmd.StdoutPipe()
+	if err != nil {
+		return nil, fmt.Errorf("StdoutPipe: %v", err)
+	}

-	desc := fmt.Sprintf("GetDiffRange(%s)", repoPath)
-	pid := process.Add(desc, cmd)
-	go func() {
-		// In case process became zombie.
-		select {
-		case <-time.After(5 * time.Minute):
-			if errKill := process.Kill(pid); errKill != nil {
-				log.Error(4, "git_diff.ParsePatch(Kill): %v", err)
-			}
-			<-done
-			// return "", ErrExecTimeout.Error(), ErrExecTimeout
-		case err = <-done:
-			process.Remove(pid)
-		}
-	}()
+	if err = cmd.Start(); err != nil {
+		return nil, fmt.Errorf("Start: %v", err)
+	}

-	return ParsePatch(pid, maxlines, cmd, rd)
+	pid := process.Add(fmt.Sprintf("GetDiffRange (%s)", repoPath), cmd)
+	defer process.Remove(pid)
+
+	diff, err := ParsePatch(maxlines, stdout)
+	if err != nil {
+		return nil, fmt.Errorf("ParsePatch: %v", err)
+	}
+
+	if err = cmd.Wait(); err != nil {
+		return nil, fmt.Errorf("Wait: %v", err)
+	}
+
+	return diff, nil
 }

 func GetDiffCommit(repoPath, commitId string, maxlines int) (*Diff, error) {
--- a/models/issue.go
+++ b/models/issue.go
@@ -9,7 +9,6 @@ import (
 	"errors"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"mime/multipart"
 	"os"
 	"path"
@@ -20,9 +19,7 @@ import (
 	"github.com/go-xorm/xorm"

 	"github.com/gogits/gogs/modules/base"
-	"github.com/gogits/gogs/modules/git"
 	"github.com/gogits/gogs/modules/log"
-	"github.com/gogits/gogs/modules/process"
 	"github.com/gogits/gogs/modules/setting"
 	gouuid "github.com/gogits/gogs/modules/uuid"
 )
@@ -95,15 +92,6 @@ func (i *Issue) AfterSet(colName string, _ xorm.Cell) {
 		if err != nil {
 			log.Error(3, "GetUserByID[%d]: %v", i.ID, err)
 		}
-	case "is_pull":
-		if !i.IsPull {
-			return
-		}
-
-		i.PullRequest, err = GetPullRequestByPullID(i.ID)
-		if err != nil {
-			log.Error(3, "GetPullRequestByPullID[%d]: %v", i.ID, err)
-		}
 	case "created":
 		i.Created = regulateTimeZone(i.Created)
 	}
@@ -236,7 +224,7 @@ func (i *Issue) changeStatus(e *xorm.Session, doer *User, isClosed bool) (err er
 	}
 	i.IsClosed = isClosed

-	if err = updateIssue(e, i); err != nil {
+	if err = updateIssueCols(e, i, "is_closed"); err != nil {
 		return err
 	} else if err = updateIssueUsersByStatus(e, i.ID, isClosed); err != nil {
 		return err
@@ -285,6 +273,15 @@ func (i *Issue) ChangeStatus(doer *User, isClosed bool) (err error) {
 	return sess.Commit()
 }

+func (i *Issue) GetPullRequest() (err error) {
+	if i.PullRequest != nil {
+		return nil
+	}
+
+	i.PullRequest, err = GetPullRequestByIssueID(i.ID)
+	return err
+}
+
 // It's caller's responsibility to create action.
 func newIssue(e *xorm.Session, repo *Repository, issue *Issue, labelIDs []int64, uuids []string, isPull bool) (err error) {
 	if _, err = e.Insert(issue); err != nil {
@@ -721,32 +718,28 @@ func GetIssueStats(opts *IssueStatsOptions) *IssueStats {
 	if opts.AssigneeID > 0 {
 		baseCond += " AND assignee_id=" + com.ToStr(opts.AssigneeID)
 	}
-	if opts.IsPull {
-		baseCond += " AND issue.is_pull=1"
-	} else {
-		baseCond += " AND issue.is_pull=0"
-	}
+	baseCond += " AND issue.is_pull=?"

 	switch opts.FilterMode {
 	case FM_ALL, FM_ASSIGN:
-		results, _ := x.Query(queryStr+baseCond, false)
+		results, _ := x.Query(queryStr+baseCond, false, opts.IsPull)
 		stats.OpenCount = parseCountResult(results)
-		results, _ = x.Query(queryStr+baseCond, true)
+		results, _ = x.Query(queryStr+baseCond, true, opts.IsPull)
 		stats.ClosedCount = parseCountResult(results)

 	case FM_CREATE:
 		baseCond += " AND poster_id=?"
-		results, _ := x.Query(queryStr+baseCond, false, opts.UserID)
+		results, _ := x.Query(queryStr+baseCond, false, opts.IsPull, opts.UserID)
 		stats.OpenCount = parseCountResult(results)
-		results, _ = x.Query(queryStr+baseCond, true, opts.UserID)
+		results, _ = x.Query(queryStr+baseCond, true, opts.IsPull, opts.UserID)
 		stats.ClosedCount = parseCountResult(results)

 	case FM_MENTION:
 		queryStr += " INNER JOIN `issue_user` ON `issue`.id=`issue_user`.issue_id"
 		baseCond += " AND `issue_user`.uid=? AND `issue_user`.is_mentioned=?"
-		results, _ := x.Query(queryStr+baseCond, false, opts.UserID, true)
+		results, _ := x.Query(queryStr+baseCond, false, opts.IsPull, opts.UserID, true)
 		stats.OpenCount = parseCountResult(results)
-		results, _ = x.Query(queryStr+baseCond, true, opts.UserID, true)
+		results, _ = x.Query(queryStr+baseCond, true, opts.IsPull, opts.UserID, true)
 		stats.ClosedCount = parseCountResult(results)
 	}
 	return stats
@@ -821,11 +814,17 @@ func updateIssue(e Engine, issue *Issue) error {
 	return err
 }

-// UpdateIssue updates information of issue.
+// UpdateIssue updates all fields of given issue.
 func UpdateIssue(issue *Issue) error {
 	return updateIssue(x, issue)
 }

+// updateIssueCols updates specific fields of given issue.
+func updateIssueCols(e Engine, issue *Issue, cols ...string) error {
+	_, err := e.Id(issue.ID).Cols(cols...).Update(issue)
+	return err
+}
+
 func updateIssueUsersByStatus(e Engine, issueID int64, isClosed bool) error {
 	_, err := e.Exec("UPDATE `issue_user` SET is_closed=? WHERE issue_id=?", isClosed, issueID)
 	return err
@@ -894,233 +893,6 @@ func UpdateIssueUsersByMentions(uids []int64, iid int64) error {
 	return nil
 }

-// __________      .__  .__ __________                                     __
-// \______   \__ __|  | |  |\______   \ ____  ________ __   ____   _______/  |_
-//  |     ___/  |  \  | |  | |       _// __ \/ ____/  |  \_/ __ \ /  ___/\   __\
-//  |    |   |  |  /  |_|  |_|    |   \  ___< <_|  |  |  /\  ___/ \___ \  |  |
-//  |____|   |____/|____/____/____|_  /\___  >__   |____/  \___  >____  > |__|
-//                                  \/     \/   |__|           \/     \/
-
-type PullRequestType int
-
-const (
-	PULL_REQUEST_GOGS = iota
-	PLLL_ERQUEST_GIT
-)
-
-// PullRequest represents relation between pull request and repositories.
-type PullRequest struct {
-	ID             int64  `xorm:"pk autoincr"`
-	PullID         int64  `xorm:"INDEX"`
-	Pull           *Issue `xorm:"-"`
-	PullIndex      int64
-	HeadRepoID     int64
-	HeadRepo       *Repository `xorm:"-"`
-	BaseRepoID     int64
-	HeadUserName   string
-	HeadBarcnh     string
-	BaseBranch     string
-	MergeBase      string `xorm:"VARCHAR(40)"`
-	MergedCommitID string `xorm:"VARCHAR(40)"`
-	Type           PullRequestType
-	CanAutoMerge   bool
-	HasMerged      bool
-	Merged         time.Time
-	MergerID       int64
-	Merger         *User `xorm:"-"`
-}
-
-func (pr *PullRequest) AfterSet(colName string, _ xorm.Cell) {
-	var err error
-	switch colName {
-	case "head_repo_id":
-		pr.HeadRepo, err = GetRepositoryByID(pr.HeadRepoID)
-		if err != nil {
-			log.Error(3, "GetRepositoryByID[%d]: %v", pr.ID, err)
-		}
-	case "merger_id":
-		if !pr.HasMerged {
-			return
-		}
-
-		pr.Merger, err = GetUserByID(pr.MergerID)
-		if err != nil {
-			if IsErrUserNotExist(err) {
-				pr.MergerID = -1
-				pr.Merger = NewFakeUser()
-			} else {
-				log.Error(3, "GetUserByID[%d]: %v", pr.ID, err)
-			}
-		}
-	case "merged":
-		if !pr.HasMerged {
-			return
-		}
-
-		pr.Merged = regulateTimeZone(pr.Merged)
-	}
-}
-
-// Merge merges pull request to base repository.
-func (pr *PullRequest) Merge(doer *User, baseGitRepo *git.Repository) (err error) {
-	sess := x.NewSession()
-	defer sessionRelease(sess)
-	if err = sess.Begin(); err != nil {
-		return err
-	}
-
-	if err = pr.Pull.changeStatus(sess, doer, true); err != nil {
-		return fmt.Errorf("Pull.changeStatus: %v", err)
-	}
-
-	headRepoPath := RepoPath(pr.HeadUserName, pr.HeadRepo.Name)
-	headGitRepo, err := git.OpenRepository(headRepoPath)
-	if err != nil {
-		return fmt.Errorf("OpenRepository: %v", err)
-	}
-	pr.MergedCommitID, err = headGitRepo.GetCommitIdOfBranch(pr.HeadBarcnh)
-	if err != nil {
-		return fmt.Errorf("GetCommitIdOfBranch: %v", err)
-	}
-
-	if err = mergePullRequestAction(sess, doer, pr.Pull.Repo, pr.Pull); err != nil {
-		return fmt.Errorf("mergePullRequestAction: %v", err)
-	}
-
-	pr.HasMerged = true
-	pr.Merged = time.Now()
-	pr.MergerID = doer.Id
-	if _, err = sess.Id(pr.ID).AllCols().Update(pr); err != nil {
-		return fmt.Errorf("update pull request: %v", err)
-	}
-
-	// Clone base repo.
-	tmpBasePath := path.Join("data/tmp/repos", com.ToStr(time.Now().Nanosecond())+".git")
-	os.MkdirAll(path.Dir(tmpBasePath), os.ModePerm)
-	defer os.RemoveAll(path.Dir(tmpBasePath))
-
-	var stderr string
-	if _, stderr, err = process.ExecTimeout(5*time.Minute,
-		fmt.Sprintf("PullRequest.Merge(git clone): %s", tmpBasePath),
-		"git", "clone", baseGitRepo.Path, tmpBasePath); err != nil {
-		return fmt.Errorf("git clone: %s", stderr)
-	}
-
-	// Check out base branch.
-	if _, stderr, err = process.ExecDir(-1, tmpBasePath,
-		fmt.Sprintf("PullRequest.Merge(git checkout): %s", tmpBasePath),
-		"git", "checkout", pr.BaseBranch); err != nil {
-		return fmt.Errorf("git checkout: %s", stderr)
-	}
-
-	// Pull commits.
-	if _, stderr, err = process.ExecDir(-1, tmpBasePath,
-		fmt.Sprintf("PullRequest.Merge(git pull): %s", tmpBasePath),
-		"git", "pull", headRepoPath, pr.HeadBarcnh); err != nil {
-		return fmt.Errorf("git pull: %s", stderr)
-	}
-
-	// Push back to upstream.
-	if _, stderr, err = process.ExecDir(-1, tmpBasePath,
-		fmt.Sprintf("PullRequest.Merge(git push): %s", tmpBasePath),
-		"git", "push", baseGitRepo.Path, pr.BaseBranch); err != nil {
-		return fmt.Errorf("git push: %s", stderr)
-	}
-
-	return sess.Commit()
-}
-
-// NewPullRequest creates new pull request with labels for repository.
-func NewPullRequest(repo *Repository, pull *Issue, labelIDs []int64, uuids []string, pr *PullRequest, patch []byte) (err error) {
-	sess := x.NewSession()
-	defer sessionRelease(sess)
-	if err = sess.Begin(); err != nil {
-		return err
-	}
-
-	if err = newIssue(sess, repo, pull, labelIDs, uuids, true); err != nil {
-		return fmt.Errorf("newIssue: %v", err)
-	}
-
-	// Notify watchers.
-	act := &Action{
-		ActUserID:    pull.Poster.Id,
-		ActUserName:  pull.Poster.Name,
-		ActEmail:     pull.Poster.Email,
-		OpType:       CREATE_PULL_REQUEST,
-		Content:      fmt.Sprintf("%d|%s", pull.Index, pull.Name),
-		RepoID:       repo.ID,
-		RepoUserName: repo.Owner.Name,
-		RepoName:     repo.Name,
-		IsPrivate:    repo.IsPrivate,
-	}
-	if err = notifyWatchers(sess, act); err != nil {
-		return err
-	}
-
-	// Test apply patch.
-	repoPath, err := repo.RepoPath()
-	if err != nil {
-		return fmt.Errorf("RepoPath: %v", err)
-	}
-	patchPath := path.Join(repoPath, "pulls", com.ToStr(pr.ID)+".patch")
-
-	os.MkdirAll(path.Dir(patchPath), os.ModePerm)
-	if err = ioutil.WriteFile(patchPath, patch, 0644); err != nil {
-		return fmt.Errorf("save patch: %v", err)
-	}
-	defer os.Remove(patchPath)
-
-	stdout, stderr, err := process.ExecDir(-1, repoPath,
-		fmt.Sprintf("NewPullRequest(git apply --check): %d", repo.ID),
-		"git", "apply", "--check", "-v", patchPath)
-	if err != nil {
-		if strings.Contains(stderr, "fatal:") {
-			return fmt.Errorf("git apply --check: %v - %s", err, stderr)
-		}
-	}
-	pr.CanAutoMerge = !strings.Contains(stdout, "error: patch failed:")
-
-	pr.PullID = pull.ID
-	pr.PullIndex = pull.Index
-	if _, err = sess.Insert(pr); err != nil {
-		return fmt.Errorf("insert pull repo: %v", err)
-	}
-
-	return sess.Commit()
-}
-
-// GetUnmergedPullRequest returnss a pull request hasn't been merged by given info.
-func GetUnmergedPullRequest(headRepoID, baseRepoID int64, headBranch, baseBranch string) (*PullRequest, error) {
-	pr := &PullRequest{
-		HeadRepoID: headRepoID,
-		BaseRepoID: baseRepoID,
-		HeadBarcnh: headBranch,
-		BaseBranch: baseBranch,
-	}
-
-	has, err := x.Where("has_merged=?", false).Get(pr)
-	if err != nil {
-		return nil, err
-	} else if !has {
-		return nil, ErrPullRequestNotExist{0, 0, headRepoID, baseRepoID, headBranch, baseBranch}
-	}
-
-	return pr, nil
-}
-
-// GetPullRequestByPullID returns pull repo by given pull ID.
-func GetPullRequestByPullID(pullID int64) (*PullRequest, error) {
-	pr := new(PullRequest)
-	has, err := x.Where("pull_id=?", pullID).Get(pr)
-	if err != nil {
-		return nil, err
-	} else if !has {
-		return nil, ErrPullRequestNotExist{0, pullID, 0, 0, "", ""}
-	}
-	return pr, nil
-}
-
 // .____          ___.          .__
 // |    |   _____ \_ |__   ____ |  |
 // |    |   \__  \ | __ \_/ __ \|  |
@@ -1525,7 +1297,7 @@ func changeMilestoneIssueStats(e *xorm.Session, issue *Issue) error {
 }

 // ChangeMilestoneIssueStats updates the open/closed issues counter and progress
-// for the milestone associated witht the given issue.
+// for the milestone associated with the given issue.
 func ChangeMilestoneIssueStats(issue *Issue) (err error) {
 	sess := x.NewSession()
 	defer sessionRelease(sess)
@@ -1599,8 +1371,8 @@ func ChangeMilestoneAssign(oldMid int64, issue *Issue) (err error) {
 }

 // DeleteMilestoneByID deletes a milestone by given ID.
-func DeleteMilestoneByID(mid int64) error {
-	m, err := GetMilestoneByID(mid)
+func DeleteMilestoneByID(id int64) error {
+	m, err := GetMilestoneByID(id)
 	if err != nil {
 		if IsErrMilestoneNotExist(err) {
 			return nil
--- a/models/login.go
+++ b/models/login.go
@@ -36,7 +36,6 @@ const (

 var (
 	ErrAuthenticationAlreadyExist = errors.New("Authentication already exist")
-	ErrAuthenticationNotExist     = errors.New("Authentication does not exist")
 	ErrAuthenticationUserUsed     = errors.New("Authentication has been used by some users")
 )

@@ -191,13 +190,14 @@ func LoginSources() ([]*LoginSource, error) {
 	return auths, x.Find(&auths)
 }

+// GetLoginSourceByID returns login source by given ID.
 func GetLoginSourceByID(id int64) (*LoginSource, error) {
 	source := new(LoginSource)
 	has, err := x.Id(id).Get(source)
 	if err != nil {
 		return nil, err
 	} else if !has {
-		return nil, ErrAuthenticationNotExist
+		return nil, ErrAuthenticationNotExist{id}
 	}
 	return source, nil
 }
@@ -225,17 +225,16 @@ func DeleteSource(source *LoginSource) error {
 // |_______ \/_______  /\____|__  /____|
 //         \/        \/         \/

-// Query if name/passwd can login against the LDAP directory pool
-// Create a local user if success
-// Return the same LoginUserPlain semantic
-// FIXME: https://github.com/gogits/gogs/issues/672
-func LoginUserLDAPSource(u *User, name, passwd string, source *LoginSource, autoRegister bool) (*User, error) {
+// LoginUserLDAPSource queries if loginName/passwd can login against the LDAP directory pool,
+// and create a local user if success when enabled.
+// It returns the same LoginUserPlain semantic.
+func LoginUserLDAPSource(u *User, loginName, passwd string, source *LoginSource, autoRegister bool) (*User, error) {
 	cfg := source.Cfg.(*LDAPConfig)
 	directBind := (source.Type == DLDAP)
-	fn, sn, mail, admin, logged := cfg.SearchEntry(name, passwd, directBind)
+	name, fn, sn, mail, admin, logged := cfg.SearchEntry(loginName, passwd, directBind)
 	if !logged {
 		// User not in LDAP, do nothing
-		return nil, ErrUserNotExist{0, name}
+		return nil, ErrUserNotExist{0, loginName}
 	}

 	if !autoRegister {
@@ -243,6 +242,9 @@ func LoginUserLDAPSource(u *User, name, passwd string, source *LoginSource, auto
 	}

 	// Fallback.
+	if len(name) == 0 {
+		name = loginName
+	}
 	if len(mail) == 0 {
 		mail = fmt.Sprintf("%s@localhost", name)
 	}
@@ -250,10 +252,10 @@ func LoginUserLDAPSource(u *User, name, passwd string, source *LoginSource, auto
 	u = &User{
 		LowerName:   strings.ToLower(name),
 		Name:        name,
-		FullName:    strings.TrimSpace(fn + " " + sn),
+		FullName:    composeFullName(fn, sn, name),
 		LoginType:   source.Type,
 		LoginSource: source.ID,
-		LoginName:   name,
+		LoginName:   loginName,
 		Email:       mail,
 		IsAdmin:     admin,
 		IsActive:    true,
@@ -261,6 +263,19 @@ func LoginUserLDAPSource(u *User, name, passwd string, source *LoginSource, auto
 	return u, CreateUser(u)
 }

+func composeFullName(firstName, surename, userName string) string {
+	switch {
+	case len(firstName) == 0 && len(surename) == 0:
+		return userName
+	case len(firstName) == 0:
+		return surename
+	case len(surename) == 0:
+		return firstName
+	default:
+		return firstName + " " + surename
+	}
+}
+
 //   _________   __________________________
 //  /   _____/  /     \__    ___/\______   \
 //  \_____  \  /  \ /  \|    |    |     ___/
@@ -411,7 +426,7 @@ func LoginUserPAMSource(u *User, name, passwd string, sourceId int64, cfg *PAMCo
 	// fake a local user creation
 	u = &User{
 		LowerName:   strings.ToLower(name),
-		Name:        strings.ToLower(name),
+		Name:        name,
 		LoginType:   PAM,
 		LoginSource: sourceId,
 		LoginName:   name,
@@ -419,8 +434,7 @@ func LoginUserPAMSource(u *User, name, passwd string, sourceId int64, cfg *PAMCo
 		Passwd:      passwd,
 		Email:       name,
 	}
-	err := CreateUser(u)
-	return u, err
+	return u, CreateUser(u)
 }

 func ExternalUserLogin(u *User, name, passwd string, source *LoginSource, autoRegister bool) (*User, error) {
@@ -444,7 +458,7 @@ func ExternalUserLogin(u *User, name, passwd string, source *LoginSource, autoRe
 func UserSignIn(uname, passwd string) (*User, error) {
 	var u *User
 	if strings.Contains(uname, "@") {
-		u = &User{Email: uname}
+		u = &User{Email: strings.ToLower(uname)}
 	} else {
 		u = &User{LowerName: strings.ToLower(uname)}
 	}
--- a/models/migrations/migrations.go
+++ b/models/migrations/migrations.go
@@ -11,6 +11,7 @@ import (
 	"io/ioutil"
 	"os"
 	"path"
+	"path/filepath"
 	"strings"
 	"time"

@@ -65,6 +66,8 @@ var migrations = []Migration{
 	NewMigration("trim action compare URL prefix", trimCommitActionAppUrlPrefix), // V5 -> V6:v0.6.3
 	NewMigration("generate issue-label from issue", issueToIssueLabel),           // V6 -> V7:v0.6.4
 	NewMigration("refactor attachment table", attachmentRefactor),                // V7 -> V8:v0.6.4
+	NewMigration("rename pull request fields", renamePullRequestFields),          // V8 -> V9:v0.6.16
+	NewMigration("clean up migrate repo info", cleanUpMigrateRepoInfo),           // V9 -> V10:v0.6.20
 }

 // Migrate database to current version
@@ -103,6 +106,11 @@ func Migrate(x *xorm.Engine) error {
 	}

 	v := currentVersion.Version
+	if _MIN_DB_VER > v {
+		log.Fatal(4, "Gogs no longer supports auto-migration from your previously installed version. Please try to upgrade to a lower version first, then upgrade to current version.")
+		return nil
+	}
+
 	if int(v-_MIN_DB_VER) > len(migrations) {
 		// User downgraded Gogs.
 		currentVersion.Version = int64(len(migrations) + _MIN_DB_VER)
@@ -453,7 +461,7 @@ func trimCommitActionAppUrlPrefix(x *xorm.Engine) error {

 		pushCommits = new(PushCommits)
 		if err = json.Unmarshal(action["content"], pushCommits); err != nil {
-			return fmt.Errorf("unmarshal action content[%s]: %v", actID, err)
+			return fmt.Errorf("unmarshal action content[%d]: %v", actID, err)
 		}

 		infos := strings.Split(pushCommits.CompareUrl, "/")
@@ -464,7 +472,7 @@ func trimCommitActionAppUrlPrefix(x *xorm.Engine) error {

 		p, err := json.Marshal(pushCommits)
 		if err != nil {
-			return fmt.Errorf("marshal action content[%s]: %v", actID, err)
+			return fmt.Errorf("marshal action content[%d]: %v", actID, err)
 		}

 		if _, err = sess.Id(actID).Update(&Action{
@@ -606,3 +614,96 @@ func attachmentRefactor(x *xorm.Engine) error {

 	return sess.Commit()
 }
+
+func renamePullRequestFields(x *xorm.Engine) (err error) {
+	type PullRequest struct {
+		ID         int64 `xorm:"pk autoincr"`
+		PullID     int64 `xorm:"INDEX"`
+		PullIndex  int64
+		HeadBarcnh string
+
+		IssueID    int64 `xorm:"INDEX"`
+		Index      int64
+		HeadBranch string
+	}
+
+	if err = x.Sync(new(PullRequest)); err != nil {
+		return fmt.Errorf("sync: %v", err)
+	}
+
+	results, err := x.Query("SELECT `id`,`pull_id`,`pull_index`,`head_barcnh` FROM `pull_request`")
+	if err != nil {
+		if strings.Contains(err.Error(), "no such column") {
+			return nil
+		}
+		return fmt.Errorf("select pull requests: %v", err)
+	}
+
+	sess := x.NewSession()
+	defer sessionRelease(sess)
+	if err = sess.Begin(); err != nil {
+		return err
+	}
+
+	var pull *PullRequest
+	for _, pr := range results {
+		pull = &PullRequest{
+			ID:         com.StrTo(pr["id"]).MustInt64(),
+			IssueID:    com.StrTo(pr["pull_id"]).MustInt64(),
+			Index:      com.StrTo(pr["pull_index"]).MustInt64(),
+			HeadBranch: string(pr["head_barcnh"]),
+		}
+		if _, err = sess.Id(pull.ID).Update(pull); err != nil {
+			return err
+		}
+	}
+
+	return sess.Commit()
+}
+
+func cleanUpMigrateRepoInfo(x *xorm.Engine) (err error) {
+	type (
+		User struct {
+			ID        int64 `xorm:"pk autoincr"`
+			LowerName string
+		}
+		Repository struct {
+			ID        int64 `xorm:"pk autoincr"`
+			OwnerID   int64
+			LowerName string
+		}
+	)
+
+	repos := make([]*Repository, 0, 25)
+	if err = x.Where("is_mirror=?", false).Find(&repos); err != nil {
+		return fmt.Errorf("select all non-mirror repositories: %v", err)
+	}
+	var user *User
+	for _, repo := range repos {
+		user = &User{ID: repo.OwnerID}
+		has, err := x.Get(user)
+		if err != nil {
+			return fmt.Errorf("get owner of repository[%d - %d]: %v", repo.ID, repo.OwnerID, err)
+		} else if !has {
+			continue
+		}
+
+		configPath := filepath.Join(setting.RepoRootPath, user.LowerName, repo.LowerName+".git/config")
+
+		// In case repository file is somehow missing.
+		if !com.IsFile(configPath) {
+			continue
+		}
+
+		cfg, err := ini.Load(configPath)
+		if err != nil {
+			return fmt.Errorf("open config file: %v", err)
+		}
+		cfg.DeleteSection("remote \"origin\"")
+		if err = cfg.SaveToIndent(configPath, "\t"); err != nil {
+			return fmt.Errorf("save config file: %v", err)
+		}
+	}
+
+	return nil
+}
--- a/models/models.go
+++ b/models/models.go
@@ -20,6 +20,7 @@ import (
 	_ "github.com/lib/pq"

 	"github.com/gogits/gogs/models/migrations"
+	"github.com/gogits/gogs/modules/log"
 	"github.com/gogits/gogs/modules/setting"
 )

@@ -52,6 +53,7 @@ func regulateTimeZone(t time.Time) time.Time {

 	zone := t.Local().Format("-0700")
 	if len(zone) != 5 {
+		log.Error(4, "Unprocessable timezone: %s - %s", t.Local(), zone)
 		return t
 	}
 	hour := com.StrTo(zone[2:3]).MustInt()
@@ -88,7 +90,7 @@ func init() {
 		new(Team), new(OrgUser), new(TeamUser), new(TeamRepo),
 		new(Notice), new(EmailAddress))

-	gonicNames := []string{"UID", "SSL"}
+	gonicNames := []string{"SSL"}
 	for _, name := range gonicNames {
 		core.LintGonicMapper[name] = true
 	}
--- a/models/publickey.go
+++ b/models/publickey.go
@@ -13,7 +13,6 @@ import (
 	"io"
 	"io/ioutil"
 	"os"
-	"os/exec"
 	"path"
 	"path/filepath"
 	"strings"
@@ -33,25 +32,8 @@ const (
 	_TPL_PUBLICK_KEY = `command="%s serv key-%d --config='%s'",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty %s` + "\n"
 )

-var (
-	ErrKeyUnableVerify = errors.New("Unable to verify public key")
-)
-
 var sshOpLocker = sync.Mutex{}
-
-var (
-	SSHPath string // SSH directory.
-	appPath string // Execution(binary) path.
-)
-
-// exePath returns the executable path.
-func exePath() (string, error) {
-	file, err := exec.LookPath(os.Args[0])
-	if err != nil {
-		return "", err
-	}
-	return filepath.Abs(file)
-}
+var SSHPath string // SSH directory.

 // homeDir returns the home directory of current user.
 func homeDir() string {
@@ -63,16 +45,9 @@ func homeDir() string {
 }

 func init() {
-	var err error
-
-	if appPath, err = exePath(); err != nil {
-		log.Fatal(4, "fail to get app path: %v\n", err)
-	}
-	appPath = strings.Replace(appPath, "\\", "/", -1)
-
 	// Determine and create .ssh path.
 	SSHPath = filepath.Join(homeDir(), ".ssh")
-	if err = os.MkdirAll(SSHPath, 0700); err != nil {
+	if err := os.MkdirAll(SSHPath, 0700); err != nil {
 		log.Fatal(4, "fail to create '%s': %v", SSHPath, err)
 	}
 }
@@ -114,17 +89,7 @@ func (k *PublicKey) OmitEmail() string {

 // GetAuthorizedString generates and returns formatted public key string for authorized_keys file.
 func (key *PublicKey) GetAuthorizedString() string {
-	return fmt.Sprintf(_TPL_PUBLICK_KEY, appPath, key.ID, setting.CustomConf, key.Content)
-}
-
-var minimumKeySizes = map[string]int{
-	"(ED25519)": 256,
-	"(ECDSA)":   256,
-	"(NTRU)":    1087,
-	"(MCE)":     1702,
-	"(McE)":     1702,
-	"(RSA)":     1024,
-	"(DSA)":     1024,
+	return fmt.Sprintf(_TPL_PUBLICK_KEY, setting.AppPath, key.ID, setting.CustomConf, key.Content)
 }

 func extractTypeFromBase64Key(key string) (string, error) {
@@ -228,9 +193,9 @@ func CheckPublicKeyString(content string) (_ string, err error) {
 	tmpFile.Close()

 	// Check if ssh-keygen recognizes its contents.
-	stdout, stderr, err := process.Exec("CheckPublicKeyString", "ssh-keygen", "-l", "-f", tmpPath)
+	stdout, stderr, err := process.Exec("CheckPublicKeyString", "ssh-keygen", "-lf", tmpPath)
 	if err != nil {
-		return "", errors.New("ssh-keygen -l -f: " + stderr)
+		return "", errors.New("ssh-keygen -lf: " + stderr)
 	} else if len(stdout) < 2 {
 		return "", errors.New("ssh-keygen returned not enough output to evaluate the key: " + stdout)
 	}
@@ -242,7 +207,7 @@ func CheckPublicKeyString(content string) (_ string, err error) {

 	sshKeygenOutput := strings.Split(stdout, " ")
 	if len(sshKeygenOutput) < 4 {
-		return content, ErrKeyUnableVerify
+		return content, ErrKeyUnableVerify{stdout}
 	}

 	// Check if key type and key size match.
@@ -251,9 +216,10 @@ func CheckPublicKeyString(content string) (_ string, err error) {
 		if keySize == 0 {
 			return "", errors.New("cannot get key size of the given key")
 		}
-		keyType := strings.TrimSpace(sshKeygenOutput[len(sshKeygenOutput)-1])
-		if minimumKeySize := minimumKeySizes[keyType]; minimumKeySize == 0 {
-			return "", errors.New("sorry, unrecognized public key type")
+
+		keyType := strings.Trim(sshKeygenOutput[len(sshKeygenOutput)-1], " ()\n")
+		if minimumKeySize := setting.Service.MinimumKeySizes[keyType]; minimumKeySize == 0 {
+			return "", fmt.Errorf("unrecognized public key type: %s", keyType)
 		} else if keySize < minimumKeySize {
 			return "", fmt.Errorf("the minimum accepted size of a public key %s is %d", keyType, minimumKeySize)
 		}
@@ -321,9 +287,9 @@ func addKey(e Engine, key *PublicKey) (err error) {
 	if err = ioutil.WriteFile(tmpPath, []byte(key.Content), 0644); err != nil {
 		return err
 	}
-	stdout, stderr, err := process.Exec("AddPublicKey", "ssh-keygen", "-l", "-f", tmpPath)
+	stdout, stderr, err := process.Exec("AddPublicKey", "ssh-keygen", "-lf", tmpPath)
 	if err != nil {
-		return errors.New("ssh-keygen -l -f: " + stderr)
+		return errors.New("ssh-keygen -lf: " + stderr)
 	} else if len(stdout) < 2 {
 		return errors.New("not enough output for calculating fingerprint: " + stdout)
 	}
@@ -337,23 +303,23 @@ func addKey(e Engine, key *PublicKey) (err error) {
 }

 // AddPublicKey adds new public key to database and authorized_keys file.
-func AddPublicKey(ownerID int64, name, content string) (err error) {
-	if err = checkKeyContent(content); err != nil {
-		return err
+func AddPublicKey(ownerID int64, name, content string) (*PublicKey, error) {
+	if err := checkKeyContent(content); err != nil {
+		return nil, err
 	}

 	// Key name of same user cannot be duplicated.
 	has, err := x.Where("owner_id=? AND name=?", ownerID, name).Get(new(PublicKey))
 	if err != nil {
-		return err
+		return nil, err
 	} else if has {
-		return ErrKeyNameAlreadyUsed{ownerID, name}
+		return nil, ErrKeyNameAlreadyUsed{ownerID, name}
 	}

 	sess := x.NewSession()
 	defer sessionRelease(sess)
 	if err = sess.Begin(); err != nil {
-		return err
+		return nil, err
 	}

 	key := &PublicKey{
@@ -364,10 +330,10 @@ func AddPublicKey(ownerID int64, name, content string) (err error) {
 		Type:    KEY_TYPE_USER,
 	}
 	if err = addKey(sess, key); err != nil {
-		return fmt.Errorf("addKey: %v", err)
+		return nil, fmt.Errorf("addKey: %v", err)
 	}

-	return sess.Commit()
+	return key, sess.Commit()
 }

 // GetPublicKeyByID returns public key by given ID.
@@ -382,6 +348,19 @@ func GetPublicKeyByID(keyID int64) (*PublicKey, error) {
 	return key, nil
 }

+// SearchPublicKeyByContent searches content as prefix (leak e-mail part)
+// and returns public key found.
+func SearchPublicKeyByContent(content string) (*PublicKey, error) {
+	key := new(PublicKey)
+	has, err := x.Where("content like ?", content+"%").Get(key)
+	if err != nil {
+		return nil, err
+	} else if !has {
+		return nil, ErrKeyNotExist{}
+	}
+	return key, nil
+}
+
 // ListPublicKeys returns a list of public keys belongs to given user.
 func ListPublicKeys(uid int64) ([]*PublicKey, error) {
 	keys := make([]*PublicKey, 0, 5)
@@ -471,12 +450,18 @@ func deletePublicKey(e *xorm.Session, keyID int64) error {
 }

 // DeletePublicKey deletes SSH key information both in database and authorized_keys file.
-func DeletePublicKey(id int64) (err error) {
-	has, err := x.Id(id).Get(new(PublicKey))
+func DeletePublicKey(doer *User, id int64) (err error) {
+	key, err := GetPublicKeyByID(id)
 	if err != nil {
-		return err
-	} else if !has {
-		return nil
+		if IsErrKeyNotExist(err) {
+			return nil
+		}
+		return fmt.Errorf("GetPublicKeyByID: %v", err)
+	}
+
+	// Check if user has access to delete this key.
+	if !doer.IsAdmin && doer.Id != key.OwnerID {
+		return ErrKeyAccessDenied{doer.Id, key.ID, "public"}
 	}

 	sess := x.NewSession()
@@ -540,6 +525,7 @@ type DeployKey struct {
 	RepoID            int64 `xorm:"UNIQUE(s) INDEX"`
 	Name              string
 	Fingerprint       string
+	Content           string    `xorm:"-"`
 	Created           time.Time `xorm:"CREATED"`
 	Updated           time.Time // Note: Updated must below Created for AfterSet.
 	HasRecentActivity bool      `xorm:"-"`
@@ -554,6 +540,16 @@ func (k *DeployKey) AfterSet(colName string, _ xorm.Cell) {
 	}
 }

+// GetContent gets associated public key content.
+func (k *DeployKey) GetContent() error {
+	pkey, err := GetPublicKeyByID(k.KeyID)
+	if err != nil {
+		return err
+	}
+	k.Content = pkey.Content
+	return nil
+}
+
 func checkDeployKey(e Engine, keyID, repoID int64, name string) error {
 	// Note: We want error detail, not just true or false here.
 	has, err := e.Where("key_id=? AND repo_id=?", keyID, repoID).Get(new(DeployKey))
@@ -574,18 +570,19 @@ func checkDeployKey(e Engine, keyID, repoID int64, name string) error {
 }

 // addDeployKey adds new key-repo relation.
-func addDeployKey(e *xorm.Session, keyID, repoID int64, name, fingerprint string) (err error) {
-	if err = checkDeployKey(e, keyID, repoID, name); err != nil {
-		return err
+func addDeployKey(e *xorm.Session, keyID, repoID int64, name, fingerprint string) (*DeployKey, error) {
+	if err := checkDeployKey(e, keyID, repoID, name); err != nil {
+		return nil, err
 	}

-	_, err = e.Insert(&DeployKey{
+	key := &DeployKey{
 		KeyID:       keyID,
 		RepoID:      repoID,
 		Name:        name,
 		Fingerprint: fingerprint,
-	})
-	return err
+	}
+	_, err := e.Insert(key)
+	return key, err
 }

 // HasDeployKey returns true if public key is a deploy key of given repository.
@@ -595,39 +592,52 @@ func HasDeployKey(keyID, repoID int64) bool {
 }

 // AddDeployKey add new deploy key to database and authorized_keys file.
-func AddDeployKey(repoID int64, name, content string) (err error) {
-	if err = checkKeyContent(content); err != nil {
-		return err
+func AddDeployKey(repoID int64, name, content string) (*DeployKey, error) {
+	if err := checkKeyContent(content); err != nil {
+		return nil, err
 	}

-	key := &PublicKey{
+	pkey := &PublicKey{
 		Content: content,
 		Mode:    ACCESS_MODE_READ,
 		Type:    KEY_TYPE_DEPLOY,
 	}
-	has, err := x.Get(key)
+	has, err := x.Get(pkey)
 	if err != nil {
-		return err
+		return nil, err
 	}

 	sess := x.NewSession()
 	defer sessionRelease(sess)
 	if err = sess.Begin(); err != nil {
-		return err
+		return nil, err
 	}

 	// First time use this deploy key.
 	if !has {
-		if err = addKey(sess, key); err != nil {
-			return nil
+		if err = addKey(sess, pkey); err != nil {
+			return nil, fmt.Errorf("addKey: %v", err)
 		}
 	}

-	if err = addDeployKey(sess, key.ID, repoID, name, key.Fingerprint); err != nil {
-		return err
+	key, err := addDeployKey(sess, pkey.ID, repoID, name, pkey.Fingerprint)
+	if err != nil {
+		return nil, fmt.Errorf("addDeployKey: %v", err)
 	}

-	return sess.Commit()
+	return key, sess.Commit()
+}
+
+// GetDeployKeyByID returns deploy key by given ID.
+func GetDeployKeyByID(id int64) (*DeployKey, error) {
+	key := new(DeployKey)
+	has, err := x.Id(id).Get(key)
+	if err != nil {
+		return nil, err
+	} else if !has {
+		return nil, ErrDeployKeyNotExist{id, 0, 0}
+	}
+	return key, nil
 }

 // GetDeployKeyByRepo returns deploy key by given public key ID and repository ID.
@@ -636,8 +646,13 @@ func GetDeployKeyByRepo(keyID, repoID int64) (*DeployKey, error) {
 		KeyID:  keyID,
 		RepoID: repoID,
 	}
-	_, err := x.Get(key)
-	return key, err
+	has, err := x.Get(key)
+	if err != nil {
+		return nil, err
+	} else if !has {
+		return nil, ErrDeployKeyNotExist{0, keyID, repoID}
+	}
+	return key, nil
 }

 // UpdateDeployKey updates deploy key information.
@@ -647,13 +662,27 @@ func UpdateDeployKey(key *DeployKey) error {
 }

