deac/gitolite
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

log message changes (warning: minor backward compat breakage)

Browse source 
The log message format has changed.  All log messages now have a common
prefix (timestamp, user, IP).  This is followed by $SSH_ORIGINAL_COMMAND
(or, in one special case, the name of the user's login shell).  Any
further text appears after this (currently this only happens in the case
of a successful push -- one for each ref pushed successfully)
This commit is contained in:
Sitaram Chamarty 2010-06-16 07:20:12 +05:30
parent 1ecc7ae74e
commit 0f5f82e4f5
5 changed files with 22 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
doc/CHANGELOG
View file

@ -2,8 +2,12 @@ Major changes to gitolite, master branch only, most recent first, no dates but
the tags can help you position stuff approximately the tags can help you position stuff approximately
[NYD = not yet documented due to lack of time...] [NYD = not yet documented due to lack of time...]
- v1.5.3
- log file format changed; minor backward compat breakage if you've been
doing any automated log processing
- some small but important doc updates - some small but important doc updates
- adc "fork" now much faster (uses git clone -l) - adc "fork" now much faster and more space-efficient (uses git clone -l)
- v1.5.2 - v1.5.2

5
hooks/common/update
View file

@ -105,9 +105,8 @@ my $log_refex = check_ref(\@allowed_refs, $ENV{GL_REPO}, (shift @refs), $att_acc
# if we returned at all, all the checks succeeded, so we log the action and exit 0 # if we returned at all, all the checks succeeded, so we log the action and exit 0
&log_it("$ENV{GL_TS} $att_acc\t" . &log_it("", "$att_acc\t" . substr($oldsha, 0, 14) . "\t" . substr($newsha, 0, 14) .
substr($oldsha, 0, 14) . "\t" . substr($newsha, 0, 14) . "\t$reported_repo\t$ref\t$log_refex");
"\t$reported_repo\t$ref\t$ENV{GL_USER}\t$log_refex\n");
# now chain to the local admin defined update hook, if present # now chain to the local admin defined update hook, if present
$UPDATE_CHAINS_TO ||= 'hooks/update.secondary'; $UPDATE_CHAINS_TO ||= 'hooks/update.secondary';

14
src/gitolite.pm
View file

@ -58,8 +58,16 @@ sub wrap_open {
} }
sub log_it { sub log_it {
my ($ip, $logmsg);
open my $log_fh, ">>", $ENV{GL_LOG} or die "open log failed: $!\n"; open my $log_fh, ">>", $ENV{GL_LOG} or die "open log failed: $!\n";
print $log_fh @_; # first space sep field is client ip, per "man ssh"
($ip = $ENV{SSH_CONNECTION}) =~ s/ .*//;
# the first part of logmsg is the actual command used; it's either passed
# in via arg1, or picked up from SSH_ORIGINAL_COMMAND
$logmsg = $_[0] || $ENV{SSH_ORIGINAL_COMMAND}; shift;
# the rest of it upto the caller; we just dump it into the logfile
$logmsg .= "\t@_" if @_;
print $log_fh "$ENV{GL_TS}\t$ENV{GL_USER}\t$ip\t$logmsg\n";
close $log_fh or die "close log failed: $!\n"; close $log_fh or die "close log failed: $!\n";
} }
@ -474,7 +482,7 @@ sub special_cmd
&ext_cmd_svnserve($SVNSERVE); &ext_cmd_svnserve($SVNSERVE);
} else { } else {
# if the user is allowed a shell, just run the command # if the user is allowed a shell, just run the command
&log_it("$ENV{GL_TS}\t$ENV{SSH_ORIGINAL_COMMAND}\t$ENV{GL_USER}\n"); &log_it();
exec $ENV{SHELL}, "-c", $cmd if $shell_allowed; exec $ENV{SHELL}, "-c", $cmd if $shell_allowed;
die "bad command: $cmd\n"; die "bad command: $cmd\n";
@ -615,7 +623,7 @@ sub ext_cmd_rsync
# that should "die" if there's a problem # that should "die" if there's a problem
wrap_chdir($RSYNC_BASE); wrap_chdir($RSYNC_BASE);
&log_it("$ENV{GL_TS}\t$ENV{SSH_ORIGINAL_COMMAND}\t$ENV{GL_USER}\n"); &log_it();
exec $ENV{SHELL}, "-c", $ENV{SSH_ORIGINAL_COMMAND}; exec $ENV{SHELL}, "-c", $ENV{SSH_ORIGINAL_COMMAND};
} }

6
src/gl-auth-command
View file

@ -102,7 +102,7 @@ unless ($ENV{SSH_ORIGINAL_COMMAND}) {
if ($shell_allowed) { if ($shell_allowed) {
my $shell = $ENV{SHELL}; my $shell = $ENV{SHELL};
$shell =~ s/.*\//-/; # change "/bin/bash" to "-bash" $shell =~ s/.*\//-/; # change "/bin/bash" to "-bash"
&log_it("$ENV{GL_TS}\t$shell\t$user\n"); &log_it($shell);
exec { $ENV{SHELL} } $shell; exec { $ENV{SHELL} } $shell;
} }
# otherwise, pretend he typed in "info" and carry on... # otherwise, pretend he typed in "info" and carry on...
@ -119,7 +119,7 @@ if ($GL_ADC_PATH and -d $GL_ADC_PATH) {
if (-x "$GL_ADC_PATH/$cmd") { if (-x "$GL_ADC_PATH/$cmd") {
# yes this is rather strict, sorry. # yes this is rather strict, sorry.
do { die "I don't like $_\n" unless $_ =~ $REPOPATT_PATT } for ($cmd, @args); do { die "I don't like $_\n" unless $_ =~ $REPOPATT_PATT } for ($cmd, @args);
&log_it("$ENV{GL_TS}\t$GL_ADC_PATH/$ENV{SSH_ORIGINAL_COMMAND}\t$ENV{GL_USER}\n"); &log_it("$GL_ADC_PATH/$ENV{SSH_ORIGINAL_COMMAND}");
exec("$GL_ADC_PATH/$cmd", @args); exec("$GL_ADC_PATH/$cmd", @args);
} }
} }
@ -208,7 +208,7 @@ die "$aa access for $repo DENIED to $user\n" unless $perm =~ /$aa/;
# over to git now # over to git now
# ---------------------------------------------------------------------------- # ----------------------------------------------------------------------------
&log_it("$ENV{GL_TS}\t$ENV{SSH_ORIGINAL_COMMAND}\t$ENV{GL_USER}\n"); &log_it();
$repo = "'$REPO_BASE/$repo.git'"; $repo = "'$REPO_BASE/$repo.git'";
exec("git", "shell", "-c", "$verb $repo") unless $verb eq 'git-init'; exec("git", "shell", "-c", "$verb $repo") unless $verb eq 'git-init';

2
t/t00-initial
View file

@ -53,7 +53,7 @@ runlocal git push -f origin HEAD
expect "+ .* HEAD -> master (forced update)" expect "+ .* HEAD -> master (forced update)"
name "basic rewind log" name "basic rewind log"
taillog taillog
expect "\+.*aa.refs/heads/master.u1.refs/.\*" expect " u1 .* + .* aa refs/heads/master refs/.\*"
# ---------- # ----------
name "basic rewind deny" name "basic rewind deny"