deac/gitolite
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

tighten permissions on install

Browse source 
- hardcode 0700 mode for GL_ADMINDIR tree (thanks to ma at
    ibitsense.com) for catching this
  - honor REPO_UMASK for GL_REPO_BASE_ABS creation
  - plus a minor doc update
This commit is contained in:
Sitaram Chamarty 2010-10-02 05:22:19 +05:30
parent 4957900360
commit 3914dc0161
2 changed files with 11 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
doc/install-transcript.mkd
View file

@ -169,7 +169,9 @@ runs on the client but installs gitolite on the server!
<font color="red"> **This is the only gitolite specific command in a typical <font color="red"> **This is the only gitolite specific command in a typical
install sequence**. </font> Run it without any arguments to see a usage install sequence**. </font> Run it without any arguments to see a usage
message. Run it without the `-q` to get a more verbose, pause-at-every-step, message. Run it without the `-q` to get a more verbose, pause-at-every-step,
install mode that allows you to change the defaults etc. install mode that allows you to change the defaults (for example, if you want
a different UMASK setting, or you want the repos to be in a different place,
etc.)
sita@sita-lt:src $ ./gl-easy-install -q git server sitaram sita@sita-lt:src $ ./gl-easy-install -q git server sitaram
you are upgrading (or installing first-time) to v0.95-38-gb0ce84d you are upgrading (or installing first-time) to v0.95-38-gb0ce84d

11
src/gl-install
View file

@ -5,7 +5,7 @@
use strict; use strict;
use warnings; use warnings;
our ($REPO_BASE, $GL_ADMINDIR, $GL_CONF, $GIT_PATH, $GL_PACKAGE_CONF, $GL_PACKAGE_HOOKS, $GL_PERFLOGT); our ($REPO_BASE, $GL_ADMINDIR, $GL_CONF, $GIT_PATH, $GL_PACKAGE_CONF, $GL_PACKAGE_HOOKS, $GL_PERFLOGT, $REPO_UMASK);
# setup quiet mode if asked; please do not use this when running manually # setup quiet mode if asked; please do not use this when running manually
open STDOUT, ">", "/dev/null" if (@ARGV and shift eq '-q'); open STDOUT, ">", "/dev/null" if (@ARGV and shift eq '-q');
@ -15,11 +15,13 @@ open STDOUT, ">", "/dev/null" if (@ARGV and shift eq '-q');
sub wrap_mkdir sub wrap_mkdir
{ {
my $dir = shift; my $dir = shift;
my $perm = shift; # optional
if ( -d $dir ) { if ( -d $dir ) {
print "$dir already exists\n"; print "$dir already exists\n";
return; return;
} }
mkdir($dir) or die "mkdir $dir failed: $!\n"; mkdir($dir) or die "mkdir $dir failed: $!\n";
chmod $perm, $dir if $perm;
print "created $dir\n"; print "created $dir\n";
} }
@ -49,14 +51,17 @@ die "parse $ENV{GL_RC} failed: " . ($! or $@) unless do $ENV{GL_RC};
# add a custom path for git binaries, if specified # add a custom path for git binaries, if specified
$ENV{PATH} .= ":$GIT_PATH" if $GIT_PATH; $ENV{PATH} .= ":$GIT_PATH" if $GIT_PATH;
# set the umask before creating any files/directories
umask($REPO_UMASK);
# mkdir $REPO_BASE, $GL_ADMINDIR if they don't already exist # mkdir $REPO_BASE, $GL_ADMINDIR if they don't already exist
$ENV{GL_REPO_BASE_ABS} = ( $REPO_BASE =~ m(^/) ? $REPO_BASE : "$ENV{HOME}/$REPO_BASE" ); $ENV{GL_REPO_BASE_ABS} = ( $REPO_BASE =~ m(^/) ? $REPO_BASE : "$ENV{HOME}/$REPO_BASE" );
wrap_mkdir($ENV{GL_REPO_BASE_ABS}); wrap_mkdir($ENV{GL_REPO_BASE_ABS});
wrap_mkdir($GL_ADMINDIR); wrap_mkdir($GL_ADMINDIR, 0700);
# mkdir $GL_ADMINDIR's subdirs # mkdir $GL_ADMINDIR's subdirs
for my $dir qw(conf doc keydir logs src hooks hooks/common hooks/gitolite-admin) { for my $dir qw(conf doc keydir logs src hooks hooks/common hooks/gitolite-admin) {
# some of them will stay empty; too lazy to fix right now ;-) # some of them will stay empty; too lazy to fix right now ;-)
wrap_mkdir("$GL_ADMINDIR/$dir"); wrap_mkdir("$GL_ADMINDIR/$dir", 0700);
} }
# "src" and "doc" will be overwritten on each install, but not conf # "src" and "doc" will be overwritten on each install, but not conf