move triggers into their own subdir...
...otherwise 'gitolite help' was getting too confusing, mixing up stuff that users should not be running directly (even on the server) ---- implementation notes: those who are worried about the '../triggers/' in various parts of the code here, remember you can only do that from a command line on the server. Remote users can only use commands that have been explicitly listed in the COMMANDS hash in the rc file. This means they can't even access other commands in the same directory as, say, the 'info' command, so a '../' is definitely not going to work.
This commit is contained in:
Sitaram Chamarty
parent
96ccbf0c1c
commit
07cf7fedfe
11 changed files with 6 additions and 6 deletions
|
|
@ -31,7 +31,7 @@ For each case where access is not denied, one line is printed like this:
|
|||
This is orders of magnitude faster than running the command multiple times;
|
||||
you'll notice if you have more than a hundred or so repos.
|
||||
|
||||
Advanced uses: see src/commands/post-compile/update-git-daemon-access-list for
|
||||
Advanced uses: see src/triggers/post-compile/update-git-daemon-access-list for
|
||||
a good example.
|
||||
=cut
|
||||
|
||||
|
|
|
|||
|
|
@ -1,28 +0,0 @@
|
|||
#!/usr/bin/perl
|
||||
use strict;
|
||||
use warnings;
|
||||
|
||||
use lib $ENV{GL_BINDIR};
|
||||
use Gitolite::Easy;
|
||||
|
||||
my ($trigger, $repo, $user, $aa, $ref, $verb, $utime, $stime, $cutime, $cstime) = @ARGV;
|
||||
|
||||
# now do whatever you want with this data; the following is just an example.
|
||||
|
||||
# Ideally, you will (a) write your own code with a different filename so later
|
||||
# gitolite upgrades won't overwrite your copy, (b) add appropriate variables
|
||||
# to the rc file, and (c) change your rc file to call your program at the end
|
||||
# of the POST_GIT list.
|
||||
|
||||
if (my $limit = $rc{CPU_TIME_WARN_LIMIT}) {
|
||||
my $total = $utime + $cutime + $stime + $cstime;
|
||||
# some code to send an email or whatever...
|
||||
say2 "limit = $limit, actual = $total" if $total > $limit;
|
||||
}
|
||||
|
||||
if ($rc{DISPLAY_CPU_TIME}) {
|
||||
say2 "perf stats for $verb on repo '$repo':";
|
||||
say2 " user CPU time: " . ( $utime + $cutime );
|
||||
say2 " sys CPU time: " . ( $stime + $cstime );
|
||||
}
|
||||
|
||||
|
|
@ -1,133 +0,0 @@
|
|||
#!/usr/bin/perl
|
||||
use strict;
|
||||
use warnings;
|
||||
|
||||
use File::Temp qw(tempfile);
|
||||
|
||||
use lib $ENV{GL_BINDIR};
|
||||
use Gitolite::Rc;
|
||||
use Gitolite::Common;
|
||||
|
||||
$|++;