 // DeleteDeployKey deletes deploy key from its repository authorized_keys file if needed.
-func DeleteDeployKey(id int64) error {
-	key := &DeployKey{ID: id}
-	has, err := x.Id(key.ID).Get(key)
+func DeleteDeployKey(doer *User, id int64) error {
+	key, err := GetDeployKeyByID(id)
 	if err != nil {
-		return err
-	} else if !has {
-		return nil
+		if IsErrDeployKeyNotExist(err) {
+			return nil
+		}
+		return fmt.Errorf("GetDeployKeyByID: %v", err)
+	}
+
+	// Check if user has access to delete this key.
+	if !doer.IsAdmin {
+		repo, err := GetRepositoryByID(key.RepoID)
+		if err != nil {
+			return fmt.Errorf("GetRepositoryByID: %v", err)
+		}
+		yes, err := HasAccess(doer, repo, ACCESS_MODE_ADMIN)
+		if err != nil {
+			return fmt.Errorf("HasAccess: %v", err)
+		} else if !yes {
+			return ErrKeyAccessDenied{doer.Id, key.ID, "deploy"}
+		}
 	}

 	sess := x.NewSession()
@@ -667,7 +696,7 @@ func DeleteDeployKey(id int64) error {
 	}

 	// Check if this is the last reference to same key content.
-	has, err = sess.Where("key_id=?", key.KeyID).Get(new(DeployKey))
+	has, err := sess.Where("key_id=?", key.KeyID).Get(new(DeployKey))
 	if err != nil {
 		return err
 	} else if !has {
--- a/models/pull.go
+++ b/models/pull.go
@@ -0,0 +1,559 @@
+// Copyright 2015 The Gogs Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package models
+
+import (
+	"fmt"
+	"os"
+	"path"
+	"strings"
+	"time"
+
+	"github.com/Unknwon/com"
+	"github.com/go-xorm/xorm"
+
+	"github.com/gogits/gogs/modules/git"
+	"github.com/gogits/gogs/modules/log"
+	"github.com/gogits/gogs/modules/process"
+	"github.com/gogits/gogs/modules/setting"
+)
+
+type PullRequestType int
+
+const (
+	PULL_REQUEST_GOGS PullRequestType = iota
+	PLLL_ERQUEST_GIT
+)
+
+type PullRequestStatus int
+
+const (
+	PULL_REQUEST_STATUS_CONFLICT PullRequestStatus = iota
+	PULL_REQUEST_STATUS_CHECKING
+	PULL_REQUEST_STATUS_MERGEABLE
+)
+
+// PullRequest represents relation between pull request and repositories.
+type PullRequest struct {
+	ID     int64 `xorm:"pk autoincr"`
+	Type   PullRequestType
+	Status PullRequestStatus
+
+	IssueID int64  `xorm:"INDEX"`
+	Issue   *Issue `xorm:"-"`
+	Index   int64
+
+	HeadRepoID   int64
+	HeadRepo     *Repository `xorm:"-"`
+	BaseRepoID   int64
+	BaseRepo     *Repository `xorm:"-"`
+	HeadUserName string
+	HeadBranch   string
+	BaseBranch   string
+	MergeBase    string `xorm:"VARCHAR(40)"`
+
+	HasMerged      bool
+	MergedCommitID string `xorm:"VARCHAR(40)"`
+	Merged         time.Time
+	MergerID       int64
+	Merger         *User `xorm:"-"`
+}
+
+// Note: don't try to get Pull because will end up recursive querying.
+func (pr *PullRequest) AfterSet(colName string, _ xorm.Cell) {
+	switch colName {
+	case "merged":
+		if !pr.HasMerged {
+			return
+		}
+
+		pr.Merged = regulateTimeZone(pr.Merged)
+	}
+}
+
+func (pr *PullRequest) getHeadRepo(e Engine) (err error) {
+	pr.HeadRepo, err = getRepositoryByID(e, pr.HeadRepoID)
+	if err != nil && !IsErrRepoNotExist(err) {
+		return fmt.Errorf("getRepositoryByID(head): %v", err)
+	}
+	return nil
+}
+
+func (pr *PullRequest) GetHeadRepo() (err error) {
+	return pr.getHeadRepo(x)
+}
+
+func (pr *PullRequest) GetBaseRepo() (err error) {
+	if pr.BaseRepo != nil {
+		return nil
+	}
+
+	pr.BaseRepo, err = GetRepositoryByID(pr.BaseRepoID)
+	if err != nil {
+		return fmt.Errorf("GetRepositoryByID(base): %v", err)
+	}
+	return nil
+}
+
+func (pr *PullRequest) GetMerger() (err error) {
+	if !pr.HasMerged || pr.Merger != nil {
+		return nil
+	}
+
+	pr.Merger, err = GetUserByID(pr.MergerID)
+	if IsErrUserNotExist(err) {
+		pr.MergerID = -1
+		pr.Merger = NewFakeUser()
+	} else if err != nil {
+		return fmt.Errorf("GetUserByID: %v", err)
+	}
+	return nil
+}
+
+// IsChecking returns true if this pull request is still checking conflict.
+func (pr *PullRequest) IsChecking() bool {
+	return pr.Status == PULL_REQUEST_STATUS_CHECKING
+}
+
+// CanAutoMerge returns true if this pull request can be merged automatically.
+func (pr *PullRequest) CanAutoMerge() bool {
+	return pr.Status == PULL_REQUEST_STATUS_MERGEABLE
+}
+
+// Merge merges pull request to base repository.
+func (pr *PullRequest) Merge(doer *User, baseGitRepo *git.Repository) (err error) {
+	sess := x.NewSession()
+	defer sessionRelease(sess)
+	if err = sess.Begin(); err != nil {
+		return err
+	}
+
+	if err = pr.Issue.changeStatus(sess, doer, true); err != nil {
+		return fmt.Errorf("Issue.changeStatus: %v", err)
+	}
+
+	if err = pr.getHeadRepo(sess); err != nil {
+		return fmt.Errorf("getHeadRepo: %v", err)
+	}
+
+	headRepoPath := RepoPath(pr.HeadUserName, pr.HeadRepo.Name)
+	headGitRepo, err := git.OpenRepository(headRepoPath)
+	if err != nil {
+		return fmt.Errorf("OpenRepository: %v", err)
+	}
+	pr.MergedCommitID, err = headGitRepo.GetCommitIdOfBranch(pr.HeadBranch)
+	if err != nil {
+		return fmt.Errorf("GetCommitIdOfBranch: %v", err)
+	}
+
+	if err = mergePullRequestAction(sess, doer, pr.Issue.Repo, pr.Issue); err != nil {
+		return fmt.Errorf("mergePullRequestAction: %v", err)
+	}
+
+	pr.HasMerged = true
+	pr.Merged = time.Now()
+	pr.MergerID = doer.Id
+	if _, err = sess.Id(pr.ID).AllCols().Update(pr); err != nil {
+		return fmt.Errorf("update pull request: %v", err)
+	}
+
+	// Clone base repo.
+	tmpBasePath := path.Join(setting.AppDataPath, "tmp/repos", com.ToStr(time.Now().Nanosecond())+".git")
+	os.MkdirAll(path.Dir(tmpBasePath), os.ModePerm)
+	defer os.RemoveAll(path.Dir(tmpBasePath))
+
+	var stderr string
+	if _, stderr, err = process.ExecTimeout(5*time.Minute,
+		fmt.Sprintf("PullRequest.Merge (git clone): %s", tmpBasePath),
+		"git", "clone", baseGitRepo.Path, tmpBasePath); err != nil {
+		return fmt.Errorf("git clone: %s", stderr)
+	}
+
+	// Check out base branch.
+	if _, stderr, err = process.ExecDir(-1, tmpBasePath,
+		fmt.Sprintf("PullRequest.Merge (git checkout): %s", tmpBasePath),
+		"git", "checkout", pr.BaseBranch); err != nil {
+		return fmt.Errorf("git checkout: %s", stderr)
+	}
+
+	// Add head repo remote.
+	if _, stderr, err = process.ExecDir(-1, tmpBasePath,
+		fmt.Sprintf("PullRequest.Merge (git remote add): %s", tmpBasePath),
+		"git", "remote", "add", "head_repo", headRepoPath); err != nil {
+		return fmt.Errorf("git remote add [%s -> %s]: %s", headRepoPath, tmpBasePath, stderr)
+	}
+
+	// Merge commits.
+	if _, stderr, err = process.ExecDir(-1, tmpBasePath,
+		fmt.Sprintf("PullRequest.Merge (git fetch): %s", tmpBasePath),
+		"git", "fetch", "head_repo"); err != nil {
+		return fmt.Errorf("git fetch [%s -> %s]: %s", headRepoPath, tmpBasePath, stderr)
+	}
+
+	if _, stderr, err = process.ExecDir(-1, tmpBasePath,
+		fmt.Sprintf("PullRequest.Merge (git merge --no-ff --no-commit): %s", tmpBasePath),
+		"git", "merge", "--no-ff", "--no-commit", "head_repo/"+pr.HeadBranch); err != nil {
+		return fmt.Errorf("git merge --no-ff --no-commit [%s]: %v - %s", tmpBasePath, err, stderr)
+	}
+
+	sig := doer.NewGitSig()
+	if _, stderr, err = process.ExecDir(-1, tmpBasePath,
+		fmt.Sprintf("PullRequest.Merge (git merge): %s", tmpBasePath),
+		"git", "commit", fmt.Sprintf("--author='%s <%s>'", sig.Name, sig.Email),
+		"-m", fmt.Sprintf("Merge branch '%s' of %s/%s into %s", pr.HeadBranch, pr.HeadUserName, pr.HeadRepo.Name, pr.BaseBranch)); err != nil {
+		return fmt.Errorf("git commit [%s]: %v - %s", tmpBasePath, err, stderr)
+	}
+
+	// Push back to upstream.
+	if _, stderr, err = process.ExecDir(-1, tmpBasePath,
+		fmt.Sprintf("PullRequest.Merge (git push): %s", tmpBasePath),
+		"git", "push", baseGitRepo.Path, pr.BaseBranch); err != nil {
+		return fmt.Errorf("git push: %s", stderr)
+	}
+
+	return sess.Commit()
+}
+
+// patchConflicts is a list of conflit description from Git.
+var patchConflicts = []string{
+	"patch does not apply",
+	"already exists in working directory",
+	"unrecognized input",
+}
+
+// testPatch checks if patch can be merged to base repository without conflit.
+// FIXME: make a mechanism to clean up stable local copies.
+func (pr *PullRequest) testPatch() (err error) {
+	if pr.BaseRepo == nil {
+		pr.BaseRepo, err = GetRepositoryByID(pr.BaseRepoID)
+		if err != nil {
+			return fmt.Errorf("GetRepositoryByID: %v", err)
+		}
+	}
+
+	patchPath, err := pr.BaseRepo.PatchPath(pr.Index)
+	if err != nil {
+		return fmt.Errorf("BaseRepo.PatchPath: %v", err)
+	}
+
+	// Fast fail if patch does not exist, this assumes data is cruppted.
+	if !com.IsFile(patchPath) {
+		log.Trace("PullRequest[%d].testPatch: ignored cruppted data", pr.ID)
+		return nil
+	}
+
+	log.Trace("PullRequest[%d].testPatch(patchPath): %s", pr.ID, patchPath)
+
+	if err := pr.BaseRepo.UpdateLocalCopy(); err != nil {
+		return fmt.Errorf("UpdateLocalCopy: %v", err)
+	}
+
+	// Checkout base branch.
+	_, stderr, err := process.ExecDir(-1, pr.BaseRepo.LocalCopyPath(),
+		fmt.Sprintf("PullRequest.Merge(git checkout): %v", pr.BaseRepo.ID),
+		"git", "checkout", pr.BaseBranch)
+	if err != nil {
+		return fmt.Errorf("git checkout: %s", stderr)
+	}
+
+	pr.Status = PULL_REQUEST_STATUS_CHECKING
+	_, stderr, err = process.ExecDir(-1, pr.BaseRepo.LocalCopyPath(),
+		fmt.Sprintf("testPatch(git apply --check): %d", pr.BaseRepo.ID),
+		"git", "apply", "--check", patchPath)
+	if err != nil {
+		for i := range patchConflicts {
+			if strings.Contains(stderr, patchConflicts[i]) {
+				log.Trace("PullRequest[%d].testPatch(apply): has conflit", pr.ID)
+				fmt.Println(stderr)
+				pr.Status = PULL_REQUEST_STATUS_CONFLICT
+				return nil
+			}
+		}
+
+		return fmt.Errorf("git apply --check: %v - %s", err, stderr)
+	}
+	return nil
+}
+
+// NewPullRequest creates new pull request with labels for repository.
+func NewPullRequest(repo *Repository, pull *Issue, labelIDs []int64, uuids []string, pr *PullRequest, patch []byte) (err error) {
+	sess := x.NewSession()
+	defer sessionRelease(sess)
+	if err = sess.Begin(); err != nil {
+		return err
+	}
+
+	if err = newIssue(sess, repo, pull, labelIDs, uuids, true); err != nil {
+		return fmt.Errorf("newIssue: %v", err)
+	}
+
+	// Notify watchers.
+	act := &Action{
+		ActUserID:    pull.Poster.Id,
+		ActUserName:  pull.Poster.Name,
+		ActEmail:     pull.Poster.Email,
+		OpType:       CREATE_PULL_REQUEST,
+		Content:      fmt.Sprintf("%d|%s", pull.Index, pull.Name),
+		RepoID:       repo.ID,
+		RepoUserName: repo.Owner.Name,
+		RepoName:     repo.Name,
+		IsPrivate:    repo.IsPrivate,
+	}
+	if err = notifyWatchers(sess, act); err != nil {
+		return err
+	}
+
+	pr.Index = pull.Index
+	if err = repo.SavePatch(pr.Index, patch); err != nil {
+		return fmt.Errorf("SavePatch: %v", err)
+	}
+
+	pr.BaseRepo = repo
+	if err = pr.testPatch(); err != nil {
+		return fmt.Errorf("testPatch: %v", err)
+	}
+	if pr.Status == PULL_REQUEST_STATUS_CHECKING {
+		pr.Status = PULL_REQUEST_STATUS_MERGEABLE
+	}
+
+	pr.IssueID = pull.ID
+	if _, err = sess.Insert(pr); err != nil {
+		return fmt.Errorf("insert pull repo: %v", err)
+	}
+
+	return sess.Commit()
+}
+
+// GetUnmergedPullRequest returnss a pull request that is open and has not been merged
+// by given head/base and repo/branch.
+func GetUnmergedPullRequest(headRepoID, baseRepoID int64, headBranch, baseBranch string) (*PullRequest, error) {
+	pr := new(PullRequest)
+	has, err := x.Where("head_repo_id=? AND head_branch=? AND base_repo_id=? AND base_branch=? AND has_merged=? AND issue.is_closed=?",
+		headRepoID, headBranch, baseRepoID, baseBranch, false, false).
+		Join("INNER", "issue", "issue.id=pull_request.issue_id").Get(pr)
+	if err != nil {
+		return nil, err
+	} else if !has {
+		return nil, ErrPullRequestNotExist{0, 0, headRepoID, baseRepoID, headBranch, baseBranch}
+	}
+
+	return pr, nil
+}
+
+// GetUnmergedPullRequestsByHeadInfo returnss all pull requests that are open and has not been merged
+// by given head information (repo and branch).
+func GetUnmergedPullRequestsByHeadInfo(repoID int64, branch string) ([]*PullRequest, error) {
+	prs := make([]*PullRequest, 0, 2)
+	return prs, x.Where("head_repo_id=? AND head_branch=? AND has_merged=? AND issue.is_closed=?",
+		repoID, branch, false, false).
+		Join("INNER", "issue", "issue.id=pull_request.issue_id").Find(&prs)
+}
+
+// GetUnmergedPullRequestsByBaseInfo returnss all pull requests that are open and has not been merged
+// by given base information (repo and branch).
+func GetUnmergedPullRequestsByBaseInfo(repoID int64, branch string) ([]*PullRequest, error) {
+	prs := make([]*PullRequest, 0, 2)
+	return prs, x.Where("base_repo_id=? AND base_branch=? AND has_merged=? AND issue.is_closed=?",
+		repoID, branch, false, false).
+		Join("INNER", "issue", "issue.id=pull_request.issue_id").Find(&prs)
+}
+
+// GetPullRequestByID returns a pull request by given ID.
+func GetPullRequestByID(id int64) (*PullRequest, error) {
+	pr := new(PullRequest)
+	has, err := x.Id(id).Get(pr)
+	if err != nil {
+		return nil, err
+	} else if !has {
+		return nil, ErrPullRequestNotExist{id, 0, 0, 0, "", ""}
+	}
+	return pr, nil
+}
+
+// GetPullRequestByIssueID returns pull request by given issue ID.
+func GetPullRequestByIssueID(issueID int64) (*PullRequest, error) {
+	pr := &PullRequest{
+		IssueID: issueID,
+	}
+	has, err := x.Get(pr)
+	if err != nil {
+		return nil, err
+	} else if !has {
+		return nil, ErrPullRequestNotExist{0, issueID, 0, 0, "", ""}
+	}
+	return pr, nil
+}
+
+// Update updates all fields of pull request.
+func (pr *PullRequest) Update() error {
+	_, err := x.Id(pr.ID).AllCols().Update(pr)
+	return err
+}
+
+// Update updates specific fields of pull request.
+func (pr *PullRequest) UpdateCols(cols ...string) error {
+	_, err := x.Id(pr.ID).Cols(cols...).Update(pr)
+	return err
+}
+
+var PullRequestQueue = NewUniqueQueue(setting.Repository.PullRequestQueueLength)
+
+// UpdatePatch generates and saves a new patch.
+func (pr *PullRequest) UpdatePatch() (err error) {
+	if err = pr.GetHeadRepo(); err != nil {
+		return fmt.Errorf("GetHeadRepo: %v", err)
+	} else if pr.HeadRepo == nil {
+		log.Trace("PullRequest[%d].UpdatePatch: ignored cruppted data", pr.ID)
+		return nil
+	}
+
+	if err = pr.GetBaseRepo(); err != nil {
+		return fmt.Errorf("GetBaseRepo: %v", err)
+	} else if err = pr.BaseRepo.GetOwner(); err != nil {
+		return fmt.Errorf("GetOwner: %v", err)
+	}
+
+	headGitRepo, err := git.OpenRepository(pr.HeadRepo.RepoPath())
+	if err != nil {
+		return fmt.Errorf("OpenRepository: %v", err)
+	}
+
+	// Add a temporary remote.
+	tmpRemote := com.ToStr(time.Now().UnixNano())
+	if err = headGitRepo.AddRemote(tmpRemote, RepoPath(pr.BaseRepo.Owner.Name, pr.BaseRepo.Name)); err != nil {
+		return fmt.Errorf("AddRemote: %v", err)
+	}
+	defer func() {
+		headGitRepo.RemoveRemote(tmpRemote)
+	}()
+	remoteBranch := "remotes/" + tmpRemote + "/" + pr.BaseBranch
+	pr.MergeBase, err = headGitRepo.GetMergeBase(remoteBranch, pr.HeadBranch)
+	if err != nil {
+		return fmt.Errorf("GetMergeBase: %v", err)
+	} else if err = pr.Update(); err != nil {
+		return fmt.Errorf("Update: %v", err)
+	}
+
+	patch, err := headGitRepo.GetPatch(pr.MergeBase, pr.HeadBranch)
+	if err != nil {
+		return fmt.Errorf("GetPatch: %v", err)
+	}
+
+	if err = pr.BaseRepo.SavePatch(pr.Index, patch); err != nil {
+		return fmt.Errorf("BaseRepo.SavePatch: %v", err)
+	}
+
+	return nil
+}
+
+// AddToTaskQueue adds itself to pull request test task queue.
+func (pr *PullRequest) AddToTaskQueue() {
+	go PullRequestQueue.AddFunc(pr.ID, func() {
+		pr.Status = PULL_REQUEST_STATUS_CHECKING
+		if err := pr.UpdateCols("status"); err != nil {
+			log.Error(5, "AddToTaskQueue.UpdateCols[%d].(add to queue): %v", pr.ID, err)
+		}
+	})
+}
+
+func addHeadRepoTasks(prs []*PullRequest) {
+	for _, pr := range prs {
+		log.Trace("addHeadRepoTasks[%d]: composing new test task", pr.ID)
+		if err := pr.UpdatePatch(); err != nil {
+			log.Error(4, "UpdatePatch: %v", err)
+			continue
+		}
+
+		pr.AddToTaskQueue()
+	}
+}
+
+// AddTestPullRequestTask adds new test tasks by given head/base repository and head/base branch,
+// and generate new patch for testing as needed.
+func AddTestPullRequestTask(repoID int64, branch string) {
+	log.Trace("AddTestPullRequestTask[head_repo_id: %d, head_branch: %s]: finding pull requests", repoID, branch)
+	prs, err := GetUnmergedPullRequestsByHeadInfo(repoID, branch)
+	if err != nil {
+		log.Error(4, "Find pull requests[head_repo_id: %d, head_branch: %s]: %v", repoID, branch, err)
+		return
+	}
+	addHeadRepoTasks(prs)
+
+	log.Trace("AddTestPullRequestTask[base_repo_id: %d, base_branch: %s]: finding pull requests", repoID, branch)
+	prs, err = GetUnmergedPullRequestsByBaseInfo(repoID, branch)
+	if err != nil {
+		log.Error(4, "Find pull requests[base_repo_id: %d, base_branch: %s]: %v", repoID, branch, err)
+		return
+	}
+	for _, pr := range prs {
+		pr.AddToTaskQueue()
+	}
+}
+
+// checkAndUpdateStatus checks if pull request is possible to levaing checking status,
+// and set to be either conflict or mergeable.
+func (pr *PullRequest) checkAndUpdateStatus() {
+	// Status is not changed to conflict means mergeable.
+	if pr.Status == PULL_REQUEST_STATUS_CHECKING {
+		pr.Status = PULL_REQUEST_STATUS_MERGEABLE
+	}
+
+	// Make sure there is no waiting test to process before levaing the checking status.
+	if !PullRequestQueue.Exist(pr.ID) {
+		if err := pr.UpdateCols("status"); err != nil {
+			log.Error(4, "Update[%d]: %v", pr.ID, err)
+		}
+	}
+}
+
+// TestPullRequests checks and tests untested patches of pull requests.
+// TODO: test more pull requests at same time.
+func TestPullRequests() {
+	prs := make([]*PullRequest, 0, 10)
+	x.Iterate(PullRequest{
+		Status: PULL_REQUEST_STATUS_CHECKING,
+	},
+		func(idx int, bean interface{}) error {
+			pr := bean.(*PullRequest)
+
+			if err := pr.GetBaseRepo(); err != nil {
+				log.Error(3, "GetBaseRepo: %v", err)
+				return nil
+			}
+
+			if err := pr.testPatch(); err != nil {
+				log.Error(3, "testPatch: %v", err)
+				return nil
+			}
+			prs = append(prs, pr)
+			return nil
+		})
+
+	// Update pull request status.
+	for _, pr := range prs {
+		pr.checkAndUpdateStatus()
+	}
+
+	// Start listening on new test requests.
+	for prID := range PullRequestQueue.Queue() {
+		log.Trace("TestPullRequests[%v]: processing test task", prID)
+		PullRequestQueue.Remove(prID)
+
+		pr, err := GetPullRequestByID(com.StrTo(prID).MustInt64())
+		if err != nil {
+			log.Error(4, "GetPullRequestByID[%d]: %v", prID, err)
+			continue
+		} else if err = pr.testPatch(); err != nil {
+			log.Error(4, "testPatch[%d]: %v", pr.ID, err)
+			continue
+		}
+
+		pr.checkAndUpdateStatus()
+	}
+}
+
+func InitTestPullRequests() {
+	go TestPullRequests()
+}
--- a/models/release.go
+++ b/models/release.go
@@ -5,7 +5,7 @@
 package models

 import (
-	"errors"
+	"fmt"
 	"sort"
 	"strings"
 	"time"
@@ -13,18 +13,14 @@ import (
 	"github.com/go-xorm/xorm"

 	"github.com/gogits/gogs/modules/git"
-)
-
-var (
-	ErrReleaseAlreadyExist = errors.New("Release already exist")
-	ErrReleaseNotExist     = errors.New("Release does not exist")
+	"github.com/gogits/gogs/modules/process"
 )

 // Release represents a release of repository.
 type Release struct {
-	Id               int64
-	RepoId           int64
-	PublisherId      int64
+	ID               int64 `xorm:"pk autoincr"`
+	RepoID           int64
+	PublisherID      int64
 	Publisher        *User `xorm:"-"`
 	TagName          string
 	LowerTagName     string
@@ -47,12 +43,16 @@ func (r *Release) AfterSet(colName string, _ xorm.Cell) {
 }

 // IsReleaseExist returns true if release with given tag name already exists.
-func IsReleaseExist(repoId int64, tagName string) (bool, error) {
+func IsReleaseExist(repoID int64, tagName string) (bool, error) {
 	if len(tagName) == 0 {
 		return false, nil
 	}

-	return x.Get(&Release{RepoId: repoId, LowerTagName: strings.ToLower(tagName)})
+	return x.Get(&Release{RepoID: repoID, LowerTagName: strings.ToLower(tagName)})
+}
+
+func init() {
+	git.GetVersion()
 }

 func createTag(gitRepo *git.Repository, rel *Release) error {
@@ -64,7 +64,7 @@ func createTag(gitRepo *git.Repository, rel *Release) error {
 				return err
 			}

-			if err = gitRepo.CreateTag(rel.TagName, commit.Id.String()); err != nil {
+			if err = gitRepo.CreateTag(rel.TagName, commit.ID.String()); err != nil {
 				return err
 			}
 		} else {
@@ -84,11 +84,11 @@ func createTag(gitRepo *git.Repository, rel *Release) error {

 // CreateRelease creates a new release of repository.
 func CreateRelease(gitRepo *git.Repository, rel *Release) error {
-	isExist, err := IsReleaseExist(rel.RepoId, rel.TagName)
+	isExist, err := IsReleaseExist(rel.RepoID, rel.TagName)
 	if err != nil {
 		return err
 	} else if isExist {
-		return ErrReleaseAlreadyExist
+		return ErrReleaseAlreadyExist{rel.TagName}
 	}

 	if err = createTag(gitRepo, rel); err != nil {
@@ -100,22 +100,35 @@ func CreateRelease(gitRepo *git.Repository, rel *Release) error {
 }

 // GetRelease returns release by given ID.
-func GetRelease(repoId int64, tagName string) (*Release, error) {
-	isExist, err := IsReleaseExist(repoId, tagName)
+func GetRelease(repoID int64, tagName string) (*Release, error) {
+	isExist, err := IsReleaseExist(repoID, tagName)
 	if err != nil {
 		return nil, err
 	} else if !isExist {
-		return nil, ErrReleaseNotExist
+		return nil, ErrReleaseNotExist{0, tagName}
 	}

-	rel := &Release{RepoId: repoId, LowerTagName: strings.ToLower(tagName)}
+	rel := &Release{RepoID: repoID, LowerTagName: strings.ToLower(tagName)}
 	_, err = x.Get(rel)
 	return rel, err
 }

-// GetReleasesByRepoId returns a list of releases of repository.
-func GetReleasesByRepoId(repoId int64) (rels []*Release, err error) {
-	err = x.Desc("created").Find(&rels, Release{RepoId: repoId})
+// GetReleaseByID returns release with given ID.
+func GetReleaseByID(id int64) (*Release, error) {
+	rel := new(Release)
+	has, err := x.Id(id).Get(rel)
+	if err != nil {
+		return nil, err
+	} else if !has {
+		return nil, ErrReleaseNotExist{id, ""}
+	}
+
+	return rel, nil
+}
+
+// GetReleasesByRepoID returns a list of releases of repository.
+func GetReleasesByRepoID(repoID int64) (rels []*Release, err error) {
+	err = x.Desc("created").Find(&rels, Release{RepoID: repoID})
 	return rels, err
 }

@@ -150,6 +163,32 @@ func UpdateRelease(gitRepo *git.Repository, rel *Release) (err error) {
 	if err = createTag(gitRepo, rel); err != nil {
 		return err
 	}
-	_, err = x.Id(rel.Id).AllCols().Update(rel)
+	_, err = x.Id(rel.ID).AllCols().Update(rel)
 	return err
 }
+
+// DeleteReleaseByID deletes a release and corresponding Git tag by given ID.
+func DeleteReleaseByID(id int64) error {
+	rel, err := GetReleaseByID(id)
+	if err != nil {
+		return fmt.Errorf("GetReleaseByID: %v", err)
+	}
+
+	repo, err := GetRepositoryByID(rel.RepoID)
+	if err != nil {
+		return fmt.Errorf("GetRepositoryByID: %v", err)
+	}
+
+	_, stderr, err := process.ExecDir(-1, repo.RepoPath(),
+		fmt.Sprintf("DeleteReleaseByID (git tag -d): %d", rel.ID),
+		"git", "tag", "-d", rel.TagName)
+	if err != nil && !strings.Contains(stderr, "not found") {
+		return fmt.Errorf("git tag -d: %v - %s", err, stderr)
+	}
+
+	if _, err = x.Id(rel.ID).Delete(new(Release)); err != nil {
+		return fmt.Errorf("Delete: %v", err)
+	}
+
+	return nil
+}
--- a/models/repo.go
+++ b/models/repo.go
@@ -17,16 +17,21 @@ import (
 	"regexp"
 	"sort"
 	"strings"
+	"sync"
 	"time"
 	"unicode/utf8"

 	"github.com/Unknwon/cae/zip"
 	"github.com/Unknwon/com"
 	"github.com/go-xorm/xorm"
+	"github.com/mcuadros/go-version"
+	"gopkg.in/ini.v1"
+
+	"github.com/gogits/git-shell"
+	api "github.com/gogits/go-gogs-client"

 	"github.com/gogits/gogs/modules/base"
 	"github.com/gogits/gogs/modules/bindata"
-	"github.com/gogits/gogs/modules/git"
 	"github.com/gogits/gogs/modules/log"
 	"github.com/gogits/gogs/modules/process"
 	"github.com/gogits/gogs/modules/setting"
@@ -46,6 +51,9 @@ var (

 var (
 	Gitignores, Licenses, Readmes []string
+
+	// Maximum items per page in forks, watchers and stars of a repo
+	ItemsPerPage = 40
 )

 func LoadRepoConfig() {
@@ -90,16 +98,13 @@ func NewRepoContext() {
 	}

 	// Check Git version.
-	ver, err := git.GetVersion()
+	gitVer, err := git.Version()
 	if err != nil {
 		log.Fatal(4, "Fail to get Git version: %v", err)
 	}

-	reqVer, err := git.ParseVersion("1.7.1")
-	if err != nil {
-		log.Fatal(4, "Fail to parse required Git version: %v", err)
-	}
-	if ver.LessThan(reqVer) {
+	log.Info("Git Version: %s", gitVer)
+	if version.Compare("1.7.1", gitVer, ">") {
 		log.Fatal(4, "Gogs requires Git version greater or equal to 1.7.1")
 	}

@@ -157,6 +162,14 @@ type Repository struct {
 	IsMirror bool
 	*Mirror  `xorm:"-"`

+	// Advanced settings
+	EnableWiki            bool `xorm:"NOT NULL DEFAULT true"`
+	EnableIssues          bool `xorm:"NOT NULL DEFAULT true"`
+	EnableExternalTracker bool
+	ExternalTrackerFormat string
+	ExternalMetas         map[string]string `xorm:"-"`
+	EnablePulls           bool              `xorm:"NOT NULL DEFAULT true"`
+
 	IsFork   bool `xorm:"NOT NULL DEFAULT false"`
 	ForkID   int64
 	BaseRepo *Repository `xorm:"-"`
@@ -179,9 +192,11 @@ func (repo *Repository) AfterSet(colName string, _ xorm.Cell) {
 }

 func (repo *Repository) getOwner(e Engine) (err error) {
-	if repo.Owner == nil {
-		repo.Owner, err = getUserByID(e, repo.OwnerID)
+	if repo.Owner != nil {
+		return nil
 	}
+
+	repo.Owner, err = getUserByID(e, repo.OwnerID)
 	return err
 }

@@ -189,6 +204,39 @@ func (repo *Repository) GetOwner() error {
 	return repo.getOwner(x)
 }

+func (repo *Repository) mustOwner(e Engine) *User {
+	if err := repo.getOwner(e); err != nil {
+		return &User{
+			Name:     "error",
+			FullName: err.Error(),
+		}
+	}
+
+	return repo.Owner
+}
+
+// MustOwner always returns a valid *User object to avoid
+// conceptually impossible error handling.
+// It creates a fake object that contains error deftail
+// when error occurs.
+func (repo *Repository) MustOwner() *User {
+	return repo.mustOwner(x)
+}
+
+// ComposeMetas composes a map of metas for rendering external issue tracker URL.
+func (repo *Repository) ComposeMetas() map[string]string {
+	if !repo.EnableExternalTracker {
+		return nil
+	} else if repo.ExternalMetas == nil {
+		repo.ExternalMetas = map[string]string{
+			"format": repo.ExternalTrackerFormat,
+			"user":   repo.MustOwner().Name,
+			"repo":   repo.Name,
+		}
+	}
+	return repo.ExternalMetas
+}
+
 // GetAssignees returns all users that have write access of repository.
 func (repo *Repository) GetAssignees() (_ []*User, err error) {
 	if err = repo.GetOwner(); err != nil {
@@ -245,22 +293,16 @@ func (repo *Repository) GetBaseRepo() (err error) {
 	return err
 }

-func (repo *Repository) repoPath(e Engine) (string, error) {
-	if err := repo.getOwner(e); err != nil {
-		return "", err
-	}
-	return RepoPath(repo.Owner.Name, repo.Name), nil
+func (repo *Repository) repoPath(e Engine) string {
+	return RepoPath(repo.mustOwner(e).Name, repo.Name)
 }

-func (repo *Repository) RepoPath() (string, error) {
+func (repo *Repository) RepoPath() string {
 	return repo.repoPath(x)
 }

-func (repo *Repository) RepoLink() (string, error) {
-	if err := repo.GetOwner(); err != nil {
-		return "", err
-	}
-	return setting.AppSubUrl + "/" + repo.Owner.Name + "/" + repo.Name, nil
+func (repo *Repository) RepoLink() string {
+	return setting.AppSubUrl + "/" + repo.MustOwner().Name + "/" + repo.Name
 }

 func (repo *Repository) HasAccess(u *User) bool {
@@ -293,6 +335,73 @@ func (repo *Repository) DescriptionHtml() template.HTML {
 	return template.HTML(DescPattern.ReplaceAllStringFunc(base.Sanitizer.Sanitize(repo.Description), sanitize))
 }

+func (repo *Repository) LocalCopyPath() string {
+	return path.Join(setting.AppDataPath, "tmp/local", com.ToStr(repo.ID))
+}
+
+func updateLocalCopy(repoPath, localPath string) error {
+	if !com.IsExist(localPath) {
+		if err := git.Clone(repoPath, localPath); err != nil {
+			return fmt.Errorf("Clone: %v", err)
+		}
+	} else {
+		if err := git.Pull(localPath, true); err != nil {
+			return fmt.Errorf("Pull: %v", err)
+		}
+	}
+	return nil
+}
+
+// UpdateLocalCopy makes sure the local copy of repository is up-to-date.
+func (repo *Repository) UpdateLocalCopy() error {
+	return updateLocalCopy(repo.RepoPath(), repo.LocalCopyPath())
+}
+
+// PatchPath returns corresponding patch file path of repository by given issue ID.
+func (repo *Repository) PatchPath(index int64) (string, error) {
+	if err := repo.GetOwner(); err != nil {
+		return "", err
+	}
+
+	return filepath.Join(RepoPath(repo.Owner.Name, repo.Name), "pulls", com.ToStr(index)+".patch"), nil
+}
+
+// SavePatch saves patch data to corresponding location by given issue ID.
+func (repo *Repository) SavePatch(index int64, patch []byte) error {
+	patchPath, err := repo.PatchPath(index)
+	if err != nil {
+		return fmt.Errorf("PatchPath: %v", err)
+	}
+
+	os.MkdirAll(filepath.Dir(patchPath), os.ModePerm)
+	if err = ioutil.WriteFile(patchPath, patch, 0644); err != nil {
+		return fmt.Errorf("WriteFile: %v", err)
+	}
+
+	return nil
+}
+
+// ComposePayload composes and returns *api.PayloadRepo corresponding to the repository.
+func (repo *Repository) ComposePayload() *api.PayloadRepo {
+	cl := repo.CloneLink()
+	return &api.PayloadRepo{
+		ID:          repo.ID,
+		Name:        repo.LowerName,
+		URL:         repo.RepoLink(),
+		SSHURL:      cl.SSH,
+		CloneURL:    cl.HTTPS,
+		Description: repo.Description,
+		Website:     repo.Website,
+		Watchers:    repo.NumWatches,
+		Owner: &api.PayloadAuthor{
+			Name:     repo.MustOwner().DisplayName(),
+			Email:    repo.MustOwner().Email,
+			UserName: repo.MustOwner().Name,
+		},
+		Private: repo.IsPrivate,
+	}
+}
+
 func isRepositoryExist(e Engine, u *User, repoName string) (bool, error) {
 	has, err := e.Get(&Repository{
 		OwnerID:   u.Id,
@@ -313,24 +422,31 @@ type CloneLink struct {
 	Git   string
 }

-// CloneLink returns clone URLs of repository.
-func (repo *Repository) CloneLink() (cl CloneLink, err error) {
-	if err = repo.GetOwner(); err != nil {
-		return cl, err
+func (repo *Repository) cloneLink(isWiki bool) *CloneLink {
+	repoName := repo.Name
+	if isWiki {
+		repoName += ".wiki"
 	}

+	repo.Owner = repo.MustOwner()
+	cl := new(CloneLink)
 	if setting.SSHPort != 22 {
-		cl.SSH = fmt.Sprintf("ssh://%s@%s:%d/%s/%s.git", setting.RunUser, setting.SSHDomain, setting.SSHPort, repo.Owner.LowerName, repo.LowerName)
+		cl.SSH = fmt.Sprintf("ssh://%s@%s:%d/%s/%s.git", setting.RunUser, setting.SSHDomain, setting.SSHPort, repo.Owner.Name, repoName)
 	} else {
-		cl.SSH = fmt.Sprintf("%s@%s:%s/%s.git", setting.RunUser, setting.SSHDomain, repo.Owner.LowerName, repo.LowerName)
+		cl.SSH = fmt.Sprintf("%s@%s:%s/%s.git", setting.RunUser, setting.SSHDomain, repo.Owner.Name, repoName)
 	}
-	cl.HTTPS = fmt.Sprintf("%s%s/%s.git", setting.AppUrl, repo.Owner.LowerName, repo.LowerName)
-	return cl, nil
+	cl.HTTPS = fmt.Sprintf("%s%s/%s.git", setting.AppUrl, repo.Owner.Name, repoName)
+	return cl
+}
+
+// CloneLink returns clone URLs of repository.
+func (repo *Repository) CloneLink() (cl *CloneLink) {
+	return repo.cloneLink(false)
 }

 var (
 	reservedNames    = []string{"debug", "raw", "install", "api", "avatar", "user", "org", "help", "stars", "issues", "pulls", "commits", "repo", "template", "admin", "new"}
-	reservedPatterns = []string{"*.git", "*.keys"}
+	reservedPatterns = []string{"*.git", "*.keys", "*.wiki"}
 )

 // IsUsableName checks if name is reserved or pattern of name is not allowed.
@@ -402,6 +518,11 @@ func UpdateMirror(m *Mirror) error {
 	return updateMirror(x, m)
 }

+func createUpdateHook(repoPath string) error {
+	return git.SetUpdateHook(repoPath,
+		fmt.Sprintf(_TPL_UPDATE_HOOK, setting.ScriptType, "\""+setting.AppPath+"\"", setting.CustomConf))
+}
+
 // MirrorRepository creates a mirror repository from source.
 func MirrorRepository(repoId int64, userName, repoName, repoPath, url string) error {
 	_, stderr, err := process.ExecTimeout(10*time.Minute,
@@ -421,13 +542,21 @@ func MirrorRepository(repoId int64, userName, repoName, repoPath, url string) er
 	return nil
 }

+type MigrateRepoOptions struct {
+	Name        string
+	Description string
+	IsPrivate   bool
+	IsMirror    bool
+	RemoteAddr  string
+}
+
 // MigrateRepository migrates a existing repository from other project hosting.
-func MigrateRepository(u *User, name, desc string, private, mirror bool, url string) (*Repository, error) {
+func MigrateRepository(u *User, opts MigrateRepoOptions) (*Repository, error) {
 	repo, err := CreateRepository(u, CreateRepoOptions{
-		Name:        name,
-		Description: desc,
-		IsPrivate:   private,
-		IsMirror:    mirror,
+		Name:        opts.Name,
+		Description: opts.Description,
+		IsPrivate:   opts.IsPrivate,
+		IsMirror:    opts.IsMirror,
 	})
 	if err != nil {
 		return nil, err
@@ -437,7 +566,7 @@ func MigrateRepository(u *User, name, desc string, private, mirror bool, url str
 	tmpDir := filepath.Join(os.TempDir(), fmt.Sprintf("%d", time.Now().Nanosecond()))
 	os.MkdirAll(tmpDir, os.ModePerm)

