Merge branch 'gitlab-shell' of dev.gitlabhq.com:gitlab/gitlabhq

2013-02-07 08:26:39 +00:00 · 2013-02-07 08:26:39 +00:00 · 4e1757bfda
commit 4e1757bfda
parent 4bfb98ddc9 d09d87e3b0
42 changed files with 253 additions and 719 deletions
--- a/3
+++ b/3
@ -32,9 +32,6 @@ gem 'gitlab_omniauth-ldap', '1.0.2', require: "omniauth-ldap"
 # Dump db to yml file. Mostly used to migrate from sqlite to mysql
 gem 'gitlab_yaml_db', '1.0.0', require: "yaml_db"
 # Gitolite client (for work with gitolite-admin repo)
 gem "gitolite", '1.1.0'
 # Syntax highlighter
 gem "pygments.rb",  git: "https://github.com/gitlabhq/pygments.rb.git", branch: "master"
--- a/Gemfile.lock
+++ b/Gemfile.lock
@ -107,7 +107,6 @@ GEM
      coderay (>= 1.0.0)
      erubis (>= 2.7.0)
    binding_of_caller (0.6.8)
    blankslate (3.1.2)
    bootstrap-sass (2.2.1.1)
      sass (~> 3.2)
    builder (3.0.4)
@ -195,10 +194,6 @@ GEM
      pyu-ruby-sasl (~> 0.0.3.1)
      rubyntlm (~> 0.1.1)
    gitlab_yaml_db (1.0.0)
    gitolite (1.1.0)
      gratr19 (~> 0.4.4.1)
      grit (~> 2.5.0)
      hashery (~> 1.5.0)
    grape (0.2.2)
      activesupport
      hashie (~> 1.2)
@ -208,7 +203,6 @@ GEM
      rack-accept
      rack-mount
      virtus
    gratr19 (0.4.4.1)
    growl (1.0.3)
    guard (1.5.4)
      listen (>= 0.4.2)
@ -227,8 +221,6 @@ GEM
      activesupport (>= 3.1, < 4.1)
      haml (~> 3.1)
      railties (>= 3.1, < 4.1)
    hashery (1.5.0)
      blankslate
    hashie (1.2.0)
    hike (1.2.1)
    http_parser.rb (0.5.3)
@ -497,7 +489,6 @@ DEPENDENCIES
  gitlab_meta (= 4.0)
  gitlab_omniauth-ldap (= 1.0.2)
  gitlab_yaml_db (= 1.0.0)
  gitolite (= 1.1.0)
  grack!
  grape (~> 0.2.1)
  grit!
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -10,11 +10,6 @@ class ApplicationController < ActionController::Base
  helper_method :abilities, :can?
  rescue_from Gitlab::Gitolite::AccessDenied do |exception|
    log_exception(exception)
    render "errors/gitolite", layout: "errors", status: 500
  end
  rescue_from Encoding::CompatibilityError do |exception|
    log_exception(exception)
    render "errors/encoding", layout: "errors", status: 500
--- a/app/models/key.rb
+++ b/app/models/key.rb
@ -24,8 +24,8 @@ class Key < ActiveRecord::Base
  before_save :set_identifier
  validates :title, presence: true, length: { within: 0..255 }
-  validates :key, presence: true, length: { within: 0..5000 }, format: { :with => /ssh-.{3} / }
+  validates :key, presence: true, length: { within: 0..5000 }, format: { :with => /ssh-.{3} / }, uniqueness: true
-  validate :unique_key, :fingerprintable_key
+  validate :fingerprintable_key
  delegate :name, :email, to: :user, prefix: true
@ -33,14 +33,6 @@ class Key < ActiveRecord::Base
    self.key = self.key.strip unless self.key.blank?
  end
  def unique_key
    query = Key.where(key: key)
    query = query.where('(project_id IS NULL OR project_id = ?)', project_id) if project_id
    if (query.count > 0)
      errors.add :key, 'already exist.'
    end
  end
  def fingerprintable_key
    return true unless key # Don't test if there is no key.
    # `ssh-keygen -lf /dev/stdin <<< "#{key}"` errors with: redirection unexpected
@ -65,7 +57,7 @@ class Key < ActiveRecord::Base
  end
  def is_deploy_key
-    true if project_id
+    !!project_id
  end
  # projects that has this key
@ -77,7 +69,7 @@ class Key < ActiveRecord::Base
    end
  end
-  def last_deploy?
+  def shell_id
-    Key.where(identifier: identifier).count == 0
+    "key-#{self.id}"
  end
 end
--- a/app/models/namespace.rb
+++ b/app/models/namespace.rb
@ -27,7 +27,6 @@ class Namespace < ActiveRecord::Base
  after_create :ensure_dir_exist
  after_update :move_dir
  after_commit :update_gitolite, on: :update, if: :require_update_gitolite
  after_destroy :rm_dir
  scope :root, where('type IS NULL')
@ -89,11 +88,6 @@ class Namespace < ActiveRecord::Base
    end
  end
  def update_gitolite
    @require_update_gitolite = false
    projects.each(&:update_repository)
  end
  def rm_dir
    dir_path = File.join(Gitlab.config.gitolite.repos_path, path)
    FileUtils.rm_r( dir_path, force: true )
--- a/app/models/project.rb
+++ b/app/models/project.rb
@ -262,8 +262,6 @@ class Project < ActiveRecord::Base
      Gitlab::ProjectMover.new(self, old_dir, new_dir).execute
      gitolite.move_repository(old_repo, self)
      save!
    end
  rescue Gitlab::ProjectMover::ProjectMoveError => ex
@ -459,20 +457,6 @@ class Project < ActiveRecord::Base
    namespace.try(:path) || ''
  end
  def update_repository
    GitoliteWorker.perform_async(
      :update_repository,
      self.id
    )
  end
  def destroy_repository
    GitoliteWorker.perform_async(
      :remove_repository,
      self.path_with_namespace
    )
  end
  def repo_exists?