|
||||
|
||||
# can be called directly, or as a post-update hook. Since it ignores
|
||||
# arguments anyway, it hardly matters.
|
||||
|
||||
my $ab = `gitolite query-rc -n GL_ADMIN_BASE`;
|
||||
trace( 2, "'keydir' not found in '$ab'; exiting" ), exit if not -d "$ab/keydir";
|
||||
my $akdir = "$ENV{HOME}/.ssh";
|
||||
my $akfile = "$ENV{HOME}/.ssh/authorized_keys";
|
||||
my $glshell = `gitolite query-rc -n GL_BINDIR` . "/gitolite-shell";
|
||||
my $auth_options = auth_options();
|
||||
|
||||
sanity();
|
||||
|
||||
# ----------------------------------------------------------------------
|
||||
|
||||
_chdir($ab);
|
||||
|
||||
# old data
|
||||
my $old_ak = slurp($akfile);
|
||||
my @non_gl = grep { not /^# gito.*start/ .. /^# gito.*end/ } slurp($akfile);
|
||||
chomp(@non_gl);
|
||||
my %seen = map { $_ => 'a non-gitolite key' } ( fp(@non_gl) );
|
||||
# die 1;
|
||||
|
||||
# pubkey files
|
||||
chomp( my @pubkeys = `find keydir -type f -name "*.pub" | sort` );
|
||||
my @gl_keys = ();
|
||||
for my $f (@pubkeys) {
|
||||
my $fp = fp($f);
|
||||
if ( $seen{$fp} ) {
|
||||
_warn "$f duplicates $seen{$fp}, sshd will ignore it";
|
||||
} else {
|
||||
$seen{$fp} = $f;
|
||||
}
|
||||
push @gl_keys, grep { /./ } optionise($f);
|
||||
}
|
||||
|
||||
# dump it out
|
||||
if (@gl_keys) {
|
||||
my $out = join( "\n", map { my $_ = $_; chomp($_); $_ } @non_gl, "# gitolite start", @gl_keys, "# gitolite end" ) . "\n";
|
||||
|
||||
my $ak = slurp($akfile);
|
||||
_die "$akfile changed between start and end of this program!" if $ak ne $old_ak;
|
||||
_print( $akfile, $out );
|
||||
}
|
||||
|
||||
# ----------------------------------------------------------------------
|
||||
|
||||
sub sanity {
|
||||
_die "$glshell not found; this should NOT happen..." if not -f $glshell;
|
||||
_die "$glshell found but not readable; this should NOT happen..." if not -r $glshell;
|
||||
_die "$glshell found but not executable; this should NOT happen..." if not -x $glshell;
|
||||
|
||||
_warn "$akdir missing; creating a new one" if not -d $akdir;
|
||||
_warn "$akfile missing; creating a new one" if not -f $akfile;
|
||||
|
||||
_mkdir($akdir, 0700) if not -d $akfile;
|
||||
if ( not -f $akfile ) {
|
||||
_print( $akfile, "" );
|
||||
chmod 0700, $akfile;
|
||||
}
|
||||
}
|
||||
|
||||
sub auth_options {
|
||||
my $auth_options = `gitolite query-rc AUTH_OPTIONS`;
|
||||
chomp($auth_options);
|
||||
$auth_options ||= "no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty";
|
||||
|
||||
return $auth_options;
|
||||
}
|
||||
|
||||
sub fp {
|
||||
# input: see below
|
||||
# output: a (list of) FPs
|
||||
my $in = shift || '';
|
||||
if ( $in =~ /\.pub$/ ) {
|
||||
# single pubkey file
|
||||
_die "bad pubkey file '$in'" unless $in =~ $REPONAME_PATT;
|
||||
return fp_file($in);
|
||||
} elsif ( -f $in ) {
|
||||
# an authkeys file
|
||||
return map { fp_line($_) } grep { !/^#/ and /\S/ } slurp($in);
|
||||
} else {
|
||||
# one or more actual keys
|
||||
return map { fp_line($_) } grep { !/^#/ and /\S/ } ( $in, @_ );
|
||||
}
|
||||
}
|
||||
|
||||
sub fp_file {
|
||||
my $f = shift;
|
||||
my $fp = `ssh-keygen -l -f '$f'`;
|
||||
chomp($fp);
|
||||
_die "fingerprinting failed for $f" unless $fp =~ /([0-9a-f][0-9a-f](:[0-9a-f][0-9a-f])+)/;
|
||||
$fp = $1;
|
||||
return $fp;
|
||||
}
|
||||
|
||||
sub fp_line {
|
||||
my ( $fh, $fn ) = tempfile();
|
||||
print $fh shift;
|
||||
close $fh;
|
||||
my $fp = fp_file($fn);
|
||||
unlink $fn;
|
||||
return $fp;
|
||||
}
|
||||
|
||||
sub optionise {
|
||||
my $f = shift;
|
||||
|
||||
my $user = $f;
|
||||
$user =~ s(.*/)(); # foo/bar/baz.pub -> baz.pub
|
||||
$user =~ s/(\@[^.]+)?\.pub$//; # baz.pub, baz@home.pub -> baz