-	repoPath := RepoPath(u.Name, name)
+	repoPath := RepoPath(u.Name, opts.Name)

 	if u.IsOrganization() {
 		t, err := u.GetOwnerTeam()
@@ -450,8 +579,8 @@ func MigrateRepository(u *User, name, desc string, private, mirror bool, url str
 	}

 	repo.IsBare = false
-	if mirror {
-		if err = MirrorRepository(repo.ID, u.Name, repo.Name, repoPath, url); err != nil {
+	if opts.IsMirror {
+		if err = MirrorRepository(repo.ID, u.Name, repo.Name, repoPath, opts.RemoteAddr); err != nil {
 			return repo, err
 		}
 		repo.IsMirror = true
@@ -463,13 +592,24 @@ func MigrateRepository(u *User, name, desc string, private, mirror bool, url str
 	// FIXME: this command could for both migrate and mirror
 	_, stderr, err := process.ExecTimeout(10*time.Minute,
 		fmt.Sprintf("MigrateRepository: %s", repoPath),
-		"git", "clone", "--mirror", "--bare", "--quiet", url, repoPath)
+		"git", "clone", "--mirror", "--bare", "--quiet", opts.RemoteAddr, repoPath)
 	if err != nil {
 		return repo, fmt.Errorf("git clone --mirror --bare --quiet: %v", stderr)
 	} else if err = createUpdateHook(repoPath); err != nil {
 		return repo, fmt.Errorf("create update hook: %v", err)
 	}

+	// Clean up mirror info which prevents "push --all".
+	configPath := filepath.Join(repoPath, "/config")
+	cfg, err := ini.Load(configPath)
+	if err != nil {
+		return repo, fmt.Errorf("open config file: %v", err)
+	}
+	cfg.DeleteSection("remote \"origin\"")
+	if err = cfg.SaveToIndent(configPath, "\t"); err != nil {
+		return repo, fmt.Errorf("save config file: %v", err)
+	}
+
 	// Check if repository is empty.
 	_, stderr, err = com.ExecCmdDir(repoPath, "git", "log", "-1")
 	if err != nil {
@@ -480,13 +620,19 @@ func MigrateRepository(u *User, name, desc string, private, mirror bool, url str
 		}
 	}

-	// Check if repository has master branch, if so set it to default branch.
+	// Try to get HEAD branch and set it as default branch.
 	gitRepo, err := git.OpenRepository(repoPath)
 	if err != nil {
-		return repo, fmt.Errorf("open git repository: %v", err)
+		log.Error(4, "OpenRepository: %v", err)
+		return repo, nil
 	}
-	if gitRepo.IsBranchExist("master") {
-		repo.DefaultBranch = "master"
+	headBranch, err := gitRepo.GetHEADBranch()
+	if err != nil {
+		log.Error(4, "GetHEADBranch: %v", err)
+		return repo, nil
+	}
+	if headBranch != nil {
+		repo.DefaultBranch = headBranch.Name
 	}

 	return repo, UpdateRepository(repo, false)
@@ -496,33 +642,26 @@ func MigrateRepository(u *User, name, desc string, private, mirror bool, url str
 func initRepoCommit(tmpPath string, sig *git.Signature) (err error) {
 	var stderr string
 	if _, stderr, err = process.ExecDir(-1,
-		tmpPath, fmt.Sprintf("initRepoCommit(git add): %s", tmpPath),
+		tmpPath, fmt.Sprintf("initRepoCommit (git add): %s", tmpPath),
 		"git", "add", "--all"); err != nil {
 		return fmt.Errorf("git add: %s", stderr)
 	}

 	if _, stderr, err = process.ExecDir(-1,
-		tmpPath, fmt.Sprintf("initRepoCommit(git commit): %s", tmpPath),
+		tmpPath, fmt.Sprintf("initRepoCommit (git commit): %s", tmpPath),
 		"git", "commit", fmt.Sprintf("--author='%s <%s>'", sig.Name, sig.Email),
 		"-m", "initial commit"); err != nil {
 		return fmt.Errorf("git commit: %s", stderr)
 	}

 	if _, stderr, err = process.ExecDir(-1,
-		tmpPath, fmt.Sprintf("initRepoCommit(git push): %s", tmpPath),
+		tmpPath, fmt.Sprintf("initRepoCommit (git push): %s", tmpPath),
 		"git", "push", "origin", "master"); err != nil {
 		return fmt.Errorf("git push: %s", stderr)
 	}
 	return nil
 }

-func createUpdateHook(repoPath string) error {
-	hookPath := path.Join(repoPath, "hooks/update")
-	os.MkdirAll(path.Dir(hookPath), os.ModePerm)
-	return ioutil.WriteFile(hookPath,
-		[]byte(fmt.Sprintf(_TPL_UPDATE_HOOK, setting.ScriptType, "\""+appPath+"\"", setting.CustomConf)), 0777)
-}
-
 type CreateRepoOptions struct {
 	Name        string
 	Description string
@@ -559,10 +698,7 @@ func prepareRepoCommit(repo *Repository, tmpDir, repoPath string, opts CreateRep
 		return fmt.Errorf("getRepoInitFile[%s]: %v", opts.Readme, err)
 	}

-	cloneLink, err := repo.CloneLink()
-	if err != nil {
-		return fmt.Errorf("CloneLink: %v", err)
-	}
+	cloneLink := repo.CloneLink()
 	match := map[string]string{
 		"Name":           repo.Name,
 		"Description":    repo.Description,
@@ -611,22 +747,17 @@ func prepareRepoCommit(repo *Repository, tmpDir, repoPath string, opts CreateRep
 }

 // InitRepository initializes README and .gitignore if needed.
-func initRepository(e Engine, repoPath string, u *User, repo *Repository, opts CreateRepoOptions) error {
+func initRepository(e Engine, repoPath string, u *User, repo *Repository, opts CreateRepoOptions) (err error) {
 	// Somehow the directory could exist.
 	if com.IsExist(repoPath) {
 		return fmt.Errorf("initRepository: path already exists: %s", repoPath)
 	}

 	// Init bare new repository.
-	os.MkdirAll(repoPath, os.ModePerm)
-	_, stderr, err := process.ExecDir(-1, repoPath,
-		fmt.Sprintf("initRepository(git init --bare): %s", repoPath), "git", "init", "--bare")
-	if err != nil {
-		return fmt.Errorf("git init --bare: %v - %s", err, stderr)
-	}
-
-	if err := createUpdateHook(repoPath); err != nil {
-		return err
+	if err = git.InitRepository(repoPath, true); err != nil {
+		return fmt.Errorf("InitRepository: %v", err)
+	} else if err = createUpdateHook(repoPath); err != nil {
+		return fmt.Errorf("createUpdateHook: %v", err)
 	}

 	tmpDir := filepath.Join(os.TempDir(), "gogs-"+repo.Name+"-"+com.ToStr(time.Now().Nanosecond()))
@@ -714,12 +845,15 @@ func createRepository(e *xorm.Session, u *User, repo *Repository) (err error) {
 // CreateRepository creates a repository for given user or organization.
 func CreateRepository(u *User, opts CreateRepoOptions) (_ *Repository, err error) {
 	repo := &Repository{
-		OwnerID:     u.Id,
-		Owner:       u,
-		Name:        opts.Name,
-		LowerName:   strings.ToLower(opts.Name),
-		Description: opts.Description,
-		IsPrivate:   opts.IsPrivate,
+		OwnerID:      u.Id,
+		Owner:        u,
+		Name:         opts.Name,
+		LowerName:    strings.ToLower(opts.Name),
+		Description:  opts.Description,
+		IsPrivate:    opts.IsPrivate,
+		EnableWiki:   true,
+		EnableIssues: true,
+		EnablePulls:  true,
 	}

 	sess := x.NewSession()
@@ -831,9 +965,9 @@ func TransferOwnership(u *User, newOwnerName string, repo *Repository) error {
 	}

 	// Remove redundant collaborators.
-	collaborators, err := repo.GetCollaborators()
+	collaborators, err := repo.getCollaborators(sess)
 	if err != nil {
-		return fmt.Errorf("GetCollaborators: %v", err)
+		return fmt.Errorf("getCollaborators: %v", err)
 	}

 	// Dummy object.
@@ -869,9 +1003,9 @@ func TransferOwnership(u *User, newOwnerName string, repo *Repository) error {
 	}

 	if newOwner.IsOrganization() {
-		t, err := newOwner.GetOwnerTeam()
+		t, err := newOwner.getOwnerTeam(sess)
 		if err != nil {
-			return fmt.Errorf("GetOwnerTeam: %v", err)
+			return fmt.Errorf("getOwnerTeam: %v", err)
 		} else if err = t.addRepository(sess, repo); err != nil {
 			return fmt.Errorf("add to owner team: %v", err)
 		}
@@ -897,7 +1031,14 @@ func TransferOwnership(u *User, newOwnerName string, repo *Repository) error {

 	// Change repository directory name.
 	if err = os.Rename(RepoPath(owner.Name, repo.Name), RepoPath(newOwner.Name, repo.Name)); err != nil {
-		return fmt.Errorf("rename directory: %v", err)
+		return fmt.Errorf("rename repository directory: %v", err)
+	}
+
+	wikiPath := WikiPath(owner.Name, repo.Name)
+	if com.IsExist(wikiPath) {
+		if err = os.Rename(wikiPath, WikiPath(newOwner.Name, repo.Name)); err != nil {
+			return fmt.Errorf("rename repository wiki: %v", err)
+		}
 	}

 	return sess.Commit()
@@ -919,7 +1060,18 @@ func ChangeRepositoryName(u *User, oldRepoName, newRepoName string) (err error)
 	}

 	// Change repository directory name.
-	return os.Rename(RepoPath(u.LowerName, oldRepoName), RepoPath(u.LowerName, newRepoName))
+	if err = os.Rename(RepoPath(u.Name, oldRepoName), RepoPath(u.Name, newRepoName)); err != nil {
+		return fmt.Errorf("rename repository directory: %v", err)
+	}
+
+	wikiPath := WikiPath(u.Name, oldRepoName)
+	if com.IsExist(wikiPath) {
+		if err = os.Rename(wikiPath, WikiPath(u.Name, newRepoName)); err != nil {
+			return fmt.Errorf("rename repository wiki: %v", err)
+		}
+	}
+
+	return nil
 }

 func getRepositoriesByForkID(e Engine, forkID int64) ([]*Repository, error) {
@@ -950,13 +1102,11 @@ func updateRepository(e Engine, repo *Repository, visibilityChanged bool) (err e
 		if err = repo.getOwner(e); err != nil {
 			return fmt.Errorf("getOwner: %v", err)
 		}
-		if !repo.Owner.IsOrganization() {
-			return nil
-		}
-
-		// Organization repository need to recalculate access table when visivility is changed.
-		if err = repo.recalculateTeamAccesses(e, 0); err != nil {
-			return fmt.Errorf("recalculateTeamAccesses: %v", err)
+		if repo.Owner.IsOrganization() {
+			// Organization repository need to recalculate access table when visivility is changed.
+			if err = repo.recalculateTeamAccesses(e, 0); err != nil {
+				return fmt.Errorf("recalculateTeamAccesses: %v", err)
+			}
 		}

 		forkRepos, err := getRepositoriesByForkID(e, repo.ID)
@@ -1025,26 +1175,20 @@ func DeleteRepository(uid, repoID int64) error {
 		}
 	}

-	if _, err = sess.Delete(&Repository{ID: repoID}); err != nil {
-		return err
-	} else if _, err = sess.Delete(&Access{RepoID: repo.ID}); err != nil {
-		return err
-	} else if _, err = sess.Delete(&Action{RepoID: repo.ID}); err != nil {
-		return err
-	} else if _, err = sess.Delete(&Watch{RepoID: repoID}); err != nil {
-		return err
-	} else if _, err = sess.Delete(&Mirror{RepoID: repoID}); err != nil {
-		return err
-	} else if _, err = sess.Delete(&IssueUser{RepoID: repoID}); err != nil {
-		return err
-	} else if _, err = sess.Delete(&Milestone{RepoID: repoID}); err != nil {
-		return err
-	} else if _, err = sess.Delete(&Release{RepoId: repoID}); err != nil {
-		return err
-	} else if _, err = sess.Delete(&Collaboration{RepoID: repoID}); err != nil {
-		return err
-	} else if _, err = sess.Delete(&PullRequest{BaseRepoID: repoID}); err != nil {
-		return err
+	if err = deleteBeans(sess,
+		&Repository{ID: repoID},
+		&Access{RepoID: repo.ID},
+		&Action{RepoID: repo.ID},
+		&Watch{RepoID: repoID},
+		&Star{RepoID: repoID},
+		&Mirror{RepoID: repoID},
+		&IssueUser{RepoID: repoID},
+		&Milestone{RepoID: repoID},
+		&Release{RepoID: repoID},
+		&Collaboration{RepoID: repoID},
+		&PullRequest{BaseRepoID: repoID},
+	); err != nil {
+		return fmt.Errorf("deleteBeans: %v", err)
 	}

 	// Delete comments and attachments.
@@ -1086,15 +1230,21 @@ func DeleteRepository(uid, repoID int64) error {
 	}

 	// Remove repository files.
-	repoPath, err := repo.repoPath(sess)
-	if err != nil {
-		return fmt.Errorf("RepoPath: %v", err)
-	}
+	repoPath := repo.repoPath(sess)
 	if err = os.RemoveAll(repoPath); err != nil {
-		desc := fmt.Sprintf("delete repository files[%s]: %v", repoPath, err)
+		desc := fmt.Sprintf("delete repository files [%s]: %v", repoPath, err)
 		log.Warn(desc)
 		if err = CreateRepositoryNotice(desc); err != nil {
-			log.Error(4, "add notice: %v", err)
+			log.Error(4, "CreateRepositoryNotice: %v", err)
+		}
+	}
+
+	wikiPath := repo.WikiPath()
+	if err = os.RemoveAll(wikiPath); err != nil {
+		desc := fmt.Sprintf("delete repository wiki [%s]: %v", wikiPath, err)
+		log.Warn(desc)
+		if err = CreateRepositoryNotice(desc); err != nil {
+			log.Error(4, "CreateRepositoryNotice: %v", err)
 		}
 	}

@@ -1237,39 +1387,99 @@ func DeleteRepositoryArchives() error {
 	return x.Where("id > 0").Iterate(new(Repository),
 		func(idx int, bean interface{}) error {
 			repo := bean.(*Repository)
-			if err := repo.GetOwner(); err != nil {
-				return err
-			}
-			return os.RemoveAll(filepath.Join(RepoPath(repo.Owner.Name, repo.Name), "archives"))
+			return os.RemoveAll(filepath.Join(repo.RepoPath(), "archives"))
 		})
 }

+// DeleteMissingRepositories deletes all repository records that lost Git files.
+func DeleteMissingRepositories() error {
+	repos := make([]*Repository, 0, 5)
+	if err := x.Where("id > 0").Iterate(new(Repository),
+		func(idx int, bean interface{}) error {
+			repo := bean.(*Repository)
+			if !com.IsDir(repo.RepoPath()) {
+				repos = append(repos, repo)
+			}
+			return nil
+		}); err != nil {
+		if err2 := CreateRepositoryNotice(fmt.Sprintf("DeleteMissingRepositories: %v", err)); err2 != nil {
+			log.Error(4, "CreateRepositoryNotice: %v", err2)
+		}
+		return nil
+	}
+
+	if len(repos) == 0 {
+		return nil
+	}
+
+	for _, repo := range repos {
+		log.Trace("Deleting %d/%d...", repo.OwnerID, repo.ID)
+		if err := DeleteRepository(repo.OwnerID, repo.ID); err != nil {
+			if err2 := CreateRepositoryNotice(fmt.Sprintf("DeleteRepository [%d]: %v", repo.ID, err)); err2 != nil {
+				log.Error(4, "CreateRepositoryNotice: %v", err2)
+			}
+		}
+	}
+	return nil
+}
+
 // RewriteRepositoryUpdateHook rewrites all repositories' update hook.
 func RewriteRepositoryUpdateHook() error {
 	return x.Where("id > 0").Iterate(new(Repository),
 		func(idx int, bean interface{}) error {
 			repo := bean.(*Repository)
-			if err := repo.GetOwner(); err != nil {
-				return err
-			}
-			return createUpdateHook(RepoPath(repo.Owner.Name, repo.Name))
+			return createUpdateHook(repo.RepoPath())
 		})
 }

-var (
-	// Prevent duplicate running tasks.
-	isMirrorUpdating = false
-	isGitFscking     = false
-	isCheckingRepos  = false
+// statusPool represents a pool of status with true/false.
+type statusPool struct {
+	lock sync.RWMutex
+	pool map[string]bool
+}
+
+// Start sets value of given name to true in the pool.
+func (p *statusPool) Start(name string) {
+	p.lock.Lock()
+	defer p.lock.Unlock()
+
+	p.pool[name] = true
+}
+
+// Stop sets value of given name to false in the pool.
+func (p *statusPool) Stop(name string) {
+	p.lock.Lock()
+	defer p.lock.Unlock()
+
+	p.pool[name] = false
+}
+
+// IsRunning checks if value of given name is set to true in the pool.
+func (p *statusPool) IsRunning(name string) bool {
+	p.lock.RLock()
+	defer p.lock.RUnlock()
+
+	return p.pool[name]
+}
+
+// Prevent duplicate running tasks.
+var taskStatusPool = &statusPool{
+	pool: make(map[string]bool),
+}
+
+const (
+	_MIRROR_UPDATE = "mirror_update"
+	_GIT_FSCK      = "git_fsck"
+	_CHECK_REPOs   = "check_repos"
 )

 // MirrorUpdate checks and updates mirror repositories.
 func MirrorUpdate() {
-	if isMirrorUpdating {
+	if taskStatusPool.IsRunning(_MIRROR_UPDATE) {
 		return
 	}
-	isMirrorUpdating = true
-	defer func() { isMirrorUpdating = false }()
+	taskStatusPool.Start(_MIRROR_UPDATE)
+	defer taskStatusPool.Stop(_MIRROR_UPDATE)

 	log.Trace("Doing: MirrorUpdate")

@@ -1285,11 +1495,7 @@ func MirrorUpdate() {
 			return nil
 		}

-		repoPath, err := m.Repo.RepoPath()
-		if err != nil {
-			return fmt.Errorf("Repo.RepoPath: %v", err)
-		}
-
+		repoPath := m.Repo.RepoPath()
 		if _, stderr, err := process.ExecDir(10*time.Minute,
 			repoPath, fmt.Sprintf("MirrorUpdate: %s", repoPath),
 			"git", "remote", "update", "--prune"); err != nil {
@@ -1317,11 +1523,11 @@ func MirrorUpdate() {

 // GitFsck calls 'git fsck' to check repository health.
 func GitFsck() {
-	if isGitFscking {
+	if taskStatusPool.IsRunning(_GIT_FSCK) {
 		return
 	}
-	isGitFscking = true
-	defer func() { isGitFscking = false }()
+	taskStatusPool.Start(_GIT_FSCK)
+	defer taskStatusPool.Stop(_GIT_FSCK)

 	log.Trace("Doing: GitFsck")

@@ -1329,12 +1535,8 @@ func GitFsck() {
 	if err := x.Where("id>0").Iterate(new(Repository),
 		func(idx int, bean interface{}) error {
 			repo := bean.(*Repository)
-			repoPath, err := repo.RepoPath()
-			if err != nil {
-				return fmt.Errorf("RepoPath: %v", err)
-			}
-
-			_, _, err = process.ExecDir(-1, repoPath, "Repository health check", "git", args...)
+			repoPath := repo.RepoPath()
+			_, _, err := process.ExecDir(-1, repoPath, "Repository health check", "git", args...)
 			if err != nil {
 				desc := fmt.Sprintf("Fail to health check repository(%s)", repoPath)
 				log.Warn(desc)
@@ -1386,11 +1588,11 @@ func repoStatsCheck(checker *repoChecker) {
 }

 func CheckRepoStats() {
-	if isCheckingRepos {
+	if taskStatusPool.IsRunning(_CHECK_REPOs) {
 		return
 	}
-	isCheckingRepos = true
-	defer func() { isCheckingRepos = false }()
+	taskStatusPool.Start(_CHECK_REPOs)
+	defer taskStatusPool.Stop(_CHECK_REPOs)

 	log.Trace("Doing: CheckRepoStats")

@@ -1419,12 +1621,18 @@ func CheckRepoStats() {
 			"UPDATE `user` SET num_repos=(SELECT COUNT(*) FROM `repository` WHERE owner_id=?) WHERE id=?",
 			"user count 'num_repos'",
 		},
+		// Issue.NumComments
+		{
+			"SELECT `issue`.id FROM `issue` WHERE `issue`.num_comments!=(SELECT COUNT(*) FROM `comment` WHERE issue_id=`issue`.id AND type=0)",
+			"UPDATE `issue` SET num_comments=(SELECT COUNT(*) FROM `comment` WHERE issue_id=? AND type=0) WHERE id=?",
+			"issue count 'num_comments'",
+		},
 	}
 	for i := range checkers {
 		repoStatsCheck(checkers[i])
 	}

-	// FIXME: use checker when v0.8, stop supporting old fork repo format.
+	// FIXME: use checker when v0.9, stop supporting old fork repo format.
 	// ***** START: Repository.NumForks *****
 	results, err := x.Query("SELECT repo.id FROM `repository` repo WHERE repo.num_forks!=(SELECT COUNT(*) FROM `repository` WHERE fork_id=repo.id)")
 	if err != nil {
@@ -1569,15 +1777,19 @@ type Watch struct {
 	RepoID int64 `xorm:"UNIQUE(watch)"`
 }

+func isWatching(e Engine, uid, repoId int64) bool {
+	has, _ := e.Get(&Watch{0, uid, repoId})
+	return has
+}
+
 // IsWatching checks if user has watched given repository.
 func IsWatching(uid, repoId int64) bool {
-	has, _ := x.Get(&Watch{0, uid, repoId})
-	return has
+	return isWatching(x, uid, repoId)
 }

 func watchRepo(e Engine, uid, repoId int64, watch bool) (err error) {
 	if watch {
-		if IsWatching(uid, repoId) {
+		if isWatching(e, uid, repoId) {
 			return nil
 		}
 		if _, err = e.Insert(&Watch{RepoID: repoId, UserID: uid}); err != nil {
@@ -1585,7 +1797,7 @@ func watchRepo(e Engine, uid, repoId int64, watch bool) (err error) {
 		}
 		_, err = e.Exec("UPDATE `repository` SET num_watches = num_watches + 1 WHERE id = ?", repoId)
 	} else {
-		if !IsWatching(uid, repoId) {
+		if !isWatching(e, uid, repoId) {
 			return nil
 		}
 		if _, err = e.Delete(&Watch{0, uid, repoId}); err != nil {
@@ -1601,15 +1813,21 @@ func WatchRepo(uid, repoId int64, watch bool) (err error) {
 	return watchRepo(x, uid, repoId, watch)
 }

-func getWatchers(e Engine, rid int64) ([]*Watch, error) {
+func getWatchers(e Engine, repoID int64) ([]*Watch, error) {
 	watches := make([]*Watch, 0, 10)
-	err := e.Find(&watches, &Watch{RepoID: rid})
-	return watches, err
+	return watches, e.Find(&watches, &Watch{RepoID: repoID})
 }

 // GetWatchers returns all watchers of given repository.
-func GetWatchers(rid int64) ([]*Watch, error) {
-	return getWatchers(x, rid)
+func GetWatchers(repoID int64) ([]*Watch, error) {
+	return getWatchers(x, repoID)
+}
+
+// Repository.GetWatchers returns range of users watching given repository.
+func (repo *Repository) GetWatchers(page int) ([]*User, error) {
+	users := make([]*User, 0, ItemsPerPage)
+	return users, x.Limit(ItemsPerPage, (page-1)*ItemsPerPage).
+		Where("repo_id=?", repo.ID).Join("LEFT", "watch", "user.id=watch.user_id").Find(&users)
 }

 func notifyWatchers(e Engine, act *Action) error {
@@ -1689,6 +1907,12 @@ func IsStaring(uid, repoId int64) bool {
 	return has
 }

+func (repo *Repository) GetStargazers(page int) ([]*User, error) {
+	users := make([]*User, 0, ItemsPerPage)
+	return users, x.Limit(ItemsPerPage, (page-1)*ItemsPerPage).
+		Where("repo_id=?", repo.ID).Join("LEFT", "star", "user.id=star.uid").Find(&users)
+}
+
 // ___________           __
 // \_   _____/__________|  | __
 //  |    __)/  _ \_  __ \  |/ /
@@ -1730,15 +1954,10 @@ func ForkRepository(u *User, oldRepo *Repository, name, desc string) (_ *Reposit
 		return nil, err
 	}

-	oldRepoPath, err := oldRepo.RepoPath()
-	if err != nil {
-		return nil, fmt.Errorf("get old repository path: %v", err)
-	}
-
 	repoPath := RepoPath(u.Name, repo.Name)
 	_, stderr, err := process.ExecTimeout(10*time.Minute,
 		fmt.Sprintf("ForkRepository(git clone): %s/%s", u.Name, repo.Name),
-		"git", "clone", "--bare", oldRepoPath, repoPath)
+		"git", "clone", "--bare", oldRepo.RepoPath(), repoPath)
 	if err != nil {
 		return nil, fmt.Errorf("git clone: %v", stderr)
 	}
@@ -1756,3 +1975,8 @@ func ForkRepository(u *User, oldRepo *Repository, name, desc string) (_ *Reposit

 	return repo, sess.Commit()
 }
+
+func (repo *Repository) GetForks() ([]*Repository, error) {
+	forks := make([]*Repository, 0, repo.NumForks)
+	return forks, x.Find(&forks, &Repository{ForkID: repo.ID})
+}
--- a/models/update.go
+++ b/models/update.go
@@ -10,17 +10,16 @@ import (
 	"os/exec"
 	"strings"

-	"github.com/gogits/gogs/modules/base"
 	"github.com/gogits/gogs/modules/git"
 	"github.com/gogits/gogs/modules/log"
 )

 type UpdateTask struct {
-	Id          int64
-	Uuid        string `xorm:"index"`
+	ID          int64  `xorm:"pk autoincr"`
+	UUID        string `xorm:"index"`
 	RefName     string
-	OldCommitId string
-	NewCommitId string
+	OldCommitID string
+	NewCommitID string
 }

 func AddUpdateTask(task *UpdateTask) error {
@@ -28,27 +27,29 @@ func AddUpdateTask(task *UpdateTask) error {
 	return err
 }

-func GetUpdateTasksByUuid(uuid string) ([]*UpdateTask, error) {
+// GetUpdateTaskByUUID returns update task by given UUID.
+func GetUpdateTaskByUUID(uuid string) (*UpdateTask, error) {
 	task := &UpdateTask{
-		Uuid: uuid,
+		UUID: uuid,
 	}
-	tasks := make([]*UpdateTask, 0)
-	err := x.Find(&tasks, task)
+	has, err := x.Get(task)
 	if err != nil {
 		return nil, err
+	} else if !has {
+		return nil, ErrUpdateTaskNotExist{uuid}
 	}
-	return tasks, nil
+	return task, nil
 }

-func DelUpdateTasksByUuid(uuid string) error {
-	_, err := x.Delete(&UpdateTask{Uuid: uuid})
+func DeleteUpdateTaskByUUID(uuid string) error {
+	_, err := x.Delete(&UpdateTask{UUID: uuid})
 	return err
 }

-func Update(refName, oldCommitId, newCommitId, userName, repoUserName, repoName string, userId int64) error {
-	isNew := strings.HasPrefix(oldCommitId, "0000000")
+func Update(refName, oldCommitID, newCommitID, userName, repoUserName, repoName string, userID int64) error {
+	isNew := strings.HasPrefix(oldCommitID, "0000000")
 	if isNew &&
-		strings.HasPrefix(newCommitId, "0000000") {
+		strings.HasPrefix(newCommitID, "0000000") {
 		return fmt.Errorf("old rev and new rev both 000000")
 	}

@@ -58,23 +59,23 @@ func Update(refName, oldCommitId, newCommitId, userName, repoUserName, repoName
 	gitUpdate.Dir = f
 	gitUpdate.Run()

-	isDel := strings.HasPrefix(newCommitId, "0000000")
+	isDel := strings.HasPrefix(newCommitID, "0000000")
 	if isDel {
-		log.GitLogger.Info("del rev", refName, "from", userName+"/"+repoName+".git", "by", userId)
+		log.GitLogger.Info("del rev", refName, "from", userName+"/"+repoName+".git", "by", userID)
 		return nil
 	}

-	repo, err := git.OpenRepository(f)
+	gitRepo, err := git.OpenRepository(f)
 	if err != nil {
 		return fmt.Errorf("runUpdate.Open repoId: %v", err)
 	}

-	ru, err := GetUserByName(repoUserName)
+	user, err := GetUserByName(repoUserName)
 	if err != nil {
 		return fmt.Errorf("runUpdate.GetUserByName: %v", err)
 	}

-	repos, err := GetRepositoryByName(ru.Id, repoName)
+	repo, err := GetRepositoryByName(user.Id, repoName)
 	if err != nil {
 		return fmt.Errorf("runUpdate.GetRepositoryByName userId: %v", err)
 	}
@@ -82,7 +83,7 @@ func Update(refName, oldCommitId, newCommitId, userName, repoUserName, repoName
 	// Push tags.
 	if strings.HasPrefix(refName, "refs/tags/") {
 		tagName := git.RefEndName(refName)
-		tag, err := repo.GetTag(tagName)
+		tag, err := gitRepo.GetTag(tagName)
 		if err != nil {
 			log.GitLogger.Fatal(4, "runUpdate.GetTag: %v", err)
 		}
@@ -98,16 +99,16 @@ func Update(refName, oldCommitId, newCommitId, userName, repoUserName, repoName
 			actEmail = cmt.Committer.Email
 		}

-		commit := &base.PushCommits{}
+		commit := &PushCommits{}

-		if err = CommitRepoAction(userId, ru.Id, userName, actEmail,
-			repos.ID, repoUserName, repoName, refName, commit, oldCommitId, newCommitId); err != nil {
+		if err = CommitRepoAction(userID, user.Id, userName, actEmail,
+			repo.ID, repoUserName, repoName, refName, commit, oldCommitID, newCommitID); err != nil {
 			log.GitLogger.Fatal(4, "CommitRepoAction: %s/%s:%v", repoUserName, repoName, err)
 		}
 		return err
 	}

-	newCommit, err := repo.GetCommit(newCommitId)
+	newCommit, err := gitRepo.GetCommit(newCommitID)
 	if err != nil {
 		return fmt.Errorf("runUpdate GetCommit of newCommitId: %v", err)
 	}
@@ -117,12 +118,12 @@ func Update(refName, oldCommitId, newCommitId, userName, repoUserName, repoName
 	if isNew {
 		l, err = newCommit.CommitsBefore()
 		if err != nil {
-			return fmt.Errorf("Find CommitsBefore erro: %v", err)
+			return fmt.Errorf("CommitsBefore: %v", err)
 		}
 	} else {
-		l, err = newCommit.CommitsBeforeUntil(oldCommitId)
+		l, err = newCommit.CommitsBeforeUntil(oldCommitID)
 		if err != nil {
-			return fmt.Errorf("Find CommitsBeforeUntil erro: %v", err)
+			return fmt.Errorf("CommitsBeforeUntil: %v", err)
 		}
 	}

@@ -131,7 +132,7 @@ func Update(refName, oldCommitId, newCommitId, userName, repoUserName, repoName
 	}

 	// Push commits.
-	commits := make([]*base.PushCommit, 0)
+	commits := make([]*PushCommit, 0)
 	var actEmail string
 	for e := l.Front(); e != nil; e = e.Next() {
 		commit := e.Value.(*git.Commit)
@@ -139,15 +140,15 @@ func Update(refName, oldCommitId, newCommitId, userName, repoUserName, repoName
 			actEmail = commit.Committer.Email
 		}
 		commits = append(commits,
-			&base.PushCommit{commit.Id.String(),
+			&PushCommit{commit.ID.String(),
 				commit.Message(),
 				commit.Author.Email,
 				commit.Author.Name,
 			})
 	}

-	if err = CommitRepoAction(userId, ru.Id, userName, actEmail,
-		repos.ID, repoUserName, repoName, refName, &base.PushCommits{l.Len(), commits, ""}, oldCommitId, newCommitId); err != nil {
+	if err = CommitRepoAction(userID, user.Id, userName, actEmail,
+		repo.ID, repoUserName, repoName, refName, &PushCommits{l.Len(), commits, "", nil}, oldCommitID, newCommitID); err != nil {
 		return fmt.Errorf("runUpdate.models.CommitRepoAction: %s/%s:%v", repoUserName, repoName, err)
 	}
 	return nil
--- a/models/user.go
+++ b/models/user.go
@@ -14,6 +14,7 @@ import (
 	"image"
 	"image/jpeg"
 	_ "image/jpeg"
+	"image/png"
 	"os"
 	"path"
 	"path/filepath"
@@ -24,9 +25,11 @@ import (
 	"github.com/go-xorm/xorm"
 	"github.com/nfnt/resize"

+	"github.com/gogits/git-shell"
+
 	"github.com/gogits/gogs/modules/avatar"
 	"github.com/gogits/gogs/modules/base"
-	"github.com/gogits/gogs/modules/git"
+	oldgit "github.com/gogits/gogs/modules/git"
 	"github.com/gogits/gogs/modules/log"
 	"github.com/gogits/gogs/modules/setting"
 )
@@ -71,13 +74,14 @@ type User struct {
 	Created     time.Time `xorm:"CREATED"`
 	Updated     time.Time `xorm:"UPDATED"`

-	// Remember visibility choice for convenience.
+	// Remember visibility choice for convenience, true for private
 	LastRepoVisibility bool

 	// Permissions.
-	IsActive     bool
-	IsAdmin      bool
-	AllowGitHook bool
+	IsActive         bool
+	IsAdmin          bool
+	AllowGitHook     bool
+	AllowImportLocal bool // Allow migrate repository by local path

 	// Avatar.
 	Avatar          string `xorm:"VARCHAR(2048) NOT NULL"`
@@ -107,6 +111,22 @@ func (u *User) AfterSet(colName string, _ xorm.Cell) {
 	}
 }

+// HasForkedRepo checks if user has already forked a repository with given ID.
+func (u *User) HasForkedRepo(repoID int64) bool {
+	_, has := HasForkedRepo(u.Id, repoID)
+	return has
+}
+
+// CanEditGitHook returns true if user can edit Git hooks.
+func (u *User) CanEditGitHook() bool {
+	return u.IsAdmin || u.AllowGitHook
+}
+
+// CanImportLocal returns true if user can migrate repository by local path.
+func (u *User) CanImportLocal() bool {
+	return u.IsAdmin || u.AllowImportLocal
+}
+
 // EmailAdresses is the list of all email addresses of a user. Can contain the
 // primary email address, but is not obligatory
 type EmailAddress struct {
@@ -127,9 +147,6 @@ func (u *User) DashboardLink() string {

 // HomeLink returns the user or organization home page link.
 func (u *User) HomeLink() string {
-	if u.IsOrganization() {
-		return setting.AppSubUrl + "/org/" + u.Name
-	}
 	return setting.AppSubUrl + "/" + u.Name
 }

@@ -242,14 +259,12 @@ func (u *User) ValidatePassword(passwd string) bool {
 // UploadAvatar saves custom avatar for user.
 // FIXME: split uploads to different subdirs in case we have massive users.
 func (u *User) UploadAvatar(data []byte) error {
-	u.UseCustomAvatar = true
-
 	img, _, err := image.Decode(bytes.NewReader(data))
 	if err != nil {
-		return err
+		return fmt.Errorf("Decode: %v", err)
 	}

-	m := resize.Resize(234, 234, img, resize.NearestNeighbor)
+	m := resize.Resize(290, 290, img, resize.NearestNeighbor)

 	sess := x.NewSession()
 	defer sessionRelease(sess)
@@ -257,19 +272,20 @@ func (u *User) UploadAvatar(data []byte) error {
 		return err
 	}

-	if _, err = sess.Id(u.Id).AllCols().Update(u); err != nil {
-		return err
+	u.UseCustomAvatar = true
+	if err = updateUser(sess, u); err != nil {
+		return fmt.Errorf("updateUser: %v", err)
 	}

 	os.MkdirAll(setting.AvatarUploadPath, os.ModePerm)
 	fw, err := os.Create(u.CustomAvatarPath())
 	if err != nil {
-		return err
+		return fmt.Errorf("Create: %v", err)
 	}
 	defer fw.Close()

-	if err = jpeg.Encode(fw, m, nil); err != nil {
-		return err
+	if err = png.Encode(fw, m); err != nil {
+		return fmt.Errorf("Encode: %v", err)
 	}

 	return sess.Commit()
@@ -356,6 +372,15 @@ func (u *User) DisplayName() string {
 	return u.Name
 }

+// ShortName returns shorted user name with given maximum length,
+// it adds "..." at the end if user name has more length than maximum.
+func (u *User) ShortName(length int) string {
+	if len(u.Name) < length {
+		return u.Name
+	}
+	return u.Name[:length] + "..."
+}
+
 // IsUserExist checks if given user name exist,
 // the user name should be noncased unique.
 // If uid is presented, then check will rule out that one,
@@ -407,6 +432,7 @@ func CreateUser(u *User) (err error) {
 		return ErrUserAlreadyExist{u.Name}
 	}

+	u.Email = strings.ToLower(u.Email)
 	isExist, err = IsEmailUsed(u.Email)
 	if err != nil {
 		return err
@@ -640,7 +666,7 @@ func deleteUser(e *xorm.Session, u *User) error {
 		&IssueUser{UID: u.Id},
 		&EmailAddress{UID: u.Id},
 	); err != nil {
-		return fmt.Errorf("deleteUser: %v", err)
+		return fmt.Errorf("deleteBeans: %v", err)
 	}

 	// ***** START: PublicKey *****
@@ -717,9 +743,9 @@ func UserPath(userName string) string {
 	return filepath.Join(setting.RepoRootPath, strings.ToLower(userName))
 }

-func GetUserByKeyId(keyId int64) (*User, error) {
+func GetUserByKeyID(keyID int64) (*User, error) {
 	user := new(User)
-	has, err := x.Sql("SELECT a.* FROM `user` AS a, public_key AS b WHERE a.id = b.owner_id AND b.id=?", keyId).Get(user)
+	has, err := x.Sql("SELECT a.* FROM `user` AS a, public_key AS b WHERE a.id = b.owner_id AND b.id=?", keyID).Get(user)
 	if err != nil {
 		return nil, err
 	} else if !has {
@@ -914,11 +940,11 @@ func MakeEmailPrimary(email *EmailAddress) error {
 // UserCommit represents a commit with validation of user.
 type UserCommit struct {
 	User *User
-	*git.Commit
+	*oldgit.Commit
 }

 // ValidateCommitWithEmail chceck if author's e-mail of commit is corresponsind to a user.
-func ValidateCommitWithEmail(c *git.Commit) *User {
+func ValidateCommitWithEmail(c *oldgit.Commit) *User {
 	u, err := GetUserByEmail(c.Author.Email)
 	if err != nil {
 		return nil
@@ -935,7 +961,7 @@ func ValidateCommitsWithEmails(oldCommits *list.List) *list.List {
 		e          = oldCommits.Front()
 	)
 	for e != nil {
-		c := e.Value.(*git.Commit)
+		c := e.Value.(*oldgit.Commit)

 		if v, ok := emails[c.Author.Email]; !ok {
 			u, _ = GetUserByEmail(c.Author.Email)
@@ -980,7 +1006,7 @@ func GetUserByEmail(email string) (*User, error) {
 		return GetUserByID(emailAddress.UID)
 	}

-	return nil, ErrUserNotExist{0, "email"}
+	return nil, ErrUserNotExist{0, email}
 }

 // SearchUserByName returns given number of users whose name contains keyword.
--- a/models/webhook.go
+++ b/models/webhook.go
@@ -13,6 +13,7 @@ import (
 	"sync"
 	"time"

+	"github.com/Unknwon/com"
 	"github.com/go-xorm/xorm"

 	api "github.com/gogits/go-gogs-client"
@@ -177,8 +178,8 @@ func GetActiveWebhooksByRepoID(repoID int64) (ws []*Webhook, err error) {
 	return ws, err
 }