    @repo_exists ||= (repository && repository.branches.present?)
  rescue
--- a/app/models/project_team.rb
+++ b/app/models/project_team.rb
@ -112,7 +112,6 @@ class ProjectTeam
      source_team.each do |tm|
        tm.save
      end
      target_project.update_repository
    end
    true
--- a/app/models/protected_branch.rb
+++ b/app/models/protected_branch.rb
@ -18,13 +18,6 @@ class ProtectedBranch < ActiveRecord::Base
  validates :name, presence: true
  validates :project, presence: true
  after_save :update_repository
  after_destroy :update_repository
  def update_repository
    project.update_repository
  end
  def commit
    project.repository.commit(self.name)
  end
--- a/app/models/users_project.rb
+++ b/app/models/users_project.rb
@ -25,9 +25,6 @@ class UsersProject < ActiveRecord::Base
  attr_accessor :skip_git
  after_save :update_repository, unless: :skip_git?
  after_destroy :update_repository, unless: :skip_git?
  validates :user, presence: true
  validates :user_id, uniqueness: { scope: [:project_id], message: "already exists in project" }
  validates :project_access, inclusion: { in: [GUEST, REPORTER, DEVELOPER, MASTER] }, presence: true
@ -84,11 +81,6 @@ class UsersProject < ActiveRecord::Base
        end
      end
      GitoliteWorker.perform_async(
        :update_repositories,
        project_ids
      )
      true
    rescue
      false
@ -103,11 +95,6 @@ class UsersProject < ActiveRecord::Base
        end
      end
      GitoliteWorker.perform_async(
        :update_repositories,
        project_ids
      )
      true
    rescue
      false
@ -136,10 +123,6 @@ class UsersProject < ActiveRecord::Base
    end
  end
  def update_repository
    project.update_repository
  end
  def project_access_human
    Project.access_options.key(self.project_access)
  end
--- a/app/observers/key_observer.rb
+++ b/app/observers/key_observer.rb
@ -3,20 +3,17 @@ class KeyObserver < ActiveRecord::Observer
  def after_save(key)
    GitoliteWorker.perform_async(
-      :set_key,
+      :add_key,
-      key.identifier,
+      key.shell_id,
-      key.key,
+      key.key
      key.projects.map(&:id)
    )
  end
  def after_destroy(key)
    return if key.is_deploy_key && !key.last_deploy?
    GitoliteWorker.perform_async(
      :remove_key,
-      key.identifier,
+      key.shell_id,
-      key.projects.map(&:id)
+      key.key,
    )
  end
 end
--- a/app/observers/project_observer.rb
+++ b/app/observers/project_observer.rb
@ -1,6 +1,11 @@
 class ProjectObserver < ActiveRecord::Observer
  def after_create(project)
-    project.update_repository
+    GitoliteWorker.perform_async(
      :add_repository,
      project.path_with_namespace
    )
    log_info("#{project.owner.name} created a new project \"#{project.name_with_namespace}\"")
  end
  def after_update(project)
@ -8,14 +13,14 @@ class ProjectObserver < ActiveRecord::Observer
  end
  def after_destroy(project)
-    log_info("Project \"#{project.name}\" was removed")
+    GitoliteWorker.perform_async(
      :remove_repository,
      project.path_with_namespace
    )
    project.satellite.destroy
    project.destroy_repository
  end
-  def after_create project
+    log_info("Project \"#{project.name}\" was removed")
    log_info("#{project.owner.name} created a new project \"#{project.name_with_namespace}\"")
  end
  protected
--- a/app/workers/post_receive.rb
+++ b/app/workers/post_receive.rb
@ -27,11 +27,15 @@ class PostReceive
             User.find_by_email(email) if email
           elsif /^[A-Z0-9._%a-z\-]+@(?:[A-Z0-9a-z\-]+\.)+[A-Za-z]{2,4}$/.match(identifier)
             User.find_by_email(identifier)
-           else
+           elsif identifier =~ /key/
-             Key.find_by_identifier(identifier).try(:user)
+             key_id = identifier.gsub("key-", "")
             Key.find_by_id(key_id).try(:user)
           end
-    return false unless user
+    unless user
      Gitlab::GitLogger.error("POST-RECEIVE: Triggered hook for non-existing user \"#{identifier} \"")
      return false
    end
    project.trigger_post_receive(oldrev, newrev, ref, user)
  end
--- a/config/gitlab.yml.example
+++ b/config/gitlab.yml.example
@ -96,7 +96,7 @@ omniauth:
 # GitLab Satellites
 satellites:
  # Relative paths are relative to Rails.root (default: tmp/repo_satellites/)
-  path: /home/gitlab/gitlab-satellites/
+  path: /home/git/gitlab-satellites/
 ## Backup settings
 backup:
@ -105,8 +105,6 @@ backup:
 ## Gitolite settings
 gitolite:
  admin_uri: git@localhost:gitolite-admin
  # REPOS_PATH MUST NOT BE A SYMLINK!!!
  repos_path: /home/git/repositories/
  hooks_path: /home/git/.gitolite/hooks/
--- a/config/initializers/1_settings.rb
+++ b/config/initializers/1_settings.rb
@ -51,7 +51,7 @@ Settings.gitlab['protocol']   ||= Settings.gitlab.https ? "https" : "http"
 Settings.gitlab['email_from'] ||= "gitlab@#{Settings.gitlab.host}"
 Settings.gitlab['support_email']  ||= Settings.gitlab.email_from
 Settings.gitlab['url']        ||= Settings.send(:build_gitlab_url)
-Settings.gitlab['user']       ||= 'gitlab'
+Settings.gitlab['user']       ||= 'git'
 Settings.gitlab['signup_enabled'] ||= false
 Settings['gravatar'] ||= Settingslogic.new({})
--- a/config/initializers/5_backend.rb
+++ b/config/initializers/5_backend.rb
@ -1,5 +1,5 @@
 # GIT over HTTP
 require Rails.root.join("lib", "gitlab", "backend", "grack_auth")
-# GITOLITE backend
+# GIT over SSH
-require Rails.root.join("lib", "gitlab", "backend", "gitolite")
+require Rails.root.join("lib", "gitlab", "backend", "shell")
--- a/config/unicorn.rb.example
+++ b/config/unicorn.rb.example
@ -2,7 +2,7 @@
 # note that config/gitlab.yml web path should also be changed
 # ENV['RAILS_RELATIVE_URL_ROOT'] = "/gitlab"
-app_dir = "/home/gitlab/gitlab/"
+app_dir = "/home/git/gitlab/"
 worker_processes 2
 working_directory app_dir
--- a/doc/install/installation.md
+++ b/doc/install/installation.md
@ -90,86 +90,26 @@ Install the Bundler Gem:
 # 3. System Users
-Create a user for Git and Gitolite:
+Create a `git` user for Gitlab:
-    sudo adduser \
+    sudo adduser --disabled-login --gecos 'GitLab' git
      --system \
      --shell /bin/sh \
      --gecos 'Git Version Control' \
      --group \
      --disabled-password \
      --home /home/git \
      git
-Create a user for GitLab:
+# 4. GitLab shell
-    sudo adduser --disabled-login --gecos 'GitLab' gitlab
+    # login as git 
-
+    sudo su git
    # Add it to the git group
    sudo usermod -a -G git gitlab
    # Generate the SSH key
    sudo -u gitlab -H ssh-keygen -q -N '' -t rsa -f /home/gitlab/.ssh/id_rsa
 # 4. Gitolite
 Clone GitLab's fork of the Gitolite source code:
    # go to home directory 
    cd /home/git
    sudo -u git -H git clone -b gl-v320 https://github.com/gitlabhq/gitolite.git /home/git/gitolite
-Setup Gitolite with GitLab as its admin:
+    # clone gitlab shell
    git clone https://dzaporozhets@dev.gitlab.org/gitlab/gitlab-shell.git
-**Important Note:**
+    # setup
-GitLab assumes *full and unshared* control over this Gitolite installation.
+    cd gitlab-shell
    cp config.yml.example config.yml
    ./bin/install 
    # Add Gitolite scripts to $PATH
    sudo -u git -H mkdir /home/git/bin
    sudo -u git -H sh -c 'printf "%b\n%b\n" "PATH=\$PATH:/home/git/bin" "export PATH" >> /home/git/.profile'
    sudo -u git -H sh -c 'gitolite/install -ln /home/git/bin'
    # Copy the gitlab user's (public) SSH key ...
    sudo cp /home/gitlab/.ssh/id_rsa.pub /home/git/gitlab.pub
    sudo chmod 0444 /home/git/gitlab.pub
    # ... and use it as the admin key for the Gitolite setup
    sudo -u git -H sh -c "PATH=/home/git/bin:$PATH; gitolite setup -pk /home/git/gitlab.pub"
 Fix the directory permissions for the configuration directory:
    # Make sure the Gitolite config dir is owned by git
    sudo chmod 750 /home/git/.gitolite/
    sudo chown -R git:git /home/git/.gitolite/
 Fix the directory permissions for the repositories:
    # Make sure the repositories dir is owned by git and it stays that way
    sudo chmod -R ug+rwX,o-rwx /home/git/repositories/
    sudo chown -R git:git /home/git/repositories/
    find /home/git/repositories -type d -print0 | sudo xargs -0 chmod g+s
 ## Add domains to list to the list of known hosts
    sudo -u gitlab -H ssh git@localhost
    sudo -u gitlab -H ssh git@YOUR_DOMAIN_NAME
    sudo -u gitlab -H ssh git@YOUR_GITOLITE_DOMAIN_NAME
 ## Test if everything works so far
    # Clone the admin repo so SSH adds localhost to known_hosts ...
    # ... and to be sure your users have access to Gitolite
    sudo -u gitlab -H git clone git@localhost:gitolite-admin.git /tmp/gitolite-admin
    # If it succeeded without errors you can remove the cloned repo
    sudo rm -rf /tmp/gitolite-admin
 **Important Note:**
 If you can't clone the `gitolite-admin` repository: **DO NOT PROCEED WITH INSTALLATION**!
 Check the [Trouble Shooting Guide](https://github.com/gitlabhq/gitlab-public-wiki/wiki/Trouble-Shooting-Guide)
 and make sure you have followed all of the above steps carefully.
 # 5. Database
@ -179,46 +119,46 @@ To setup the MySQL/PostgreSQL database and dependencies please see [`doc/install
 # 6. GitLab
-    # We'll install GitLab into home directory of the user "gitlab"
+    # We'll install GitLab into home directory of the user "git"
-    cd /home/gitlab
+    cd /home/git
 ## Clone the Source
    # Clone GitLab repository
-    sudo -u gitlab -H git clone https://github.com/gitlabhq/gitlabhq.git gitlab
+    sudo -u git -H git clone https://github.com/gitlabhq/gitlabhq.git gitlab
    # Go to gitlab dir 
-    cd /home/gitlab/gitlab
+    cd /home/git/gitlab
    # Checkout to stable release
-    sudo -u gitlab -H git checkout 4-1-stable
+    sudo -u git -H git checkout 5-0-stable
 **Note:**
-You can change `4-1-stable` to `master` if you want the *bleeding edge* version, but
+You can change `5-0-stable` to `master` if you want the *bleeding edge* version, but
 do so with caution!
