deac/gitolite
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Merge branch 'gitweb-descriptions'

Browse source
This commit is contained in:
Sitaram Chamarty 2009-11-13 13:45:47 +05:30
commit 3838be2b50
3 changed files with 127 additions and 85 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

165
conf/example.conf
View file

@ -1,9 +1,11 @@
# example conf file for gitolite # example conf file for gitolite
# ----------------------------------------------------------------------------
# overall syntax: # overall syntax:
# - everything in this is space-separated; no commas, semicolons, etc # - everything is space-separated; no commas, semicolons, etc (except in
# the description string for gitweb)
# - comments in the normal shell-ish style; no surprises there # - comments in the normal shell-ish style; no surprises there
# - there are no continuation lines of any kind # - there are NO continuation lines of any kind
# - user/repo names as simple as possible # - user/repo names as simple as possible
# (usernames: only alphanumerics, ".", "_", "-"; # (usernames: only alphanumerics, ".", "_", "-";
# reponames: same, plus "/", but not at the start) # reponames: same, plus "/", but not at the start)
@ -14,56 +16,79 @@
# - specify who can push a branch/tag # - specify who can push a branch/tag
# - specify who can rewind a branch/rewrite a tag # - specify who can rewind a branch/rewrite a tag
# convenience: allow specifying the access control in bits and pieces, even if
# they overlap. Keeps the config file smaller and saner. See the example in
# the "faq, tips, etc" document
# ---------------------------------------------------------------------------- # ----------------------------------------------------------------------------
# LISTS
# GROUPS
# ------
# syntax: # syntax:
# @listname = name [...] # @groupname = [one or more names]
# lists can be used as shorthand for usernames as well as reponames
# a list is equivalent to typing out all the right hand side names, so why do # groups let you club names together for convenience in specifying
# we need lists at all? (1) to be able to reuse the same set of usernames in # permissions. A group is simply expanded to whatever names are on the right
# the paras for different repos, (2) to keep the lines short, because lists # hand side when it is actually used
# accumulate, like squid ACLs, so you can say:
# @cust_A = cust1 cust2 # you can have a group of people...
# @cust_A = cust99 @staff = sitaram some_dev another-dev
# and this is the same as listing all three on the same line # ...or a group of repos
@oss_repos = gitolite linux git perl rakudo entrans vkc
# you can nest groups, but not recursively of course! # even sliced and diced differently
@admins = sitaram admin2
# notice that sitaram is in 2 groups (staff and admins)
# @interns = indy james # if you repeat a group name in another definition line, the
# @staff = bob @interns # new ones get added to the old ones (they accumulate)
@staff = au.thor
# so now "@staff" expands to all 4 names
# @staff = me alice # groups can include other groups (but not recursively)
# @secret_staff = bruce whitfield martin @interns = indy james
@staff = bob @interns
# "@staff" expands to 7 names now
# @pubrepos = linux git # REPO AND BRANCH PERMISSIONS
# ---------------------------
# @privrepos = supersecretrepo anothersecretrepo
# ----------------------------------------------------------------------------
# REPOS, REFS, and PERMISSIONS
# syntax: # syntax:
# repo [one or more repos] # start line:
# repo [one or more repos and/or repo groups]
# followed by one or more permissions lines:
# (R|RW|RW+) [zero or more refexes] = [one or more users] # (R|RW|RW+) [zero or more refexes] = [one or more users]
# notes: # there are 3 types of permissions: R, RW, and RW+. The "+" means permission
# to "rewind" (force push a non-fast forward to) a branch
# - the reponame is a simple name. Do not add the ".git" extension -- # how permissions are matched:
# that will be added by the program when the actual repo is created # - user, repo, and access (W or +) are known. For that combination, if
# any of the refexes match the refname being updated, the push succeeds.