-// GetWebhooksByRepoId returns all webhooks of repository.
-func GetWebhooksByRepoId(repoID int64) (ws []*Webhook, err error) {
+// GetWebhooksByRepoID returns all webhooks of repository.
+func GetWebhooksByRepoID(repoID int64) (ws []*Webhook, err error) {
 	err = x.Find(&ws, &Webhook{RepoID: repoID})
 	return ws, err
 }
@@ -334,7 +335,7 @@ func (t *HookTask) AfterSet(colName string, _ xorm.Cell) {

 		t.ResponseInfo = &HookResponse{}
 		if err = json.Unmarshal([]byte(t.ResponseContent), t.ResponseInfo); err != nil {
-			log.Error(3, "Unmarshal[%d]: %v", t.ID, err)
+			log.Error(3, "Unmarshal [%d]: %v", t.ID, err)
 		}
 	}
 }
@@ -342,7 +343,7 @@ func (t *HookTask) AfterSet(colName string, _ xorm.Cell) {
 func (t *HookTask) MarshalJSON(v interface{}) string {
 	p, err := json.Marshal(v)
 	if err != nil {
-		log.Error(3, "Marshal[%d]: %v", t.ID, err)
+		log.Error(3, "Marshal [%d]: %v", t.ID, err)
 	}
 	return string(p)
 }
@@ -435,39 +436,65 @@ func PrepareWebhooks(repo *Repository, event HookEventType, p api.Payloader) err
 	return nil
 }

-type hookQueue struct {
-	// Make sure one repository only occur once in the queue.
-	lock    sync.Mutex
-	repoIDs map[int64]bool
+// UniqueQueue represents a queue that guarantees only one instance of same ID is in the line.
+type UniqueQueue struct {
+	lock sync.Mutex
+	ids  map[string]bool

-	queue chan int64
+	queue chan string
 }

-func (q *hookQueue) removeRepoID(id int64) {
+func (q *UniqueQueue) Queue() <-chan string {
+	return q.queue
+}
+
+func NewUniqueQueue(queueLength int) *UniqueQueue {
+	if queueLength <= 0 {
+		queueLength = 100
+	}
+
+	return &UniqueQueue{
+		ids:   make(map[string]bool),
+		queue: make(chan string, queueLength),
+	}
+}
+
+func (q *UniqueQueue) Remove(id interface{}) {
 	q.lock.Lock()
 	defer q.lock.Unlock()
-	delete(q.repoIDs, id)
+	delete(q.ids, com.ToStr(id))
 }

-func (q *hookQueue) addRepoID(id int64) {
-	q.lock.Lock()
-	if q.repoIDs[id] {
-		q.lock.Unlock()
+func (q *UniqueQueue) AddFunc(id interface{}, fn func()) {
+	newid := com.ToStr(id)
+
+	if q.Exist(id) {
 		return
 	}
-	q.repoIDs[id] = true
+
+	q.lock.Lock()
+	q.ids[newid] = true
+	if fn != nil {
+		fn()
+	}
 	q.lock.Unlock()
-	q.queue <- id
+	q.queue <- newid
 }

-// AddRepoID adds repository ID to hook delivery queue.
-func (q *hookQueue) AddRepoID(id int64) {
-	go q.addRepoID(id)
+func (q *UniqueQueue) Add(id interface{}) {
+	q.AddFunc(id, nil)
 }

-var HookQueue *hookQueue
+func (q *UniqueQueue) Exist(id interface{}) bool {
+	q.lock.Lock()
+	defer q.lock.Unlock()

-func deliverHook(t *HookTask) {
+	return q.ids[com.ToStr(id)]
+}
+
+var HookQueue = NewUniqueQueue(setting.Webhook.QueueLength)
+
+func (t *HookTask) deliver() {
 	t.IsDelivered = true

 	timeout := time.Duration(setting.Webhook.DeliverTimeout) * time.Second
@@ -499,6 +526,8 @@ func deliverHook(t *HookTask) {
 		t.Delivered = time.Now().UTC().UnixNano()
 		if t.IsSucceed {
 			log.Trace("Hook delivered: %s", t.UUID)
+		} else {
+			log.Trace("Hook delivery failed: %s", t.UUID)
 		}

 		// Update webhook last delivery status.
@@ -549,12 +578,13 @@ func deliverHook(t *HookTask) {
 }

 // DeliverHooks checks and delivers undelivered hooks.
+// TODO: shoot more hooks at same time.
 func DeliverHooks() {
 	tasks := make([]*HookTask, 0, 10)
 	x.Where("is_delivered=?", false).Iterate(new(HookTask),
 		func(idx int, bean interface{}) error {
 			t := bean.(*HookTask)
-			deliverHook(t)
+			t.deliver()
 			tasks = append(tasks, t)
 			return nil
 		})
@@ -562,29 +592,25 @@ func DeliverHooks() {
 	// Update hook task status.
 	for _, t := range tasks {
 		if err := UpdateHookTask(t); err != nil {
-			log.Error(4, "UpdateHookTask(%d): %v", t.ID, err)
+			log.Error(4, "UpdateHookTask [%d]: %v", t.ID, err)
 		}
 	}

-	HookQueue = &hookQueue{
-		lock:    sync.Mutex{},
-		repoIDs: make(map[int64]bool),
-		queue:   make(chan int64, setting.Webhook.QueueLength),
-	}
-
 	// Start listening on new hook requests.
-	for repoID := range HookQueue.queue {
-		HookQueue.removeRepoID(repoID)
+	for repoID := range HookQueue.Queue() {
+		log.Trace("DeliverHooks [%v]: processing delivery hooks", repoID)
+		HookQueue.Remove(repoID)

 		tasks = make([]*HookTask, 0, 5)
 		if err := x.Where("repo_id=? AND is_delivered=?", repoID, false).Find(&tasks); err != nil {
-			log.Error(4, "Get repository(%d) hook tasks: %v", repoID, err)
+			log.Error(4, "Get repository [%d] hook tasks: %v", repoID, err)
 			continue
 		}
 		for _, t := range tasks {
-			deliverHook(t)
+			t.deliver()
 			if err := UpdateHookTask(t); err != nil {
-				log.Error(4, "UpdateHookTask(%d): %v", t.ID, err)
+				log.Error(4, "UpdateHookTask [%d]: %v", t.ID, err)
+				continue
 			}
 		}
 	}
--- a/models/webhook_slack.go
+++ b/models/webhook_slack.go
@@ -33,8 +33,9 @@ type SlackPayload struct {
 }

 type SlackAttachment struct {
-	Color string `json:"color"`
-	Text  string `json:"text"`
+	Fallback string `json:"fallback"`
+	Color    string `json:"color"`
+	Text     string `json:"text"`
 }

 func (p *SlackPayload) SetSecret(_ string) {}
@@ -82,19 +83,19 @@ func getSlackPushPayload(p *api.PushPayload, slack *SlackMeta) (*SlackPayload, e
 	// n new commits
 	var (
 		branchName   = git.RefEndName(p.Ref)
+		commitDesc   string
 		commitString string
 	)

 	if len(p.Commits) == 1 {
-		commitString = "1 new commit"
-		if len(p.CompareUrl) > 0 {
-			commitString = SlackLinkFormatter(p.CompareUrl, commitString)
-		}
+		commitDesc = "1 new commit"
 	} else {
-		commitString = fmt.Sprintf("%d new commits", len(p.Commits))
-		if p.CompareUrl != "" {
-			commitString = SlackLinkFormatter(p.CompareUrl, commitString)
-		}
+		commitDesc = fmt.Sprintf("%d new commits", len(p.Commits))
+	}
+	if len(p.CompareUrl) > 0 {
+		commitString = SlackLinkFormatter(p.CompareUrl, commitDesc)
+	} else {
+		commitString = commitDesc
 	}

 	repoLink := SlackLinkFormatter(p.Repo.URL, p.Repo.Name)
@@ -111,7 +112,10 @@ func getSlackPushPayload(p *api.PushPayload, slack *SlackMeta) (*SlackPayload, e
 		}
 	}

-	slackAttachments := []SlackAttachment{{Color: slack.Color, Text: attachmentText}}
+	slackAttachments := []SlackAttachment{{
+		Color: slack.Color,
+		Text:  attachmentText,
+	}}

 	return &SlackPayload{
 		Channel:     slack.Channel,
--- a/models/wiki.go
+++ b/models/wiki.go
@@ -0,0 +1,178 @@
+// Copyright 2015 The Gogs Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package models
+
+import (
+	"fmt"
+	"io/ioutil"
+	"os"
+	"path"
+	"path/filepath"
+	"strings"
+	"sync"
+
+	"github.com/Unknwon/com"
+
+	"github.com/gogits/git-shell"
+
+	"github.com/gogits/gogs/modules/setting"
+)
+
+// workingPool represents a pool of working status which makes sure
+// that only one instance of same task is performing at a time.
+// However, different type of tasks can performing at the same time.
+type workingPool struct {
+	lock  sync.Mutex
+	pool  map[string]*sync.Mutex
+	count map[string]int
+}
+
+// CheckIn checks in a task and waits if others are running.
+func (p *workingPool) CheckIn(name string) {
+	p.lock.Lock()
+
+	lock, has := p.pool[name]
+	if !has {
+		lock = &sync.Mutex{}
+		p.pool[name] = lock
+	}
+	p.count[name]++
+
+	p.lock.Unlock()
+	lock.Lock()
+}
+
+// CheckOut checks out a task to let other tasks run.
+func (p *workingPool) CheckOut(name string) {
+	p.lock.Lock()
+	defer p.lock.Unlock()
+
+	p.pool[name].Unlock()
+	if p.count[name] == 1 {
+		delete(p.pool, name)
+		delete(p.count, name)
+	} else {
+		p.count[name]--
+	}
+}
+
+var wikiWorkingPool = &workingPool{
+	pool:  make(map[string]*sync.Mutex),
+	count: make(map[string]int),
+}
+
+// ToWikiPageURL formats a string to corresponding wiki URL name.
+func ToWikiPageURL(name string) string {
+	return strings.Replace(name, " ", "-", -1)
+}
+
+// ToWikiPageName formats a URL back to corresponding wiki page name.
+func ToWikiPageName(name string) string {
+	return strings.Replace(name, "-", " ", -1)
+}
+
+// WikiCloneLink returns clone URLs of repository wiki.
+func (repo *Repository) WikiCloneLink() (cl *CloneLink) {
+	return repo.cloneLink(true)
+}
+
+// WikiPath returns wiki data path by given user and repository name.
+func WikiPath(userName, repoName string) string {
+	return filepath.Join(UserPath(userName), strings.ToLower(repoName)+".wiki.git")
+}
+
+func (repo *Repository) WikiPath() string {
+	return WikiPath(repo.MustOwner().Name, repo.Name)
+}
+
+// HasWiki returns true if repository has wiki.
+func (repo *Repository) HasWiki() bool {
+	return com.IsDir(repo.WikiPath())
+}
+
+// InitWiki initializes a wiki for repository,
+// it does nothing when repository already has wiki.
+func (repo *Repository) InitWiki() error {
+	if repo.HasWiki() {
+		return nil
+	}
+
+	if err := git.InitRepository(repo.WikiPath(), true); err != nil {
+		return fmt.Errorf("InitRepository: %v", err)
+	}
+	return nil
+}
+
+func (repo *Repository) LocalWikiPath() string {
+	return path.Join(setting.AppDataPath, "tmp/local-wiki", com.ToStr(repo.ID))
+}
+
+// UpdateLocalWiki makes sure the local copy of repository wiki is up-to-date.
+func (repo *Repository) UpdateLocalWiki() error {
+	return updateLocalCopy(repo.WikiPath(), repo.LocalWikiPath())
+}
+
+// updateWikiPage adds new page to repository wiki.
+func (repo *Repository) updateWikiPage(doer *User, oldTitle, title, content, message string, isNew bool) (err error) {
+	wikiWorkingPool.CheckIn(com.ToStr(repo.ID))
+	defer wikiWorkingPool.CheckOut(com.ToStr(repo.ID))
+
+	if err = repo.InitWiki(); err != nil {
+		return fmt.Errorf("InitWiki: %v", err)
+	}
+
+	localPath := repo.LocalWikiPath()
+
+	// Discard local commits make sure even to remote when local copy exists.
+	if com.IsExist(localPath) {
+		// No need to check if nothing in the repository.
+		if git.IsBranchExist(localPath, "master") {
+			if err = git.ResetHEAD(localPath, true, "origin/master"); err != nil {
+				return fmt.Errorf("Reset: %v", err)
+			}
+		}
+	}
+
+	if err = repo.UpdateLocalWiki(); err != nil {
+		return fmt.Errorf("UpdateLocalWiki: %v", err)
+	}
+
+	title = ToWikiPageName(strings.Replace(title, "/", " ", -1))
+	filename := path.Join(localPath, title+".md")
+
+	// If not a new file, show perform update not create.
+	if isNew {
+		if com.IsExist(filename) {
+			return ErrWikiAlreadyExist{filename}
+		}
+	} else {
+		os.Remove(path.Join(localPath, oldTitle+".md"))
+	}
+
+	if err = ioutil.WriteFile(filename, []byte(content), 0666); err != nil {
+		return fmt.Errorf("WriteFile: %v", err)
+	}
+
+	if len(message) == 0 {
+		message = "Update page '" + title + "'"
+	}
+	if err = git.AddChanges(localPath, true); err != nil {
+		return fmt.Errorf("AddChanges: %v", err)
+	} else if err = git.CommitChanges(localPath, message, doer.NewGitSig()); err != nil {
+		return fmt.Errorf("CommitChanges: %v", err)
+	} else if err = git.Push(localPath, "origin", "master"); err != nil {
+		return fmt.Errorf("Push: %v", err)
+	}
+
+	return nil
+}
+
+func (repo *Repository) AddWikiPage(doer *User, title, content, message string) error {
+	return repo.updateWikiPage(doer, "", title, content, message, true)
+}
+
+func (repo *Repository) EditWikiPage(doer *User, oldTitle, title, content, message string) error {
+	return repo.updateWikiPage(doer, oldTitle, title, content, message, false)
+}
--- a/modules/asn1-ber/LICENSE
+++ b/modules/asn1-ber/LICENSE
@@ -1,27 +0,0 @@
-Copyright (c) 2012 The Go Authors. All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are
-met:
-
-   * Redistributions of source code must retain the above copyright
-notice, this list of conditions and the following disclaimer.
-   * Redistributions in binary form must reproduce the above
-copyright notice, this list of conditions and the following disclaimer
-in the documentation and/or other materials provided with the
-distribution.
-   * Neither the name of Google Inc. nor the names of its
-contributors may be used to endorse or promote products derived from
-this software without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
--- a/modules/asn1-ber/Makefile
+++ b/modules/asn1-ber/Makefile
@@ -1,11 +0,0 @@
-# Copyright 2009 The Go Authors. All rights reserved.
-# Use of this source code is governed by a BSD-style
-# license that can be found in the LICENSE file.
-
-include $(GOROOT)/src/Make.inc
-
-TARG=github.com/mmitton/asn1-ber
-GOFILES=\
-	ber.go\
-
-include $(GOROOT)/src/Make.pkg
--- a/modules/asn1-ber/README
+++ b/modules/asn1-ber/README
@@ -1,14 +0,0 @@
-ASN1 BER Encoding / Decoding Library for the GO programming language.
-
-Required Librarys: 
-   None
-
-Working:
-   Very basic encoding / decoding needed for LDAP protocol
-
-Tests Implemented:
-   None
-
-TODO:
-   Fix all encoding / decoding to conform to ASN1 BER spec
-   Implement Tests / Benchmarks
--- a/modules/asn1-ber/ber.go
+++ b/modules/asn1-ber/ber.go
@@ -1,497 +0,0 @@
-package ber
-
-import (
-	"bytes"
-	"fmt"
-	"io"
-	"reflect"
-	"errors"
-)
-
-type Packet struct {
-	ClassType   uint8
-	TagType     uint8
-	Tag         uint8
-	Value       interface{}
-	ByteValue   []byte
-	Data        *bytes.Buffer
-	Children    []*Packet
-	Description string
-}
-
-const (
-	TagEOC              = 0x00
-	TagBoolean          = 0x01
-	TagInteger          = 0x02
-	TagBitString        = 0x03
-	TagOctetString      = 0x04
-	TagNULL             = 0x05
-	TagObjectIdentifier = 0x06
-	TagObjectDescriptor = 0x07
-	TagExternal         = 0x08
-	TagRealFloat        = 0x09
-	TagEnumerated       = 0x0a
-	TagEmbeddedPDV      = 0x0b
-	TagUTF8String       = 0x0c
-	TagRelativeOID      = 0x0d
-	TagSequence         = 0x10
-	TagSet              = 0x11
-	TagNumericString    = 0x12
-	TagPrintableString  = 0x13
-	TagT61String        = 0x14
-	TagVideotexString   = 0x15
-	TagIA5String        = 0x16
-	TagUTCTime          = 0x17
-	TagGeneralizedTime  = 0x18
-	TagGraphicString    = 0x19
-	TagVisibleString    = 0x1a
-	TagGeneralString    = 0x1b
-	TagUniversalString  = 0x1c
-	TagCharacterString  = 0x1d
-	TagBMPString        = 0x1e
-	TagBitmask          = 0x1f // xxx11111b
-)
-
-var TagMap = map[uint8]string{
-	TagEOC:              "EOC (End-of-Content)",
-	TagBoolean:          "Boolean",
-	TagInteger:          "Integer",
-	TagBitString:        "Bit String",
-	TagOctetString:      "Octet String",
-	TagNULL:             "NULL",
-	TagObjectIdentifier: "Object Identifier",
-	TagObjectDescriptor: "Object Descriptor",
-	TagExternal:         "External",
-	TagRealFloat:        "Real (float)",
-	TagEnumerated:       "Enumerated",
-	TagEmbeddedPDV:      "Embedded PDV",
-	TagUTF8String:       "UTF8 String",
-	TagRelativeOID:      "Relative-OID",
-	TagSequence:         "Sequence and Sequence of",
-	TagSet:              "Set and Set OF",
-	TagNumericString:    "Numeric String",
-	TagPrintableString:  "Printable String",
-	TagT61String:        "T61 String",
-	TagVideotexString:   "Videotex String",
-	TagIA5String:        "IA5 String",
-	TagUTCTime:          "UTC Time",
-	TagGeneralizedTime:  "Generalized Time",
-	TagGraphicString:    "Graphic String",
-	TagVisibleString:    "Visible String",
-	TagGeneralString:    "General String",
-	TagUniversalString:  "Universal String",
-	TagCharacterString:  "Character String",
-	TagBMPString:        "BMP String",
-}
-
-const (
-	ClassUniversal   = 0   // 00xxxxxxb
-	ClassApplication = 64  // 01xxxxxxb
-	ClassContext     = 128 // 10xxxxxxb
-	ClassPrivate     = 192 // 11xxxxxxb
-	ClassBitmask     = 192 // 11xxxxxxb
-)
-
-var ClassMap = map[uint8]string{
-	ClassUniversal:   "Universal",
-	ClassApplication: "Application",
-	ClassContext:     "Context",
-	ClassPrivate:     "Private",
-}
-
-const (
-	TypePrimitive   = 0  // xx0xxxxxb
-	TypeConstructed = 32 // xx1xxxxxb
-	TypeBitmask     = 32 // xx1xxxxxb
-)
-
-var TypeMap = map[uint8]string{
-	TypePrimitive:   "Primative",
-	TypeConstructed: "Constructed",
-}
-
-var Debug bool = false
-
-func PrintBytes(buf []byte, indent string) {
-	data_lines := make([]string, (len(buf)/30)+1)
-	num_lines := make([]string, (len(buf)/30)+1)
-
-	for i, b := range buf {
-		data_lines[i/30] += fmt.Sprintf("%02x ", b)
-		num_lines[i/30] += fmt.Sprintf("%02d ", (i+1)%100)
-	}
-
-	for i := 0; i < len(data_lines); i++ {
-		fmt.Print(indent + data_lines[i] + "\n")
-		fmt.Print(indent + num_lines[i] + "\n\n")
-	}
-}
-
-func PrintPacket(p *Packet) {
-	printPacket(p, 0, false)
-}
-
-func printPacket(p *Packet, indent int, printBytes bool) {
-	indent_str := ""
-
-	for len(indent_str) != indent {
-		indent_str += " "
-	}
-
-	class_str := ClassMap[p.ClassType]
-
-	tagtype_str := TypeMap[p.TagType]
-
-	tag_str := fmt.Sprintf("0x%02X", p.Tag)
-
-	if p.ClassType == ClassUniversal {
-		tag_str = TagMap[p.Tag]
-	}
-
-	value := fmt.Sprint(p.Value)
-	description := ""
-
-	if p.Description != "" {
-		description = p.Description + ": "
-	}
-
-	fmt.Printf("%s%s(%s, %s, %s) Len=%d %q\n", indent_str, description, class_str, tagtype_str, tag_str, p.Data.Len(), value)
-
-	if printBytes {
-		PrintBytes(p.Bytes(), indent_str)
-	}
-
-	for _, child := range p.Children {
-		printPacket(child, indent+1, printBytes)
-	}
-}
-
-func resizeBuffer(in []byte, new_size uint64) (out []byte) {
-	out = make([]byte, new_size)
-
-	copy(out, in)
-
-	return
-}
-
-func readBytes(reader io.Reader, buf []byte) error {
-	idx := 0
-	buflen := len(buf)
-
-	if reader == nil {
-		return errors.New("reader was nil, aborting")
-	}
-	
-	for idx < buflen {
-		n, err := reader.Read(buf[idx:])
-		if err != nil {
-			return err
-		}
-		idx += n
-	}
-
-	return nil
-}
-
-func ReadPacket(reader io.Reader) (*Packet, error) {
-	buf := make([]byte, 2)
-
-	err := readBytes(reader, buf)
-
-	if err != nil {
-		return nil, err
-	}
-
-	idx := uint64(2)
-	datalen := uint64(buf[1])
-
-	if Debug {
-		fmt.Printf("Read: datalen = %d len(buf) = %d ", datalen, len(buf))
-
-		for _, b := range buf {
-			fmt.Printf("%02X ", b)
-		}
-
-		fmt.Printf("\n")
-	}
-
-	if datalen&128 != 0 {
-		a := datalen - 128
-
-		idx += a
-		buf = resizeBuffer(buf, 2+a)
-
-		err := readBytes(reader, buf[2:])
-
-		if err != nil {
-			return nil, err
-		}
-
-		datalen = DecodeInteger(buf[2 : 2+a])
-
-		if Debug {
-			fmt.Printf("Read: a = %d  idx = %d  datalen = %d  len(buf) = %d", a, idx, datalen, len(buf))
-
-			for _, b := range buf {
-				fmt.Printf("%02X ", b)
-			}
-
-			fmt.Printf("\n")
-		}
-	}
-
-	buf = resizeBuffer(buf, idx+datalen)
-	err = readBytes(reader, buf[idx:])
-
-	if err != nil {
-		return nil, err
-	}
-
-	if Debug {
-		fmt.Printf("Read: len( buf ) = %d  idx=%d datalen=%d idx+datalen=%d\n", len(buf), idx, datalen, idx+datalen)
-
-		for _, b := range buf {
-			fmt.Printf("%02X ", b)
-		}
-	}
-
-	p := DecodePacket(buf)
-
-	return p, nil
-}
-
-func DecodeString(data []byte) (ret string) {
-	// for _, c := range data {
-	// 	ret += fmt.Sprintf("%c", c)
-	// }
-
-	return string(data)
-}
-
-func DecodeInteger(data []byte) (ret uint64) {
-	for _, i := range data {
-		ret = ret * 256
-		ret = ret + uint64(i)
-	}
-
-	return
-}
-
-func EncodeInteger(val uint64) []byte {
-	var out bytes.Buffer
-
-	found := false
-
-	shift := uint(56)
-
-	mask := uint64(0xFF00000000000000)
-
-	for mask > 0 {
-		if !found && (val&mask != 0) {
-			found = true
-		}
-
-		if found || (shift == 0) {
-			out.Write([]byte{byte((val & mask) >> shift)})
-		}
-
-		shift -= 8
-		mask = mask >> 8
-	}
-
-	return out.Bytes()
-}
-
-func DecodePacket(data []byte) *Packet {
-	p, _ := decodePacket(data)
-
-	return p
-}
-
-func decodePacket(data []byte) (*Packet, []byte) {
-	if Debug {
-		fmt.Printf("decodePacket: enter %d\n", len(data))
-	}
-
-	p := new(Packet)
-
-	p.ClassType = data[0] & ClassBitmask
-	p.TagType = data[0] & TypeBitmask
-	p.Tag = data[0] & TagBitmask
-
-	datalen := DecodeInteger(data[1:2])
-	datapos := uint64(2)
-
-	if datalen&128 != 0 {
-		datalen -= 128
-		datapos += datalen
-		datalen = DecodeInteger(data[2 : 2+datalen])
-	}
-
-	p.Data = new(bytes.Buffer)
-
-	p.Children = make([]*Packet, 0, 2)
-
-	p.Value = nil
-
-	value_data := data[datapos : datapos+datalen]
-
-	if p.TagType == TypeConstructed {
-		for len(value_data) != 0 {
-			var child *Packet
-
-			child, value_data = decodePacket(value_data)
-			p.AppendChild(child)
-		}
-	} else if p.ClassType == ClassUniversal {
-		p.Data.Write(data[datapos : datapos+datalen])
-		p.ByteValue = value_data
-
-		switch p.Tag {
-		case TagEOC:
-		case TagBoolean:
-			val := DecodeInteger(value_data)
-
-			p.Value = val != 0
-		case TagInteger:
-			p.Value = DecodeInteger(value_data)
-		case TagBitString:
-		case TagOctetString:
-			p.Value = DecodeString(value_data)
-		case TagNULL:
-		case TagObjectIdentifier:
-		case TagObjectDescriptor:
-		case TagExternal:
-		case TagRealFloat:
-		case TagEnumerated:
-			p.Value = DecodeInteger(value_data)
-		case TagEmbeddedPDV:
-		case TagUTF8String:
-		case TagRelativeOID:
-		case TagSequence:
-		case TagSet:
-		case TagNumericString:
-		case TagPrintableString:
-			p.Value = DecodeString(value_data)
-		case TagT61String:
-		case TagVideotexString:
-		case TagIA5String:
-		case TagUTCTime:
-		case TagGeneralizedTime:
-		case TagGraphicString:
-		case TagVisibleString:
-		case TagGeneralString:
-		case TagUniversalString:
-		case TagCharacterString:
-		case TagBMPString:
-		}
-	} else {
-		p.Data.Write(data[datapos : datapos+datalen])
-	}
-
-	return p, data[datapos+datalen:]
-}
-
-func (p *Packet) DataLength() uint64 {
-	return uint64(p.Data.Len())
-}
-
-func (p *Packet) Bytes() []byte {
-	var out bytes.Buffer
-
-	out.Write([]byte{p.ClassType | p.TagType | p.Tag})
-	packet_length := EncodeInteger(p.DataLength())
-
-	if p.DataLength() > 127 || len(packet_length) > 1 {
-		out.Write([]byte{byte(len(packet_length) | 128)})
-		out.Write(packet_length)
-	} else {
-		out.Write(packet_length)
-	}
-
-	out.Write(p.Data.Bytes())
-
-	return out.Bytes()
-}
-
-func (p *Packet) AppendChild(child *Packet) {
-	p.Data.Write(child.Bytes())
-
-	if len(p.Children) == cap(p.Children) {
-		newChildren := make([]*Packet, cap(p.Children)*2)
-
-		copy(newChildren, p.Children)
-		p.Children = newChildren[0:len(p.Children)]
-	}
-
-	p.Children = p.Children[0 : len(p.Children)+1]
-	p.Children[len(p.Children)-1] = child
-}
-
-func Encode(ClassType, TagType, Tag uint8, Value interface{}, Description string) *Packet {
-	p := new(Packet)
-
-	p.ClassType = ClassType
-	p.TagType = TagType
-	p.Tag = Tag
-	p.Data = new(bytes.Buffer)
-
-	p.Children = make([]*Packet, 0, 2)
-
-	p.Value = Value
-	p.Description = Description
-
-	if Value != nil {
-		v := reflect.ValueOf(Value)
-
-		if ClassType == ClassUniversal {
-			switch Tag {
-			case TagOctetString:
-				sv, ok := v.Interface().(string)
-
-				if ok {
-					p.Data.Write([]byte(sv))
-				}
-			}
-		}
-	}
-
-	return p
-}
-
-func NewSequence(Description string) *Packet {
-	return Encode(ClassUniversal, TypePrimitive, TagSequence, nil, Description)
-}
-
-func NewBoolean(ClassType, TagType, Tag uint8, Value bool, Description string) *Packet {
-	intValue := 0
-
-	if Value {
-		intValue = 1
-	}
-
-	p := Encode(ClassType, TagType, Tag, nil, Description)
-
-	p.Value = Value
-	p.Data.Write(EncodeInteger(uint64(intValue)))
-
-	return p
-}
-
-func NewInteger(ClassType, TagType, Tag uint8, Value uint64, Description string) *Packet {
-	p := Encode(ClassType, TagType, Tag, nil, Description)
-
-	p.Value = Value
-	p.Data.Write(EncodeInteger(Value))
-
-	return p
-}
-
-func NewString(ClassType, TagType, Tag uint8, Value, Description string) *Packet {
-	p := Encode(ClassType, TagType, Tag, nil, Description)
-
-	p.Value = Value
-	p.Data.Write([]byte(Value))
-
-	return p
-}
--- a/modules/auth/admin.go
+++ b/modules/auth/admin.go
@@ -5,9 +5,9 @@
 package auth

 import (
-	"github.com/Unknwon/macaron"
+	"gopkg.in/macaron.v1"

-	"github.com/macaron-contrib/binding"
+	"github.com/go-macaron/binding"
 )

 type AdminCrateUserForm struct {
@@ -24,16 +24,17 @@ func (f *AdminCrateUserForm) Validate(ctx *macaron.Context, errs binding.Errors)
 }

 type AdminEditUserForm struct {
-	LoginType    string `binding:"Required"`
-	LoginName    string
-	FullName     string `binding:"MaxSize(100)"`
-	Email        string `binding:"Required;Email;MaxSize(254)"`
-	Password     string `binding:"MaxSize(255)"`
-	Website      string `binding:"MaxSize(50)"`
-	Location     string `binding:"MaxSize(50)"`
-	Active       bool
-	Admin        bool
-	AllowGitHook bool
+	LoginType        string `binding:"Required"`
+	LoginName        string
+	FullName         string `binding:"MaxSize(100)"`
+	Email            string `binding:"Required;Email;MaxSize(254)"`
+	Password         string `binding:"MaxSize(255)"`
+	Website          string `binding:"MaxSize(50)"`
+	Location         string `binding:"MaxSize(50)"`
+	Active           bool
+	Admin            bool
+	AllowGitHook     bool
+	AllowImportLocal bool
 }

 func (f *AdminEditUserForm) Validate(ctx *macaron.Context, errs binding.Errors) binding.Errors {
--- a/modules/auth/apiv1/miscellaneous.go
+++ b/modules/auth/apiv1/miscellaneous.go
@@ -1,73 +0,0 @@
-// Copyright 2014 The Gogs Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
-
-package apiv1
-
-import (
-	"reflect"
-
-	"github.com/Unknwon/macaron"
-	"github.com/macaron-contrib/binding"
-
-	"github.com/gogits/gogs/modules/auth"
-)
-
-type MarkdownForm struct {
-	Text    string
-	Mode    string
-	Context string
-}
-
-func (f *MarkdownForm) Validate(ctx *macaron.Context, errs binding.Errors) binding.Errors {
-	return validateApiReq(errs, ctx.Data, f)
-}
-
-func validateApiReq(errs binding.Errors, data map[string]interface{}, f auth.Form) binding.Errors {
-	if errs.Len() == 0 {
-		return errs
-	}
-
-	data["HasError"] = true
-
-	typ := reflect.TypeOf(f)
-	val := reflect.ValueOf(f)
-
-	if typ.Kind() == reflect.Ptr {
-		typ = typ.Elem()
-		val = val.Elem()
-	}
-
-	for i := 0; i < typ.NumField(); i++ {
-		field := typ.Field(i)
-
-		fieldName := field.Tag.Get("form")
-		// Allow ignored fields in the struct
-		if fieldName == "-" {
-			continue
-		}
-
-		if errs[0].FieldNames[0] == field.Name {
-			switch errs[0].Classification {
-			case binding.ERR_REQUIRED:
-				data["ErrorMsg"] = fieldName + " cannot be empty"
-			case binding.ERR_ALPHA_DASH:
-				data["ErrorMsg"] = fieldName + " must be valid alpha or numeric or dash(-_) characters"
-			case binding.ERR_ALPHA_DASH_DOT:
-				data["ErrorMsg"] = fieldName + " must be valid alpha or numeric or dash(-_) or dot characters"
-			case binding.ERR_MIN_SIZE:
-				data["ErrorMsg"] = fieldName + " must contain at least " + auth.GetMinSize(field) + " characters"
-			case binding.ERR_MAX_SIZE:
-				data["ErrorMsg"] = fieldName + " must contain at most " + auth.GetMaxSize(field) + " characters"
-			case binding.ERR_EMAIL:
-				data["ErrorMsg"] = fieldName + " is not a valid e-mail address"
-			case binding.ERR_URL:
-				data["ErrorMsg"] = fieldName + " is not a valid URL"
-			default:
-				data["ErrorMsg"] = "Unknown error: " + errs[0].Classification
-			}
-			return errs
-		}
-	}
-	return errs
-}
--- a/modules/auth/auth.go
+++ b/modules/auth/auth.go
@@ -10,9 +10,9 @@ import (
 	"time"

 	"github.com/Unknwon/com"
-	"github.com/Unknwon/macaron"
-	"github.com/macaron-contrib/binding"
-	"github.com/macaron-contrib/session"
+	"github.com/go-macaron/binding"
+	"github.com/go-macaron/session"
+	"gopkg.in/macaron.v1"

 	"github.com/gogits/gogs/models"
 	"github.com/gogits/gogs/modules/base"
@@ -181,7 +181,7 @@ func AssignForm(form interface{}, data map[string]interface{}) {
 	}
 }

-func getSize(field reflect.StructField, prefix string) string {
+func getRuleBody(field reflect.StructField, prefix string) string {
 	for _, rule := range strings.Split(field.Tag.Get("binding"), ";") {
 		if strings.HasPrefix(rule, prefix) {
 			return rule[len(prefix) : len(rule)-1]
@@ -191,15 +191,19 @@ func getSize(field reflect.StructField, prefix string) string {
 }

 func GetSize(field reflect.StructField) string {
-	return getSize(field, "Size(")
+	return getRuleBody(field, "Size(")
 }

 func GetMinSize(field reflect.StructField) string {
-	return getSize(field, "MinSize(")
+	return getRuleBody(field, "MinSize(")
 }

 func GetMaxSize(field reflect.StructField) string {
-	return getSize(field, "MaxSize(")
+	return getRuleBody(field, "MaxSize(")
+}
+
+func GetInclude(field reflect.StructField) string {
+	return getRuleBody(field, "Include(")
 }

 // FIXME: struct contains a struct
@@ -260,6 +264,8 @@ func validate(errs binding.Errors, data map[string]interface{}, f Form, l macaro
 				data["ErrorMsg"] = trName + l.Tr("form.email_error")
 			case binding.ERR_URL:
 				data["ErrorMsg"] = trName + l.Tr("form.url_error")
+			case binding.ERR_INCLUDE:
+				data["ErrorMsg"] = trName + l.Tr("form.include_error", GetInclude(field))
 			default:
 				data["ErrorMsg"] = l.Tr("form.unknown_error") + " " + errs[0].Classification
 			}
--- a/modules/auth/auth_form.go
+++ b/modules/auth/auth_form.go
@@ -5,33 +5,34 @@
 package auth

 import (
-	"github.com/Unknwon/macaron"
-	"github.com/macaron-contrib/binding"
+	"github.com/go-macaron/binding"
+	"gopkg.in/macaron.v1"
 )

 type AuthenticationForm struct {
-	ID               int64
-	Type             int    `binding:"Range(2,5)"`
-	Name             string `binding:"Required;MaxSize(30)"`
-	Host             string
-	Port             int
-	BindDN           string
-	BindPassword     string
-	UserBase         string
-	UserDN           string `form:"user_dn"`
-	AttributeName    string
-	AttributeSurname string
-	AttributeMail    string
-	Filter           string
-	AdminFilter      string
-	IsActive         bool
-	SMTPAuth         string
-	SMTPHost         string
-	SMTPPort         int
-	AllowedDomains   string
-	TLS              bool
-	SkipVerify       bool
-	PAMServiceName   string `form:"pam_service_name"`
+	ID                int64
+	Type              int    `binding:"Range(2,5)"`
+	Name              string `binding:"Required;MaxSize(30)"`
+	Host              string
+	Port              int
+	BindDN            string
+	BindPassword      string
+	UserBase          string
+	UserDN            string
+	AttributeUsername string
+	AttributeName     string
+	AttributeSurname  string
+	AttributeMail     string
+	Filter            string
+	AdminFilter       string
+	IsActive          bool
+	SMTPAuth          string
+	SMTPHost          string
+	SMTPPort          int
+	AllowedDomains    string
+	TLS               bool
+	SkipVerify        bool
+	PAMServiceName    string
 }

 func (f *AuthenticationForm) Validate(ctx *macaron.Context, errs binding.Errors) binding.Errors {
--- a/modules/auth/ldap/ldap.go
+++ b/modules/auth/ldap/ldap.go
@@ -9,28 +9,53 @@ package ldap
 import (
 	"crypto/tls"
 	"fmt"
+	"strings"
+
+	"gopkg.in/ldap.v2"

-	"github.com/gogits/gogs/modules/ldap"
 	"github.com/gogits/gogs/modules/log"
 )

 // Basic LDAP authentication service
 type Source struct {
-	Name             string // canonical name (ie. corporate.ad)
-	Host             string // LDAP host
-	Port             int    // port number
-	UseSSL           bool   // Use SSL
-	SkipVerify       bool
-	BindDN           string // DN to bind with
-	BindPassword     string // Bind DN password
-	UserBase         string // Base search path for users
-	UserDN           string // Template for the DN of the user for simple auth
-	AttributeName    string // First name attribute
-	AttributeSurname string // Surname attribute
-	AttributeMail    string // E-mail attribute
-	Filter           string // Query filter to validate entry
-	AdminFilter      string // Query filter to check if user is admin
-	Enabled          bool   // if this source is disabled
+	Name              string // canonical name (ie. corporate.ad)
+	Host              string // LDAP host
+	Port              int    // port number
+	UseSSL            bool   // Use SSL
+	SkipVerify        bool
+	BindDN            string // DN to bind with
+	BindPassword      string // Bind DN password
+	UserBase          string // Base search path for users
+	UserDN            string // Template for the DN of the user for simple auth
+	AttributeUsername string // Username attribute
+	AttributeName     string // First name attribute
+	AttributeSurname  string // Surname attribute
+	AttributeMail     string // E-mail attribute
+	Filter            string // Query filter to validate entry
+	AdminFilter       string // Query filter to check if user is admin
+	Enabled           bool   // if this source is disabled
+}
+
+func (ls *Source) sanitizedUserQuery(username string) (string, bool) {
+	// See http://tools.ietf.org/search/rfc4515
+	badCharacters := "\x00()*\\"
+	if strings.ContainsAny(username, badCharacters) {
+		log.Debug("'%s' contains invalid query characters. Aborting.", username)
+		return "", false
+	}
+
+	return fmt.Sprintf(ls.Filter, username), true
+}
+
+func (ls *Source) sanitizedUserDN(username string) (string, bool) {
+	// See http://tools.ietf.org/search/rfc4514: "special characters"
+	badCharacters := "\x00()*\\,='\"#+;<> "
+	if strings.ContainsAny(username, badCharacters) {
+		log.Debug("'%s' contains invalid DN characters. Aborting.", username)
+		return "", false
+	}
+
+	return fmt.Sprintf(ls.UserDN, username), true
 }

 func (ls *Source) FindUserDN(name string) (string, bool) {
@@ -55,7 +80,11 @@ func (ls *Source) FindUserDN(name string) (string, bool) {
 	}

 	// A search for the user.
-	userFilter := fmt.Sprintf(ls.Filter, name)
+	userFilter, ok := ls.sanitizedUserQuery(name)
+	if !ok {
+		return "", false
+	}
+
 	log.Trace("Searching using filter %s", userFilter)
 	search := ldap.NewSearchRequest(
 		ls.UserBase, ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0,
@@ -73,7 +102,7 @@ func (ls *Source) FindUserDN(name string) (string, bool) {

 	userDN := sr.Entries[0].DN
 	if userDN == "" {
-		log.Error(4, "LDAP search was succesful, but found no DN!")
+		log.Error(4, "LDAP search was successful, but found no DN!")
 		return "", false
 	}