 ## Configure it
-    cd /home/gitlab/gitlab
+    cd /home/git/gitlab
    # Copy the example GitLab config
-    sudo -u gitlab -H cp config/gitlab.yml.example config/gitlab.yml
+    sudo -u git -H cp config/gitlab.yml.example config/gitlab.yml
    # Make sure to change "localhost" to the fully-qualified domain name of your
    # host serving GitLab where necessary
-    sudo -u gitlab -H vim config/gitlab.yml
+    sudo -u git -H vim config/gitlab.yml
    # Make sure GitLab can write to the log/ and tmp/ directories
-    sudo chown -R gitlab log/
+    sudo chown -R git log/
-    sudo chown -R gitlab tmp/
+    sudo chown -R git tmp/
    sudo chmod -R u+rwX  log/
    sudo chmod -R u+rwX  tmp/
    # Make directory for satellites
-    sudo -u gitlab -H mkdir /home/gitlab/gitlab-satellites
+    sudo -u git -H mkdir /home/git/gitlab-satellites
    # Copy the example Unicorn config
-    sudo -u gitlab -H cp config/unicorn.rb.example config/unicorn.rb
+    sudo -u git -H cp config/unicorn.rb.example config/unicorn.rb
 **Important Note:**
 Make sure to edit both files to match your setup.
@ -226,42 +166,29 @@ Make sure to edit both files to match your setup.
 ## Configure GitLab DB settings
    # Mysql
-    sudo -u gitlab cp config/database.yml.mysql config/database.yml
+    sudo -u git cp config/database.yml.mysql config/database.yml
    # PostgreSQL
-    sudo -u gitlab cp config/database.yml.postgresql config/database.yml
+    sudo -u git cp config/database.yml.postgresql config/database.yml
 Make sure to update username/password in config/database.yml.
 ## Install Gems
-    cd /home/gitlab/gitlab
+    cd /home/git/gitlab
    sudo gem install charlock_holmes --version '0.6.9'
    # For MySQL (note, the option says "without")
-    sudo -u gitlab -H bundle install --deployment --without development test postgres
+    sudo -u git -H bundle install --deployment --without development test postgres
    # Or for PostgreSQL
-    sudo -u gitlab -H bundle install --deployment --without development test mysql
+    sudo -u git -H bundle install --deployment --without development test mysql
 ## Configure Git
 GitLab needs to be able to commit and push changes to Gitolite. In order to do
 that Git requires a username and email. (We recommend using the same address
 used for the `email.from` setting in `config/gitlab.yml`)
    sudo -u gitlab -H git config --global user.name "GitLab"
    sudo -u gitlab -H git config --global user.email "gitlab@localhost"
 ## Setup GitLab Hooks
    sudo cp ./lib/hooks/post-receive /home/git/.gitolite/hooks/common/post-receive
    sudo chown git:git /home/git/.gitolite/hooks/common/post-receive
 ## Initialise Database and Activate Advanced Features
-    sudo -u gitlab -H bundle exec rake gitlab:setup RAILS_ENV=production
+    sudo -u git -H bundle exec rake gitlab:setup RAILS_ENV=production
 ## Install Init Script
@ -280,11 +207,11 @@ Make GitLab start on boot:
 Check if GitLab and its environment is configured correctly:
-    sudo -u gitlab -H bundle exec rake gitlab:env:info RAILS_ENV=production
+    sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production
 To make sure you didn't miss anything run a more thorough check with:
-    sudo -u gitlab -H bundle exec rake gitlab:check RAILS_ENV=production
+    sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production
 If all items are green, then congratulations on successfully installing GitLab!
 However there are still a few steps left.
@ -357,7 +284,7 @@ a different host, you can configure its connection string via the
 If you are running SSH on a non-standard port, you must change the gitlab user'S SSH config.
-    # Add to /home/gitlab/.ssh/config
+    # Add to /home/git/.ssh/config
    host localhost          # Give your setup a name (here: override localhost)
        user git            # Your remote git user
        port 2222           # Your port number
--- a/doc/install/structure.md
+++ b/doc/install/structure.md
@ -3,37 +3,23 @@
 This is the directory structure you will end up with following the instructions in the Installation Guide.
    |-- home
-    |   |-- gitlab
+    |   |-- git
    |       |-- .ssh
    |       |-- gitlab
    |       |-- gitlab-satellites
-    |   |-- git
+    |       |-- gitlab-shell
    |       |-- .gitolite
    |       |-- .ssh
    |       |-- bin
    |       |-- gitolite
    |       |-- repositories
-**/home/gitlab/.ssh**
+**/home/git/.ssh**
  Contains the Gitolite admin key GitLab uses to configure Gitolite.
-**/home/gitlab/gitlab**
+**/home/git/gitlab**
  This is where GitLab lives.
-**/home/gitlab/gitlab-satellites**
+**/home/git/gitlab-satellites**
  Contains a copy of all repositories with a working tree.
  It's used for merge requests, editing files, etc.
 **/home/git/.ssh**
  Contains the SSH access configuration managed by Gitolite.
 **/home/git/bin**
  Contains Gitolite executables.
 **/home/git/gitolite**
  This is where Gitolite lives.
 **/home/git/repositories**
  Holds all your repositories in bare format.
  This is the place Git uses when you pull/push to your projects.
--- a/features/support/env.rb
+++ b/features/support/env.rb
@ -9,17 +9,12 @@ require 'spinach/capybara'
 require 'sidekiq/testing/inline'
-%w(gitolite_stub stubbed_repository valid_commit).each do |f|
+%w(stubbed_repository valid_commit).each do |f|
  require Rails.root.join('spec', 'support', f)
 end
 Dir["#{Rails.root}/features/steps/shared/*.rb"].each {|file| require file}
 #
 # Stub gitolite
 #
 include GitoliteStub
 WebMock.allow_net_connect!