|
||||
|
||||
my @line = slurp($f);
|
||||
if ( @line != 1 ) {
|
||||
_warn "$f does not contain exactly 1 line; ignoring";
|
||||
return '';
|
||||
}
|
||||
chomp(@line);
|
||||
return "command=\"$glshell $user\",$auth_options $line[0]";
|
||||
}
|
||||
|
||||
|
|
@ -1,34 +0,0 @@
|
|||
#!/usr/bin/perl
|
||||
|
||||
# update git-config entries in each repo
|
||||
# ----------------------------------------------------------------------
|
||||
|
||||
use FindBin;
|
||||
|
||||
use lib $ENV{GL_BINDIR};
|
||||
use Gitolite::Rc;
|
||||
use Gitolite::Common;
|
||||
use Gitolite::Conf::Load;
|
||||
|
||||
use strict;
|
||||
use warnings;
|
||||
|
||||
# ----------------------------------------------------------------------
|
||||
|
||||
my $RB = $rc{GL_REPO_BASE};
|
||||
_chdir ($RB);
|
||||
my $lpr = list_phy_repos();
|
||||
|
||||
for my $pr (@$lpr) {
|
||||
my $gc = git_config($pr, '.');
|
||||
while ( my ($key, $value) = each(%{ $gc }) ) {
|
||||
next if $key =~ /^gitolite-options\./;
|
||||
if ($value ne "") {
|
||||
$value =~ s/^['"](.*)["']$/$1/;
|
||||
$value =~ s/%GL_REPO/$pr/g;
|
||||
system("git", "config", "--file", "$RB/$pr.git/config", $key, $value);
|
||||
} else {
|
||||
system("git", "config", "--file", "$RB/$pr.git/config", "--unset-all", $key);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -1,40 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
# this is probably the *fastest* git-daemon update possible.
|
||||
|
||||
export EO=git-daemon-export-ok
|
||||
export RB=$(gitolite query-rc GL_REPO_BASE)
|
||||
|
||||
gitolite list-phy-repos | gitolite access % daemon R any |
|
||||
perl -lane '
|
||||
unlink "$ENV{RB}/$F[0].git/$ENV{EO}" if /DENIED/;
|
||||
print $F[0] unless /DENIED/
|
||||
' |
|
||||
while read r
|
||||
do
|
||||
> $RB/$r.git/$EO
|
||||
done
|
||||
|
||||
# A bit of explanation may be in order. The gitolite output looks somewhat
|
||||
# like this:
|
||||
|
||||
# bar^Idaemon^IR any bar daemon DENIED by fallthru$
|
||||
# foo^Idaemon^Irefs/.*$
|
||||
# fubar^Idaemon^Irefs/.*$
|
||||
# gitolite-admin^Idaemon^IR any gitolite-admin daemon DENIED by fallthru$
|
||||
# testing^Idaemon^Irefs/.*$
|
||||
|
||||
# where I've type "^I" to denote a tab.
|
||||
|
||||
# Shell has to fork 'rm' to delete a file but perl doesn't. So removing the
|
||||
# export-ok file from repos where needed is done in perl.
|
||||
|
||||
# On the other hand, perls requires a bit more *code* to even create an empty
|
||||
# file. Shell can do it with just "> file", and it doesn't fork for this. So
|
||||
# that part is handled in shell.
|
||||
|
||||
# You'll also see that the perl part is taking what it needs from the input
|
||||
# and passing the rest on, so the shell part doesn't have to do any grepping,
|
||||
# which would be a horrible slowdown.
|
||||
|
||||
# $F and the rest is the magic of perl's flags (man perlrun).
|
||||
|
|
@ -1,15 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
# this is literally the simplest gitweb update possible. You are free to add
|
||||
# whatever you want and contribute it back, as long as it is upward
|
||||
# compatible.
|
||||
|
||||
plf=$(gitolite query-rc GITWEB_PROJECTS_LIST)
|
||||
[ -z "$plf" ] && plf=$HOME/projects.list
|
||||
|
||||
(
|
||||
gitolite list-phy-repos | gitolite access % gitweb R any | grep -v DENIED
|
||||
gitolite list-phy-repos | gitolite git-config -r % gitweb\\.
|
||||
) |
|
||||
cut -f1 | sort -u | sed -e 's/$/.git/' > $plf
|
||||
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
n=$1
|
||||
[ "$n" = "PRE_GIT" ] && n=10
|
||||
renice -n $n $GL_TID >/dev/null
|
||||
Loading…
Add table
Add a link
Reference in a new issue