@@ -81,26 +110,31 @@ func (ls *Source) FindUserDN(name string) (string, bool) {
 }

 // searchEntry : search an LDAP source if an entry (name, passwd) is valid and in the specific filter
-func (ls *Source) SearchEntry(name, passwd string, directBind bool) (string, string, string, bool, bool) {
+func (ls *Source) SearchEntry(name, passwd string, directBind bool) (string, string, string, string, bool, bool) {
 	var userDN string
 	if directBind {
 		log.Trace("LDAP will bind directly via UserDN template: %s", ls.UserDN)
-		userDN = fmt.Sprintf(ls.UserDN, name)
+
+		var ok bool
+		userDN, ok = ls.sanitizedUserDN(name)
+		if !ok {
+			return "", "", "", "", false, false
+		}
 	} else {
 		log.Trace("LDAP will use BindDN.")

 		var found bool
 		userDN, found = ls.FindUserDN(name)
 		if !found {
-			return "", "", "", false, false
+			return "", "", "", "", false, false
 		}
 	}

 	l, err := ldapDial(ls)
 	if err != nil {
-		log.Error(4, "LDAP Connect error, %s:%v", ls.Host, err)
+		log.Error(4, "LDAP Connect error (%s): %v", ls.Host, err)
 		ls.Enabled = false
-		return "", "", "", false, false
+		return "", "", "", "", false, false
 	}
 	defer l.Close()

@@ -108,11 +142,15 @@ func (ls *Source) SearchEntry(name, passwd string, directBind bool) (string, str
 	err = l.Bind(userDN, passwd)
 	if err != nil {
 		log.Debug("LDAP auth. failed for %s, reason: %v", userDN, err)
-		return "", "", "", false, false
+		return "", "", "", "", false, false
 	}

 	log.Trace("Bound successfully with userDN: %s", userDN)
-	userFilter := fmt.Sprintf(ls.Filter, name)
+	userFilter, ok := ls.sanitizedUserQuery(name)
+	if !ok {
+		return "", "", "", "", false, false
+	}
+
 	search := ldap.NewSearchRequest(
 		userDN, ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false, userFilter,
 		[]string{ls.AttributeName, ls.AttributeSurname, ls.AttributeMail},
@@ -121,7 +159,7 @@ func (ls *Source) SearchEntry(name, passwd string, directBind bool) (string, str
 	sr, err := l.Search(search)
 	if err != nil {
 		log.Error(4, "LDAP Search failed unexpectedly! (%v)", err)
-		return "", "", "", false, false
+		return "", "", "", "", false, false
 	} else if len(sr.Entries) < 1 {
 		if directBind {
 			log.Error(4, "User filter inhibited user login.")
@@ -129,9 +167,10 @@ func (ls *Source) SearchEntry(name, passwd string, directBind bool) (string, str
 			log.Error(4, "LDAP Search failed unexpectedly! (0 entries)")
 		}

-		return "", "", "", false, false
+		return "", "", "", "", false, false
 	}

+	username_attr := sr.Entries[0].GetAttributeValue(ls.AttributeUsername)
 	name_attr := sr.Entries[0].GetAttributeValue(ls.AttributeName)
 	sn_attr := sr.Entries[0].GetAttributeValue(ls.AttributeSurname)
 	mail_attr := sr.Entries[0].GetAttributeValue(ls.AttributeMail)
@@ -153,7 +192,7 @@ func (ls *Source) SearchEntry(name, passwd string, directBind bool) (string, str
 		}
 	}

-	return name_attr, sn_attr, mail_attr, admin_attr, true
+	return username_attr, name_attr, sn_attr, mail_attr, admin_attr, true
 }

 func ldapDial(ls *Source) (*ldap.Conn, error) {
--- a/modules/auth/org.go
+++ b/modules/auth/org.go
@@ -5,8 +5,8 @@
 package auth

 import (
-	"github.com/Unknwon/macaron"
-	"github.com/macaron-contrib/binding"
+	"github.com/go-macaron/binding"
+	"gopkg.in/macaron.v1"
 )

 // ________                            .__                __  .__
@@ -17,7 +17,7 @@ import (
 //         \/     /_____/     \/     \/         \/     \/                    \/

 type CreateOrgForm struct {
-	OrgName string `binding:"Required;AlphaDashDot;MaxSize(30)" locale:"org.org_name_holder"`
+	OrgName string `binding:"Required;AlphaDashDot;MaxSize(35)" locale:"org.org_name_holder"`
 }

 func (f *CreateOrgForm) Validate(ctx *macaron.Context, errs binding.Errors) binding.Errors {
@@ -25,7 +25,7 @@ func (f *CreateOrgForm) Validate(ctx *macaron.Context, errs binding.Errors) bind
 }

 type UpdateOrgSettingForm struct {
-	Name        string `binding:"Required;AlphaDashDot;MaxSize(30)" locale:"org.org_name_holder"`
+	Name        string `binding:"Required;AlphaDashDot;MaxSize(35)" locale:"org.org_name_holder"`
 	FullName    string `binding:"MaxSize(100)"`
 	Description string `binding:"MaxSize(255)"`
 	Website     string `binding:"Url;MaxSize(100)"`
--- a/modules/auth/repo_form.go
+++ b/modules/auth/repo_form.go
@@ -5,8 +5,14 @@
 package auth

 import (
-	"github.com/Unknwon/macaron"
-	"github.com/macaron-contrib/binding"
+	"net/url"
+	"strings"
+
+	"github.com/Unknwon/com"
+	"github.com/go-macaron/binding"
+	"gopkg.in/macaron.v1"
+
+	"github.com/gogits/gogs/models"
 )

 // _______________________________________    _________.______________________ _______________.___.
@@ -37,8 +43,8 @@ type MigrateRepoForm struct {
 	AuthPassword string `json:"auth_password"`
 	Uid          int64  `json:"uid" binding:"Required"`
 	RepoName     string `json:"repo_name" binding:"Required;AlphaDashDot;MaxSize(100)"`
-	Private      bool   `json:"mirror"`
-	Mirror       bool   `json:"private"`
+	Mirror       bool   `json:"mirror"`
+	Private      bool   `json:"private"`
 	Description  string `json:"description" binding:"MaxSize(255)"`
 }

@@ -46,6 +52,34 @@ func (f *MigrateRepoForm) Validate(ctx *macaron.Context, errs binding.Errors) bi
 	return validate(errs, ctx.Data, f, ctx.Locale)
 }

+// ParseRemoteAddr checks if given remote address is valid,
+// and returns composed URL with needed username and passowrd.
+// It also checks if given user has permission when remote address
+// is actually a local path.
+func (f MigrateRepoForm) ParseRemoteAddr(user *models.User) (string, error) {
+	remoteAddr := f.CloneAddr
+
+	// Remote address can be HTTP/HTTPS/Git URL or local path.
+	if strings.HasPrefix(remoteAddr, "http://") ||
+		strings.HasPrefix(remoteAddr, "https://") ||
+		strings.HasPrefix(remoteAddr, "git://") {
+		u, err := url.Parse(remoteAddr)
+		if err != nil {
+			return "", models.ErrInvalidCloneAddr{IsURLError: true}
+		}
+		if len(f.AuthUsername)+len(f.AuthPassword) > 0 {
+			u.User = url.UserPassword(f.AuthUsername, f.AuthPassword)
+		}
+		remoteAddr = u.String()
+	} else if !user.CanImportLocal() {
+		return "", models.ErrInvalidCloneAddr{IsPermissionDenied: true}
+	} else if !com.IsDir(remoteAddr) {
+		return "", models.ErrInvalidCloneAddr{IsInvalidPath: true}
+	}
+
+	return remoteAddr, nil
+}
+
 type RepoSettingForm struct {
 	RepoName    string `binding:"Required;AlphaDashDot;MaxSize(100)"`
 	Description string `binding:"MaxSize(255)"`
@@ -53,6 +87,13 @@ type RepoSettingForm struct {
 	Branch      string
 	Interval    int
 	Private     bool
+
+	// Advanced settings
+	EnableWiki            bool
+	EnableIssues          bool
+	EnableExternalTracker bool
+	TrackerURLFormat      string
+	EnablePulls           bool
 }

 func (f *RepoSettingForm) Validate(ctx *macaron.Context, errs binding.Errors) binding.Errors {
@@ -181,12 +222,12 @@ func (f *CreateLabelForm) Validate(ctx *macaron.Context, errs binding.Errors) bi
 //         \/     \/          \/     \/     \/     \/

 type NewReleaseForm struct {
-	TagName    string `form:"tag_name" binding:"Required"`
+	TagName    string `binding:"Required"`
 	Target     string `form:"tag_target" binding:"Required"`
-	Title      string `form:"title" binding:"Required"`
-	Content    string `form:"content" binding:"Required"`
-	Draft      string `form:"draft"`
-	Prerelease bool   `form:"prerelease"`
+	Title      string `binding:"Required"`
+	Content    string
+	Draft      string
+	Prerelease bool
 }

 func (f *NewReleaseForm) Validate(ctx *macaron.Context, errs binding.Errors) binding.Errors {
@@ -203,3 +244,22 @@ type EditReleaseForm struct {
 func (f *EditReleaseForm) Validate(ctx *macaron.Context, errs binding.Errors) binding.Errors {
 	return validate(errs, ctx.Data, f, ctx.Locale)
 }
+
+//  __      __.__ __   .__
+// /  \    /  \__|  | _|__|
+// \   \/\/   /  |  |/ /  |
+//  \        /|  |    <|  |
+//   \__/\  / |__|__|_ \__|
+//        \/          \/
+
+type NewWikiForm struct {
+	OldTitle string
+	Title    string `binding:"Required"`
+	Content  string `binding:"Required"`
+	Message  string
+}
+
+// FIXME: use code generation to generate this method.
+func (f *NewWikiForm) Validate(ctx *macaron.Context, errs binding.Errors) binding.Errors {
+	return validate(errs, ctx.Data, f, ctx.Locale)
+}
--- a/modules/auth/user_form.go
+++ b/modules/auth/user_form.go
@@ -7,8 +7,8 @@ package auth
 import (
 	"mime/multipart"

-	"github.com/Unknwon/macaron"
-	"github.com/macaron-contrib/binding"
+	"github.com/go-macaron/binding"
+	"gopkg.in/macaron.v1"
 )

 type InstallForm struct {
@@ -30,7 +30,7 @@ type InstallForm struct {

 	SMTPHost        string
 	SMTPFrom        string
-	SMTPEmail       string `binding:"OmitEmpty;Email;MaxSize(50)" locale:"install.mailer_user"`
+	SMTPEmail       string `binding:"OmitEmpty;Email;MaxSize(254)" locale:"install.mailer_user"`
 	SMTPPasswd      string
 	RegisterConfirm bool
 	MailNotify      bool
@@ -44,7 +44,7 @@ type InstallForm struct {
 	AdminName          string `binding:"OmitEmpty;AlphaDashDot;MaxSize(30)" locale:"install.admin_name"`
 	AdminPasswd        string `binding:"OmitEmpty;MaxSize(255)" locale:"install.admin_password"`
 	AdminConfirmPasswd string
-	AdminEmail         string `binding:"OmitEmpty;Email;MaxSize(50)" locale:"install.admin_email"`
+	AdminEmail         string `binding:"OmitEmpty;MinSize(3);MaxSize(254);Include(@)" locale:"install.admin_email"`
 }

 func (f *InstallForm) Validate(ctx *macaron.Context, errs binding.Errors) binding.Errors {
--- a/modules/avatar/avatar.go
+++ b/modules/avatar/avatar.go
@@ -32,13 +32,15 @@ import (
 	"sync"
 	"time"

+	"github.com/issue9/identicon"
 	"github.com/nfnt/resize"

-	"github.com/gogits/gogs/modules/identicon"
 	"github.com/gogits/gogs/modules/log"
 	"github.com/gogits/gogs/modules/setting"
 )

+//FIXME: remove cache module
+
 var gravatarSource string

 func UpdateGravatarSource() {
@@ -102,7 +104,7 @@ func New(hash string, cacheDir string) *Avatar {
 		expireDuration: time.Minute * 10,
 		reqParams: url.Values{
 			"d":    {"retro"},
-			"size": {"200"},
+			"size": {"290"},
 			"r":    {"pg"}}.Encode(),
 		imagePath: filepath.Join(cacheDir, hash+".image"), //maybe png or jpeg
 	}
@@ -153,7 +155,7 @@ func (this *Avatar) Encode(wr io.Writer, size int) (err error) {
 	if img, err = decodeImageFile(imgPath); err != nil {
 		return
 	}
-	m := resize.Resize(uint(size), 0, img, resize.NearestNeighbor)
+	m := resize.Resize(uint(size), 0, img, resize.Lanczos3)
 	return jpeg.Encode(wr, m, nil)
 }

@@ -192,7 +194,7 @@ func (this *service) mustInt(r *http.Request, defaultValue int, keys ...string)
 func (this *service) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	urlPath := r.URL.Path
 	hash := urlPath[strings.LastIndex(urlPath, "/")+1:]
-	size := this.mustInt(r, 80, "s", "size") // default size = 80*80
+	size := this.mustInt(r, 290, "s", "size") // default size = 290*290

 	avatar := New(hash, this.cacheDir)
 	avatar.AlterImage = this.altImage
--- a/modules/base/base.go
+++ b/modules/base/base.go
@@ -4,15 +4,29 @@

 package base

+import (
+	"os"
+	"os/exec"
+	"path/filepath"
+)
+
 const DOC_URL = "https://github.com/gogits/go-gogs-client/wiki"

 type (
 	TplName string
-
-	ApiJsonErr struct {
-		Message string `json:"message"`
-		DocUrl  string `json:"url"`
-	}
 )

 var GoGetMetas = make(map[string]bool)
+
+// ExecPath returns the executable path.
+func ExecPath() (string, error) {
+	file, err := exec.LookPath(os.Args[0])
+	if err != nil {
+		return "", err
+	}
+	p, err := filepath.Abs(file)
+	if err != nil {
+		return "", err
+	}
+	return p, nil
+}
--- a/modules/base/markdown.go
+++ b/modules/base/markdown.go
@@ -14,6 +14,7 @@ import (
 	"regexp"
 	"strings"

+	"github.com/Unknwon/com"
 	"github.com/russross/blackfriday"
 	"golang.org/x/net/html"

@@ -99,12 +100,33 @@ func (options *CustomRender) Link(out *bytes.Buffer, link []byte, title []byte,
 	options.Renderer.Link(out, link, title, content)
 }

+var (
+	svgSuffix         = []byte(".svg")
+	svgSuffixWithMark = []byte(".svg?")
+)
+
 func (options *CustomRender) Image(out *bytes.Buffer, link []byte, title []byte, alt []byte) {
-	if len(link) > 0 && !isLink(link) {
-		link = []byte(path.Join(strings.Replace(options.urlPrefix, "/src/", "/raw/", 1), string(link)))
+	prefix := strings.Replace(options.urlPrefix, "/src/", "/raw/", 1)
+	if len(link) > 0 {
+		if isLink(link) {
+			// External link with .svg suffix usually means CI status.
+			if bytes.HasSuffix(link, svgSuffix) || bytes.Contains(link, svgSuffixWithMark) {
+				options.Renderer.Image(out, link, title, alt)
+				return
+			}
+		} else {
+			if link[0] != '/' {
+				prefix += "/"
+			}
+			link = []byte(prefix + string(link))
+		}
 	}

+	out.WriteString(`<a href="`)
+	out.Write(link)
+	out.WriteString(`">`)
 	options.Renderer.Image(out, link, title, alt)
+	out.WriteString("</a>")
 }

 var (
@@ -115,7 +137,43 @@ var (
 	sha1CurrentPattern = regexp.MustCompile(`\b[0-9a-f]{40}\b`)
 )

-func RenderSpecialLink(rawBytes []byte, urlPrefix string) []byte {
+func cutoutVerbosePrefix(prefix string) string {
+	count := 0
+	for i := 0; i < len(prefix); i++ {
+		if prefix[i] == '/' {
+			count++
+		}
+		if count >= 3 {
+			return prefix[:i]
+		}
+	}
+	return prefix
+}
+
+func RenderIssueIndexPattern(rawBytes []byte, urlPrefix string, metas map[string]string) []byte {
+	urlPrefix = cutoutVerbosePrefix(urlPrefix)
+	ms := issueIndexPattern.FindAll(rawBytes, -1)
+	for _, m := range ms {
+		var space string
+		m2 := m
+		if m2[0] == ' ' {
+			space = " "
+			m2 = m2[1:]
+		}
+		if metas == nil {
+			rawBytes = bytes.Replace(rawBytes, m, []byte(fmt.Sprintf(`%s<a href="%s/issues/%s">%s</a>`,
+				space, urlPrefix, m2[1:], m2)), 1)
+		} else {
+			// Support for external issue tracker
+			metas["index"] = string(m2[1:])
+			rawBytes = bytes.Replace(rawBytes, m, []byte(fmt.Sprintf(`%s<a href="%s">%s</a>`,
+				space, com.Expand(metas["format"], metas), m2)), 1)
+		}
+	}
+	return rawBytes
+}
+
+func RenderSpecialLink(rawBytes []byte, urlPrefix string, metas map[string]string) []byte {
 	ms := MentionPattern.FindAll(rawBytes, -1)
 	for _, m := range ms {
 		m = bytes.TrimSpace(m)
@@ -123,29 +181,7 @@ func RenderSpecialLink(rawBytes []byte, urlPrefix string) []byte {
 			[]byte(fmt.Sprintf(`<a href="%s/%s">%s</a>`, setting.AppSubUrl, m[1:], m)), -1)
 	}

-	ms = commitPattern.FindAll(rawBytes, -1)
-	for _, m := range ms {
-		m = bytes.TrimSpace(m)
-		i := strings.Index(string(m), "commit/")
-		j := strings.Index(string(m), "#")
-		if j == -1 {
-			j = len(m)
-		}
-		rawBytes = bytes.Replace(rawBytes, m, []byte(fmt.Sprintf(
-			` <code><a href="%s">%s</a></code>`, m, ShortSha(string(m[i+7:j])))), -1)
-	}
-	ms = issueFullPattern.FindAll(rawBytes, -1)
-	for _, m := range ms {
-		m = bytes.TrimSpace(m)
-		i := strings.Index(string(m), "issues/")
-		j := strings.Index(string(m), "#")
-		if j == -1 {
-			j = len(m)
-		}
-		rawBytes = bytes.Replace(rawBytes, m, []byte(fmt.Sprintf(
-			` <a href="%s">#%s</a>`, m, ShortSha(string(m[i+7:j])))), -1)
-	}
-	rawBytes = RenderIssueIndexPattern(rawBytes, urlPrefix)
+	rawBytes = RenderIssueIndexPattern(rawBytes, urlPrefix, metas)
 	rawBytes = RenderSha1CurrentPattern(rawBytes, urlPrefix)
 	return rawBytes
 }
@@ -159,33 +195,10 @@ func RenderSha1CurrentPattern(rawBytes []byte, urlPrefix string) []byte {
 	return rawBytes
 }

-func RenderIssueIndexPattern(rawBytes []byte, urlPrefix string) []byte {
-	ms := issueIndexPattern.FindAll(rawBytes, -1)
-	for _, m := range ms {
-		var space string
-		m2 := m
-		if m2[0] == ' ' {
-			space = " "
-			m2 = m2[1:]
-		}
-		rawBytes = bytes.Replace(rawBytes, m, []byte(fmt.Sprintf(`%s<a href="%s/issues/%s">%s</a>`,
-			space, urlPrefix, m2[1:], m2)), 1)
-	}
-	return rawBytes
-}
-
 func RenderRawMarkdown(body []byte, urlPrefix string) []byte {
 	htmlFlags := 0
-	// htmlFlags |= blackfriday.HTML_USE_XHTML
-	// htmlFlags |= blackfriday.HTML_USE_SMARTYPANTS
-	// htmlFlags |= blackfriday.HTML_SMARTYPANTS_FRACTIONS
-	// htmlFlags |= blackfriday.HTML_SMARTYPANTS_LATEX_DASHES
-	// htmlFlags |= blackfriday.HTML_SKIP_HTML
 	htmlFlags |= blackfriday.HTML_SKIP_STYLE
-	// htmlFlags |= blackfriday.HTML_SKIP_SCRIPT
-	// htmlFlags |= blackfriday.HTML_GITHUB_BLOCKCODE
 	htmlFlags |= blackfriday.HTML_OMIT_CONTENTS
-	// htmlFlags |= blackfriday.HTML_COMPLETE_PAGE
 	renderer := &CustomRender{
 		Renderer:  blackfriday.HtmlRenderer(htmlFlags, "", ""),
 		urlPrefix: urlPrefix,
@@ -209,33 +222,96 @@ func RenderRawMarkdown(body []byte, urlPrefix string) []byte {
 	return body
 }

+var (
+	leftAngleBracket  = []byte("</")
+	rightAngleBracket = []byte(">")
+)
+
+var noEndTags = []string{"img", "input", "br", "hr"}
+
+// PreProcessMarkdown renders full links of commits, issues and pulls to shorter version.
+func PreProcessMarkdown(rawHTML []byte, urlPrefix string) []byte {
+	ms := commitPattern.FindAll(rawHTML, -1)
+	for _, m := range ms {
+		m = bytes.TrimSpace(m)
+		i := strings.Index(string(m), "commit/")
+		j := strings.Index(string(m), "#")
+		if j == -1 {
+			j = len(m)
+		}
+		rawHTML = bytes.Replace(rawHTML, m, []byte(fmt.Sprintf(
+			` <code><a href="%s">%s</a></code>`, m, ShortSha(string(m[i+7:j])))), -1)
+	}
+	ms = issueFullPattern.FindAll(rawHTML, -1)
+	for _, m := range ms {
+		m = bytes.TrimSpace(m)
+		i := strings.Index(string(m), "issues/")
+		j := strings.Index(string(m), "#")
+		if j == -1 {
+			j = len(m)
+		}
+		rawHTML = bytes.Replace(rawHTML, m, []byte(fmt.Sprintf(
+			` <a href="%s">#%s</a>`, m, ShortSha(string(m[i+7:j])))), -1)
+	}
+	return rawHTML
+}
+
 // PostProcessMarkdown treats different types of HTML differently,
 // and only renders special links for plain text blocks.
-func PostProcessMarkdown(rawHtml []byte, urlPrefix string) []byte {
+func PostProcessMarkdown(rawHtml []byte, urlPrefix string, metas map[string]string) []byte {
+	startTags := make([]string, 0, 5)
 	var buf bytes.Buffer
 	tokenizer := html.NewTokenizer(bytes.NewReader(rawHtml))
+
+OUTER_LOOP:
 	for html.ErrorToken != tokenizer.Next() {
 		token := tokenizer.Token()
 		switch token.Type {
 		case html.TextToken:
-			buf.Write(RenderSpecialLink([]byte(token.String()), urlPrefix))
+			buf.Write(RenderSpecialLink([]byte(token.String()), urlPrefix, metas))

 		case html.StartTagToken:
 			buf.WriteString(token.String())
 			tagName := token.Data
 			// If this is an excluded tag, we skip processing all output until a close tag is encountered.
 			if strings.EqualFold("a", tagName) || strings.EqualFold("code", tagName) || strings.EqualFold("pre", tagName) {
+				stackNum := 1
 				for html.ErrorToken != tokenizer.Next() {
 					token = tokenizer.Token()
+
 					// Copy the token to the output verbatim
 					buf.WriteString(token.String())
-					// If this is the close tag, we are done
-					if html.EndTagToken == token.Type && strings.EqualFold(tagName, token.Data) {
-						break
+
+					if token.Type == html.StartTagToken {
+						stackNum++
+					}
+
+					// If this is the close tag to the outer-most, we are done
+					if token.Type == html.EndTagToken && strings.EqualFold(tagName, token.Data) {
+						stackNum--
+
+						if stackNum == 0 {
+							break
+						}
 					}
 				}
+				continue OUTER_LOOP
 			}

+			if !com.IsSliceContainsStr(noEndTags, token.Data) {
+				startTags = append(startTags, token.Data)
+			}
+
+		case html.EndTagToken:
+			if len(startTags) == 0 {
+				buf.WriteString(token.String())
+				break
+			}
+
+			buf.Write(leftAngleBracket)
+			buf.WriteString(startTags[len(startTags)-1])
+			buf.Write(rightAngleBracket)
+			startTags = startTags[:len(startTags)-1]
 		default:
 			buf.WriteString(token.String())
 		}
@@ -250,13 +326,14 @@ func PostProcessMarkdown(rawHtml []byte, urlPrefix string) []byte {
 	return rawHtml
 }

-func RenderMarkdown(rawBytes []byte, urlPrefix string) []byte {
-	result := RenderRawMarkdown(rawBytes, urlPrefix)
-	result = PostProcessMarkdown(result, urlPrefix)
+func RenderMarkdown(rawBytes []byte, urlPrefix string, metas map[string]string) []byte {
+	result := PreProcessMarkdown(rawBytes, urlPrefix)
+	result = RenderRawMarkdown(result, urlPrefix)
+	result = PostProcessMarkdown(result, urlPrefix, metas)
 	result = Sanitizer.SanitizeBytes(result)
 	return result
 }

-func RenderMarkdownString(raw, urlPrefix string) string {
-	return string(RenderMarkdown([]byte(raw), urlPrefix))
+func RenderMarkdownString(raw, urlPrefix string, metas map[string]string) string {
+	return string(RenderMarkdown([]byte(raw), urlPrefix, metas))
 }
--- a/modules/base/tool.go
+++ b/modules/base/tool.go
@@ -23,14 +23,16 @@ import (
 	"github.com/Unknwon/i18n"
 	"github.com/microcosm-cc/bluemonday"

+	"github.com/gogits/chardet"
+
 	"github.com/gogits/gogs/modules/avatar"
 	"github.com/gogits/gogs/modules/setting"
 )

 var Sanitizer = bluemonday.UGCPolicy().AllowAttrs("class").Matching(regexp.MustCompile(`[\p{L}\p{N}\s\-_',:\[\]!\./\\\(\)&]*`)).OnElements("code")

-// Encode string to md5 hex value.
-func EncodeMd5(str string) string {
+// EncodeMD5 encodes string to md5 hex value.
+func EncodeMD5(str string) string {
 	m := md5.New()
 	m.Write([]byte(str))
 	return hex.EncodeToString(m.Sum(nil))
@@ -43,6 +45,22 @@ func EncodeSha1(str string) string {
 	return hex.EncodeToString(h.Sum(nil))
 }