 #
 # JS driver
@ -49,6 +44,4 @@ Spinach.hooks.before_run do
  RSpec::Mocks::setup self
  include FactoryGirl::Syntax::Methods
  stub_gitolite!
 end
--- a/lib/api.rb
+++ b/lib/api.rb
@ -20,5 +20,6 @@ module Gitlab
    mount Session
    mount MergeRequests
    mount Notes
    mount Internal
  end
 end
--- a/lib/api/internal.rb
+++ b/lib/api/internal.rb
@ -0,0 +1,49 @@
 module Gitlab
  # Internal access API
  class Internal < Grape::API
    namespace 'internal' do
      #
      # Check if ssh key has access to project code
      #
      get "/allowed" do
        key = Key.find(params[:key_id])
        project = Project.find_with_namespace(params[:project])
        git_cmd = params[:action]
        if key.is_deploy_key
          project == key.project && git_cmd == 'git-upload-pack'
        else
          user = key.user
          action = case git_cmd
                   when 'git-upload-pack'
                     then :download_code
                   when 'git-receive-pack'
                     then
                     if project.protected_branch?(params[:ref])
                       :push_code_to_protected_branches
                     else
                       :push_code
                     end
                   end
          user.can?(action, project)
        end
      end
      #
      # Discover user by ssh key
      #
      get "/discover" do
        key = Key.find(params[:key_id])
        present key.user, with: Entities::User
      end
      get "/check" do
        {
          api_version: '3'
        }
      end
    end
  end
 end
--- a/lib/gitlab/backend/gitolite.rb
+++ b/lib/gitlab/backend/gitolite.rb
@ -1,90 +0,0 @@
 require_relative 'gitolite_config'
 module Gitlab
  class Gitolite
    class AccessDenied < StandardError; end
    def config
      Gitlab::GitoliteConfig.new
    end
    # Update gitolite config with new key
    #
    # Ex.
    #   set_key("m_gitlab_com_12343", "sha-rsa ...", [2, 3, 6])
    #
    def set_key(key_id, key_content, project_ids)
      projects = Project.where(id: project_ids)
      config.apply do |config|
        config.write_key(key_id, key_content)
        config.update_projects(projects)
      end
    end
    # Remove ssh key from gitolite config
    #
    # Ex.
    #   remove_key("m_gitlab_com_12343", [2, 3, 6])
    #
    def remove_key(key_id, project_ids)
      projects = Project.where(id: project_ids)
      config.apply do |config|
        config.rm_key(key_id)
        config.update_projects(projects)
      end
    end
    # Update project config in gitolite by project id
    #
    # Ex.
    #   update_repository(23)
    #
    def update_repository(project_id)
      project = Project.find(project_id)
      config.update_project!(project)
    end
    def move_repository(old_repo, project)
      config.apply do |config|
        config.clean_repo(old_repo)
        config.update_project(project)
      end
    end
    # Remove repository from gitolite
    #
    # name - project path with namespace
    #
    # Ex.
    #   remove_repository("gitlab/gitlab-ci")
    #
    def remove_repository(name)
      config.destroy_project!(name)
    end
    # Update projects configs in gitolite by project ids
    #
    # Ex.
    #   update_repositories([1, 4, 6])
    #
    def update_repositories(project_ids)
      projects = Project.where(id: project_ids)
      config.apply do |config|
        config.update_projects(projects)
      end
    end
    def url_to_repo path
      Gitlab.config.gitolite.ssh_path_prefix + "#{path}.git"
    end
    def enable_automerge
      config.admin_all_repo!
    end
    alias_method :create_repository, :update_repository
  end
 end
--- a/lib/gitlab/backend/gitolite_config.rb
+++ b/lib/gitlab/backend/gitolite_config.rb
@ -1,241 +0,0 @@
 require 'gitolite'
 require 'timeout'
 require 'fileutils'
 module Gitlab
  class GitoliteConfig
    include Gitlab::Popen
    class PullError < StandardError; end
    class PushError < StandardError; end
    class BrokenGitolite < StandardError; end
    attr_reader :config_tmp_dir, :tmp_dir, :ga_repo, :conf
    def initialize
      @tmp_dir = Rails.root.join("tmp").to_s
      @config_tmp_dir = File.join(@tmp_dir,"gitlabhq-gitolite-#{Time.now.to_i}")
    end
    def ga_repo
      @ga_repo ||= ::Gitolite::GitoliteAdmin.new(
        File.join(config_tmp_dir,'gitolite'),
        conf: Gitlab.config.gitolite.config_file
      )
    end
    def apply
      Timeout::timeout(30) do
        File.open(File.join(tmp_dir, "gitlabhq-gitolite.lock"), "w+") do |f|
          begin
            # Set exclusive lock
            # to prevent race condition
            f.flock(File::LOCK_EX)
            # Pull gitolite-admin repo
            # in tmp dir before do any changes
            pull
            # Build ga_repo object and @conf
            # to access gitolite-admin configuration
            @conf = ga_repo.config
            # Do any changes
            # in gitolite-admin
            # config here
            yield(self)
