deac/gitlabhq
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Merge branch 'gitlab-shell' of dev.gitlabhq.com:gitlab/gitlabhq

Browse source
This commit is contained in:
Dmitriy Zaporozhets 2013-02-07 08:26:39 +00:00
commit 4e1757bfda
42 changed files with 253 additions and 719 deletions
Download patch file Download diff file Expand all files Collapse all files

1
lib/api.rb
View file

@ -20,5 +20,6 @@ module Gitlab
mount Session
mount MergeRequests
mount Notes
mount Internal
end
end

49
lib/api/internal.rb Normal file
View file

@ -0,0 +1,49 @@
module Gitlab
# Internal access API
class Internal < Grape::API
namespace 'internal' do
#
# Check if ssh key has access to project code
#
get "/allowed" do
key = Key.find(params[:key_id])
project = Project.find_with_namespace(params[:project])
git_cmd = params[:action]
if key.is_deploy_key
project == key.project && git_cmd == 'git-upload-pack'
else
user = key.user
action = case git_cmd
when 'git-upload-pack'
then :download_code
when 'git-receive-pack'
then
if project.protected_branch?(params[:ref])
:push_code_to_protected_branches
else
:push_code
end
end
user.can?(action, project)
end
end
#
# Discover user by ssh key
#
get "/discover" do
key = Key.find(params[:key_id])
present key.user, with: Entities::User
end
get "/check" do
{
api_version: '3'
}
end
end
end
end

90
lib/gitlab/backend/gitolite.rb
View file

@ -1,90 +0,0 @@
require_relative 'gitolite_config'
module Gitlab
class Gitolite
class AccessDenied < StandardError; end
def config
Gitlab::GitoliteConfig.new
end
# Update gitolite config with new key
#
# Ex.
# set_key("m_gitlab_com_12343", "sha-rsa ...", [2, 3, 6])
#
def set_key(key_id, key_content, project_ids)
projects = Project.where(id: project_ids)
config.apply do |config|
config.write_key(key_id, key_content)
config.update_projects(projects)
end
end
# Remove ssh key from gitolite config
#
# Ex.
# remove_key("m_gitlab_com_12343", [2, 3, 6])
#
def remove_key(key_id, project_ids)
projects = Project.where(id: project_ids)
config.apply do |config|
config.rm_key(key_id)
config.update_projects(projects)
end
end
# Update project config in gitolite by project id
#
# Ex.
# update_repository(23)
#
def update_repository(project_id)
project = Project.find(project_id)
config.update_project!(project)
end
def move_repository(old_repo, project)
config.apply do |config|
config.clean_repo(old_repo)
config.update_project(project)
end
end
# Remove repository from gitolite
#
# name - project path with namespace
#
# Ex.
# remove_repository("gitlab/gitlab-ci")
#
def remove_repository(name)
config.destroy_project!(name)
end
# Update projects configs in gitolite by project ids
#
# Ex.
# update_repositories([1, 4, 6])
#
def update_repositories(project_ids)
projects = Project.where(id: project_ids)
config.apply do |config|
config.update_projects(projects)
end
end
def url_to_repo path
Gitlab.config.gitolite.ssh_path_prefix + "#{path}.git"
end
def enable_automerge
config.admin_all_repo!
end
alias_method :create_repository, :update_repository
end
end