# If none of them match, it fails
# - RW+ means non-ff push is allowed # what's a refex? a regex to match against the ref being updated (get it?)
# - you can't write just "W" or "+"; it has to be R, or RW, or RW+
# - a refex is a regex that matches a ref :-) If you see the examples # BASIC PERMISSIONS (repo level only; apply to all branches/tags in repo)
# below you'll get it easy enough
# most important rule of all -- specify who can make changes
# to *this* file take effect
repo gitolite-admin
RW+ = @admins
# "@all" is a special, predefined, group name
repo testing
RW+ = @all
# this repo is visible to staff but only sitaram can write to it
repo gitolite
R = @staff
RW+ = sitaram
# you can split up access rules for a repo as convenient
# (notice that @oss_repos contains gitolite also)
repo @oss_repos
R = @all
# ADVANCED PERMISSIONS USING REFEXES
# - refexes are specified in perl regex syntax # - refexes are specified in perl regex syntax
# - if no refex appears, the rule applies to all refs in that repo # - if no refex appears, the rule applies to all refs in that repo
@ -71,53 +96,47 @@
# with "refs/" (so tags have to be explicitly named as # with "refs/" (so tags have to be explicitly named as
# refs/tags/pattern) # refs/tags/pattern)
# - the list of users or repos can inlude any group name defined earlier # here's the example from
# - "@all" is a special, predefined, groupname that means "all users" # Documentation/howto/update-hook-example.txt:
# (there is no corresponding shortcut for all repos)
# matching: # refs/heads/master junio
# +refs/heads/pu junio
# refs/heads/cogito$ pasky
# refs/heads/bw/.* linus
# refs/heads/tmp/.* .*
# refs/tags/v[0-9].* junio
# - user, repo, and access (W or +) are known. For that combination, if # and here're the equivalent gitolite refexes
# any of the refexes match the refname being updated, the push succeeds. repo git
# If none of them match, it fails RW master = junio
RW+ pu = junio
RW cogito$ = pasky
RW bw/ = linus
RW tmp/ = @all
RW refs/tags/v[0-9] = junio
# anyone can play in the sandbox, including making non-fastforward commits
# (that's what the "+" means)
# repo sandbox # GITWEB AND DAEMON STUFF
# RW+ = @all # -----------------------
# my repo and alice's repo have the same memberships and access, so we just # No specific syntax for gitweb and daemon access; just make the repo readable
# put them both in the same stanza # ("R" access) to the special users "gitweb" and "daemon"
# repo myrepo alicerepo # make "@oss_repos" (all 7 of them!) accessible via git daemon
# RW+ = me alice repo @oss_repos
# R = bob eve R = daemon
# this repo is visible to customers from company A but they can't write to it # make the two *large* repos accessible via gitweb
repo linux perl
R = gitweb
# repo cust_A_repo # GITWEB DESCRIPTION LINE
# R = @cust_A
# RW = @staff
# idea for the tags syntax shamelessly copied from git.git # syntax:
# Documentation/howto/update-hook-example.txt :) # reponame = "some description string in double quotes"
# repo @privrepos thirdsecretrepo # note: setting a description also gives gitweb access; you do not have to
# RW+ pu = bruce # give gitweb access as described above if you're specifying a description
# RW master next = bruce
# RW refs/tags/v[0-9].* = bruce
# RW refs/tags/ss/ = @secret_staff
# RW tmp/.* = @secret_staff
# R = @secret_staff
# ---------------------------------------------------------------------------- gitolite = "fast, secure, access control for git in a corporate environment"
# GITWEB AND DAEMON CONTROL
# there is no special syntax for this. If a repo gives read permissions to
# the special user "gitweb" or "daemon", the corresponding changes are made
# when you compile; see "faq, tips, etc" document for details.
# this means you cannot have a real user called "gitweb" or "daemon" but I
# don't think that is a problem :-)