            # Save changes in
            # gitolite-admin repo
            # before push it
            ga_repo.save
            # Push gitolite-admin repo
            # to apply all changes
            push
          ensure
            # Remove tmp dir
            # removing the gitolite folder first is important to avoid
            # NFS issues.
            FileUtils.rm_rf(File.join(config_tmp_dir, 'gitolite'))
            # Remove parent tmp dir
            FileUtils.rm_rf(config_tmp_dir)
            # Unlock so other task can access
            # gitolite configuration
            f.flock(File::LOCK_UN)
          end
        end
      end
    rescue PullError => ex
      log("Pull error ->  " + ex.message)
      raise Gitolite::AccessDenied, ex.message
    rescue PushError => ex
      log("Push error ->  " + " " + ex.message)
      raise Gitolite::AccessDenied, ex.message
    rescue BrokenGitolite => ex
      log("Gitolite error ->  " + " " + ex.message)
      raise Gitolite::AccessDenied, ex.message
    rescue Exception => ex
      log(ex.class.name + " " + ex.message)
      raise Gitolite::AccessDenied.new("gitolite timeout")
    end
    def log message
      Gitlab::GitLogger.error(message)
    end
    def path_to_repo(name)
      File.join(Gitlab.config.gitolite.repos_path, "#{name}.git")
    end
    def destroy_project(name)
      full_path = path_to_repo(name)
      FileUtils.rm_rf(full_path) if File.exists?(full_path)
      conf.rm_repo(name)
    end
    def clean_repo repo_name
      conf.rm_repo(repo_name)
    end
    def destroy_project!(project)
      apply do |config|
        config.destroy_project(project)
      end
    end
    def write_key(id, key)
      File.open(File.join(config_tmp_dir, 'gitolite/keydir',"#{id}.pub"), 'w') do |f|
        f.write(key.gsub(/\n/,''))
      end
    end
    def rm_key(user)
      key_path = File.join(config_tmp_dir, 'gitolite/keydir', "#{user}.pub")
      ga_key = ::Gitolite::SSHKey.from_file(key_path)
      ga_repo.rm_key(ga_key)
    end
    # update or create
    def update_project(project)
      repo = update_project_config(project, conf)
      conf.add_repo(repo, true)
    end
    def update_project!( project)
      apply do |config|
        config.update_project(project)
      end
    end
    # Updates many projects and uses project.path_with_namespace as the repo path
    # An order of magnitude faster than update_project
    def update_projects(projects)
      projects.each do |project|
        repo = update_project_config(project, conf)
        conf.add_repo(repo, true)
      end
    end
    def update_project_config(project, conf)
      repo_name = project.path_with_namespace
      repo = if conf.has_repo?(repo_name)
               conf.get_repo(repo_name)
             else
               ::Gitolite::Config::Repo.new(repo_name)
             end
      name_readers = project.team.repository_readers
      name_writers = project.team.repository_writers
      name_masters = project.team.repository_masters
      pr_br = project.protected_branches.map(&:name).join("$ ")
      repo.clean_permissions
      # Deny access to protected branches for writers
      unless name_writers.blank? || pr_br.blank?
        repo.add_permission("-", pr_br.strip + "$ ", name_writers)
      end
      # Add read permissions
      repo.add_permission("R", "", name_readers) unless name_readers.blank?
      # Add write permissions
      repo.add_permission("RW+", "", name_writers) unless name_writers.blank?
      repo.add_permission("RW+", "", name_masters) unless name_masters.blank?
      # Add sharedRepository config
      repo.set_git_config("core.sharedRepository", "0660")
      repo
    end
    # Enable access to all repos for gitolite admin.
    # We use it for accept merge request feature
    def admin_all_repo
      owner_name = Gitlab.config.gitolite.admin_key
      # @ALL repos premission for gitolite owner
      repo_name = "@all"
      repo = if conf.has_repo?(repo_name)
               conf.get_repo(repo_name)
             else
               ::Gitolite::Config::Repo.new(repo_name)
             end
      repo.add_permission("RW+", "", owner_name)
      conf.add_repo(repo, true)
    end
    def admin_all_repo!
      apply { |config| config.admin_all_repo }
    end
    private
    def pull
      # Create config tmp dir like "RAILS_ROOT/tmp/gitlabhq-gitolite-132545"
      Dir.mkdir config_tmp_dir
      # Clone gitolite-admin repo into tmp dir
      popen("git clone #{Gitlab.config.gitolite.admin_uri} #{config_tmp_dir}/gitolite", tmp_dir)
      # Ensure file with config presents after cloning
      unless File.exists?(File.join(config_tmp_dir, 'gitolite', 'conf', 'gitolite.conf'))
        raise PullError, "unable to clone gitolite-admin repo"
      end
    end
    def push
      output, status = popen('git add -A', tmp_conf_path)
      raise "Git add failed." unless status.zero?
      # git commit returns 0 on success, and 1 if there is nothing to commit
      output, status = popen('git commit -m "GitLab"', tmp_conf_path)
      raise "Git add failed." unless [0,1].include?(status)
      output, status = popen('git push', tmp_conf_path)
      if output =~ /remote\: FATAL/
        raise BrokenGitolite, output
      end
      if status.zero? || output =~ /Everything up\-to\-date/
        return true
      else
        raise PushError, "unable to push gitolite-admin repo"
      end
    end
    def tmp_conf_path
      File.join(config_tmp_dir,'gitolite')
    end
  end
 end
--- a/lib/gitlab/backend/shell.rb
+++ b/lib/gitlab/backend/shell.rb
@ -0,0 +1,50 @@
 module Gitlab
  class Shell
    class AccessDenied < StandardError; end
    # Init new repository
    #
    # name - project path with namespace
    #
    # Ex.
    #   add_repository("gitlab/gitlab-ci")
    #
    def add_repository(name)
      system("/home/git/gitlab-shell/bin/gitlab-projects add-project #{name}.git")
    end
    # Remove repository from file system
    #
    # name - project path with namespace
    #
    # Ex.
    #   remove_repository("gitlab/gitlab-ci")
    #
    def remove_repository(name)
      system("/home/git/gitlab-shell/bin/gitlab-projects rm-project #{name}.git")
    end
    # Add new key to gitlab-shell
    #
    # Ex.
    #   add_key("key-42", "sha-rsa ...")
    #
    def add_key(key_id, key_content)
      system("/home/git/gitlab-shell/bin/gitlab-keys add-key #{key_id} \"#{key_content}\"")
    end
    # Remove ssh key from gitlab shell
    #
    # Ex.
    #   remove_key("key-342", "sha-rsa ...")
    #
    def remove_key(key_id, key_content)
      system("/home/git/gitlab-shell/bin/gitlab-keys rm-key #{key_id} \"#{key_content}\"")
    end
    def url_to_repo path
      Gitlab.config.gitolite.ssh_path_prefix + "#{path}.git"
    end
  end
 end
--- a/lib/gitlab/satellite/satellite.rb
+++ b/lib/gitlab/satellite/satellite.rb
@ -30,10 +30,10 @@ module Gitlab
      end
      def create
-        output, status = popen("git clone #{project.url_to_repo} #{path}",
+        output, status = popen("git clone #{project.repository.path_to_repo} #{path}",
                               Gitlab.config.satellites.path)
-        log("PID: #{project.id}: git clone #{project.url_to_repo} #{path}")
+        log("PID: #{project.id}: git clone #{project.repository.path_to_repo} #{path}")
        log("PID: #{project.id}: -> #{output}")
        if status.zero?