+func ShortSha(sha1 string) string {
+	if len(sha1) == 40 {
+		return sha1[:10]
+	}
+	return sha1
+}
+
+func DetectEncoding(content []byte) (string, error) {
+	detector := chardet.NewTextDetector()
+	result, err := detector.DetectBest(content)
+	if result.Charset != "UTF-8" && len(setting.Repository.AnsiCharset) > 0 {
+		return setting.Repository.AnsiCharset, err
+	}
+	return result.Charset, err
+}
+
 func BasicAuthDecode(encoded string) (string, string, error) {
 	s, err := base64.StdEncoding.DecodeString(encoded)
 	if err != nil {
--- a/modules/bindata/bindata.go
+++ b/modules/bindata/bindata.go
--- a/modules/cron/parser_test.go
+++ b/modules/cron/parser_test.go
@@ -111,7 +111,7 @@ func TestSpecSchedule(t *testing.T) {
 			t.Error(err)
 		}
 		if !reflect.DeepEqual(actual, c.expected) {
-			t.Errorf("%s => (expected) %b != %b (actual)", c.expr, c.expected, actual)
+			t.Errorf("%s => (expected) %v != %v (actual)", c.expr, c.expected, actual)
 		}
 	}
 }
--- a/modules/crypto/ssh/agent/client.go
+++ b/modules/crypto/ssh/agent/client.go
@@ -1,615 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-/*
-  Package agent implements a client to an ssh-agent daemon.
-
-References:
-  [PROTOCOL.agent]:    http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/PROTOCOL.agent?rev=HEAD
-*/
-package agent
-
-import (
-	"bytes"
-	"crypto/dsa"
-	"crypto/ecdsa"
-	"crypto/elliptic"
-	"crypto/rsa"
-	"encoding/base64"
-	"encoding/binary"
-	"errors"
-	"fmt"
-	"io"
-	"math/big"
-	"sync"
-
-	"github.com/gogits/gogs/modules/crypto/ssh"
-)
-
-// Agent represents the capabilities of an ssh-agent.
-type Agent interface {
-	// List returns the identities known to the agent.
-	List() ([]*Key, error)
-
-	// Sign has the agent sign the data using a protocol 2 key as defined
-	// in [PROTOCOL.agent] section 2.6.2.
-	Sign(key ssh.PublicKey, data []byte) (*ssh.Signature, error)
-
-	// Add adds a private key to the agent.
-	Add(key AddedKey) error
-
-	// Remove removes all identities with the given public key.
-	Remove(key ssh.PublicKey) error
-
-	// RemoveAll removes all identities.
-	RemoveAll() error
-
-	// Lock locks the agent. Sign and Remove will fail, and List will empty an empty list.
-	Lock(passphrase []byte) error
-
-	// Unlock undoes the effect of Lock
-	Unlock(passphrase []byte) error
-
-	// Signers returns signers for all the known keys.
-	Signers() ([]ssh.Signer, error)
-}
-
-// AddedKey describes an SSH key to be added to an Agent.
-type AddedKey struct {
-	// PrivateKey must be a *rsa.PrivateKey, *dsa.PrivateKey or
-	// *ecdsa.PrivateKey, which will be inserted into the agent.
-	PrivateKey interface{}
-	// Certificate, if not nil, is communicated to the agent and will be
-	// stored with the key.
-	Certificate *ssh.Certificate
-	// Comment is an optional, free-form string.
-	Comment string
-	// LifetimeSecs, if not zero, is the number of seconds that the
-	// agent will store the key for.
-	LifetimeSecs uint32
-	// ConfirmBeforeUse, if true, requests that the agent confirm with the
-	// user before each use of this key.
-	ConfirmBeforeUse bool
-}
-
-// See [PROTOCOL.agent], section 3.
-const (
-	agentRequestV1Identities = 1
-
-	// 3.2 Requests from client to agent for protocol 2 key operations
-	agentAddIdentity         = 17
-	agentRemoveIdentity      = 18
-	agentRemoveAllIdentities = 19
-	agentAddIdConstrained    = 25
-
-	// 3.3 Key-type independent requests from client to agent
-	agentAddSmartcardKey            = 20
-	agentRemoveSmartcardKey         = 21
-	agentLock                       = 22
-	agentUnlock                     = 23
-	agentAddSmartcardKeyConstrained = 26
-
-	// 3.7 Key constraint identifiers
-	agentConstrainLifetime = 1
-	agentConstrainConfirm  = 2
-)
-
-// maxAgentResponseBytes is the maximum agent reply size that is accepted. This
-// is a sanity check, not a limit in the spec.
-const maxAgentResponseBytes = 16 << 20
-
-// Agent messages:
-// These structures mirror the wire format of the corresponding ssh agent
-// messages found in [PROTOCOL.agent].
-
-// 3.4 Generic replies from agent to client
-const agentFailure = 5
-
-type failureAgentMsg struct{}
-
-const agentSuccess = 6
-
-type successAgentMsg struct{}
-
-// See [PROTOCOL.agent], section 2.5.2.
-const agentRequestIdentities = 11
-
-type requestIdentitiesAgentMsg struct{}
-
-// See [PROTOCOL.agent], section 2.5.2.
-const agentIdentitiesAnswer = 12
-
-type identitiesAnswerAgentMsg struct {
-	NumKeys uint32 `sshtype:"12"`
-	Keys    []byte `ssh:"rest"`
-}
-
-// See [PROTOCOL.agent], section 2.6.2.
-const agentSignRequest = 13
-
-type signRequestAgentMsg struct {
-	KeyBlob []byte `sshtype:"13"`
-	Data    []byte
-	Flags   uint32
-}
-
-// See [PROTOCOL.agent], section 2.6.2.
-
-// 3.6 Replies from agent to client for protocol 2 key operations
-const agentSignResponse = 14
-
-type signResponseAgentMsg struct {
-	SigBlob []byte `sshtype:"14"`
-}
-
-type publicKey struct {
-	Format string
-	Rest   []byte `ssh:"rest"`
-}
-
-// Key represents a protocol 2 public key as defined in
-// [PROTOCOL.agent], section 2.5.2.
-type Key struct {
-	Format  string
-	Blob    []byte
-	Comment string
-}
-
-func clientErr(err error) error {
-	return fmt.Errorf("agent: client error: %v", err)
-}
-
-// String returns the storage form of an agent key with the format, base64
-// encoded serialized key, and the comment if it is not empty.
-func (k *Key) String() string {
-	s := string(k.Format) + " " + base64.StdEncoding.EncodeToString(k.Blob)
-
-	if k.Comment != "" {
-		s += " " + k.Comment
-	}
-
-	return s
-}
-
-// Type returns the public key type.
-func (k *Key) Type() string {
-	return k.Format
-}
-
-// Marshal returns key blob to satisfy the ssh.PublicKey interface.
-func (k *Key) Marshal() []byte {
-	return k.Blob
-}
-
-// Verify satisfies the ssh.PublicKey interface, but is not
-// implemented for agent keys.
-func (k *Key) Verify(data []byte, sig *ssh.Signature) error {
-	return errors.New("agent: agent key does not know how to verify")
-}
-
-type wireKey struct {
-	Format string
-	Rest   []byte `ssh:"rest"`
-}
-
-func parseKey(in []byte) (out *Key, rest []byte, err error) {
-	var record struct {
-		Blob    []byte
-		Comment string
-		Rest    []byte `ssh:"rest"`
-	}
-
-	if err := ssh.Unmarshal(in, &record); err != nil {
-		return nil, nil, err
-	}
-
-	var wk wireKey
-	if err := ssh.Unmarshal(record.Blob, &wk); err != nil {
-		return nil, nil, err
-	}
-
-	return &Key{
-		Format:  wk.Format,
-		Blob:    record.Blob,
-		Comment: record.Comment,
-	}, record.Rest, nil
-}
-
-// client is a client for an ssh-agent process.
-type client struct {
-	// conn is typically a *net.UnixConn
-	conn io.ReadWriter
-	// mu is used to prevent concurrent access to the agent
-	mu sync.Mutex
-}
-
-// NewClient returns an Agent that talks to an ssh-agent process over
-// the given connection.
-func NewClient(rw io.ReadWriter) Agent {
-	return &client{conn: rw}
-}
-
-// call sends an RPC to the agent. On success, the reply is
-// unmarshaled into reply and replyType is set to the first byte of
-// the reply, which contains the type of the message.
-func (c *client) call(req []byte) (reply interface{}, err error) {
-	c.mu.Lock()
-	defer c.mu.Unlock()
-
-	msg := make([]byte, 4+len(req))
-	binary.BigEndian.PutUint32(msg, uint32(len(req)))
-	copy(msg[4:], req)
-	if _, err = c.conn.Write(msg); err != nil {
-		return nil, clientErr(err)
-	}
-
-	var respSizeBuf [4]byte
-	if _, err = io.ReadFull(c.conn, respSizeBuf[:]); err != nil {
-		return nil, clientErr(err)
-	}
-	respSize := binary.BigEndian.Uint32(respSizeBuf[:])
-	if respSize > maxAgentResponseBytes {
-		return nil, clientErr(err)
-	}
-
-	buf := make([]byte, respSize)
-	if _, err = io.ReadFull(c.conn, buf); err != nil {
-		return nil, clientErr(err)
-	}
-	reply, err = unmarshal(buf)
-	if err != nil {
-		return nil, clientErr(err)
-	}
-	return reply, err
-}
-
-func (c *client) simpleCall(req []byte) error {
-	resp, err := c.call(req)
-	if err != nil {
-		return err
-	}
-	if _, ok := resp.(*successAgentMsg); ok {
-		return nil
-	}
-	return errors.New("agent: failure")
-}
-
-func (c *client) RemoveAll() error {
-	return c.simpleCall([]byte{agentRemoveAllIdentities})
-}
-
-func (c *client) Remove(key ssh.PublicKey) error {
-	req := ssh.Marshal(&agentRemoveIdentityMsg{
-		KeyBlob: key.Marshal(),
-	})
-	return c.simpleCall(req)
-}
-
-func (c *client) Lock(passphrase []byte) error {
-	req := ssh.Marshal(&agentLockMsg{
-		Passphrase: passphrase,
-	})
-	return c.simpleCall(req)
-}
-
-func (c *client) Unlock(passphrase []byte) error {
-	req := ssh.Marshal(&agentUnlockMsg{
-		Passphrase: passphrase,
-	})
-	return c.simpleCall(req)
-}
-
-// List returns the identities known to the agent.
-func (c *client) List() ([]*Key, error) {
-	// see [PROTOCOL.agent] section 2.5.2.
-	req := []byte{agentRequestIdentities}
-
-	msg, err := c.call(req)
-	if err != nil {
-		return nil, err
-	}
-
-	switch msg := msg.(type) {
-	case *identitiesAnswerAgentMsg:
-		if msg.NumKeys > maxAgentResponseBytes/8 {
-			return nil, errors.New("agent: too many keys in agent reply")
-		}
-		keys := make([]*Key, msg.NumKeys)
-		data := msg.Keys
-		for i := uint32(0); i < msg.NumKeys; i++ {
-			var key *Key
-			var err error
-			if key, data, err = parseKey(data); err != nil {
-				return nil, err
-			}
-			keys[i] = key
-		}
-		return keys, nil
-	case *failureAgentMsg:
-		return nil, errors.New("agent: failed to list keys")
-	}
-	panic("unreachable")
-}
-
-// Sign has the agent sign the data using a protocol 2 key as defined
-// in [PROTOCOL.agent] section 2.6.2.
-func (c *client) Sign(key ssh.PublicKey, data []byte) (*ssh.Signature, error) {
-	req := ssh.Marshal(signRequestAgentMsg{
-		KeyBlob: key.Marshal(),
-		Data:    data,
-	})
-
-	msg, err := c.call(req)
-	if err != nil {
-		return nil, err
-	}
-
-	switch msg := msg.(type) {
-	case *signResponseAgentMsg:
-		var sig ssh.Signature
-		if err := ssh.Unmarshal(msg.SigBlob, &sig); err != nil {
-			return nil, err
-		}
-
-		return &sig, nil
-	case *failureAgentMsg:
-		return nil, errors.New("agent: failed to sign challenge")
-	}
-	panic("unreachable")
-}
-
-// unmarshal parses an agent message in packet, returning the parsed
-// form and the message type of packet.
-func unmarshal(packet []byte) (interface{}, error) {
-	if len(packet) < 1 {
-		return nil, errors.New("agent: empty packet")
-	}
-	var msg interface{}
-	switch packet[0] {
-	case agentFailure:
-		return new(failureAgentMsg), nil
-	case agentSuccess:
-		return new(successAgentMsg), nil
-	case agentIdentitiesAnswer:
-		msg = new(identitiesAnswerAgentMsg)
-	case agentSignResponse:
-		msg = new(signResponseAgentMsg)
-	default:
-		return nil, fmt.Errorf("agent: unknown type tag %d", packet[0])
-	}
-	if err := ssh.Unmarshal(packet, msg); err != nil {
-		return nil, err
-	}
-	return msg, nil
-}
-
-type rsaKeyMsg struct {
-	Type        string `sshtype:"17"`
-	N           *big.Int
-	E           *big.Int
-	D           *big.Int
-	Iqmp        *big.Int // IQMP = Inverse Q Mod P
-	P           *big.Int
-	Q           *big.Int
-	Comments    string
-	Constraints []byte `ssh:"rest"`
-}
-
-type dsaKeyMsg struct {
-	Type        string `sshtype:"17"`
-	P           *big.Int
-	Q           *big.Int
-	G           *big.Int
-	Y           *big.Int
-	X           *big.Int
-	Comments    string
-	Constraints []byte `ssh:"rest"`
-}
-
-type ecdsaKeyMsg struct {
-	Type        string `sshtype:"17"`
-	Curve       string
-	KeyBytes    []byte
-	D           *big.Int
-	Comments    string
-	Constraints []byte `ssh:"rest"`
-}
-
-// Insert adds a private key to the agent.
-func (c *client) insertKey(s interface{}, comment string, constraints []byte) error {
-	var req []byte
-	switch k := s.(type) {
-	case *rsa.PrivateKey:
-		if len(k.Primes) != 2 {
-			return fmt.Errorf("agent: unsupported RSA key with %d primes", len(k.Primes))
-		}
-		k.Precompute()
-		req = ssh.Marshal(rsaKeyMsg{
-			Type:        ssh.KeyAlgoRSA,
-			N:           k.N,
-			E:           big.NewInt(int64(k.E)),
-			D:           k.D,
-			Iqmp:        k.Precomputed.Qinv,
-			P:           k.Primes[0],
-			Q:           k.Primes[1],
-			Comments:    comment,
-			Constraints: constraints,
-		})
-	case *dsa.PrivateKey:
-		req = ssh.Marshal(dsaKeyMsg{
-			Type:        ssh.KeyAlgoDSA,
-			P:           k.P,
-			Q:           k.Q,
-			G:           k.G,
-			Y:           k.Y,
-			X:           k.X,
-			Comments:    comment,
-			Constraints: constraints,
-		})
-	case *ecdsa.PrivateKey:
-		nistID := fmt.Sprintf("nistp%d", k.Params().BitSize)
-		req = ssh.Marshal(ecdsaKeyMsg{
-			Type:        "ecdsa-sha2-" + nistID,
-			Curve:       nistID,
-			KeyBytes:    elliptic.Marshal(k.Curve, k.X, k.Y),
-			D:           k.D,
-			Comments:    comment,
-			Constraints: constraints,
-		})
-	default:
-		return fmt.Errorf("agent: unsupported key type %T", s)
-	}
-
-	// if constraints are present then the message type needs to be changed.
-	if len(constraints) != 0 {
-		req[0] = agentAddIdConstrained
-	}
-
-	resp, err := c.call(req)
-	if err != nil {
-		return err
-	}
-	if _, ok := resp.(*successAgentMsg); ok {
-		return nil
-	}
-	return errors.New("agent: failure")
-}
-
-type rsaCertMsg struct {
-	Type        string `sshtype:"17"`
-	CertBytes   []byte
-	D           *big.Int
-	Iqmp        *big.Int // IQMP = Inverse Q Mod P
-	P           *big.Int
-	Q           *big.Int
-	Comments    string
-	Constraints []byte `ssh:"rest"`
-}
-
-type dsaCertMsg struct {
-	Type        string `sshtype:"17"`
-	CertBytes   []byte
-	X           *big.Int
-	Comments    string
-	Constraints []byte `ssh:"rest"`
-}
-
-type ecdsaCertMsg struct {
-	Type        string `sshtype:"17"`
-	CertBytes   []byte
-	D           *big.Int
-	Comments    string
-	Constraints []byte `ssh:"rest"`
-}
-
-// Insert adds a private key to the agent. If a certificate is given,
-// that certificate is added instead as public key.
-func (c *client) Add(key AddedKey) error {
-	var constraints []byte
-
-	if secs := key.LifetimeSecs; secs != 0 {
-		constraints = append(constraints, agentConstrainLifetime)
-
-		var secsBytes [4]byte
-		binary.BigEndian.PutUint32(secsBytes[:], secs)
-		constraints = append(constraints, secsBytes[:]...)
-	}
-
-	if key.ConfirmBeforeUse {
-		constraints = append(constraints, agentConstrainConfirm)
-	}
-
-	if cert := key.Certificate; cert == nil {
-		return c.insertKey(key.PrivateKey, key.Comment, constraints)
-	} else {
-		return c.insertCert(key.PrivateKey, cert, key.Comment, constraints)
-	}
-}
-
-func (c *client) insertCert(s interface{}, cert *ssh.Certificate, comment string, constraints []byte) error {
-	var req []byte
-	switch k := s.(type) {
-	case *rsa.PrivateKey:
-		if len(k.Primes) != 2 {
-			return fmt.Errorf("agent: unsupported RSA key with %d primes", len(k.Primes))
-		}
-		k.Precompute()
-		req = ssh.Marshal(rsaCertMsg{
-			Type:        cert.Type(),
-			CertBytes:   cert.Marshal(),
-			D:           k.D,
-			Iqmp:        k.Precomputed.Qinv,
-			P:           k.Primes[0],
-			Q:           k.Primes[1],
-			Comments:    comment,
-			Constraints: constraints,
-		})
-	case *dsa.PrivateKey:
-		req = ssh.Marshal(dsaCertMsg{
-			Type:      cert.Type(),
-			CertBytes: cert.Marshal(),
-			X:         k.X,
-			Comments:  comment,
-		})
-	case *ecdsa.PrivateKey:
-		req = ssh.Marshal(ecdsaCertMsg{
-			Type:      cert.Type(),
-			CertBytes: cert.Marshal(),
-			D:         k.D,
-			Comments:  comment,
-		})
-	default:
-		return fmt.Errorf("agent: unsupported key type %T", s)
-	}
-
-	// if constraints are present then the message type needs to be changed.
-	if len(constraints) != 0 {
-		req[0] = agentAddIdConstrained
-	}
-
-	signer, err := ssh.NewSignerFromKey(s)
-	if err != nil {
-		return err
-	}
-	if bytes.Compare(cert.Key.Marshal(), signer.PublicKey().Marshal()) != 0 {
-		return errors.New("agent: signer and cert have different public key")
-	}
-
-	resp, err := c.call(req)
-	if err != nil {
-		return err
-	}
-	if _, ok := resp.(*successAgentMsg); ok {
-		return nil
-	}
-	return errors.New("agent: failure")
-}
-
-// Signers provides a callback for client authentication.
-func (c *client) Signers() ([]ssh.Signer, error) {
-	keys, err := c.List()
-	if err != nil {
-		return nil, err
-	}
-
-	var result []ssh.Signer
-	for _, k := range keys {
-		result = append(result, &agentKeyringSigner{c, k})
-	}
-	return result, nil
-}
-
-type agentKeyringSigner struct {
-	agent *client
-	pub   ssh.PublicKey
-}
-
-func (s *agentKeyringSigner) PublicKey() ssh.PublicKey {
-	return s.pub
-}
-
-func (s *agentKeyringSigner) Sign(rand io.Reader, data []byte) (*ssh.Signature, error) {
-	// The agent has its own entropy source, so the rand argument is ignored.
-	return s.agent.Sign(s.pub, data)
-}
--- a/modules/crypto/ssh/agent/client_test.go
+++ b/modules/crypto/ssh/agent/client_test.go
@@ -1,287 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package agent
-
-import (
-	"bytes"
-	"crypto/rand"
-	"errors"
-	"net"
-	"os"
-	"os/exec"
-	"path/filepath"
-	"strconv"
-	"testing"
-
-	"github.com/gogits/gogs/modules/crypto/ssh"
-)
-
-// startAgent executes ssh-agent, and returns a Agent interface to it.
-func startAgent(t *testing.T) (client Agent, socket string, cleanup func()) {
-	if testing.Short() {
-		// ssh-agent is not always available, and the key
-		// types supported vary by platform.
-		t.Skip("skipping test due to -short")
-	}
-
-	bin, err := exec.LookPath("ssh-agent")
-	if err != nil {
-		t.Skip("could not find ssh-agent")
-	}
-
-	cmd := exec.Command(bin, "-s")
-	out, err := cmd.Output()
-	if err != nil {
-		t.Fatalf("cmd.Output: %v", err)
-	}
-
-	/* Output looks like:
-
-		   SSH_AUTH_SOCK=/tmp/ssh-P65gpcqArqvH/agent.15541; export SSH_AUTH_SOCK;
-	           SSH_AGENT_PID=15542; export SSH_AGENT_PID;
-	           echo Agent pid 15542;
-	*/
-	fields := bytes.Split(out, []byte(";"))
-	line := bytes.SplitN(fields[0], []byte("="), 2)
-	line[0] = bytes.TrimLeft(line[0], "\n")
-	if string(line[0]) != "SSH_AUTH_SOCK" {
-		t.Fatalf("could not find key SSH_AUTH_SOCK in %q", fields[0])
-	}
-	socket = string(line[1])
-
-	line = bytes.SplitN(fields[2], []byte("="), 2)
-	line[0] = bytes.TrimLeft(line[0], "\n")
-	if string(line[0]) != "SSH_AGENT_PID" {
-		t.Fatalf("could not find key SSH_AGENT_PID in %q", fields[2])
-	}
-	pidStr := line[1]
-	pid, err := strconv.Atoi(string(pidStr))
-	if err != nil {
-		t.Fatalf("Atoi(%q): %v", pidStr, err)
-	}
-
-	conn, err := net.Dial("unix", string(socket))
-	if err != nil {
-		t.Fatalf("net.Dial: %v", err)
-	}
-
-	ac := NewClient(conn)
-	return ac, socket, func() {
-		proc, _ := os.FindProcess(pid)
-		if proc != nil {
-			proc.Kill()
-		}
-		conn.Close()
-		os.RemoveAll(filepath.Dir(socket))
-	}
-}
-
-func testAgent(t *testing.T, key interface{}, cert *ssh.Certificate, lifetimeSecs uint32) {
-	agent, _, cleanup := startAgent(t)
-	defer cleanup()
-
-	testAgentInterface(t, agent, key, cert, lifetimeSecs)
-}
-
-func testAgentInterface(t *testing.T, agent Agent, key interface{}, cert *ssh.Certificate, lifetimeSecs uint32) {
-	signer, err := ssh.NewSignerFromKey(key)
-	if err != nil {
-		t.Fatalf("NewSignerFromKey(%T): %v", key, err)
-	}
-	// The agent should start up empty.
-	if keys, err := agent.List(); err != nil {
-		t.Fatalf("RequestIdentities: %v", err)
-	} else if len(keys) > 0 {
-		t.Fatalf("got %d keys, want 0: %v", len(keys), keys)
-	}
-
-	// Attempt to insert the key, with certificate if specified.
-	var pubKey ssh.PublicKey
-	if cert != nil {
-		err = agent.Add(AddedKey{
-			PrivateKey:   key,
-			Certificate:  cert,
-			Comment:      "comment",
-			LifetimeSecs: lifetimeSecs,
-		})
-		pubKey = cert
-	} else {
-		err = agent.Add(AddedKey{PrivateKey: key, Comment: "comment", LifetimeSecs: lifetimeSecs})
-		pubKey = signer.PublicKey()
-	}
-	if err != nil {
-		t.Fatalf("insert(%T): %v", key, err)
-	}
-
-	// Did the key get inserted successfully?
-	if keys, err := agent.List(); err != nil {
-		t.Fatalf("List: %v", err)
-	} else if len(keys) != 1 {
-		t.Fatalf("got %v, want 1 key", keys)
-	} else if keys[0].Comment != "comment" {
-		t.Fatalf("key comment: got %v, want %v", keys[0].Comment, "comment")
-	} else if !bytes.Equal(keys[0].Blob, pubKey.Marshal()) {
-		t.Fatalf("key mismatch")
-	}
-
-	// Can the agent make a valid signature?
-	data := []byte("hello")
-	sig, err := agent.Sign(pubKey, data)
-	if err != nil {
-		t.Fatalf("Sign(%s): %v", pubKey.Type(), err)
-	}
-
-	if err := pubKey.Verify(data, sig); err != nil {
-		t.Fatalf("Verify(%s): %v", pubKey.Type(), err)
-	}
-}
-
-func TestAgent(t *testing.T) {
-	for _, keyType := range []string{"rsa", "dsa", "ecdsa"} {
-		testAgent(t, testPrivateKeys[keyType], nil, 0)
-	}
-}
-
-func TestCert(t *testing.T) {
-	cert := &ssh.Certificate{
-		Key:         testPublicKeys["rsa"],
-		ValidBefore: ssh.CertTimeInfinity,
-		CertType:    ssh.UserCert,
-	}
-	cert.SignCert(rand.Reader, testSigners["ecdsa"])
-
-	testAgent(t, testPrivateKeys["rsa"], cert, 0)
-}
-
-func TestConstraints(t *testing.T) {
-	testAgent(t, testPrivateKeys["rsa"], nil, 3600 /* lifetime in seconds */)
-}
-
-// netPipe is analogous to net.Pipe, but it uses a real net.Conn, and
-// therefore is buffered (net.Pipe deadlocks if both sides start with
-// a write.)
-func netPipe() (net.Conn, net.Conn, error) {
-	listener, err := net.Listen("tcp", "127.0.0.1:0")
-	if err != nil {
-		return nil, nil, err
-	}
-	defer listener.Close()
-	c1, err := net.Dial("tcp", listener.Addr().String())
-	if err != nil {
-		return nil, nil, err
-	}
-
-	c2, err := listener.Accept()
-	if err != nil {
-		c1.Close()
-		return nil, nil, err
-	}
-
-	return c1, c2, nil
-}
-
-func TestAuth(t *testing.T) {
-	a, b, err := netPipe()
-	if err != nil {
-		t.Fatalf("netPipe: %v", err)
-	}
-
-	defer a.Close()
-	defer b.Close()
-
-	agent, _, cleanup := startAgent(t)
-	defer cleanup()
-
-	if err := agent.Add(AddedKey{PrivateKey: testPrivateKeys["rsa"], Comment: "comment"}); err != nil {
-		t.Errorf("Add: %v", err)
-	}
-
-	serverConf := ssh.ServerConfig{}
-	serverConf.AddHostKey(testSigners["rsa"])
-	serverConf.PublicKeyCallback = func(c ssh.ConnMetadata, key ssh.PublicKey) (*ssh.Permissions, error) {
-		if bytes.Equal(key.Marshal(), testPublicKeys["rsa"].Marshal()) {
-			return nil, nil
-		}
-
-		return nil, errors.New("pubkey rejected")
-	}
-
-	go func() {
-		conn, _, _, err := ssh.NewServerConn(a, &serverConf)
-		if err != nil {
-			t.Fatalf("Server: %v", err)
-		}
-		conn.Close()
-	}()
-
-	conf := ssh.ClientConfig{}
-	conf.Auth = append(conf.Auth, ssh.PublicKeysCallback(agent.Signers))
-	conn, _, _, err := ssh.NewClientConn(b, "", &conf)
-	if err != nil {
-		t.Fatalf("NewClientConn: %v", err)
-	}
-	conn.Close()
-}
-
-func TestLockClient(t *testing.T) {
-	agent, _, cleanup := startAgent(t)
-	defer cleanup()
-	testLockAgent(agent, t)
-}
-
-func testLockAgent(agent Agent, t *testing.T) {
-	if err := agent.Add(AddedKey{PrivateKey: testPrivateKeys["rsa"], Comment: "comment 1"}); err != nil {
-		t.Errorf("Add: %v", err)
-	}
-	if err := agent.Add(AddedKey{PrivateKey: testPrivateKeys["dsa"], Comment: "comment dsa"}); err != nil {
-		t.Errorf("Add: %v", err)
-	}
-	if keys, err := agent.List(); err != nil {
-		t.Errorf("List: %v", err)
-	} else if len(keys) != 2 {
-		t.Errorf("Want 2 keys, got %v", keys)
-	}
-
-	passphrase := []byte("secret")
-	if err := agent.Lock(passphrase); err != nil {
-		t.Errorf("Lock: %v", err)
-	}
-
-	if keys, err := agent.List(); err != nil {
-		t.Errorf("List: %v", err)
-	} else if len(keys) != 0 {
-		t.Errorf("Want 0 keys, got %v", keys)
-	}
-
-	signer, _ := ssh.NewSignerFromKey(testPrivateKeys["rsa"])
-	if _, err := agent.Sign(signer.PublicKey(), []byte("hello")); err == nil {
-		t.Fatalf("Sign did not fail")
-	}
-
-	if err := agent.Remove(signer.PublicKey()); err == nil {
-		t.Fatalf("Remove did not fail")
-	}
-
-	if err := agent.RemoveAll(); err == nil {
-		t.Fatalf("RemoveAll did not fail")
-	}
-
-	if err := agent.Unlock(nil); err == nil {
-		t.Errorf("Unlock with wrong passphrase succeeded")
-	}
-	if err := agent.Unlock(passphrase); err != nil {
-		t.Errorf("Unlock: %v", err)
-	}
-
-	if err := agent.Remove(signer.PublicKey()); err != nil {
-		t.Fatalf("Remove: %v", err)
-	}
-
-	if keys, err := agent.List(); err != nil {
-		t.Errorf("List: %v", err)
-	} else if len(keys) != 1 {
-		t.Errorf("Want 1 keys, got %v", keys)
-	}
-}
--- a/modules/crypto/ssh/agent/forward.go
+++ b/modules/crypto/ssh/agent/forward.go
@@ -1,103 +0,0 @@
-// Copyright 2014 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package agent
-
-import (
-	"errors"
-	"io"
-	"net"
-	"sync"
-
-	"github.com/gogits/gogs/modules/crypto/ssh"
-)
-
-// RequestAgentForwarding sets up agent forwarding for the session.
-// ForwardToAgent or ForwardToRemote should be called to route
-// the authentication requests.
-func RequestAgentForwarding(session *ssh.Session) error {
-	ok, err := session.SendRequest("auth-agent-req@openssh.com", true, nil)
-	if err != nil {
-		return err
-	}
-	if !ok {
-		return errors.New("forwarding request denied")
-	}
-	return nil
-}
-
-// ForwardToAgent routes authentication requests to the given keyring.
-func ForwardToAgent(client *ssh.Client, keyring Agent) error {
-	channels := client.HandleChannelOpen(channelType)
-	if channels == nil {
-		return errors.New("agent: already have handler for " + channelType)
-	}
-
-	go func() {
-		for ch := range channels {
-			channel, reqs, err := ch.Accept()
-			if err != nil {
-				continue
-			}
-			go ssh.DiscardRequests(reqs)
-			go func() {
-				ServeAgent(keyring, channel)
-				channel.Close()
-			}()
-		}
-	}()
-	return nil
-}
-
-const channelType = "auth-agent@openssh.com"
-
-// ForwardToRemote routes authentication requests to the ssh-agent
-// process serving on the given unix socket.
-func ForwardToRemote(client *ssh.Client, addr string) error {
-	channels := client.HandleChannelOpen(channelType)
-	if channels == nil {
-		return errors.New("agent: already have handler for " + channelType)
-	}
-	conn, err := net.Dial("unix", addr)
-	if err != nil {
-		return err
-	}
-	conn.Close()
-
-	go func() {
-		for ch := range channels {
-			channel, reqs, err := ch.Accept()
-			if err != nil {
-				continue
-			}
-			go ssh.DiscardRequests(reqs)
-			go forwardUnixSocket(channel, addr)
-		}
-	}()
-	return nil
-}
-
-func forwardUnixSocket(channel ssh.Channel, addr string) {
-	conn, err := net.Dial("unix", addr)
-	if err != nil {
-		return
-	}
-
-	var wg sync.WaitGroup
-	wg.Add(2)
-	go func() {
-		io.Copy(conn, channel)
-		conn.(*net.UnixConn).CloseWrite()
-		wg.Done()
-	}()
-	go func() {
-		io.Copy(channel, conn)
-		channel.CloseWrite()
-		wg.Done()
-	}()
-
-	wg.Wait()
-	conn.Close()
-	channel.Close()
-}
--- a/modules/crypto/ssh/agent/keyring.go
+++ b/modules/crypto/ssh/agent/keyring.go
@@ -1,184 +0,0 @@
-// Copyright 2014 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package agent
-
-import (
-	"bytes"
-	"crypto/rand"
-	"crypto/subtle"
-	"errors"
-	"fmt"
-	"sync"
-
-	"github.com/gogits/gogs/modules/crypto/ssh"
-)
-
-type privKey struct {
-	signer  ssh.Signer
-	comment string
-}
-
-type keyring struct {
-	mu   sync.Mutex
-	keys []privKey
-
-	locked     bool
-	passphrase []byte
-}
-
-var errLocked = errors.New("agent: locked")
-
-// NewKeyring returns an Agent that holds keys in memory.  It is safe
-// for concurrent use by multiple goroutines.
-func NewKeyring() Agent {
-	return &keyring{}
-}
-
-// RemoveAll removes all identities.
-func (r *keyring) RemoveAll() error {
-	r.mu.Lock()
-	defer r.mu.Unlock()
-	if r.locked {
-		return errLocked
-	}
-
-	r.keys = nil
-	return nil
-}
-
-// Remove removes all identities with the given public key.
-func (r *keyring) Remove(key ssh.PublicKey) error {
-	r.mu.Lock()
-	defer r.mu.Unlock()
-	if r.locked {
-		return errLocked
-	}
-
-	want := key.Marshal()
-	found := false
-	for i := 0; i < len(r.keys); {
-		if bytes.Equal(r.keys[i].signer.PublicKey().Marshal(), want) {
-			found = true
-			r.keys[i] = r.keys[len(r.keys)-1]
-			r.keys = r.keys[len(r.keys)-1:]
-			continue
-		} else {
-			i++
-		}
-	}
-
-	if !found {
-		return errors.New("agent: key not found")
-	}
-	return nil
-}
-
-// Lock locks the agent. Sign and Remove will fail, and List will empty an empty list.
-func (r *keyring) Lock(passphrase []byte) error {
-	r.mu.Lock()
-	defer r.mu.Unlock()
-	if r.locked {
-		return errLocked
-	}
-
-	r.locked = true
-	r.passphrase = passphrase
-	return nil
-}
-
-// Unlock undoes the effect of Lock
-func (r *keyring) Unlock(passphrase []byte) error {
-	r.mu.Lock()
-	defer r.mu.Unlock()
-	if !r.locked {
-		return errors.New("agent: not locked")
-	}
-	if len(passphrase) != len(r.passphrase) || 1 != subtle.ConstantTimeCompare(passphrase, r.passphrase) {
-		return fmt.Errorf("agent: incorrect passphrase")
-	}
-
-	r.locked = false
-	r.passphrase = nil
-	return nil
-}
-
-// List returns the identities known to the agent.
-func (r *keyring) List() ([]*Key, error) {
-	r.mu.Lock()
-	defer r.mu.Unlock()
-	if r.locked {
-		// section 2.7: locked agents return empty.
-		return nil, nil
-	}
-
-	var ids []*Key
-	for _, k := range r.keys {
-		pub := k.signer.PublicKey()
-		ids = append(ids, &Key{
-			Format:  pub.Type(),
-			Blob:    pub.Marshal(),
-			Comment: k.comment})
-	}
-	return ids, nil
-}
-
-// Insert adds a private key to the keyring. If a certificate
-// is given, that certificate is added as public key. Note that
-// any constraints given are ignored.
-func (r *keyring) Add(key AddedKey) error {
-	r.mu.Lock()
-	defer r.mu.Unlock()
-	if r.locked {
-		return errLocked
-	}
-	signer, err := ssh.NewSignerFromKey(key.PrivateKey)
-
-	if err != nil {
-		return err
-	}
-
-	if cert := key.Certificate; cert != nil {
-		signer, err = ssh.NewCertSigner(cert, signer)
-		if err != nil {
-			return err
-		}
-	}
-
-	r.keys = append(r.keys, privKey{signer, key.Comment})
-
-	return nil
-}
-
-// Sign returns a signature for the data.
-func (r *keyring) Sign(key ssh.PublicKey, data []byte) (*ssh.Signature, error) {
-	r.mu.Lock()
-	defer r.mu.Unlock()
-	if r.locked {
-		return nil, errLocked
-	}
-
-	wanted := key.Marshal()
-	for _, k := range r.keys {
-		if bytes.Equal(k.signer.PublicKey().Marshal(), wanted) {
-			return k.signer.Sign(rand.Reader, data)
-		}
-	}
-	return nil, errors.New("not found")
-}
-
-// Signers returns signers for all the known keys.
-func (r *keyring) Signers() ([]ssh.Signer, error) {
-	r.mu.Lock()
-	defer r.mu.Unlock()
-	if r.locked {
-		return nil, errLocked
-	}
-
-	s := make([]ssh.Signer, 0, len(r.keys))
-	for _, k := range r.keys {
-		s = append(s, k.signer)
-	}
-	return s, nil
-}
--- a/modules/crypto/ssh/agent/server.go
+++ b/modules/crypto/ssh/agent/server.go
@@ -1,209 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package agent
-
-import (
-	"crypto/rsa"
-	"encoding/binary"
-	"fmt"
-	"io"
-	"log"
-	"math/big"
-
-	"github.com/gogits/gogs/modules/crypto/ssh"
-)
-
-// Server wraps an Agent and uses it to implement the agent side of
-// the SSH-agent, wire protocol.
-type server struct {
-	agent Agent
-}
-
-func (s *server) processRequestBytes(reqData []byte) []byte {
-	rep, err := s.processRequest(reqData)
-	if err != nil {
-		if err != errLocked {
-			// TODO(hanwen): provide better logging interface?
-			log.Printf("agent %d: %v", reqData[0], err)
-		}
-		return []byte{agentFailure}
-	}
-
-	if err == nil && rep == nil {
-		return []byte{agentSuccess}
-	}
-
-	return ssh.Marshal(rep)
-}
-
-func marshalKey(k *Key) []byte {
-	var record struct {
-		Blob    []byte
-		Comment string
-	}
-	record.Blob = k.Marshal()
-	record.Comment = k.Comment
-
-	return ssh.Marshal(&record)
-}
-
-type agentV1IdentityMsg struct {
-	Numkeys uint32 `sshtype:"2"`
-}
-
-type agentRemoveIdentityMsg struct {
-	KeyBlob []byte `sshtype:"18"`
-}
-
-type agentLockMsg struct {
-	Passphrase []byte `sshtype:"22"`
-}
-
-type agentUnlockMsg struct {
-	Passphrase []byte `sshtype:"23"`
-}
-
-func (s *server) processRequest(data []byte) (interface{}, error) {
-	switch data[0] {
-	case agentRequestV1Identities:
-		return &agentV1IdentityMsg{0}, nil
-	case agentRemoveIdentity:
-		var req agentRemoveIdentityMsg
-		if err := ssh.Unmarshal(data, &req); err != nil {
-			return nil, err
-		}
-
-		var wk wireKey
-		if err := ssh.Unmarshal(req.KeyBlob, &wk); err != nil {
-			return nil, err
-		}
-
-		return nil, s.agent.Remove(&Key{Format: wk.Format, Blob: req.KeyBlob})
-
-	case agentRemoveAllIdentities:
-		return nil, s.agent.RemoveAll()
-
-	case agentLock:
-		var req agentLockMsg
-		if err := ssh.Unmarshal(data, &req); err != nil {
-			return nil, err
-		}
-
-		return nil, s.agent.Lock(req.Passphrase)
-
-	case agentUnlock:
-		var req agentLockMsg
-		if err := ssh.Unmarshal(data, &req); err != nil {
-			return nil, err
-		}
-		return nil, s.agent.Unlock(req.Passphrase)
-
-	case agentSignRequest:
-		var req signRequestAgentMsg
-		if err := ssh.Unmarshal(data, &req); err != nil {
-			return nil, err
-		}
-
-		var wk wireKey
-		if err := ssh.Unmarshal(req.KeyBlob, &wk); err != nil {
-			return nil, err
-		}
-
-		k := &Key{
-			Format: wk.Format,
-			Blob:   req.KeyBlob,
-		}
-
-		sig, err := s.agent.Sign(k, req.Data) //  TODO(hanwen): flags.
-		if err != nil {
-			return nil, err
-		}
-		return &signResponseAgentMsg{SigBlob: ssh.Marshal(sig)}, nil
-	case agentRequestIdentities:
-		keys, err := s.agent.List()
-		if err != nil {
-			return nil, err
-		}
-
-		rep := identitiesAnswerAgentMsg{
-			NumKeys: uint32(len(keys)),
-		}
-		for _, k := range keys {
-			rep.Keys = append(rep.Keys, marshalKey(k)...)
-		}
-		return rep, nil
-	case agentAddIdentity:
-		return nil, s.insertIdentity(data)
-	}
-
-	return nil, fmt.Errorf("unknown opcode %d", data[0])
-}
-
-func (s *server) insertIdentity(req []byte) error {
-	var record struct {
-		Type string `sshtype:"17"`
-		Rest []byte `ssh:"rest"`
-	}
-	if err := ssh.Unmarshal(req, &record); err != nil {
-		return err
-	}
-
-	switch record.Type {
-	case ssh.KeyAlgoRSA:
-		var k rsaKeyMsg
-		if err := ssh.Unmarshal(req, &k); err != nil {
-			return err
-		}
-
-		priv := rsa.PrivateKey{
-			PublicKey: rsa.PublicKey{
-				E: int(k.E.Int64()),
-				N: k.N,
-			},
-			D:      k.D,
-			Primes: []*big.Int{k.P, k.Q},
-		}
-		priv.Precompute()
-
-		return s.agent.Add(AddedKey{PrivateKey: &priv, Comment: k.Comments})
-	}
-	return fmt.Errorf("not implemented: %s", record.Type)
-}
-
-// ServeAgent serves the agent protocol on the given connection. It
-// returns when an I/O error occurs.
-func ServeAgent(agent Agent, c io.ReadWriter) error {
-	s := &server{agent}
-
-	var length [4]byte
-	for {
-		if _, err := io.ReadFull(c, length[:]); err != nil {
-			return err
-		}
-		l := binary.BigEndian.Uint32(length[:])
-		if l > maxAgentResponseBytes {
-			// We also cap requests.
-			return fmt.Errorf("agent: request too large: %d", l)
-		}
-
-		req := make([]byte, l)
-		if _, err := io.ReadFull(c, req); err != nil {
-			return err
-		}
-
-		repData := s.processRequestBytes(req)
-		if len(repData) > maxAgentResponseBytes {
-			return fmt.Errorf("agent: reply too large: %d bytes", len(repData))
-		}
-
-		binary.BigEndian.PutUint32(length[:], uint32(len(repData)))
-		if _, err := c.Write(length[:]); err != nil {
-			return err
-		}
-		if _, err := c.Write(repData); err != nil {
-			return err
-		}
-	}
-}
--- a/modules/crypto/ssh/agent/server_test.go
+++ b/modules/crypto/ssh/agent/server_test.go
@@ -1,77 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package agent
-
-import (
-	"testing"
-
-	"github.com/gogits/gogs/modules/crypto/ssh"
-)
-
-func TestServer(t *testing.T) {
-	c1, c2, err := netPipe()
-	if err != nil {
-		t.Fatalf("netPipe: %v", err)
-	}
-	defer c1.Close()
-	defer c2.Close()
-	client := NewClient(c1)
-
-	go ServeAgent(NewKeyring(), c2)
-
-	testAgentInterface(t, client, testPrivateKeys["rsa"], nil, 0)
-}
-
-func TestLockServer(t *testing.T) {
-	testLockAgent(NewKeyring(), t)
-}
-
-func TestSetupForwardAgent(t *testing.T) {
-	a, b, err := netPipe()
-	if err != nil {
-		t.Fatalf("netPipe: %v", err)
-	}
-
-	defer a.Close()
-	defer b.Close()
-
-	_, socket, cleanup := startAgent(t)
-	defer cleanup()
-
-	serverConf := ssh.ServerConfig{
-		NoClientAuth: true,
-	}
-	serverConf.AddHostKey(testSigners["rsa"])
-	incoming := make(chan *ssh.ServerConn, 1)
-	go func() {
-		conn, _, _, err := ssh.NewServerConn(a, &serverConf)
-		if err != nil {
-			t.Fatalf("Server: %v", err)
-		}
-		incoming <- conn
-	}()
-
-	conf := ssh.ClientConfig{}
-	conn, chans, reqs, err := ssh.NewClientConn(b, "", &conf)
-	if err != nil {
-		t.Fatalf("NewClientConn: %v", err)
-	}
-	client := ssh.NewClient(conn, chans, reqs)
-
-	if err := ForwardToRemote(client, socket); err != nil {
-		t.Fatalf("SetupForwardAgent: %v", err)
-	}
-
-	server := <-incoming
-	ch, reqs, err := server.OpenChannel(channelType, nil)
-	if err != nil {
-		t.Fatalf("OpenChannel(%q): %v", channelType, err)
-	}
-	go ssh.DiscardRequests(reqs)
-
-	agentClient := NewClient(ch)
-	testAgentInterface(t, agentClient, testPrivateKeys["rsa"], nil, 0)
-	conn.Close()
-}
--- a/modules/crypto/ssh/agent/testdata_test.go
+++ b/modules/crypto/ssh/agent/testdata_test.go
@@ -1,64 +0,0 @@
