(really big config) 2 new rc variables
...to prevent auto-creation of repos from config, and to prevent processing of ssh keys. Also doc update
This commit is contained in:
parent
988934dec1
commit
0d0e7e5d72
3 changed files with 61 additions and 18 deletions
|
@ -89,6 +89,8 @@ $GIT_PATH="";
|
|||
|
||||
$GL_BIG_CONFIG = 0;
|
||||
$GL_NO_DAEMON_NO_GITWEB = 0;
|
||||
$GL_NO_CREATE_REPOS = 0;
|
||||
$GL_NO_SETUP_AUTHKEYS = 0;
|
||||
|
||||
# ----------------------------------------------------------------------
|
||||
# SECURITY SENSITIVE SETTINGS
|
||||
|
|
|
@ -4,7 +4,7 @@ In this document:
|
|||
|
||||
* <a href="#when_why_do_we_need_it_">when/why do we need it?</a>
|
||||
* <a href="#how_do_we_use_it_">how do we use it?</a>
|
||||
* <a href="#summary_of_settings_in_RC_file">summary of settings in RC file</a>
|
||||
* <a href="#other_optimisations">other optimisations</a>
|
||||
* <a href="#what_are_the_downsides_">what are the downsides?</a>
|
||||
* <a href="#extra_coolness_usergroups_and_LDAP_similar_tools">(extra coolness) usergroups and LDAP/similar tools</a>
|
||||
|
||||
|
@ -107,8 +107,9 @@ Just set
|
|||
|
||||
$GL_BIG_CONFIG = 1;
|
||||
|
||||
in the `~/.gitolite.rc` file on the server. When you do that, and push this
|
||||
configuration, the compiled file looks like this:
|
||||
in the `~/.gitolite.rc` file on the server (see next section for more
|
||||
variables). When you do that, and push this configuration, the compiled file
|
||||
looks like this:
|
||||
|
||||
%repos = (
|
||||
'@wbr' => {
|
||||
|
@ -142,23 +143,38 @@ configuration, the compiled file looks like this:
|
|||
That's a lot smaller, and allows orders of magintude more repos and groups to
|
||||
be supported.
|
||||
|
||||
<a name="summary_of_settings_in_RC_file"></a>
|
||||
<a name="other_optimisations"></a>
|
||||
|
||||
### summary of settings in RC file
|
||||
### other optimisations
|
||||
|
||||
The default RC file contains the following lines:
|
||||
The default RC file contains the following lines (we've already discussed the
|
||||
first one):
|
||||
|
||||
$GL_BIG_CONFIG = 0;
|
||||
$GL_NO_DAEMON_NO_GITWEB = 0;
|
||||
$GL_NO_CREATE_REPOS = 0;
|
||||
$GL_NO_SETUP_AUTHKEYS = 0;
|
||||
|
||||
The first setting means that by default, big-config is off; you can change it
|
||||
to 1 to enable it.
|
||||
`GL_NO_DAEMON_NO_GITWEB` is a very useful optimisation that you *must* enable
|
||||
if you *do* have a large number of repositories, and do *not* use gitolite's
|
||||
support for gitweb or git-daemon access (see "[easier to specify gitweb
|
||||
description and gitweb/daemon access][gw]" for details). This will save a lot
|
||||
of time when you push the gitolite-admin repo with changes. This variable
|
||||
also control whether "git config" lines (such as `config hooks.emailprefix =
|
||||
"[gitolite]"`) will be processed or not.
|
||||
|
||||
The second is a very useful optimisation that you *must* enable if you *do*
|
||||
have a large number of repositories, and do *not* use gitolite's support for
|
||||
gitweb or git-daemon access (see "[easier to specify gitweb description and
|
||||
gitweb/daemon access][gw]" for details). This will save a lot of time when
|
||||
you push the gitolite-admin repo with changes.
|
||||
Setting this is relatively harmless to a normal installation, unlike the next
|
||||
two variables :-) `GL_NO_CREATE_REPOS` and `GL_NO_SETUP_AUTHKEYS` are meant
|
||||
for installations where some backend system already exists that does all the
|
||||
actual repo creation, and all the authentication setup (ssh auth keys),
|
||||
respectively.
|
||||
|
||||
Summary: Please **leave those two variables alone** unless you're initials are
|
||||
"JK" ;-)
|
||||
|
||||
Also note that using all 3 of the `GL_NO_*` variables will result in
|
||||
*everything* after the config compile being skipped. In other words, gitolite
|
||||
is being used **only** for its access control language.