--- a/lib/gitolited.rb
+++ b/lib/gitolited.rb
@ -6,6 +6,6 @@
 #
 module Gitolited
  def gitolite
-    Gitlab::Gitolite.new
+    Gitlab::Shell.new
  end
 end
--- a/lib/hooks/post-receive
+++ b/lib/hooks/post-receive
@ -1,12 +0,0 @@
 #!/usr/bin/env bash
 # Version 4.1
 # This file was placed here by GitLab. It makes sure that your pushed commits
 # will be processed properly.
 while read oldrev newrev ref
 do
  # For every branch or tag that was pushed, create a Resque job in redis.
  repo_path=`pwd`
  env -i redis-cli rpush "resque:gitlab:queue:post_receive" "{\"class\":\"PostReceive\",\"args\":[\"$repo_path\",\"$oldrev\",\"$newrev\",\"$ref\",\"$GL_USER\"]}" > /dev/null 2>&1
 done
--- a/lib/support/rewrite-hooks.sh
+++ b/lib/support/rewrite-hooks.sh
@ -1,32 +0,0 @@
 #!/bin/bash
 src="/home/git/repositories"
 for dir in `ls "$src/"`
 do
  if [ -d "$src/$dir" ]; then
    if [ "$dir" = "gitolite-admin.git" ]
    then
      continue 
    fi
    if [[ "$dir" =~ ^.*.git$ ]]
    then
      project_hook="$src/$dir/hooks/post-receive"
      gitolite_hook="/home/git/.gitolite/hooks/common/post-receive"
      ln -s -f $gitolite_hook $project_hook
    else
      for subdir in `ls "$src/$dir/"`
      do
        if [ -d "$src/$dir/$subdir" ] && [[ "$subdir" =~ ^.*.git$ ]]; then
          project_hook="$src/$dir/$subdir/hooks/post-receive"
          gitolite_hook="/home/git/.gitolite/hooks/common/post-receive"
          ln -s -f $gitolite_hook $project_hook
        fi
      done
    fi
  fi
 done
--- a/lib/support/truncate_repositories.sh
+++ b/lib/support/truncate_repositories.sh
@ -1,11 +0,0 @@
 #!/bin/bash
 echo "Danger!!! Data Loss"
 while true; do
  read -p "Do you wish to all directories except gitolite-admin.git from /home/git/repositories/ (y/n) ?:  " yn
  case $yn in
    [Yy]* ) sh -c "find /home/git/repositories/. -maxdepth 1  -not -name 'gitolite-admin.git' -not -name '.' | xargs sudo rm -rf"; break;;
    [Nn]* ) exit;;
    * ) echo "Please answer yes or no.";;
  esac
 done
--- a/lib/tasks/gitlab/enable_automerge.rake
+++ b/lib/tasks/gitlab/enable_automerge.rake
@ -3,11 +3,6 @@ namespace :gitlab do
  task :enable_automerge => :environment do
    warn_user_is_not_gitlab
    puts "Updating repo permissions ..."
    Gitlab::Gitolite.new.enable_automerge
    puts "... #{"done".green}"
    puts ""
    print "Creating satellites for ..."
    unless Project.count > 0
      puts "skipping, because you have no projects".magenta
--- a/lib/tasks/gitlab/shell.rake
+++ b/lib/tasks/gitlab/shell.rake
@ -0,0 +1,32 @@
 namespace :gitlab do
  namespace :shell do
    desc "GITLAB | Setup gitlab-shell"
    task :setup => :environment do
      setup
    end
  end
  def setup
    warn_user_is_not_gitlab
    puts "This will rebuild an authorized_keys file."
    puts "You will lose any data stored in /home/git/.ssh/authorized_keys."
    ask_to_continue
    puts ""
    system("echo '# Managed by gitlab-shell' > /home/git/.ssh/authorized_keys")
    Key.find_each(:batch_size => 1000) do |key|
      if Gitlab::Shell.new.add_key(key.shell_id, key.key)
        print '.'
      else
        print 'F'
      end
    end
  rescue Gitlab::TaskAbortedByUserError
    puts "Quitting...".red
    exit 1
  end
 end
--- a/spec/lib/gitolite_config_spec.rb
+++ b/spec/lib/gitolite_config_spec.rb
@ -1,16 +0,0 @@
 require 'spec_helper'
 describe Gitlab::GitoliteConfig do
  let(:gitolite) { Gitlab::GitoliteConfig.new }
  it { should respond_to :write_key }
  it { should respond_to :rm_key }
  it { should respond_to :update_project }
  it { should respond_to :update_project! }
  it { should respond_to :update_projects }
  it { should respond_to :destroy_project }
  it { should respond_to :destroy_project! }
  it { should respond_to :apply }
  it { should respond_to :admin_all_repo }
  it { should respond_to :admin_all_repo! }
 end
--- a/spec/lib/gitolite_spec.rb
+++ b/spec/lib/gitolite_spec.rb
@ -1,26 +0,0 @@
 require 'spec_helper'
 describe Gitlab::Gitolite do
  let(:project) { double('Project', id: 7, path: 'diaspora') }
  let(:gitolite_config) { double('Gitlab::GitoliteConfig') }
  let(:gitolite) { Gitlab::Gitolite.new }
  before do
    gitolite.stub(config: gitolite_config)
    Project.stub(find: project)
  end
  it { should respond_to :set_key }
  it { should respond_to :remove_key }
  it { should respond_to :update_repository }
  it { should respond_to :create_repository }
  it { should respond_to :remove_repository }
  it { gitolite.url_to_repo('diaspora').should == Gitlab.config.gitolite.ssh_path_prefix + "diaspora.git" }
  it "should call config update" do
    gitolite_config.should_receive(:update_project!)