241
lib/gitlab/backend/gitolite_config.rb
View file

@ -1,241 +0,0 @@
require 'gitolite'
require 'timeout'
require 'fileutils'
module Gitlab
class GitoliteConfig
include Gitlab::Popen
class PullError < StandardError; end
class PushError < StandardError; end
class BrokenGitolite < StandardError; end
attr_reader :config_tmp_dir, :tmp_dir, :ga_repo, :conf
def initialize
@tmp_dir = Rails.root.join("tmp").to_s
@config_tmp_dir = File.join(@tmp_dir,"gitlabhq-gitolite-#{Time.now.to_i}")
end
def ga_repo
@ga_repo ||= ::Gitolite::GitoliteAdmin.new(
File.join(config_tmp_dir,'gitolite'),
conf: Gitlab.config.gitolite.config_file
)
end
def apply
Timeout::timeout(30) do
File.open(File.join(tmp_dir, "gitlabhq-gitolite.lock"), "w+") do |f|
begin
# Set exclusive lock
# to prevent race condition
f.flock(File::LOCK_EX)
# Pull gitolite-admin repo
# in tmp dir before do any changes
pull
# Build ga_repo object and @conf
# to access gitolite-admin configuration
@conf = ga_repo.config
# Do any changes
# in gitolite-admin
# config here
yield(self)
# Save changes in
# gitolite-admin repo
# before push it
ga_repo.save
# Push gitolite-admin repo
# to apply all changes
push
ensure
# Remove tmp dir
# removing the gitolite folder first is important to avoid
# NFS issues.
FileUtils.rm_rf(File.join(config_tmp_dir, 'gitolite'))
# Remove parent tmp dir
FileUtils.rm_rf(config_tmp_dir)
# Unlock so other task can access
# gitolite configuration
f.flock(File::LOCK_UN)
end
end
end
rescue PullError => ex
log("Pull error -> " + ex.message)
raise Gitolite::AccessDenied, ex.message
rescue PushError => ex
log("Push error -> " + " " + ex.message)
raise Gitolite::AccessDenied, ex.message
rescue BrokenGitolite => ex
log("Gitolite error -> " + " " + ex.message)
raise Gitolite::AccessDenied, ex.message
rescue Exception => ex
log(ex.class.name + " " + ex.message)
raise Gitolite::AccessDenied.new("gitolite timeout")
end
def log message
Gitlab::GitLogger.error(message)
end
def path_to_repo(name)
File.join(Gitlab.config.gitolite.repos_path, "#{name}.git")
end
def destroy_project(name)
full_path = path_to_repo(name)
FileUtils.rm_rf(full_path) if File.exists?(full_path)
conf.rm_repo(name)
end
def clean_repo repo_name
conf.rm_repo(repo_name)
end
def destroy_project!(project)
apply do |config|
config.destroy_project(project)
end
end
def write_key(id, key)
File.open(File.join(config_tmp_dir, 'gitolite/keydir',"#{id}.pub"), 'w') do |f|
f.write(key.gsub(/\n/,''))
end
end
def rm_key(user)
key_path = File.join(config_tmp_dir, 'gitolite/keydir', "#{user}.pub")
ga_key = ::Gitolite::SSHKey.from_file(key_path)
ga_repo.rm_key(ga_key)
end
# update or create
def update_project(project)
repo = update_project_config(project, conf)
conf.add_repo(repo, true)
end
def update_project!( project)
apply do |config|
config.update_project(project)
end
end
# Updates many projects and uses project.path_with_namespace as the repo path
# An order of magnitude faster than update_project
def update_projects(projects)
projects.each do |project|
repo = update_project_config(project, conf)
conf.add_repo(repo, true)
end
end
def update_project_config(project, conf)
repo_name = project.path_with_namespace
repo = if conf.has_repo?(repo_name)
conf.get_repo(repo_name)
else
::Gitolite::Config::Repo.new(repo_name)
end
name_readers = project.team.repository_readers
name_writers = project.team.repository_writers
name_masters = project.team.repository_masters
pr_br = project.protected_branches.map(&:name).join("$ ")
repo.clean_permissions
# Deny access to protected branches for writers
unless name_writers.blank? || pr_br.blank?
repo.add_permission("-", pr_br.strip + "$ ", name_writers)
end
# Add read permissions
repo.add_permission("R", "", name_readers) unless name_readers.blank?
# Add write permissions
repo.add_permission("RW+", "", name_writers) unless name_writers.blank?
repo.add_permission("RW+", "", name_masters) unless name_masters.blank?
# Add sharedRepository config
repo.set_git_config("core.sharedRepository", "0660")
repo
end
# Enable access to all repos for gitolite admin.
# We use it for accept merge request feature
def admin_all_repo
owner_name = Gitlab.config.gitolite.admin_key
# @ALL repos premission for gitolite owner
repo_name = "@all"
repo = if conf.has_repo?(repo_name)
conf.get_repo(repo_name)
else
::Gitolite::Config::Repo.new(repo_name)
end
repo.add_permission("RW+", "", owner_name)
conf.add_repo(repo, true)
end
def admin_all_repo!
apply { |config| config.admin_all_repo }
end
private
def pull
# Create config tmp dir like "RAILS_ROOT/tmp/gitlabhq-gitolite-132545"
Dir.mkdir config_tmp_dir
# Clone gitolite-admin repo into tmp dir
popen("git clone #{Gitlab.config.gitolite.admin_uri} #{config_tmp_dir}/gitolite", tmp_dir)
# Ensure file with config presents after cloning
unless File.exists?(File.join(config_tmp_dir, 'gitolite', 'conf', 'gitolite.conf'))
raise PullError, "unable to clone gitolite-admin repo"
end
end
def push
output, status = popen('git add -A', tmp_conf_path)
raise "Git add failed." unless status.zero?
# git commit returns 0 on success, and 1 if there is nothing to commit
output, status = popen('git commit -m "GitLab"', tmp_conf_path)
raise "Git add failed." unless [0,1].include?(status)
output, status = popen('git push', tmp_conf_path)
if output =~ /remote\: FATAL/
raise BrokenGitolite, output
end
if status.zero? || output =~ /Everything up\-to\-date/
return true
else
raise PushError, "unable to push gitolite-admin repo"
end
end
def tmp_conf_path
File.join(config_tmp_dir,'gitolite')
end
end
end