|
||||
|
||||
[gw]: http://github.com/sitaramc/gitolite/blob/pu/doc/3-faq-tips-etc.mkd#gitweb
|
||||
|
||||
|
|
|
@ -52,7 +52,7 @@ $Data::Dumper::Sortkeys = 1;
|
|||
open STDOUT, ">", "/dev/null" if (@ARGV and shift eq '-q');
|
||||
|
||||
# these are set by the "rc" file
|
||||
our ($GL_ADMINDIR, $GL_CONF, $GL_KEYDIR, $GL_CONF_COMPILED, $REPO_BASE, $REPO_UMASK, $PROJECTS_LIST, $GIT_PATH, $GL_WILDREPOS, $GL_GITCONFIG_KEYS, $GL_PACKAGE_HOOKS, $GL_BIG_CONFIG, $GL_NO_DAEMON_NO_GITWEB);
|
||||
our ($GL_ADMINDIR, $GL_CONF, $GL_KEYDIR, $GL_CONF_COMPILED, $REPO_BASE, $REPO_UMASK, $PROJECTS_LIST, $GIT_PATH, $GL_WILDREPOS, $GL_GITCONFIG_KEYS, $GL_PACKAGE_HOOKS, $GL_BIG_CONFIG, $GL_NO_DAEMON_NO_GITWEB, $GL_NO_CREATE_REPOS, $GL_NO_SETUP_AUTHKEYS);
|
||||
# and these are set by gitolite.pm
|
||||
our ($REPONAME_PATT, $REPOPATT_PATT, $USERNAME_PATT, $AUTH_COMMAND, $AUTH_OPTIONS, $ABRT, $WARN);
|
||||
|
||||
|
@ -395,12 +395,15 @@ print $compiled_fh Data::Dumper->Dump([\%groups], [qw(*groups)]) if $GL_BIG_CONF
|
|||
close $compiled_fh or die "$ABRT close compiled-conf failed: $!\n";
|
||||
|
||||
# ----------------------------------------------------------------------------
|
||||
# any new repos to be created?
|
||||
# (that ends the config file compiler and write)
|
||||
# ----------------------------------------------------------------------------
|
||||
|
||||
# modern gits allow cloning from an empty repo, so we just create it
|
||||
# ----------------------------------------------------------------------------
|
||||
# what's the git version?
|
||||
# ----------------------------------------------------------------------------
|
||||
|
||||
# we don't like stuff older than 1.6.2
|
||||
|
||||
# but it turns out not everyone has "modern" gits :)
|
||||
my $git_version = `git --version`;
|
||||
die "
|
||||
*** ERROR ***
|
||||
|
@ -418,11 +421,22 @@ die "\n\t\t***** AAARGH! *****\n" .
|
|||
"\tthe newer features, please upgrade.\n"
|
||||
if $git_version < 10602; # that's 1.6.2 to you
|
||||
|
||||
|
||||
|
||||
# ----------------------------------------------------------------------------
|
||||
# the rest of this program can be "switched off"; see doc/big-config.mkd for
|
||||
# details.
|
||||
# ----------------------------------------------------------------------------
|
||||
|
||||
# ----------------------------------------------------------------------------
|
||||
# any new repos to be created?
|
||||
# ----------------------------------------------------------------------------
|
||||
|
||||
# repo-base needs to be an absolute path for this loop to work right
|
||||
# so if it was not already absolute, prefix $HOME.
|
||||
my $repo_base_abs = ( $REPO_BASE =~ m(^/) ? $REPO_BASE : "$ENV{HOME}/$REPO_BASE" );
|
||||
|
||||
{
|
||||
unless ($GL_NO_CREATE_REPOS) {
|
||||
wrap_chdir("$repo_base_abs");
|
||||
|
||||
# autocreate repos. Start with the ones that are normal repos in %repos
|
||||
|
@ -460,6 +474,10 @@ my $repo_base_abs = ( $REPO_BASE =~ m(^/) ? $REPO_BASE : "$ENV{HOME}/$REPO_BASE"
|
|||
# update repo configurations
|
||||
# ----------------------------------------------------------------------------
|
||||
|
||||
# no gating required for this. If you don't have any "config" lines it won't
|
||||
# run anyway. An example of a config line could be:
|
||||
# config hooks.emailprefix = "[foo]"
|
||||
|
||||
for my $repo (keys %repo_config) {
|
||||
wrap_chdir("$repo_base_abs/$repo.git");
|
||||
while ( my ($key, $value) = each(%{ $repo_config{$repo} }) ) {
|
||||
|
@ -540,6 +558,9 @@ unless ($GL_NO_DAEMON_NO_GITWEB) {
|
|||
# "compile" ssh authorized_keys
|
||||
# ----------------------------------------------------------------------------
|
||||
|
||||
# NOTE: for now we assume that setting up authkeys is the LAST thing we do!
|
||||
exit 0 if $GL_NO_SETUP_AUTHKEYS;
|
||||
|
||||
my $authkeys_fh = wrap_open( "<", $ENV{HOME} . "/.ssh/authorized_keys",
|
||||
"\tFor security reasons, gitolite will not *create* this file if it does\n" .
|
||||
"\tnot already exist. Please see the \"admin\" document for details\n");
|
||||
|
@ -620,3 +641,7 @@ system("cat $ENV{HOME}/.ssh/authorized_keys > $ENV{HOME}/.ssh/old_authkeys");
|
|||
system("cat $ENV{HOME}/.ssh/new_authkeys > $ENV{HOME}/.ssh/authorized_keys")
|
||||
and die "couldn't write authkeys file\n";
|
||||
system("rm $ENV{HOME}/.ssh/new_authkeys");
|
||||
|
||||
# NOTE: if you're adding code here that is unrelated to setting up authkeys,
|
||||
# remember that control may not reach here if a sysadm has set
|
||||
# GL_NO_SETUP_AUTHKEYS in the rc file.
|
||||
|
|
Loading…
Add table
Reference in a new issue