25
doc/2-admin.mkd
View file

@ -38,22 +38,27 @@ This is a feature that I personally do not use (corporate environments don't
like unauthenticated access of any kind to any repo!), but someone wanted it, like unauthenticated access of any kind to any repo!), but someone wanted it,
so here goes. so here goes.
There's **no special syntax** for this -- just give read permission to a user To make a repo or repo group accessible via "git daemon", just give read
called `gitweb` or `daemon`! (This also means you can't have a normal user permission to the special user "daemon". See the [faq, tips, etc][ss]
with either of those two names, but I doubt that's a problem!). See the [faq, document for easy ways to specify access for multiple repositories.
tips, etc][ss] document for easy ways to specify access for multiple
repositories.
[ss]: http://github.com/sitaramc/gitolite/blob/pu/doc/3-faq-tips-etc.mkd#gwd [ss]: http://github.com/sitaramc/gitolite/blob/pu/doc/3-faq-tips-etc.mkd#gwd
Note that this does **not** install or configure gitweb/daemon -- that is a There's a special user called "gitweb" also, which works the same way.
one-time setup you must do separately. All this does is: However, setting a description for the project also enables gitweb permissions
so you may as well use that method and kill two birds with one stone, like so:
gitolite = "fast, secure, access control for git in a corporate environment"
Note that gitolite does **not** install or configure gitweb/daemon -- that is
a one-time setup you must do separately. All this does is:
* for daemon, create the file `git-daemon-export-ok` in the repository
* for gitweb, add the repo to the list of projects to be served by gitweb * for gitweb, add the repo to the list of projects to be served by gitweb
(see the config file variable `$PROJECTS_LIST`, which should have the same (see the config file variable `$PROJECTS_LIST`, which should have the same
value you specified for `$projects_list` when setting up gitweb) value you specified for `$projects_list` when setting up gitweb)
* for daemon, create the file `git-daemon-export-ok` in the repository * put the description, if given, in `$repo/description`
The "compile" script will keep these files consistent with the config settings The "compile" script will keep these files consistent with the config settings
-- this includes removing such settings if you remove "read" permissions for -- this includes removing such settings/files if you remove "read" permissions
the special usernames. for the special usernames or remove the description line.

20
src/gl-compile-conf
View file

@ -106,6 +106,9 @@ my %rurp_seen = ();
# catch usernames<->pubkeys mismatches; search for "lint" below # catch usernames<->pubkeys mismatches; search for "lint" below
my %user_list = (); my %user_list = ();
# gitweb descriptions, plain text, keyed by repo
my %desc = ();
# set the umask before creating any files # set the umask before creating any files
umask($REPO_UMASK); umask($REPO_UMASK);
@ -249,6 +252,15 @@ sub parse_conf_file
} }
} }
} }
# very simple syntax for the gitweb description of repo
elsif (/^(\S+) = "(.*)"$/)
{
my ($repo, $desc) = ($1, $2);
die "$ABRT bad repo name $repo\n" unless $repo =~ $REPONAME_PATT;
die "$WARN $fragment attempting to set description for $repo\n" if
$fragment ne 'master' and $fragment ne $repo and ($groups{"\@$fragment"}{$repo} || '') ne 'master';
$desc{$repo} = $desc;
}
else else
{ {
die "$ABRT can't make head or tail of '$_'\n"; die "$ABRT can't make head or tail of '$_'\n";
@ -359,13 +371,17 @@ for my $repo (sort keys %repos) {
# ...then gitwebs # ...then gitwebs
for my $repo (sort keys %repos) { for my $repo (sort keys %repos) {
if ($repos{$repo}{'R'}{'gitweb'}) { my $desc_file = "$repo.git/description";
# note: having a description also counts as enabling gitweb
if ($repos{$repo}{'R'}{'gitweb'} or $desc{$repo}) {
unless ($projlist{"$repo.git"}) { unless ($projlist{"$repo.git"}) {
# not in the old list; add it to the new one # not in the old list; add it to the new one
$projlist{"$repo.git"} = 1; $projlist{"$repo.git"} = 1;
$projlist_changed = 1; $projlist_changed = 1;
print "gitweb add $repo.git\n"; print "gitweb add $repo.git\n";
} }
# add the description file; no messages to user or error checking :)
$desc{$repo} and open(DESC, ">", $desc_file) and print DESC "$desc{$repo}\n" and close DESC;
} else { } else {
if ($projlist{"$repo.git"}) { if ($projlist{"$repo.git"}) {
# delete it from new list # delete it from new list
@ -373,6 +389,8 @@ for my $repo (sort keys %repos) {
$projlist_changed = 1; $projlist_changed = 1;
print "gitweb del $repo.git\n"; print "gitweb del $repo.git\n";
} }
# delete the description file; no messages to user or error checking :)
unlink $desc_file;
} }
} }