50
lib/gitlab/backend/shell.rb Normal file
View file

@ -0,0 +1,50 @@
module Gitlab
class Shell
class AccessDenied < StandardError; end
# Init new repository
#
# name - project path with namespace
#
# Ex.
# add_repository("gitlab/gitlab-ci")
#
def add_repository(name)
system("/home/git/gitlab-shell/bin/gitlab-projects add-project #{name}.git")
end
# Remove repository from file system
#
# name - project path with namespace
#
# Ex.
# remove_repository("gitlab/gitlab-ci")
#
def remove_repository(name)
system("/home/git/gitlab-shell/bin/gitlab-projects rm-project #{name}.git")
end
# Add new key to gitlab-shell
#
# Ex.
# add_key("key-42", "sha-rsa ...")
#
def add_key(key_id, key_content)
system("/home/git/gitlab-shell/bin/gitlab-keys add-key #{key_id} \"#{key_content}\"")
end
# Remove ssh key from gitlab shell
#
# Ex.
# remove_key("key-342", "sha-rsa ...")
#
def remove_key(key_id, key_content)
system("/home/git/gitlab-shell/bin/gitlab-keys rm-key #{key_id} \"#{key_content}\"")
end
def url_to_repo path
Gitlab.config.gitolite.ssh_path_prefix + "#{path}.git"
end
end
end

4
lib/gitlab/satellite/satellite.rb
View file

@ -30,10 +30,10 @@ module Gitlab
end
def create
output, status = popen("git clone #{project.url_to_repo} #{path}",
output, status = popen("git clone #{project.repository.path_to_repo} #{path}",
Gitlab.config.satellites.path)
log("PID: #{project.id}: git clone #{project.url_to_repo} #{path}")
log("PID: #{project.id}: git clone #{project.repository.path_to_repo} #{path}")
log("PID: #{project.id}: -> #{output}")
if status.zero?

2
lib/gitolited.rb
View file

@ -6,6 +6,6 @@
#
module Gitolited
def gitolite
Gitlab::Gitolite.new
Gitlab::Shell.new
end
end

12
lib/hooks/post-receive
View file

@ -1,12 +0,0 @@
#!/usr/bin/env bash
# Version 4.1
# This file was placed here by GitLab. It makes sure that your pushed commits
# will be processed properly.
while read oldrev newrev ref
do
# For every branch or tag that was pushed, create a Resque job in redis.
repo_path=`pwd`
env -i redis-cli rpush "resque:gitlab:queue:post_receive" "{\"class\":\"PostReceive\",\"args\":[\"$repo_path\",\"$oldrev\",\"$newrev\",\"$ref\",\"$GL_USER\"]}" > /dev/null 2>&1
done

32
lib/support/rewrite-hooks.sh
View file

@ -1,32 +0,0 @@
#!/bin/bash
src="/home/git/repositories"
for dir in `ls "$src/"`
do
if [ -d "$src/$dir" ]; then
if [ "$dir" = "gitolite-admin.git" ]
then
continue
fi
if [[ "$dir" =~ ^.*.git$ ]]
then
project_hook="$src/$dir/hooks/post-receive"
gitolite_hook="/home/git/.gitolite/hooks/common/post-receive"
ln -s -f $gitolite_hook $project_hook
else
for subdir in `ls "$src/$dir/"`
do
if [ -d "$src/$dir/$subdir" ] && [[ "$subdir" =~ ^.*.git$ ]]; then
project_hook="$src/$dir/$subdir/hooks/post-receive"
gitolite_hook="/home/git/.gitolite/hooks/common/post-receive"
ln -s -f $gitolite_hook $project_hook
fi
done
fi
fi
done

11
lib/support/truncate_repositories.sh
View file

@ -1,11 +0,0 @@
#!/bin/bash
echo "Danger!!! Data Loss"
while true; do
read -p "Do you wish to all directories except gitolite-admin.git from /home/git/repositories/ (y/n) ?: " yn
case $yn in
[Yy]* ) sh -c "find /home/git/repositories/. -maxdepth 1 -not -name 'gitolite-admin.git' -not -name '.' | xargs sudo rm -rf"; break;;
[Nn]* ) exit;;
* ) echo "Please answer yes or no.";;
esac
done

5
lib/tasks/gitlab/enable_automerge.rake
View file

@ -3,11 +3,6 @@ namespace :gitlab do
task :enable_automerge => :environment do
warn_user_is_not_gitlab
puts "Updating repo permissions ..."
Gitlab::Gitolite.new.enable_automerge
puts "... #{"done".green}"
puts ""
print "Creating satellites for ..."
unless Project.count > 0
puts "skipping, because you have no projects".magenta

32
lib/tasks/gitlab/shell.rake Normal file
View file

@ -0,0 +1,32 @@
namespace :gitlab do
namespace :shell do
desc "GITLAB | Setup gitlab-shell"
task :setup => :environment do
setup
end
end
def setup
warn_user_is_not_gitlab
puts "This will rebuild an authorized_keys file."
puts "You will lose any data stored in /home/git/.ssh/authorized_keys."
ask_to_continue
puts ""
system("echo '# Managed by gitlab-shell' > /home/git/.ssh/authorized_keys")
Key.find_each(:batch_size => 1000) do |key|
if Gitlab::Shell.new.add_key(key.shell_id, key.key)
print '.'
else
print 'F'
end
end
rescue Gitlab::TaskAbortedByUserError
puts "Quitting...".red
exit 1
end
end