-// Copyright 2014 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// IMPLEMENTOR NOTE: To avoid a package loop, this file is in three places:
-// ssh/, ssh/agent, and ssh/test/. It should be kept in sync across all three
-// instances.
-
-package agent
-
-import (
-	"crypto/rand"
-	"fmt"
-
-	"github.com/gogits/gogs/modules/crypto/ssh"
-	"github.com/gogits/gogs/modules/crypto/ssh/testdata"
-)
-
-var (
-	testPrivateKeys map[string]interface{}
-	testSigners     map[string]ssh.Signer
-	testPublicKeys  map[string]ssh.PublicKey
-)
-
-func init() {
-	var err error
-
-	n := len(testdata.PEMBytes)
-	testPrivateKeys = make(map[string]interface{}, n)
-	testSigners = make(map[string]ssh.Signer, n)
-	testPublicKeys = make(map[string]ssh.PublicKey, n)
-	for t, k := range testdata.PEMBytes {
-		testPrivateKeys[t], err = ssh.ParseRawPrivateKey(k)
-		if err != nil {
-			panic(fmt.Sprintf("Unable to parse test key %s: %v", t, err))
-		}
-		testSigners[t], err = ssh.NewSignerFromKey(testPrivateKeys[t])
-		if err != nil {
-			panic(fmt.Sprintf("Unable to create signer for test key %s: %v", t, err))
-		}
-		testPublicKeys[t] = testSigners[t].PublicKey()
-	}
-
-	// Create a cert and sign it for use in tests.
-	testCert := &ssh.Certificate{
-		Nonce:           []byte{},                       // To pass reflect.DeepEqual after marshal & parse, this must be non-nil
-		ValidPrincipals: []string{"gopher1", "gopher2"}, // increases test coverage
-		ValidAfter:      0,                              // unix epoch
-		ValidBefore:     ssh.CertTimeInfinity,           // The end of currently representable time.
-		Reserved:        []byte{},                       // To pass reflect.DeepEqual after marshal & parse, this must be non-nil
-		Key:             testPublicKeys["ecdsa"],
-		SignatureKey:    testPublicKeys["rsa"],
-		Permissions: ssh.Permissions{
-			CriticalOptions: map[string]string{},
-			Extensions:      map[string]string{},
-		},
-	}
-	testCert.SignCert(rand.Reader, testSigners["rsa"])
-	testPrivateKeys["cert"] = testPrivateKeys["ecdsa"]
-	testSigners["cert"], err = ssh.NewCertSigner(testCert, testSigners["ecdsa"])
-	if err != nil {
-		panic(fmt.Sprintf("Unable to create certificate signer: %v", err))
-	}
-}
--- a/modules/crypto/ssh/benchmark_test.go
+++ b/modules/crypto/ssh/benchmark_test.go
@@ -1,122 +0,0 @@
-// Copyright 2013 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package ssh
-
-import (
-	"errors"
-	"io"
-	"net"
-	"testing"
-)
-
-type server struct {
-	*ServerConn
-	chans <-chan NewChannel
-}
-
-func newServer(c net.Conn, conf *ServerConfig) (*server, error) {
-	sconn, chans, reqs, err := NewServerConn(c, conf)
-	if err != nil {
-		return nil, err
-	}
-	go DiscardRequests(reqs)
-	return &server{sconn, chans}, nil
-}
-
-func (s *server) Accept() (NewChannel, error) {
-	n, ok := <-s.chans
-	if !ok {
-		return nil, io.EOF
-	}
-	return n, nil
-}
-
-func sshPipe() (Conn, *server, error) {
-	c1, c2, err := netPipe()
-	if err != nil {
-		return nil, nil, err
-	}
-
-	clientConf := ClientConfig{
-		User: "user",
-	}
-	serverConf := ServerConfig{
-		NoClientAuth: true,
-	}
-	serverConf.AddHostKey(testSigners["ecdsa"])
-	done := make(chan *server, 1)
-	go func() {
-		server, err := newServer(c2, &serverConf)
-		if err != nil {
-			done <- nil
-		}
-		done <- server
-	}()
-
-	client, _, reqs, err := NewClientConn(c1, "", &clientConf)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	server := <-done
-	if server == nil {
-		return nil, nil, errors.New("server handshake failed.")
-	}
-	go DiscardRequests(reqs)
-
-	return client, server, nil
-}
-
-func BenchmarkEndToEnd(b *testing.B) {
-	b.StopTimer()
-
-	client, server, err := sshPipe()
-	if err != nil {
-		b.Fatalf("sshPipe: %v", err)
-	}
-
-	defer client.Close()
-	defer server.Close()
-
-	size := (1 << 20)
-	input := make([]byte, size)
-	output := make([]byte, size)
-	b.SetBytes(int64(size))
-	done := make(chan int, 1)
-
-	go func() {
-		newCh, err := server.Accept()
-		if err != nil {
-			b.Fatalf("Client: %v", err)
-		}
-		ch, incoming, err := newCh.Accept()
-		go DiscardRequests(incoming)
-		for i := 0; i < b.N; i++ {
-			if _, err := io.ReadFull(ch, output); err != nil {
-				b.Fatalf("ReadFull: %v", err)
-			}
-		}
-		ch.Close()
-		done <- 1
-	}()
-
-	ch, in, err := client.OpenChannel("speed", nil)
-	if err != nil {
-		b.Fatalf("OpenChannel: %v", err)
-	}
-	go DiscardRequests(in)
-
-	b.ResetTimer()
-	b.StartTimer()
-	for i := 0; i < b.N; i++ {
-		if _, err := ch.Write(input); err != nil {
-			b.Fatalf("WriteFull: %v", err)
-		}
-	}
-	ch.Close()
-	b.StopTimer()
-
-	<-done
-}
--- a/modules/crypto/ssh/buffer.go
+++ b/modules/crypto/ssh/buffer.go
@@ -1,98 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package ssh
-
-import (
-	"io"
-	"sync"
-)
-
-// buffer provides a linked list buffer for data exchange
-// between producer and consumer. Theoretically the buffer is
-// of unlimited capacity as it does no allocation of its own.
-type buffer struct {
-	// protects concurrent access to head, tail and closed
-	*sync.Cond
-
-	head *element // the buffer that will be read first
-	tail *element // the buffer that will be read last
-
-	closed bool
-}
-
-// An element represents a single link in a linked list.
-type element struct {
-	buf  []byte
-	next *element
-}
-
-// newBuffer returns an empty buffer that is not closed.
-func newBuffer() *buffer {
-	e := new(element)
-	b := &buffer{
-		Cond: newCond(),
-		head: e,
-		tail: e,
-	}
-	return b
-}
-
-// write makes buf available for Read to receive.
-// buf must not be modified after the call to write.
-func (b *buffer) write(buf []byte) {
-	b.Cond.L.Lock()
-	e := &element{buf: buf}
-	b.tail.next = e
-	b.tail = e
-	b.Cond.Signal()
-	b.Cond.L.Unlock()
-}
-
-// eof closes the buffer. Reads from the buffer once all
-// the data has been consumed will receive os.EOF.
-func (b *buffer) eof() error {
-	b.Cond.L.Lock()
-	b.closed = true
-	b.Cond.Signal()
-	b.Cond.L.Unlock()
-	return nil
-}
-
-// Read reads data from the internal buffer in buf.  Reads will block
-// if no data is available, or until the buffer is closed.
-func (b *buffer) Read(buf []byte) (n int, err error) {
-	b.Cond.L.Lock()
-	defer b.Cond.L.Unlock()
-
-	for len(buf) > 0 {
-		// if there is data in b.head, copy it
-		if len(b.head.buf) > 0 {
-			r := copy(buf, b.head.buf)
-			buf, b.head.buf = buf[r:], b.head.buf[r:]
-			n += r
-			continue
-		}
-		// if there is a next buffer, make it the head
-		if len(b.head.buf) == 0 && b.head != b.tail {
-			b.head = b.head.next
-			continue
-		}
-
-		// if at least one byte has been copied, return
-		if n > 0 {
-			break
-		}
-
-		// if nothing was read, and there is nothing outstanding
-		// check to see if the buffer is closed.
-		if b.closed {
-			err = io.EOF
-			break
-		}
-		// out of buffers, wait for producer
-		b.Cond.Wait()
-	}
-	return
-}
--- a/modules/crypto/ssh/buffer_test.go
+++ b/modules/crypto/ssh/buffer_test.go
@@ -1,87 +0,0 @@
-// Copyright 2011 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package ssh
-
-import (
-	"io"
-	"testing"
-)
-
-var alphabet = []byte("abcdefghijklmnopqrstuvwxyz")
-
-func TestBufferReadwrite(t *testing.T) {
-	b := newBuffer()
-	b.write(alphabet[:10])
-	r, _ := b.Read(make([]byte, 10))
-	if r != 10 {
-		t.Fatalf("Expected written == read == 10, written: 10, read %d", r)
-	}
-
-	b = newBuffer()
-	b.write(alphabet[:5])
-	r, _ = b.Read(make([]byte, 10))
-	if r != 5 {
-		t.Fatalf("Expected written == read == 5, written: 5, read %d", r)
-	}
-
-	b = newBuffer()
-	b.write(alphabet[:10])
-	r, _ = b.Read(make([]byte, 5))
-	if r != 5 {
-		t.Fatalf("Expected written == 10, read == 5, written: 10, read %d", r)
-	}
-
-	b = newBuffer()
-	b.write(alphabet[:5])
-	b.write(alphabet[5:15])
-	r, _ = b.Read(make([]byte, 10))
-	r2, _ := b.Read(make([]byte, 10))
-	if r != 10 || r2 != 5 || 15 != r+r2 {
-		t.Fatal("Expected written == read == 15")
-	}
-}
-
-func TestBufferClose(t *testing.T) {
-	b := newBuffer()
-	b.write(alphabet[:10])
-	b.eof()
-	_, err := b.Read(make([]byte, 5))
-	if err != nil {
-		t.Fatal("expected read of 5 to not return EOF")
-	}
-	b = newBuffer()
-	b.write(alphabet[:10])
-	b.eof()
-	r, err := b.Read(make([]byte, 5))
-	r2, err2 := b.Read(make([]byte, 10))
-	if r != 5 || r2 != 5 || err != nil || err2 != nil {
-		t.Fatal("expected reads of 5 and 5")
-	}
-
-	b = newBuffer()
-	b.write(alphabet[:10])
-	b.eof()
-	r, err = b.Read(make([]byte, 5))
-	r2, err2 = b.Read(make([]byte, 10))
-	r3, err3 := b.Read(make([]byte, 10))
-	if r != 5 || r2 != 5 || r3 != 0 || err != nil || err2 != nil || err3 != io.EOF {
-		t.Fatal("expected reads of 5 and 5 and 0, with EOF")
-	}
-
-	b = newBuffer()
-	b.write(make([]byte, 5))
-	b.write(make([]byte, 10))
-	b.eof()
-	r, err = b.Read(make([]byte, 9))
-	r2, err2 = b.Read(make([]byte, 3))
-	r3, err3 = b.Read(make([]byte, 3))
-	r4, err4 := b.Read(make([]byte, 10))
-	if err != nil || err2 != nil || err3 != nil || err4 != io.EOF {
-		t.Fatalf("Expected EOF on forth read only, err=%v, err2=%v, err3=%v, err4=%v", err, err2, err3, err4)
-	}
-	if r != 9 || r2 != 3 || r3 != 3 || r4 != 0 {
-		t.Fatal("Expected written == read == 15", r, r2, r3, r4)
-	}
-}
--- a/modules/crypto/ssh/certs.go
+++ b/modules/crypto/ssh/certs.go
@@ -1,501 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package ssh
-
-import (
-	"bytes"
-	"errors"
-	"fmt"
-	"io"
-	"net"
-	"sort"
-	"time"
-)
-
-// These constants from [PROTOCOL.certkeys] represent the algorithm names
-// for certificate types supported by this package.
-const (
-	CertAlgoRSAv01      = "ssh-rsa-cert-v01@openssh.com"
-	CertAlgoDSAv01      = "ssh-dss-cert-v01@openssh.com"
-	CertAlgoECDSA256v01 = "ecdsa-sha2-nistp256-cert-v01@openssh.com"
-	CertAlgoECDSA384v01 = "ecdsa-sha2-nistp384-cert-v01@openssh.com"
-	CertAlgoECDSA521v01 = "ecdsa-sha2-nistp521-cert-v01@openssh.com"
-)
-
-// Certificate types distinguish between host and user
-// certificates. The values can be set in the CertType field of
-// Certificate.
-const (
-	UserCert = 1
-	HostCert = 2
-)
-
-// Signature represents a cryptographic signature.
-type Signature struct {
-	Format string
-	Blob   []byte
-}
-
-// CertTimeInfinity can be used for OpenSSHCertV01.ValidBefore to indicate that
-// a certificate does not expire.
-const CertTimeInfinity = 1<<64 - 1
-
-// An Certificate represents an OpenSSH certificate as defined in
-// [PROTOCOL.certkeys]?rev=1.8.
-type Certificate struct {
-	Nonce           []byte
-	Key             PublicKey
-	Serial          uint64
-	CertType        uint32
-	KeyId           string
-	ValidPrincipals []string
-	ValidAfter      uint64
-	ValidBefore     uint64
-	Permissions
-	Reserved     []byte
-	SignatureKey PublicKey
-	Signature    *Signature
-}
-
-// genericCertData holds the key-independent part of the certificate data.
-// Overall, certificates contain an nonce, public key fields and
-// key-independent fields.
-type genericCertData struct {
-	Serial          uint64
-	CertType        uint32
-	KeyId           string
-	ValidPrincipals []byte
-	ValidAfter      uint64
-	ValidBefore     uint64
-	CriticalOptions []byte
-	Extensions      []byte
-	Reserved        []byte
-	SignatureKey    []byte
-	Signature       []byte
-}
-
-func marshalStringList(namelist []string) []byte {
-	var to []byte
-	for _, name := range namelist {
-		s := struct{ N string }{name}
-		to = append(to, Marshal(&s)...)
-	}
-	return to
-}
-
-type optionsTuple struct {
-	Key   string
-	Value []byte
-}
-
-type optionsTupleValue struct {
-	Value string
-}
-
-// serialize a map of critical options or extensions
-// issue #10569 - per [PROTOCOL.certkeys] and SSH implementation,
-// we need two length prefixes for a non-empty string value
-func marshalTuples(tups map[string]string) []byte {
-	keys := make([]string, 0, len(tups))
-	for key := range tups {
-		keys = append(keys, key)
-	}
-	sort.Strings(keys)
-
-	var ret []byte
-	for _, key := range keys {
-		s := optionsTuple{Key: key}
-		if value := tups[key]; len(value) > 0 {
-			s.Value = Marshal(&optionsTupleValue{value})
-		}
-		ret = append(ret, Marshal(&s)...)
-	}
-	return ret
-}
-
-// issue #10569 - per [PROTOCOL.certkeys] and SSH implementation,
-// we need two length prefixes for a non-empty option value
-func parseTuples(in []byte) (map[string]string, error) {
-	tups := map[string]string{}
-	var lastKey string
-	var haveLastKey bool
-
-	for len(in) > 0 {
-		var key, val, extra []byte
-		var ok bool
-
-		if key, in, ok = parseString(in); !ok {
-			return nil, errShortRead
-		}
-		keyStr := string(key)
-		// according to [PROTOCOL.certkeys], the names must be in
-		// lexical order.
-		if haveLastKey && keyStr <= lastKey {
-			return nil, fmt.Errorf("ssh: certificate options are not in lexical order")
-		}
-		lastKey, haveLastKey = keyStr, true
-		// the next field is a data field, which if non-empty has a string embedded
-		if val, in, ok = parseString(in); !ok {
-			return nil, errShortRead
-		}
-		if len(val) > 0 {
-			val, extra, ok = parseString(val)
-			if !ok {
-				return nil, errShortRead
-			}
-			if len(extra) > 0 {
-				return nil, fmt.Errorf("ssh: unexpected trailing data after certificate option value")
-			}
-			tups[keyStr] = string(val)
-		} else {
-			tups[keyStr] = ""
-		}
-	}
-	return tups, nil
-}
-
-func parseCert(in []byte, privAlgo string) (*Certificate, error) {
-	nonce, rest, ok := parseString(in)
-	if !ok {
-		return nil, errShortRead
-	}
-
-	key, rest, err := parsePubKey(rest, privAlgo)
-	if err != nil {
-		return nil, err
-	}
-
-	var g genericCertData
-	if err := Unmarshal(rest, &g); err != nil {
-		return nil, err
-	}
-
-	c := &Certificate{
-		Nonce:       nonce,
-		Key:         key,
-		Serial:      g.Serial,
-		CertType:    g.CertType,
-		KeyId:       g.KeyId,
-		ValidAfter:  g.ValidAfter,
-		ValidBefore: g.ValidBefore,
-	}
-
-	for principals := g.ValidPrincipals; len(principals) > 0; {
-		principal, rest, ok := parseString(principals)
-		if !ok {
-			return nil, errShortRead
-		}
-		c.ValidPrincipals = append(c.ValidPrincipals, string(principal))
-		principals = rest
-	}
-
-	c.CriticalOptions, err = parseTuples(g.CriticalOptions)
-	if err != nil {
-		return nil, err
-	}
-	c.Extensions, err = parseTuples(g.Extensions)
-	if err != nil {
-		return nil, err
-	}
-	c.Reserved = g.Reserved
-	k, err := ParsePublicKey(g.SignatureKey)
-	if err != nil {
-		return nil, err
-	}
-
-	c.SignatureKey = k
-	c.Signature, rest, ok = parseSignatureBody(g.Signature)
-	if !ok || len(rest) > 0 {
-		return nil, errors.New("ssh: signature parse error")
-	}
-
-	return c, nil
-}
-
-type openSSHCertSigner struct {
-	pub    *Certificate
-	signer Signer
-}
-
-// NewCertSigner returns a Signer that signs with the given Certificate, whose
-// private key is held by signer. It returns an error if the public key in cert
-// doesn't match the key used by signer.
-func NewCertSigner(cert *Certificate, signer Signer) (Signer, error) {
-	if bytes.Compare(cert.Key.Marshal(), signer.PublicKey().Marshal()) != 0 {
-		return nil, errors.New("ssh: signer and cert have different public key")
-	}
-
-	return &openSSHCertSigner{cert, signer}, nil
-}
-
-func (s *openSSHCertSigner) Sign(rand io.Reader, data []byte) (*Signature, error) {
-	return s.signer.Sign(rand, data)
-}
-
-func (s *openSSHCertSigner) PublicKey() PublicKey {
-	return s.pub
-}
-
-const sourceAddressCriticalOption = "source-address"
-
-// CertChecker does the work of verifying a certificate. Its methods
-// can be plugged into ClientConfig.HostKeyCallback and
-// ServerConfig.PublicKeyCallback. For the CertChecker to work,
-// minimally, the IsAuthority callback should be set.
-type CertChecker struct {
-	// SupportedCriticalOptions lists the CriticalOptions that the
-	// server application layer understands. These are only used
-	// for user certificates.
-	SupportedCriticalOptions []string
-
-	// IsAuthority should return true if the key is recognized as
-	// an authority. This allows for certificates to be signed by other
-	// certificates.
-	IsAuthority func(auth PublicKey) bool
-
-	// Clock is used for verifying time stamps. If nil, time.Now
-	// is used.
-	Clock func() time.Time
-
-	// UserKeyFallback is called when CertChecker.Authenticate encounters a
-	// public key that is not a certificate. It must implement validation
-	// of user keys or else, if nil, all such keys are rejected.
-	UserKeyFallback func(conn ConnMetadata, key PublicKey) (*Permissions, error)
-
-	// HostKeyFallback is called when CertChecker.CheckHostKey encounters a
-	// public key that is not a certificate. It must implement host key
-	// validation or else, if nil, all such keys are rejected.
-	HostKeyFallback func(addr string, remote net.Addr, key PublicKey) error
-
-	// IsRevoked is called for each certificate so that revocation checking
-	// can be implemented. It should return true if the given certificate
-	// is revoked and false otherwise. If nil, no certificates are
-	// considered to have been revoked.
-	IsRevoked func(cert *Certificate) bool
-}
-
-// CheckHostKey checks a host key certificate. This method can be
-// plugged into ClientConfig.HostKeyCallback.
-func (c *CertChecker) CheckHostKey(addr string, remote net.Addr, key PublicKey) error {
-	cert, ok := key.(*Certificate)
-	if !ok {
-		if c.HostKeyFallback != nil {
-			return c.HostKeyFallback(addr, remote, key)
-		}
-		return errors.New("ssh: non-certificate host key")
-	}
-	if cert.CertType != HostCert {
-		return fmt.Errorf("ssh: certificate presented as a host key has type %d", cert.CertType)
-	}
-
-	return c.CheckCert(addr, cert)
-}
-
-// Authenticate checks a user certificate. Authenticate can be used as
-// a value for ServerConfig.PublicKeyCallback.
-func (c *CertChecker) Authenticate(conn ConnMetadata, pubKey PublicKey) (*Permissions, error) {
-	cert, ok := pubKey.(*Certificate)
-	if !ok {
-		if c.UserKeyFallback != nil {
-			return c.UserKeyFallback(conn, pubKey)
-		}
-		return nil, errors.New("ssh: normal key pairs not accepted")
-	}
-
-	if cert.CertType != UserCert {
-		return nil, fmt.Errorf("ssh: cert has type %d", cert.CertType)
-	}
-
-	if err := c.CheckCert(conn.User(), cert); err != nil {
-		return nil, err
-	}
-
-	return &cert.Permissions, nil
-}
-
-// CheckCert checks CriticalOptions, ValidPrincipals, revocation, timestamp and
-// the signature of the certificate.
-func (c *CertChecker) CheckCert(principal string, cert *Certificate) error {
-	if c.IsRevoked != nil && c.IsRevoked(cert) {
-		return fmt.Errorf("ssh: certicate serial %d revoked", cert.Serial)
-	}
-
-	for opt, _ := range cert.CriticalOptions {
-		// sourceAddressCriticalOption will be enforced by
-		// serverAuthenticate
-		if opt == sourceAddressCriticalOption {
-			continue
-		}
-
-		found := false
-		for _, supp := range c.SupportedCriticalOptions {
-			if supp == opt {
-				found = true
-				break
-			}
-		}
-		if !found {
-			return fmt.Errorf("ssh: unsupported critical option %q in certificate", opt)
-		}
-	}
-
-	if len(cert.ValidPrincipals) > 0 {
-		// By default, certs are valid for all users/hosts.
-		found := false
-		for _, p := range cert.ValidPrincipals {
-			if p == principal {
-				found = true
-				break
-			}
-		}
-		if !found {
-			return fmt.Errorf("ssh: principal %q not in the set of valid principals for given certificate: %q", principal, cert.ValidPrincipals)
-		}
-	}
-
-	if !c.IsAuthority(cert.SignatureKey) {
-		return fmt.Errorf("ssh: certificate signed by unrecognized authority")
-	}
-
-	clock := c.Clock
-	if clock == nil {
-		clock = time.Now
-	}
-
-	unixNow := clock().Unix()
-	if after := int64(cert.ValidAfter); after < 0 || unixNow < int64(cert.ValidAfter) {
-		return fmt.Errorf("ssh: cert is not yet valid")
-	}
-	if before := int64(cert.ValidBefore); cert.ValidBefore != uint64(CertTimeInfinity) && (unixNow >= before || before < 0) {
-		return fmt.Errorf("ssh: cert has expired")
-	}
-	if err := cert.SignatureKey.Verify(cert.bytesForSigning(), cert.Signature); err != nil {
-		return fmt.Errorf("ssh: certificate signature does not verify")
-	}
-
-	return nil
-}
-
-// SignCert sets c.SignatureKey to the authority's public key and stores a
-// Signature, by authority, in the certificate.
-func (c *Certificate) SignCert(rand io.Reader, authority Signer) error {
-	c.Nonce = make([]byte, 32)
-	if _, err := io.ReadFull(rand, c.Nonce); err != nil {
-		return err
-	}
-	c.SignatureKey = authority.PublicKey()
-
-	sig, err := authority.Sign(rand, c.bytesForSigning())
-	if err != nil {
-		return err
-	}
-	c.Signature = sig
-	return nil
-}
-
-var certAlgoNames = map[string]string{
-	KeyAlgoRSA:      CertAlgoRSAv01,
-	KeyAlgoDSA:      CertAlgoDSAv01,
-	KeyAlgoECDSA256: CertAlgoECDSA256v01,
-	KeyAlgoECDSA384: CertAlgoECDSA384v01,
-	KeyAlgoECDSA521: CertAlgoECDSA521v01,
-}
-
-// certToPrivAlgo returns the underlying algorithm for a certificate algorithm.
-// Panics if a non-certificate algorithm is passed.
-func certToPrivAlgo(algo string) string {
-	for privAlgo, pubAlgo := range certAlgoNames {
-		if pubAlgo == algo {
-			return privAlgo
-		}
-	}
-	panic("unknown cert algorithm")
-}
-
-func (cert *Certificate) bytesForSigning() []byte {
-	c2 := *cert
-	c2.Signature = nil
-	out := c2.Marshal()
-	// Drop trailing signature length.
-	return out[:len(out)-4]
-}
-
-// Marshal serializes c into OpenSSH's wire format. It is part of the
-// PublicKey interface.
-func (c *Certificate) Marshal() []byte {
-	generic := genericCertData{
-		Serial:          c.Serial,
-		CertType:        c.CertType,
-		KeyId:           c.KeyId,
-		ValidPrincipals: marshalStringList(c.ValidPrincipals),
-		ValidAfter:      uint64(c.ValidAfter),
-		ValidBefore:     uint64(c.ValidBefore),
-		CriticalOptions: marshalTuples(c.CriticalOptions),
-		Extensions:      marshalTuples(c.Extensions),
-		Reserved:        c.Reserved,
-		SignatureKey:    c.SignatureKey.Marshal(),
-	}
-	if c.Signature != nil {
-		generic.Signature = Marshal(c.Signature)
-	}
-	genericBytes := Marshal(&generic)
-	keyBytes := c.Key.Marshal()
-	_, keyBytes, _ = parseString(keyBytes)
-	prefix := Marshal(&struct {
-		Name  string
-		Nonce []byte
-		Key   []byte `ssh:"rest"`
-	}{c.Type(), c.Nonce, keyBytes})
-
-	result := make([]byte, 0, len(prefix)+len(genericBytes))
-	result = append(result, prefix...)
-	result = append(result, genericBytes...)
-	return result
-}
-
-// Type returns the key name. It is part of the PublicKey interface.
-func (c *Certificate) Type() string {
-	algo, ok := certAlgoNames[c.Key.Type()]
-	if !ok {
-		panic("unknown cert key type")
-	}
-	return algo
-}
-
-// Verify verifies a signature against the certificate's public
-// key. It is part of the PublicKey interface.
-func (c *Certificate) Verify(data []byte, sig *Signature) error {
-	return c.Key.Verify(data, sig)
-}
-
-func parseSignatureBody(in []byte) (out *Signature, rest []byte, ok bool) {
-	format, in, ok := parseString(in)
-	if !ok {
-		return
-	}
-
-	out = &Signature{
-		Format: string(format),
-	}
-
-	if out.Blob, in, ok = parseString(in); !ok {
-		return
-	}
-
-	return out, in, ok
-}
-
-func parseSignature(in []byte) (out *Signature, rest []byte, ok bool) {
-	sigBytes, rest, ok := parseString(in)
-	if !ok {
-		return
-	}
-
-	out, trailing, ok := parseSignatureBody(sigBytes)
-	if !ok || len(trailing) > 0 {
-		return nil, nil, false
-	}
-	return
-}
--- a/modules/crypto/ssh/certs_test.go
+++ b/modules/crypto/ssh/certs_test.go
@@ -1,216 +0,0 @@
-// Copyright 2013 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package ssh
-
-import (
-	"bytes"
-	"crypto/rand"
-	"reflect"
-	"testing"
-	"time"
-)
-
-// Cert generated by ssh-keygen 6.0p1 Debian-4.
-// % ssh-keygen -s ca-key -I test user-key
-const exampleSSHCert = `ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgb1srW/W3ZDjYAO45xLYAwzHBDLsJ4Ux6ICFIkTjb1LEAAAADAQABAAAAYQCkoR51poH0wE8w72cqSB8Sszx+vAhzcMdCO0wqHTj7UNENHWEXGrU0E0UQekD7U+yhkhtoyjbPOVIP7hNa6aRk/ezdh/iUnCIt4Jt1v3Z1h1P+hA4QuYFMHNB+rmjPwAcAAAAAAAAAAAAAAAEAAAAEdGVzdAAAAAAAAAAAAAAAAP//////////AAAAAAAAAIIAAAAVcGVybWl0LVgxMS1mb3J3YXJkaW5nAAAAAAAAABdwZXJtaXQtYWdlbnQtZm9yd2FyZGluZwAAAAAAAAAWcGVybWl0LXBvcnQtZm9yd2FyZGluZwAAAAAAAAAKcGVybWl0LXB0eQAAAAAAAAAOcGVybWl0LXVzZXItcmMAAAAAAAAAAAAAAHcAAAAHc3NoLXJzYQAAAAMBAAEAAABhANFS2kaktpSGc+CcmEKPyw9mJC4nZKxHKTgLVZeaGbFZOvJTNzBspQHdy7Q1uKSfktxpgjZnksiu/tFF9ngyY2KFoc+U88ya95IZUycBGCUbBQ8+bhDtw/icdDGQD5WnUwAAAG8AAAAHc3NoLXJzYQAAAGC8Y9Z2LQKhIhxf52773XaWrXdxP0t3GBVo4A10vUWiYoAGepr6rQIoGGXFxT4B9Gp+nEBJjOwKDXPrAevow0T9ca8gZN+0ykbhSrXLE5Ao48rqr3zP4O1/9P7e6gp0gw8=`
-
-func TestParseCert(t *testing.T) {
-	authKeyBytes := []byte(exampleSSHCert)
-
-	key, _, _, rest, err := ParseAuthorizedKey(authKeyBytes)
-	if err != nil {
-		t.Fatalf("ParseAuthorizedKey: %v", err)
-	}
-	if len(rest) > 0 {
-		t.Errorf("rest: got %q, want empty", rest)
-	}
-
-	if _, ok := key.(*Certificate); !ok {
-		t.Fatalf("got %v (%T), want *Certificate", key, key)
-	}
-
-	marshaled := MarshalAuthorizedKey(key)
-	// Before comparison, remove the trailing newline that
-	// MarshalAuthorizedKey adds.
-	marshaled = marshaled[:len(marshaled)-1]
-	if !bytes.Equal(authKeyBytes, marshaled) {
-		t.Errorf("marshaled certificate does not match original: got %q, want %q", marshaled, authKeyBytes)
-	}
-}
-
-// Cert generated by ssh-keygen OpenSSH_6.8p1 OS X 10.10.3
-// % ssh-keygen -s ca -I testcert -O source-address=192.168.1.0/24 -O force-command=/bin/sleep user.pub
-// user.pub key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDACh1rt2DXfV3hk6fszSQcQ/rueMId0kVD9U7nl8cfEnFxqOCrNT92g4laQIGl2mn8lsGZfTLg8ksHq3gkvgO3oo/0wHy4v32JeBOHTsN5AL4gfHNEhWeWb50ev47hnTsRIt9P4dxogeUo/hTu7j9+s9lLpEQXCvq6xocXQt0j8MV9qZBBXFLXVT3cWIkSqOdwt/5ZBg+1GSrc7WfCXVWgTk4a20uPMuJPxU4RQwZW6X3+O8Pqo8C3cW0OzZRFP6gUYUKUsTI5WntlS+LAxgw1mZNsozFGdbiOPRnEryE3SRldh9vjDR3tin1fGpA5P7+CEB/bqaXtG3V+F2OkqaMN
-// Critical Options:
-//         force-command /bin/sleep
-//         source-address 192.168.1.0/24
-// Extensions:
-//         permit-X11-forwarding
-//         permit-agent-forwarding
-//         permit-port-forwarding
-//         permit-pty
-//         permit-user-rc
-const exampleSSHCertWithOptions = `ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgDyysCJY0XrO1n03EeRRoITnTPdjENFmWDs9X58PP3VUAAAADAQABAAABAQDACh1rt2DXfV3hk6fszSQcQ/rueMId0kVD9U7nl8cfEnFxqOCrNT92g4laQIGl2mn8lsGZfTLg8ksHq3gkvgO3oo/0wHy4v32JeBOHTsN5AL4gfHNEhWeWb50ev47hnTsRIt9P4dxogeUo/hTu7j9+s9lLpEQXCvq6xocXQt0j8MV9qZBBXFLXVT3cWIkSqOdwt/5ZBg+1GSrc7WfCXVWgTk4a20uPMuJPxU4RQwZW6X3+O8Pqo8C3cW0OzZRFP6gUYUKUsTI5WntlS+LAxgw1mZNsozFGdbiOPRnEryE3SRldh9vjDR3tin1fGpA5P7+CEB/bqaXtG3V+F2OkqaMNAAAAAAAAAAAAAAABAAAACHRlc3RjZXJ0AAAAAAAAAAAAAAAA//////////8AAABLAAAADWZvcmNlLWNvbW1hbmQAAAAOAAAACi9iaW4vc2xlZXAAAAAOc291cmNlLWFkZHJlc3MAAAASAAAADjE5Mi4xNjguMS4wLzI0AAAAggAAABVwZXJtaXQtWDExLWZvcndhcmRpbmcAAAAAAAAAF3Blcm1pdC1hZ2VudC1mb3J3YXJkaW5nAAAAAAAAABZwZXJtaXQtcG9ydC1mb3J3YXJkaW5nAAAAAAAAAApwZXJtaXQtcHR5AAAAAAAAAA5wZXJtaXQtdXNlci1yYwAAAAAAAAAAAAABFwAAAAdzc2gtcnNhAAAAAwEAAQAAAQEAwU+c5ui5A8+J/CFpjW8wCa52bEODA808WWQDCSuTG/eMXNf59v9Y8Pk0F1E9dGCosSNyVcB/hacUrc6He+i97+HJCyKavBsE6GDxrjRyxYqAlfcOXi/IVmaUGiO8OQ39d4GHrjToInKvExSUeleQyH4Y4/e27T/pILAqPFL3fyrvMLT5qU9QyIt6zIpa7GBP5+urouNavMprV3zsfIqNBbWypinOQAw823a5wN+zwXnhZrgQiHZ/USG09Y6k98y1dTVz8YHlQVR4D3lpTAsKDKJ5hCH9WU4fdf+lU8OyNGaJ/vz0XNqxcToe1l4numLTnaoSuH89pHryjqurB7lJKwAAAQ8AAAAHc3NoLXJzYQAAAQCaHvUIoPL1zWUHIXLvu96/HU1s/i4CAW2IIEuGgxCUCiFj6vyTyYtgxQxcmbfZf6eaITlS6XJZa7Qq4iaFZh75C1DXTX8labXhRSD4E2t//AIP9MC1rtQC5xo6FmbQ+BoKcDskr+mNACcbRSxs3IL3bwCfWDnIw2WbVox9ZdcthJKk4UoCW4ix4QwdHw7zlddlz++fGEEVhmTbll1SUkycGApPFBsAYRTMupUJcYPIeReBI/m8XfkoMk99bV8ZJQTAd7OekHY2/48Ff53jLmyDjP7kNw1F8OaPtkFs6dGJXta4krmaekPy87j+35In5hFj7yoOqvSbmYUkeX70/GGQ`
-
-func TestParseCertWithOptions(t *testing.T) {
-	opts := map[string]string{
-		"source-address": "192.168.1.0/24",
-		"force-command":  "/bin/sleep",
-	}
-	exts := map[string]string{
-		"permit-X11-forwarding":   "",
-		"permit-agent-forwarding": "",
-		"permit-port-forwarding":  "",
-		"permit-pty":              "",
-		"permit-user-rc":          "",
-	}
-	authKeyBytes := []byte(exampleSSHCertWithOptions)
-
-	key, _, _, rest, err := ParseAuthorizedKey(authKeyBytes)
-	if err != nil {
-		t.Fatalf("ParseAuthorizedKey: %v", err)
-	}
-	if len(rest) > 0 {
-		t.Errorf("rest: got %q, want empty", rest)
-	}
-	cert, ok := key.(*Certificate)
-	if !ok {
-		t.Fatalf("got %v (%T), want *Certificate", key, key)
-	}
-	if !reflect.DeepEqual(cert.CriticalOptions, opts) {
-		t.Errorf("unexpected critical options - got %v, want %v", cert.CriticalOptions, opts)
-	}
-	if !reflect.DeepEqual(cert.Extensions, exts) {
-		t.Errorf("unexpected Extensions - got %v, want %v", cert.Extensions, exts)
-	}
-	marshaled := MarshalAuthorizedKey(key)
-	// Before comparison, remove the trailing newline that
-	// MarshalAuthorizedKey adds.
-	marshaled = marshaled[:len(marshaled)-1]
-	if !bytes.Equal(authKeyBytes, marshaled) {
-		t.Errorf("marshaled certificate does not match original: got %q, want %q", marshaled, authKeyBytes)
-	}
-}
-
-func TestValidateCert(t *testing.T) {
-	key, _, _, _, err := ParseAuthorizedKey([]byte(exampleSSHCert))
-	if err != nil {
-		t.Fatalf("ParseAuthorizedKey: %v", err)
-	}
-	validCert, ok := key.(*Certificate)
-	if !ok {
-		t.Fatalf("got %v (%T), want *Certificate", key, key)
-	}
-	checker := CertChecker{}
-	checker.IsAuthority = func(k PublicKey) bool {
-		return bytes.Equal(k.Marshal(), validCert.SignatureKey.Marshal())
-	}
-
-	if err := checker.CheckCert("user", validCert); err != nil {
-		t.Errorf("Unable to validate certificate: %v", err)
-	}
-	invalidCert := &Certificate{
-		Key:          testPublicKeys["rsa"],
-		SignatureKey: testPublicKeys["ecdsa"],
-		ValidBefore:  CertTimeInfinity,
-		Signature:    &Signature{},
-	}
-	if err := checker.CheckCert("user", invalidCert); err == nil {
-		t.Error("Invalid cert signature passed validation")
-	}
-}
-
-func TestValidateCertTime(t *testing.T) {
-	cert := Certificate{
-		ValidPrincipals: []string{"user"},
-		Key:             testPublicKeys["rsa"],
-		ValidAfter:      50,
-		ValidBefore:     100,
-	}
-
-	cert.SignCert(rand.Reader, testSigners["ecdsa"])
-
-	for ts, ok := range map[int64]bool{
-		25:  false,
-		50:  true,
-		99:  true,
-		100: false,
-		125: false,
-	} {
-		checker := CertChecker{
-			Clock: func() time.Time { return time.Unix(ts, 0) },
-		}
-		checker.IsAuthority = func(k PublicKey) bool {
-			return bytes.Equal(k.Marshal(),
-				testPublicKeys["ecdsa"].Marshal())
-		}
-
-		if v := checker.CheckCert("user", &cert); (v == nil) != ok {
-			t.Errorf("Authenticate(%d): %v", ts, v)
-		}
-	}
-}
-
-// TODO(hanwen): tests for
-//
-// host keys:
-// * fallbacks
-
-func TestHostKeyCert(t *testing.T) {
-	cert := &Certificate{
-		ValidPrincipals: []string{"hostname", "hostname.domain"},
-		Key:             testPublicKeys["rsa"],
-		ValidBefore:     CertTimeInfinity,
-		CertType:        HostCert,
-	}
-	cert.SignCert(rand.Reader, testSigners["ecdsa"])
-
-	checker := &CertChecker{
-		IsAuthority: func(p PublicKey) bool {
-			return bytes.Equal(testPublicKeys["ecdsa"].Marshal(), p.Marshal())
-		},
-	}
-
-	certSigner, err := NewCertSigner(cert, testSigners["rsa"])
-	if err != nil {
-		t.Errorf("NewCertSigner: %v", err)
-	}
-
-	for _, name := range []string{"hostname", "otherhost"} {
-		c1, c2, err := netPipe()
-		if err != nil {
-			t.Fatalf("netPipe: %v", err)
-		}
-		defer c1.Close()
-		defer c2.Close()
-
-		errc := make(chan error)
-
-		go func() {
-			conf := ServerConfig{
-				NoClientAuth: true,
-			}
-			conf.AddHostKey(certSigner)
-			_, _, _, err := NewServerConn(c1, &conf)
-			errc <- err
-		}()
-
-		config := &ClientConfig{
-			User:            "user",
-			HostKeyCallback: checker.CheckHostKey,
-		}
-		_, _, _, err = NewClientConn(c2, name, config)
-
-		succeed := name == "hostname"
-		if (err == nil) != succeed {
-			t.Fatalf("NewClientConn(%q): %v", name, err)
-		}
-
-		err = <-errc
-		if (err == nil) != succeed {
-			t.Fatalf("NewServerConn(%q): %v", name, err)
-		}
-	}
-}
--- a/modules/crypto/ssh/channel.go
+++ b/modules/crypto/ssh/channel.go
@@ -1,631 +0,0 @@
-// Copyright 2011 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package ssh
-
-import (
-	"encoding/binary"
-	"errors"
-	"fmt"
-	"io"
-	"log"
-	"sync"
-)
-
-const (
-	minPacketLength = 9
-	// channelMaxPacket contains the maximum number of bytes that will be
-	// sent in a single packet. As per RFC 4253, section 6.1, 32k is also
-	// the minimum.
-	channelMaxPacket = 1 << 15
-	// We follow OpenSSH here.
-	channelWindowSize = 64 * channelMaxPacket
-)
-
-// NewChannel represents an incoming request to a channel. It must either be
-// accepted for use by calling Accept, or rejected by calling Reject.
-type NewChannel interface {
-	// Accept accepts the channel creation request. It returns the Channel
-	// and a Go channel containing SSH requests. The Go channel must be
-	// serviced otherwise the Channel will hang.
-	Accept() (Channel, <-chan *Request, error)
-
-	// Reject rejects the channel creation request. After calling
-	// this, no other methods on the Channel may be called.
-	Reject(reason RejectionReason, message string) error
-
-	// ChannelType returns the type of the channel, as supplied by the
-	// client.
-	ChannelType() string
-
-	// ExtraData returns the arbitrary payload for this channel, as supplied
-	// by the client. This data is specific to the channel type.
-	ExtraData() []byte
-}
-
-// A Channel is an ordered, reliable, flow-controlled, duplex stream
-// that is multiplexed over an SSH connection.
-type Channel interface {
-	// Read reads up to len(data) bytes from the channel.
-	Read(data []byte) (int, error)
-
-	// Write writes len(data) bytes to the channel.
-	Write(data []byte) (int, error)
-
-	// Close signals end of channel use. No data may be sent after this
-	// call.
-	Close() error
-
-	// CloseWrite signals the end of sending in-band
-	// data. Requests may still be sent, and the other side may
-	// still send data
-	CloseWrite() error
-
-	// SendRequest sends a channel request.  If wantReply is true,
-	// it will wait for a reply and return the result as a
-	// boolean, otherwise the return value will be false. Channel
-	// requests are out-of-band messages so they may be sent even
-	// if the data stream is closed or blocked by flow control.
-	SendRequest(name string, wantReply bool, payload []byte) (bool, error)
-
-	// Stderr returns an io.ReadWriter that writes to this channel
-	// with the extended data type set to stderr. Stderr may
-	// safely be read and written from a different goroutine than
-	// Read and Write respectively.
-	Stderr() io.ReadWriter
-}
-
-// Request is a request sent outside of the normal stream of
-// data. Requests can either be specific to an SSH channel, or they
-// can be global.
-type Request struct {
-	Type      string
-	WantReply bool
-	Payload   []byte
-
-	ch  *channel
-	mux *mux
-}
-
-// Reply sends a response to a request. It must be called for all requests
-// where WantReply is true and is a no-op otherwise. The payload argument is
-// ignored for replies to channel-specific requests.
-func (r *Request) Reply(ok bool, payload []byte) error {
-	if !r.WantReply {
-		return nil
-	}
-
-	if r.ch == nil {
-		return r.mux.ackRequest(ok, payload)
-	}
-
-	return r.ch.ackRequest(ok)
-}
-
-// RejectionReason is an enumeration used when rejecting channel creation
-// requests. See RFC 4254, section 5.1.
-type RejectionReason uint32
-
-const (
-	Prohibited RejectionReason = iota + 1
-	ConnectionFailed
-	UnknownChannelType
-	ResourceShortage
-)
-
-// String converts the rejection reason to human readable form.
-func (r RejectionReason) String() string {
-	switch r {
-	case Prohibited:
-		return "administratively prohibited"
-	case ConnectionFailed:
-		return "connect failed"
-	case UnknownChannelType:
-		return "unknown channel type"
-	case ResourceShortage:
-		return "resource shortage"
-	}
-	return fmt.Sprintf("unknown reason %d", int(r))
-}
-
-func min(a uint32, b int) uint32 {
-	if a < uint32(b) {
-		return a
-	}
-	return uint32(b)
-}
-
-type channelDirection uint8
-
-const (
-	channelInbound channelDirection = iota
-	channelOutbound
-)
-
-// channel is an implementation of the Channel interface that works
-// with the mux class.
-type channel struct {
-	// R/O after creation
-	chanType          string
-	extraData         []byte
-	localId, remoteId uint32
-
-	// maxIncomingPayload and maxRemotePayload are the maximum
-	// payload sizes of normal and extended data packets for
-	// receiving and sending, respectively. The wire packet will
-	// be 9 or 13 bytes larger (excluding encryption overhead).
-	maxIncomingPayload uint32
-	maxRemotePayload   uint32
-
-	mux *mux
-
-	// decided is set to true if an accept or reject message has been sent
-	// (for outbound channels) or received (for inbound channels).
-	decided bool
-
-	// direction contains either channelOutbound, for channels created
-	// locally, or channelInbound, for channels created by the peer.
-	direction channelDirection
-
-	// Pending internal channel messages.
-	msg chan interface{}
-
-	// Since requests have no ID, there can be only one request