    gitolite.update_repository(project.id)
  end
 end
--- a/spec/lib/shell_spec.rb
+++ b/spec/lib/shell_spec.rb
@ -0,0 +1,17 @@
 require 'spec_helper'
 describe Gitlab::Shell do
  let(:project) { double('Project', id: 7, path: 'diaspora') }
  let(:gitolite) { Gitlab::Shell.new }
  before do
    Project.stub(find: project)
  end
  it { should respond_to :add_key }
  it { should respond_to :remove_key }
  it { should respond_to :add_repository }
  it { should respond_to :remove_repository }
  it { gitolite.url_to_repo('diaspora').should == Gitlab.config.gitolite.ssh_path_prefix + "diaspora.git" }
 end
--- a/spec/models/key_spec.rb
+++ b/spec/models/key_spec.rb
@ -46,9 +46,9 @@ describe Key do
        key.should_not be_valid
      end
-      it "does accept the same key for another project" do
+      it "does not accept the same key for another project" do
        key = build(:key, project_id: 0)
-        key.should be_valid
+        key.should_not be_valid
      end
    end
--- a/spec/models/project_spec.rb
+++ b/spec/models/project_spec.rb
@ -77,8 +77,6 @@ describe Project do
    it { should respond_to(:url_to_repo) }
    it { should respond_to(:repo_exists?) }
    it { should respond_to(:satellite) }
    it { should respond_to(:update_repository) }
    it { should respond_to(:destroy_repository) }
    it { should respond_to(:observe_push) }
    it { should respond_to(:update_merge_requests) }
    it { should respond_to(:execute_hooks) }
--- a/spec/models/protected_branch_spec.rb
+++ b/spec/models/protected_branch_spec.rb
@ -24,19 +24,4 @@ describe ProtectedBranch do
    it { should validate_presence_of(:project) }
    it { should validate_presence_of(:name) }
  end
  describe 'Callbacks' do
    let(:branch) { build(:protected_branch) }
    it 'call update_repository after save' do
      branch.should_receive(:update_repository)
      branch.save
    end
    it 'call update_repository after destroy' do
      branch.save
      branch.should_receive(:update_repository)
      branch.destroy
    end
  end
 end
--- a/spec/observers/key_observer_spec.rb
+++ b/spec/observers/key_observer_spec.rb
@ -3,7 +3,7 @@ require 'spec_helper'
 describe KeyObserver do
  before do
    @key = double('Key',
-      identifier: 'admin_654654',
+      shell_id: 'key-32',
      key: '== a vaild ssh key',
      projects: [],
      is_deploy_key: false
@ -14,14 +14,14 @@ describe KeyObserver do
  context :after_save do
    it do
-      GitoliteWorker.should_receive(:perform_async).with(:set_key, @key.identifier, @key.key, @key.projects.map(&:id))
+      GitoliteWorker.should_receive(:perform_async).with(:add_key, @key.shell_id, @key.key)
      @observer.after_save(@key)
    end
  end
  context :after_destroy do
    it do
-      GitoliteWorker.should_receive(:perform_async).with(:remove_key, @key.identifier, @key.projects.map(&:id))
+      GitoliteWorker.should_receive(:perform_async).with(:remove_key, @key.shell_id, @key.key)
      @observer.after_destroy(@key)
    end
  end
--- a/spec/spec_helper.rb
+++ b/spec/spec_helper.rb
@ -24,7 +24,6 @@ RSpec.configure do |config|
  config.mock_with :rspec
  config.include LoginHelpers, type: :request
  config.include GitoliteStub
  config.include FactoryGirl::Syntax::Methods
  config.include Devise::TestHelpers, type: :controller
@ -34,8 +33,6 @@ RSpec.configure do |config|
  config.use_transactional_fixtures = false
  config.before do
    stub_gitolite!
    # Use tmp dir for FS manipulations
    temp_repos_path = Rails.root.join('tmp', 'test-git-base-path')
    Gitlab.config.gitolite.stub(repos_path: temp_repos_path)
--- a/spec/support/gitolite_stub.rb
+++ b/spec/support/gitolite_stub.rb
@ -1,21 +0,0 @@
 module GitoliteStub
  def stub_gitolite!
    stub_gitlab_gitolite
    stub_gitolite_admin
  end
  def stub_gitolite_admin
    gitolite_admin = double('Gitolite::GitoliteAdmin')
    gitolite_admin.as_null_object
    Gitolite::GitoliteAdmin.stub(new: gitolite_admin)
  end
  def stub_gitlab_gitolite
    gitolite_config = double('Gitlab::GitoliteConfig')
    gitolite_config.stub(apply: ->() { yield(self) })
    gitolite_config.as_null_object
    Gitlab::GitoliteConfig.stub(new: gitolite_config)
  end
 end
--- a/spec/support/stubbed_repository.rb
+++ b/spec/support/stubbed_repository.rb
@ -1,5 +1,6 @@
 require "repository"
 require "project"
 require "shell"
 # Stubs out all Git repository access done by models so that specs can run
 # against fake repositories without Grit complaining that they don't exist.
@ -36,3 +37,23 @@ class GitLabTestRepo < Repository
    @repo ||= Grit::Repo.new(Rails.root.join('tmp', 'repositories', 'gitlabhq'))
  end
 end
 module Gitlab
  class Shell
    def add_repository name
      true
    end
    def remove_repository name
      true
    end
    def add_key id, key
      true
    end
    def remove_key id, key
      true
    end
  end
 end
--- a/spec/workers/post_receive_spec.rb
+++ b/spec/workers/post_receive_spec.rb
@ -11,7 +11,7 @@ describe PostReceive do
  context "web hook" do
    let(:project) { create(:project) }
    let(:key) { create(:key, user: project.owner) }
-    let(:key_id) { key.identifier }
+    let(:key_id) { key.shell_id }
    it "fetches the correct project" do
      Project.should_receive(:find_with_namespace).with(project.path_with_namespace).and_return(project)
@ -19,7 +19,7 @@ describe PostReceive do
    end
    it "does not run if the author is not in the project" do
-      Key.stub(find_by_identifier: nil)
+      Key.stub(find_by_id: nil)
      project.should_not_receive(:observe_push)
      project.should_not_receive(:execute_hooks)