-	// with WantReply=true outstanding.  This lock is held by a
-	// goroutine that has such an outgoing request pending.
-	sentRequestMu sync.Mutex
-
-	incomingRequests chan *Request
-
-	sentEOF bool
-
-	// thread-safe data
-	remoteWin  window
-	pending    *buffer
-	extPending *buffer
-
-	// windowMu protects myWindow, the flow-control window.
-	windowMu sync.Mutex
-	myWindow uint32
-
-	// writeMu serializes calls to mux.conn.writePacket() and
-	// protects sentClose and packetPool. This mutex must be
-	// different from windowMu, as writePacket can block if there
-	// is a key exchange pending.
-	writeMu   sync.Mutex
-	sentClose bool
-
-	// packetPool has a buffer for each extended channel ID to
-	// save allocations during writes.
-	packetPool map[uint32][]byte
-}
-
-// writePacket sends a packet. If the packet is a channel close, it updates
-// sentClose. This method takes the lock c.writeMu.
-func (c *channel) writePacket(packet []byte) error {
-	c.writeMu.Lock()
-	if c.sentClose {
-		c.writeMu.Unlock()
-		return io.EOF
-	}
-	c.sentClose = (packet[0] == msgChannelClose)
-	err := c.mux.conn.writePacket(packet)
-	c.writeMu.Unlock()
-	return err
-}
-
-func (c *channel) sendMessage(msg interface{}) error {
-	if debugMux {
-		log.Printf("send %d: %#v", c.mux.chanList.offset, msg)
-	}
-
-	p := Marshal(msg)
-	binary.BigEndian.PutUint32(p[1:], c.remoteId)
-	return c.writePacket(p)
-}
-
-// WriteExtended writes data to a specific extended stream. These streams are
-// used, for example, for stderr.
-func (c *channel) WriteExtended(data []byte, extendedCode uint32) (n int, err error) {
-	if c.sentEOF {
-		return 0, io.EOF
-	}
-	// 1 byte message type, 4 bytes remoteId, 4 bytes data length
-	opCode := byte(msgChannelData)
-	headerLength := uint32(9)
-	if extendedCode > 0 {
-		headerLength += 4
-		opCode = msgChannelExtendedData
-	}
-
-	c.writeMu.Lock()
-	packet := c.packetPool[extendedCode]
-	// We don't remove the buffer from packetPool, so
-	// WriteExtended calls from different goroutines will be
-	// flagged as errors by the race detector.
-	c.writeMu.Unlock()
-
-	for len(data) > 0 {
-		space := min(c.maxRemotePayload, len(data))
-		if space, err = c.remoteWin.reserve(space); err != nil {
-			return n, err
-		}
-		if want := headerLength + space; uint32(cap(packet)) < want {
-			packet = make([]byte, want)
-		} else {
-			packet = packet[:want]
-		}
-
-		todo := data[:space]
-
-		packet[0] = opCode
-		binary.BigEndian.PutUint32(packet[1:], c.remoteId)
-		if extendedCode > 0 {
-			binary.BigEndian.PutUint32(packet[5:], uint32(extendedCode))
-		}
-		binary.BigEndian.PutUint32(packet[headerLength-4:], uint32(len(todo)))
-		copy(packet[headerLength:], todo)
-		if err = c.writePacket(packet); err != nil {
-			return n, err
-		}
-
-		n += len(todo)
-		data = data[len(todo):]
-	}
-
-	c.writeMu.Lock()
-	c.packetPool[extendedCode] = packet
-	c.writeMu.Unlock()
-
-	return n, err
-}
-
-func (c *channel) handleData(packet []byte) error {
-	headerLen := 9
-	isExtendedData := packet[0] == msgChannelExtendedData
-	if isExtendedData {
-		headerLen = 13
-	}
-	if len(packet) < headerLen {
-		// malformed data packet
-		return parseError(packet[0])
-	}
-
-	var extended uint32
-	if isExtendedData {
-		extended = binary.BigEndian.Uint32(packet[5:])
-	}
-
-	length := binary.BigEndian.Uint32(packet[headerLen-4 : headerLen])
-	if length == 0 {
-		return nil
-	}
-	if length > c.maxIncomingPayload {
-		// TODO(hanwen): should send Disconnect?
-		return errors.New("ssh: incoming packet exceeds maximum payload size")
-	}
-
-	data := packet[headerLen:]
-	if length != uint32(len(data)) {
-		return errors.New("ssh: wrong packet length")
-	}
-
-	c.windowMu.Lock()
-	if c.myWindow < length {
-		c.windowMu.Unlock()
-		// TODO(hanwen): should send Disconnect with reason?
-		return errors.New("ssh: remote side wrote too much")
-	}
-	c.myWindow -= length
-	c.windowMu.Unlock()
-
-	if extended == 1 {
-		c.extPending.write(data)
-	} else if extended > 0 {
-		// discard other extended data.
-	} else {
-		c.pending.write(data)
-	}
-	return nil
-}
-
-func (c *channel) adjustWindow(n uint32) error {
-	c.windowMu.Lock()
-	// Since myWindow is managed on our side, and can never exceed
-	// the initial window setting, we don't worry about overflow.
-	c.myWindow += uint32(n)
-	c.windowMu.Unlock()
-	return c.sendMessage(windowAdjustMsg{
-		AdditionalBytes: uint32(n),
-	})
-}
-
-func (c *channel) ReadExtended(data []byte, extended uint32) (n int, err error) {
-	switch extended {
-	case 1:
-		n, err = c.extPending.Read(data)
-	case 0:
-		n, err = c.pending.Read(data)
-	default:
-		return 0, fmt.Errorf("ssh: extended code %d unimplemented", extended)
-	}
-
-	if n > 0 {
-		err = c.adjustWindow(uint32(n))
-		// sendWindowAdjust can return io.EOF if the remote
-		// peer has closed the connection, however we want to
-		// defer forwarding io.EOF to the caller of Read until
-		// the buffer has been drained.
-		if n > 0 && err == io.EOF {
-			err = nil
-		}
-	}
-
-	return n, err
-}
-
-func (c *channel) close() {
-	c.pending.eof()
-	c.extPending.eof()
-	close(c.msg)
-	close(c.incomingRequests)
-	c.writeMu.Lock()
-	// This is not necesary for a normal channel teardown, but if
-	// there was another error, it is.
-	c.sentClose = true
-	c.writeMu.Unlock()
-	// Unblock writers.
-	c.remoteWin.close()
-}
-
-// responseMessageReceived is called when a success or failure message is
-// received on a channel to check that such a message is reasonable for the
-// given channel.
-func (c *channel) responseMessageReceived() error {
-	if c.direction == channelInbound {
-		return errors.New("ssh: channel response message received on inbound channel")
-	}
-	if c.decided {
-		return errors.New("ssh: duplicate response received for channel")
-	}
-	c.decided = true
-	return nil
-}
-
-func (c *channel) handlePacket(packet []byte) error {
-	switch packet[0] {
-	case msgChannelData, msgChannelExtendedData:
-		return c.handleData(packet)
-	case msgChannelClose:
-		c.sendMessage(channelCloseMsg{PeersId: c.remoteId})
-		c.mux.chanList.remove(c.localId)
-		c.close()
-		return nil
-	case msgChannelEOF:
-		// RFC 4254 is mute on how EOF affects dataExt messages but
-		// it is logical to signal EOF at the same time.
-		c.extPending.eof()
-		c.pending.eof()
-		return nil
-	}
-
-	decoded, err := decode(packet)
-	if err != nil {
-		return err
-	}
-
-	switch msg := decoded.(type) {
-	case *channelOpenFailureMsg:
-		if err := c.responseMessageReceived(); err != nil {
-			return err
-		}
-		c.mux.chanList.remove(msg.PeersId)
-		c.msg <- msg
-	case *channelOpenConfirmMsg:
-		if err := c.responseMessageReceived(); err != nil {
-			return err
-		}
-		if msg.MaxPacketSize < minPacketLength || msg.MaxPacketSize > 1<<31 {
-			return fmt.Errorf("ssh: invalid MaxPacketSize %d from peer", msg.MaxPacketSize)
-		}
-		c.remoteId = msg.MyId
-		c.maxRemotePayload = msg.MaxPacketSize
-		c.remoteWin.add(msg.MyWindow)
-		c.msg <- msg
-	case *windowAdjustMsg:
-		if !c.remoteWin.add(msg.AdditionalBytes) {
-			return fmt.Errorf("ssh: invalid window update for %d bytes", msg.AdditionalBytes)
-		}
-	case *channelRequestMsg:
-		req := Request{
-			Type:      msg.Request,
-			WantReply: msg.WantReply,
-			Payload:   msg.RequestSpecificData,
-			ch:        c,
-		}
-
-		c.incomingRequests <- &req
-	default:
-		c.msg <- msg
-	}
-	return nil
-}
-
-func (m *mux) newChannel(chanType string, direction channelDirection, extraData []byte) *channel {
-	ch := &channel{
-		remoteWin:        window{Cond: newCond()},
-		myWindow:         channelWindowSize,
-		pending:          newBuffer(),
-		extPending:       newBuffer(),
-		direction:        direction,
-		incomingRequests: make(chan *Request, 16),
-		msg:              make(chan interface{}, 16),
-		chanType:         chanType,
-		extraData:        extraData,
-		mux:              m,
-		packetPool:       make(map[uint32][]byte),
-	}
-	ch.localId = m.chanList.add(ch)
-	return ch
-}
-
-var errUndecided = errors.New("ssh: must Accept or Reject channel")
-var errDecidedAlready = errors.New("ssh: can call Accept or Reject only once")
-
-type extChannel struct {
-	code uint32
-	ch   *channel
-}
-
-func (e *extChannel) Write(data []byte) (n int, err error) {
-	return e.ch.WriteExtended(data, e.code)
-}
-
-func (e *extChannel) Read(data []byte) (n int, err error) {
-	return e.ch.ReadExtended(data, e.code)
-}
-
-func (c *channel) Accept() (Channel, <-chan *Request, error) {
-	if c.decided {
-		return nil, nil, errDecidedAlready
-	}
-	c.maxIncomingPayload = channelMaxPacket
-	confirm := channelOpenConfirmMsg{
-		PeersId:       c.remoteId,
-		MyId:          c.localId,
-		MyWindow:      c.myWindow,
-		MaxPacketSize: c.maxIncomingPayload,
-	}
-	c.decided = true
-	if err := c.sendMessage(confirm); err != nil {
-		return nil, nil, err
-	}
-
-	return c, c.incomingRequests, nil
-}
-
-func (ch *channel) Reject(reason RejectionReason, message string) error {
-	if ch.decided {
-		return errDecidedAlready
-	}
-	reject := channelOpenFailureMsg{
-		PeersId:  ch.remoteId,
-		Reason:   reason,
-		Message:  message,
-		Language: "en",
-	}
-	ch.decided = true
-	return ch.sendMessage(reject)
-}
-
-func (ch *channel) Read(data []byte) (int, error) {
-	if !ch.decided {
-		return 0, errUndecided
-	}
-	return ch.ReadExtended(data, 0)
-}
-
-func (ch *channel) Write(data []byte) (int, error) {
-	if !ch.decided {
-		return 0, errUndecided
-	}
-	return ch.WriteExtended(data, 0)
-}
-
-func (ch *channel) CloseWrite() error {
-	if !ch.decided {
-		return errUndecided
-	}
-	ch.sentEOF = true
-	return ch.sendMessage(channelEOFMsg{
-		PeersId: ch.remoteId})
-}
-
-func (ch *channel) Close() error {
-	if !ch.decided {
-		return errUndecided
-	}
-
-	return ch.sendMessage(channelCloseMsg{
-		PeersId: ch.remoteId})
-}
-
-// Extended returns an io.ReadWriter that sends and receives data on the given,
-// SSH extended stream. Such streams are used, for example, for stderr.
-func (ch *channel) Extended(code uint32) io.ReadWriter {
-	if !ch.decided {
-		return nil
-	}
-	return &extChannel{code, ch}
-}
-
-func (ch *channel) Stderr() io.ReadWriter {
-	return ch.Extended(1)
-}
-
-func (ch *channel) SendRequest(name string, wantReply bool, payload []byte) (bool, error) {
-	if !ch.decided {
-		return false, errUndecided
-	}
-
-	if wantReply {
-		ch.sentRequestMu.Lock()
-		defer ch.sentRequestMu.Unlock()
-	}
-
-	msg := channelRequestMsg{
-		PeersId:             ch.remoteId,
-		Request:             name,
-		WantReply:           wantReply,
-		RequestSpecificData: payload,
-	}
-
-	if err := ch.sendMessage(msg); err != nil {
-		return false, err
-	}
-
-	if wantReply {
-		m, ok := (<-ch.msg)
-		if !ok {
-			return false, io.EOF
-		}
-		switch m.(type) {
-		case *channelRequestFailureMsg:
-			return false, nil
-		case *channelRequestSuccessMsg:
-			return true, nil
-		default:
-			return false, fmt.Errorf("ssh: unexpected response to channel request: %#v", m)
-		}
-	}
-
-	return false, nil
-}
-
-// ackRequest either sends an ack or nack to the channel request.
-func (ch *channel) ackRequest(ok bool) error {
-	if !ch.decided {
-		return errUndecided
-	}
-
-	var msg interface{}
-	if !ok {
-		msg = channelRequestFailureMsg{
-			PeersId: ch.remoteId,
-		}
-	} else {
-		msg = channelRequestSuccessMsg{
-			PeersId: ch.remoteId,
-		}
-	}
-	return ch.sendMessage(msg)
-}
-
-func (ch *channel) ChannelType() string {
-	return ch.chanType
-}
-
-func (ch *channel) ExtraData() []byte {
-	return ch.extraData
-}
--- a/modules/crypto/ssh/cipher.go
+++ b/modules/crypto/ssh/cipher.go
@@ -1,549 +0,0 @@
-// Copyright 2011 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package ssh
-
-import (
-	"crypto/aes"
-	"crypto/cipher"
-	"crypto/rc4"
-	"crypto/subtle"
-	"encoding/binary"
-	"errors"
-	"fmt"
-	"hash"
-	"io"
-	"io/ioutil"
-)
-
-const (
-	packetSizeMultiple = 16 // TODO(huin) this should be determined by the cipher.
-
-	// RFC 4253 section 6.1 defines a minimum packet size of 32768 that implementations
-	// MUST be able to process (plus a few more kilobytes for padding and mac). The RFC
-	// indicates implementations SHOULD be able to handle larger packet sizes, but then
-	// waffles on about reasonable limits.
-	//
-	// OpenSSH caps their maxPacket at 256kB so we choose to do
-	// the same. maxPacket is also used to ensure that uint32
-	// length fields do not overflow, so it should remain well
-	// below 4G.
-	maxPacket = 256 * 1024
-)
-
-// noneCipher implements cipher.Stream and provides no encryption. It is used
-// by the transport before the first key-exchange.
-type noneCipher struct{}
-
-func (c noneCipher) XORKeyStream(dst, src []byte) {
-	copy(dst, src)
-}
-
-func newAESCTR(key, iv []byte) (cipher.Stream, error) {
-	c, err := aes.NewCipher(key)
-	if err != nil {
-		return nil, err
-	}
-	return cipher.NewCTR(c, iv), nil
-}
-
-func newRC4(key, iv []byte) (cipher.Stream, error) {
-	return rc4.NewCipher(key)
-}
-
-type streamCipherMode struct {
-	keySize    int
-	ivSize     int
-	skip       int
-	createFunc func(key, iv []byte) (cipher.Stream, error)
-}
-
-func (c *streamCipherMode) createStream(key, iv []byte) (cipher.Stream, error) {
-	if len(key) < c.keySize {
-		panic("ssh: key length too small for cipher")
-	}
-	if len(iv) < c.ivSize {
-		panic("ssh: iv too small for cipher")
-	}
-
-	stream, err := c.createFunc(key[:c.keySize], iv[:c.ivSize])
-	if err != nil {
-		return nil, err
-	}
-
-	var streamDump []byte
-	if c.skip > 0 {
-		streamDump = make([]byte, 512)
-	}
-
-	for remainingToDump := c.skip; remainingToDump > 0; {
-		dumpThisTime := remainingToDump
-		if dumpThisTime > len(streamDump) {
-			dumpThisTime = len(streamDump)
-		}
-		stream.XORKeyStream(streamDump[:dumpThisTime], streamDump[:dumpThisTime])
-		remainingToDump -= dumpThisTime
-	}
-
-	return stream, nil
-}
-
-// cipherModes documents properties of supported ciphers. Ciphers not included
-// are not supported and will not be negotiated, even if explicitly requested in
-// ClientConfig.Crypto.Ciphers.
-var cipherModes = map[string]*streamCipherMode{
-	// Ciphers from RFC4344, which introduced many CTR-based ciphers. Algorithms
-	// are defined in the order specified in the RFC.
-	"aes128-ctr": {16, aes.BlockSize, 0, newAESCTR},
-	"aes192-ctr": {24, aes.BlockSize, 0, newAESCTR},
-	"aes256-ctr": {32, aes.BlockSize, 0, newAESCTR},
-
-	// Ciphers from RFC4345, which introduces security-improved arcfour ciphers.
-	// They are defined in the order specified in the RFC.
-	"arcfour128": {16, 0, 1536, newRC4},
-	"arcfour256": {32, 0, 1536, newRC4},
-
-	// Cipher defined in RFC 4253, which describes SSH Transport Layer Protocol.
-	// Note that this cipher is not safe, as stated in RFC 4253: "Arcfour (and
-	// RC4) has problems with weak keys, and should be used with caution."
-	// RFC4345 introduces improved versions of Arcfour.
-	"arcfour": {16, 0, 0, newRC4},
-
-	// AES-GCM is not a stream cipher, so it is constructed with a
-	// special case. If we add any more non-stream ciphers, we
-	// should invest a cleaner way to do this.
-	gcmCipherID: {16, 12, 0, nil},
-
-	// insecure cipher, see http://www.isg.rhul.ac.uk/~kp/SandPfinal.pdf
-	// uncomment below to enable it.
-	// aes128cbcID: {16, aes.BlockSize, 0, nil},
-}
-
-// prefixLen is the length of the packet prefix that contains the packet length
-// and number of padding bytes.
-const prefixLen = 5
-
-// streamPacketCipher is a packetCipher using a stream cipher.
-type streamPacketCipher struct {
-	mac    hash.Hash
-	cipher cipher.Stream
-
-	// The following members are to avoid per-packet allocations.
-	prefix      [prefixLen]byte
-	seqNumBytes [4]byte
-	padding     [2 * packetSizeMultiple]byte
-	packetData  []byte
-	macResult   []byte
-}
-
-// readPacket reads and decrypt a single packet from the reader argument.
-func (s *streamPacketCipher) readPacket(seqNum uint32, r io.Reader) ([]byte, error) {
-	if _, err := io.ReadFull(r, s.prefix[:]); err != nil {
-		return nil, err
-	}
-
-	s.cipher.XORKeyStream(s.prefix[:], s.prefix[:])
-	length := binary.BigEndian.Uint32(s.prefix[0:4])
-	paddingLength := uint32(s.prefix[4])
-
-	var macSize uint32
-	if s.mac != nil {
-		s.mac.Reset()
-		binary.BigEndian.PutUint32(s.seqNumBytes[:], seqNum)
-		s.mac.Write(s.seqNumBytes[:])
-		s.mac.Write(s.prefix[:])
-		macSize = uint32(s.mac.Size())
-	}
-
-	if length <= paddingLength+1 {
-		return nil, errors.New("ssh: invalid packet length, packet too small")
-	}
-
-	if length > maxPacket {
-		return nil, errors.New("ssh: invalid packet length, packet too large")
-	}
-
-	// the maxPacket check above ensures that length-1+macSize
-	// does not overflow.
-	if uint32(cap(s.packetData)) < length-1+macSize {
-		s.packetData = make([]byte, length-1+macSize)
-	} else {
-		s.packetData = s.packetData[:length-1+macSize]
-	}
-
-	if _, err := io.ReadFull(r, s.packetData); err != nil {
-		return nil, err
-	}
-	mac := s.packetData[length-1:]
-	data := s.packetData[:length-1]
-	s.cipher.XORKeyStream(data, data)
-
-	if s.mac != nil {
-		s.mac.Write(data)
-		s.macResult = s.mac.Sum(s.macResult[:0])
-		if subtle.ConstantTimeCompare(s.macResult, mac) != 1 {
-			return nil, errors.New("ssh: MAC failure")
-		}
-	}
-
-	return s.packetData[:length-paddingLength-1], nil
-}
-
-// writePacket encrypts and sends a packet of data to the writer argument
-func (s *streamPacketCipher) writePacket(seqNum uint32, w io.Writer, rand io.Reader, packet []byte) error {
-	if len(packet) > maxPacket {
-		return errors.New("ssh: packet too large")
-	}
-
-	paddingLength := packetSizeMultiple - (prefixLen+len(packet))%packetSizeMultiple
-	if paddingLength < 4 {
-		paddingLength += packetSizeMultiple
-	}
-
-	length := len(packet) + 1 + paddingLength
-	binary.BigEndian.PutUint32(s.prefix[:], uint32(length))
-	s.prefix[4] = byte(paddingLength)
-	padding := s.padding[:paddingLength]
-	if _, err := io.ReadFull(rand, padding); err != nil {
-		return err
-	}
-
-	if s.mac != nil {
-		s.mac.Reset()
-		binary.BigEndian.PutUint32(s.seqNumBytes[:], seqNum)
-		s.mac.Write(s.seqNumBytes[:])
-		s.mac.Write(s.prefix[:])
-		s.mac.Write(packet)
-		s.mac.Write(padding)
-	}
-
-	s.cipher.XORKeyStream(s.prefix[:], s.prefix[:])
-	s.cipher.XORKeyStream(packet, packet)
-	s.cipher.XORKeyStream(padding, padding)
-
-	if _, err := w.Write(s.prefix[:]); err != nil {
-		return err
-	}
-	if _, err := w.Write(packet); err != nil {
-		return err
-	}
-	if _, err := w.Write(padding); err != nil {
-		return err
-	}
-
-	if s.mac != nil {
-		s.macResult = s.mac.Sum(s.macResult[:0])
-		if _, err := w.Write(s.macResult); err != nil {
-			return err
-		}
-	}
-
-	return nil
-}
-
-type gcmCipher struct {
-	aead   cipher.AEAD
-	prefix [4]byte
-	iv     []byte
-	buf    []byte
-}
-
-func newGCMCipher(iv, key, macKey []byte) (packetCipher, error) {
-	c, err := aes.NewCipher(key)
-	if err != nil {
-		return nil, err
-	}
-
-	aead, err := cipher.NewGCM(c)
-	if err != nil {
-		return nil, err
-	}
-
-	return &gcmCipher{
-		aead: aead,
-		iv:   iv,
-	}, nil
-}
-
-const gcmTagSize = 16
-
-func (c *gcmCipher) writePacket(seqNum uint32, w io.Writer, rand io.Reader, packet []byte) error {
-	// Pad out to multiple of 16 bytes. This is different from the
-	// stream cipher because that encrypts the length too.
-	padding := byte(packetSizeMultiple - (1+len(packet))%packetSizeMultiple)
-	if padding < 4 {
-		padding += packetSizeMultiple
-	}
-
-	length := uint32(len(packet) + int(padding) + 1)
-	binary.BigEndian.PutUint32(c.prefix[:], length)
-	if _, err := w.Write(c.prefix[:]); err != nil {
-		return err
-	}
-
-	if cap(c.buf) < int(length) {
-		c.buf = make([]byte, length)
-	} else {
-		c.buf = c.buf[:length]
-	}
-
-	c.buf[0] = padding
-	copy(c.buf[1:], packet)
-	if _, err := io.ReadFull(rand, c.buf[1+len(packet):]); err != nil {
-		return err
-	}
-	c.buf = c.aead.Seal(c.buf[:0], c.iv, c.buf, c.prefix[:])
-	if _, err := w.Write(c.buf); err != nil {
-		return err
-	}
-	c.incIV()
-
-	return nil
-}
-
-func (c *gcmCipher) incIV() {
-	for i := 4 + 7; i >= 4; i-- {
-		c.iv[i]++
-		if c.iv[i] != 0 {
-			break
-		}
-	}
-}
-
-func (c *gcmCipher) readPacket(seqNum uint32, r io.Reader) ([]byte, error) {
-	if _, err := io.ReadFull(r, c.prefix[:]); err != nil {
-		return nil, err
-	}
-	length := binary.BigEndian.Uint32(c.prefix[:])
-	if length > maxPacket {
-		return nil, errors.New("ssh: max packet length exceeded.")
-	}
-
-	if cap(c.buf) < int(length+gcmTagSize) {
-		c.buf = make([]byte, length+gcmTagSize)
-	} else {
-		c.buf = c.buf[:length+gcmTagSize]
-	}
-
-	if _, err := io.ReadFull(r, c.buf); err != nil {
-		return nil, err
-	}
-
-	plain, err := c.aead.Open(c.buf[:0], c.iv, c.buf, c.prefix[:])
-	if err != nil {
-		return nil, err
-	}
-	c.incIV()
-
-	padding := plain[0]
-	if padding < 4 || padding >= 20 {
-		return nil, fmt.Errorf("ssh: illegal padding %d", padding)
-	}
-
-	if int(padding+1) >= len(plain) {
-		return nil, fmt.Errorf("ssh: padding %d too large", padding)
-	}
-	plain = plain[1 : length-uint32(padding)]
-	return plain, nil
-}
-
-// cbcCipher implements aes128-cbc cipher defined in RFC 4253 section 6.1
-type cbcCipher struct {
-	mac       hash.Hash
-	macSize   uint32
-	decrypter cipher.BlockMode
-	encrypter cipher.BlockMode
-
-	// The following members are to avoid per-packet allocations.
-	seqNumBytes [4]byte
-	packetData  []byte
-	macResult   []byte
-
-	// Amount of data we should still read to hide which
-	// verification error triggered.
-	oracleCamouflage uint32
-}
-
-func newAESCBCCipher(iv, key, macKey []byte, algs directionAlgorithms) (packetCipher, error) {
-	c, err := aes.NewCipher(key)
-	if err != nil {
-		return nil, err
-	}
-
-	cbc := &cbcCipher{
-		mac:        macModes[algs.MAC].new(macKey),
-		decrypter:  cipher.NewCBCDecrypter(c, iv),
-		encrypter:  cipher.NewCBCEncrypter(c, iv),
-		packetData: make([]byte, 1024),
-	}
-	if cbc.mac != nil {
-		cbc.macSize = uint32(cbc.mac.Size())
-	}
-
-	return cbc, nil
-}
-
-func maxUInt32(a, b int) uint32 {
-	if a > b {
-		return uint32(a)
-	}
-	return uint32(b)
-}
-
-const (
-	cbcMinPacketSizeMultiple = 8
-	cbcMinPacketSize         = 16
-	cbcMinPaddingSize        = 4
-)
-
-// cbcError represents a verification error that may leak information.
-type cbcError string
-
-func (e cbcError) Error() string { return string(e) }
-
-func (c *cbcCipher) readPacket(seqNum uint32, r io.Reader) ([]byte, error) {
-	p, err := c.readPacketLeaky(seqNum, r)
-	if err != nil {
-		if _, ok := err.(cbcError); ok {
-			// Verification error: read a fixed amount of
-			// data, to make distinguishing between
-			// failing MAC and failing length check more
-			// difficult.
-			io.CopyN(ioutil.Discard, r, int64(c.oracleCamouflage))
-		}
-	}
-	return p, err
-}
-
-func (c *cbcCipher) readPacketLeaky(seqNum uint32, r io.Reader) ([]byte, error) {
-	blockSize := c.decrypter.BlockSize()
-
-	// Read the header, which will include some of the subsequent data in the
-	// case of block ciphers - this is copied back to the payload later.
-	// How many bytes of payload/padding will be read with this first read.
-	firstBlockLength := uint32((prefixLen + blockSize - 1) / blockSize * blockSize)
-	firstBlock := c.packetData[:firstBlockLength]
-	if _, err := io.ReadFull(r, firstBlock); err != nil {
-		return nil, err
-	}
-
-	c.oracleCamouflage = maxPacket + 4 + c.macSize - firstBlockLength
-
-	c.decrypter.CryptBlocks(firstBlock, firstBlock)
-	length := binary.BigEndian.Uint32(firstBlock[:4])
-	if length > maxPacket {
-		return nil, cbcError("ssh: packet too large")
-	}
-	if length+4 < maxUInt32(cbcMinPacketSize, blockSize) {
-		// The minimum size of a packet is 16 (or the cipher block size, whichever
-		// is larger) bytes.
-		return nil, cbcError("ssh: packet too small")
-	}
-	// The length of the packet (including the length field but not the MAC) must
-	// be a multiple of the block size or 8, whichever is larger.
-	if (length+4)%maxUInt32(cbcMinPacketSizeMultiple, blockSize) != 0 {
-		return nil, cbcError("ssh: invalid packet length multiple")
-	}
-
-	paddingLength := uint32(firstBlock[4])
-	if paddingLength < cbcMinPaddingSize || length <= paddingLength+1 {
-		return nil, cbcError("ssh: invalid packet length")
-	}
-
-	// Positions within the c.packetData buffer:
-	macStart := 4 + length
-	paddingStart := macStart - paddingLength
-
-	// Entire packet size, starting before length, ending at end of mac.
-	entirePacketSize := macStart + c.macSize
-
-	// Ensure c.packetData is large enough for the entire packet data.
-	if uint32(cap(c.packetData)) < entirePacketSize {
-		// Still need to upsize and copy, but this should be rare at runtime, only
-		// on upsizing the packetData buffer.
-		c.packetData = make([]byte, entirePacketSize)
-		copy(c.packetData, firstBlock)
-	} else {
-		c.packetData = c.packetData[:entirePacketSize]
-	}
-
-	if n, err := io.ReadFull(r, c.packetData[firstBlockLength:]); err != nil {
-		return nil, err
-	} else {
-		c.oracleCamouflage -= uint32(n)
-	}
-
-	remainingCrypted := c.packetData[firstBlockLength:macStart]
-	c.decrypter.CryptBlocks(remainingCrypted, remainingCrypted)
-
-	mac := c.packetData[macStart:]
-	if c.mac != nil {
-		c.mac.Reset()
-		binary.BigEndian.PutUint32(c.seqNumBytes[:], seqNum)
-		c.mac.Write(c.seqNumBytes[:])
-		c.mac.Write(c.packetData[:macStart])
-		c.macResult = c.mac.Sum(c.macResult[:0])
-		if subtle.ConstantTimeCompare(c.macResult, mac) != 1 {
-			return nil, cbcError("ssh: MAC failure")
-		}
-	}
-
-	return c.packetData[prefixLen:paddingStart], nil
-}
-
-func (c *cbcCipher) writePacket(seqNum uint32, w io.Writer, rand io.Reader, packet []byte) error {
-	effectiveBlockSize := maxUInt32(cbcMinPacketSizeMultiple, c.encrypter.BlockSize())
-
-	// Length of encrypted portion of the packet (header, payload, padding).
-	// Enforce minimum padding and packet size.
-	encLength := maxUInt32(prefixLen+len(packet)+cbcMinPaddingSize, cbcMinPaddingSize)
-	// Enforce block size.
-	encLength = (encLength + effectiveBlockSize - 1) / effectiveBlockSize * effectiveBlockSize
-
-	length := encLength - 4
-	paddingLength := int(length) - (1 + len(packet))
-
-	// Overall buffer contains: header, payload, padding, mac.
-	// Space for the MAC is reserved in the capacity but not the slice length.
-	bufferSize := encLength + c.macSize
-	if uint32(cap(c.packetData)) < bufferSize {
-		c.packetData = make([]byte, encLength, bufferSize)
-	} else {
-		c.packetData = c.packetData[:encLength]
-	}
-
-	p := c.packetData
-
-	// Packet header.
-	binary.BigEndian.PutUint32(p, length)
-	p = p[4:]
-	p[0] = byte(paddingLength)
-
-	// Payload.
-	p = p[1:]
-	copy(p, packet)
-
-	// Padding.
-	p = p[len(packet):]
-	if _, err := io.ReadFull(rand, p); err != nil {
-		return err
-	}
-
-	if c.mac != nil {
-		c.mac.Reset()
-		binary.BigEndian.PutUint32(c.seqNumBytes[:], seqNum)
-		c.mac.Write(c.seqNumBytes[:])
-		c.mac.Write(c.packetData)
-		// The MAC is now appended into the capacity reserved for it earlier.
-		c.packetData = c.mac.Sum(c.packetData)
-	}
-
-	c.encrypter.CryptBlocks(c.packetData[:encLength], c.packetData[:encLength])
-
-	if _, err := w.Write(c.packetData); err != nil {
-		return err
-	}
-
-	return nil
-}
--- a/modules/crypto/ssh/cipher_test.go
+++ b/modules/crypto/ssh/cipher_test.go
@@ -1,127 +0,0 @@
-// Copyright 2011 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package ssh
-
-import (
-	"bytes"
-	"crypto"
-	"crypto/aes"
-	"crypto/rand"
-	"testing"
-)
-
-func TestDefaultCiphersExist(t *testing.T) {
-	for _, cipherAlgo := range supportedCiphers {
-		if _, ok := cipherModes[cipherAlgo]; !ok {
-			t.Errorf("default cipher %q is unknown", cipherAlgo)
-		}
-	}
-}
-
-func TestPacketCiphers(t *testing.T) {
-	// Still test aes128cbc cipher althought it's commented out.
-	cipherModes[aes128cbcID] = &streamCipherMode{16, aes.BlockSize, 0, nil}
-	defer delete(cipherModes, aes128cbcID)
-
-	for cipher := range cipherModes {
-		kr := &kexResult{Hash: crypto.SHA1}
-		algs := directionAlgorithms{
-			Cipher:      cipher,
-			MAC:         "hmac-sha1",
-			Compression: "none",
-		}
-		client, err := newPacketCipher(clientKeys, algs, kr)
-		if err != nil {
-			t.Errorf("newPacketCipher(client, %q): %v", cipher, err)
-			continue
-		}
-		server, err := newPacketCipher(clientKeys, algs, kr)
-		if err != nil {
-			t.Errorf("newPacketCipher(client, %q): %v", cipher, err)
-			continue
-		}
-
-		want := "bla bla"
-		input := []byte(want)
-		buf := &bytes.Buffer{}
-		if err := client.writePacket(0, buf, rand.Reader, input); err != nil {
-			t.Errorf("writePacket(%q): %v", cipher, err)
-			continue
-		}
-
-		packet, err := server.readPacket(0, buf)
-		if err != nil {
-			t.Errorf("readPacket(%q): %v", cipher, err)
-			continue
-		}
-
-		if string(packet) != want {
-			t.Errorf("roundtrip(%q): got %q, want %q", cipher, packet, want)
-		}
-	}
-}
-
-func TestCBCOracleCounterMeasure(t *testing.T) {
-	cipherModes[aes128cbcID] = &streamCipherMode{16, aes.BlockSize, 0, nil}
-	defer delete(cipherModes, aes128cbcID)
-
-	kr := &kexResult{Hash: crypto.SHA1}
-	algs := directionAlgorithms{
-		Cipher:      aes128cbcID,
-		MAC:         "hmac-sha1",
-		Compression: "none",
-	}
-	client, err := newPacketCipher(clientKeys, algs, kr)
-	if err != nil {
-		t.Fatalf("newPacketCipher(client): %v", err)
-	}
-
-	want := "bla bla"
-	input := []byte(want)
-	buf := &bytes.Buffer{}
-	if err := client.writePacket(0, buf, rand.Reader, input); err != nil {
-		t.Errorf("writePacket: %v", err)
-	}
-
-	packetSize := buf.Len()
-	buf.Write(make([]byte, 2*maxPacket))
-
-	// We corrupt each byte, but this usually will only test the
-	// 'packet too large' or 'MAC failure' cases.
-	lastRead := -1
-	for i := 0; i < packetSize; i++ {
-		server, err := newPacketCipher(clientKeys, algs, kr)
-		if err != nil {
-			t.Fatalf("newPacketCipher(client): %v", err)
-		}
-
-		fresh := &bytes.Buffer{}
-		fresh.Write(buf.Bytes())
-		fresh.Bytes()[i] ^= 0x01
-
-		before := fresh.Len()
-		_, err = server.readPacket(0, fresh)
-		if err == nil {
-			t.Errorf("corrupt byte %d: readPacket succeeded ", i)
-			continue
-		}
-		if _, ok := err.(cbcError); !ok {
-			t.Errorf("corrupt byte %d: got %v (%T), want cbcError", i, err, err)
-			continue
-		}
-
-		after := fresh.Len()
-		bytesRead := before - after
-		if bytesRead < maxPacket {
-			t.Errorf("corrupt byte %d: read %d bytes, want more than %d", i, bytesRead, maxPacket)
-			continue
-		}
-
-		if i > 0 && bytesRead != lastRead {
-			t.Errorf("corrupt byte %d: read %d bytes, want %d bytes read", i, bytesRead, lastRead)
-		}
-		lastRead = bytesRead
-	}
-}
--- a/modules/crypto/ssh/client.go
+++ b/modules/crypto/ssh/client.go
@@ -1,213 +0,0 @@
-// Copyright 2011 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package ssh
-
-import (
-	"errors"
-	"fmt"
-	"net"
-	"sync"
-)
-
-// Client implements a traditional SSH client that supports shells,
-// subprocesses, port forwarding and tunneled dialing.
-type Client struct {
-	Conn
-
-	forwards        forwardList // forwarded tcpip connections from the remote side
-	mu              sync.Mutex
-	channelHandlers map[string]chan NewChannel
-}
-
-// HandleChannelOpen returns a channel on which NewChannel requests
-// for the given type are sent. If the type already is being handled,
-// nil is returned. The channel is closed when the connection is closed.
-func (c *Client) HandleChannelOpen(channelType string) <-chan NewChannel {
-	c.mu.Lock()
-	defer c.mu.Unlock()
-	if c.channelHandlers == nil {
-		// The SSH channel has been closed.
-		c := make(chan NewChannel)
-		close(c)
-		return c
-	}
-
-	ch := c.channelHandlers[channelType]
-	if ch != nil {
-		return nil
-	}
-
-	ch = make(chan NewChannel, 16)
-	c.channelHandlers[channelType] = ch
-	return ch
-}
-
-// NewClient creates a Client on top of the given connection.
-func NewClient(c Conn, chans <-chan NewChannel, reqs <-chan *Request) *Client {
-	conn := &Client{
-		Conn:            c,
-		channelHandlers: make(map[string]chan NewChannel, 1),
-	}
-
-	go conn.handleGlobalRequests(reqs)
-	go conn.handleChannelOpens(chans)
-	go func() {
-		conn.Wait()
-		conn.forwards.closeAll()
-	}()
-	go conn.forwards.handleChannels(conn.HandleChannelOpen("forwarded-tcpip"))
-	return conn
-}
-
-// NewClientConn establishes an authenticated SSH connection using c
-// as the underlying transport.  The Request and NewChannel channels
-// must be serviced or the connection will hang.
-func NewClientConn(c net.Conn, addr string, config *ClientConfig) (Conn, <-chan NewChannel, <-chan *Request, error) {
-	fullConf := *config
-	fullConf.SetDefaults()
-	conn := &connection{
-		sshConn: sshConn{conn: c},
-	}
-
-	if err := conn.clientHandshake(addr, &fullConf); err != nil {
-		c.Close()
-		return nil, nil, nil, fmt.Errorf("ssh: handshake failed: %v", err)
-	}
-	conn.mux = newMux(conn.transport)
-	return conn, conn.mux.incomingChannels, conn.mux.incomingRequests, nil
-}
-
-// clientHandshake performs the client side key exchange. See RFC 4253 Section
-// 7.
-func (c *connection) clientHandshake(dialAddress string, config *ClientConfig) error {
-	if config.ClientVersion != "" {
-		c.clientVersion = []byte(config.ClientVersion)
-	} else {
-		c.clientVersion = []byte(packageVersion)
-	}
-	var err error
-	c.serverVersion, err = exchangeVersions(c.sshConn.conn, c.clientVersion)
-	if err != nil {
-		return err
-	}
-
-	c.transport = newClientTransport(
-		newTransport(c.sshConn.conn, config.Rand, true /* is client */),
-		c.clientVersion, c.serverVersion, config, dialAddress, c.sshConn.RemoteAddr())
-	if err := c.transport.requestKeyChange(); err != nil {
-		return err
-	}
-
-	if packet, err := c.transport.readPacket(); err != nil {
-		return err
-	} else if packet[0] != msgNewKeys {
-		return unexpectedMessageError(msgNewKeys, packet[0])
-	}
-
-	// We just did the key change, so the session ID is established.
-	c.sessionID = c.transport.getSessionID()
-
-	return c.clientAuthenticate(config)
-}
-
-// verifyHostKeySignature verifies the host key obtained in the key
-// exchange.
-func verifyHostKeySignature(hostKey PublicKey, result *kexResult) error {
-	sig, rest, ok := parseSignatureBody(result.Signature)
-	if len(rest) > 0 || !ok {
-		return errors.New("ssh: signature parse error")
-	}
-
-	return hostKey.Verify(result.H, sig)
-}
-
-// NewSession opens a new Session for this client. (A session is a remote
-// execution of a program.)
-func (c *Client) NewSession() (*Session, error) {
-	ch, in, err := c.OpenChannel("session", nil)
-	if err != nil {
-		return nil, err
-	}
-	return newSession(ch, in)
-}
-
-func (c *Client) handleGlobalRequests(incoming <-chan *Request) {
-	for r := range incoming {
-		// This handles keepalive messages and matches
-		// the behaviour of OpenSSH.
-		r.Reply(false, nil)
-	}
-}
-
-// handleChannelOpens channel open messages from the remote side.
-func (c *Client) handleChannelOpens(in <-chan NewChannel) {
-	for ch := range in {
-		c.mu.Lock()
-		handler := c.channelHandlers[ch.ChannelType()]
-		c.mu.Unlock()
-
-		if handler != nil {
-			handler <- ch
-		} else {
-			ch.Reject(UnknownChannelType, fmt.Sprintf("unknown channel type: %v", ch.ChannelType()))
-		}
-	}
-
-	c.mu.Lock()
-	for _, ch := range c.channelHandlers {
-		close(ch)
-	}
-	c.channelHandlers = nil
-	c.mu.Unlock()
-}
-
-// Dial starts a client connection to the given SSH server. It is a
-// convenience function that connects to the given network address,
-// initiates the SSH handshake, and then sets up a Client.  For access
-// to incoming channels and requests, use net.Dial with NewClientConn
-// instead.
-func Dial(network, addr string, config *ClientConfig) (*Client, error) {
-	conn, err := net.Dial(network, addr)
-	if err != nil {
-		return nil, err
-	}
-	c, chans, reqs, err := NewClientConn(conn, addr, config)
-	if err != nil {
-		return nil, err
-	}
-	return NewClient(c, chans, reqs), nil
-}
-
-// A ClientConfig structure is used to configure a Client. It must not be
-// modified after having been passed to an SSH function.
-type ClientConfig struct {
-	// Config contains configuration that is shared between clients and
-	// servers.
-	Config
-
-	// User contains the username to authenticate as.
-	User string
-
-	// Auth contains possible authentication methods to use with the
-	// server. Only the first instance of a particular RFC 4252 method will
-	// be used during authentication.
-	Auth []AuthMethod
-
-	// HostKeyCallback, if not nil, is called during the cryptographic
-	// handshake to validate the server's host key. A nil HostKeyCallback
-	// implies that all host keys are accepted.
-	HostKeyCallback func(hostname string, remote net.Addr, key PublicKey) error
-
-	// ClientVersion contains the version identification string that will
-	// be used for the connection. If empty, a reasonable default is used.
-	ClientVersion string
-
-	// HostKeyAlgorithms lists the key types that the client will
-	// accept from the server as host key, in order of
-	// preference. If empty, a reasonable default is used. Any
-	// string returned from PublicKey.Type method may be used, or
-	// any of the CertAlgoXxxx and KeyAlgoXxxx constants.
-	HostKeyAlgorithms []string
-}
--- a/Show More
+++ b/Show More