compile: allow full email addresses as usernames
we had usurped the email style syntax to separate multiple keys belonging to the same person, like sitaram@desktop.pub and sitaram@laptop.pub. If you have so many users that you need the full email address to disambiguate some of them (or you want to do it for just plain convenience), you couldn't. This patch fixes that in a backward compatible way. See doc/3-faq-tips-etc.mkd for details.
This commit is contained in:
parent
8a4bb453a0
commit
4441ed82e4
|
@ -6,9 +6,13 @@
|
|||
# the description string for gitweb)
|
||||
# - comments in the normal shell-ish style; no surprises there
|
||||
# - there are NO continuation lines of any kind
|
||||
# - user/repo names as simple as possible
|
||||
# (usernames: only alphanumerics, ".", "_", "-";
|
||||
# reponames: same, plus "/", but not at the start)
|
||||
# - user/repo names as simple as possible; they must start with an
|
||||
# alphanumeric, but after that they can also contain ".", "_", "-".
|
||||
# - usernames can optionally be followed by an "@" and a domainname
|
||||
# containing at least one "." (this allows you to use an email
|
||||
# address as someone's username)
|
||||
# - reponames can contain "/" characters (this allows you to
|
||||
# put your repos in a tree-structure for convenience)
|
||||
|
||||
# objectives, over and above gitosis:
|
||||
# - simpler syntax
|
||||
|
|
|
@ -344,12 +344,36 @@ gitolite knows these two keys belong to the same person.
|
|||
|
||||
Note that you don't say "sitaram@laptop" and so on in the **config** file --
|
||||
as far as the config file is concerned there's just **one** user called
|
||||
"sitaram" -- so you only say "sitaram" there. Only the **pubkey files** have
|
||||
the extra "@" stuff.
|
||||
"sitaram" -- so you only say "sitaram" there.
|
||||
|
||||
I think this is easier to maintain if you have to delete or change one of
|
||||
those keys.
|
||||
|
||||
However, now that `sitaramc@gmail.com` is also a valid username, we need to
|
||||
distinguish between `sitaramc@gmail.com.pub` and `sitaramc@desktop.pub`. We
|
||||
do that by requiring that the multi-key suffix you use (like "desktop" and
|
||||
"laptop") should not have a `"."` in it. If it does, it looks like an email
|
||||
address. The following table lists sample pubkey filenames and the
|
||||
corresponding derived usernames (which is what goes into the
|
||||
`conf/gitolite.conf` file):
|
||||
|
||||
* old style multikeys; not mistaken for emails because there is no "." in
|
||||
hostname part
|
||||
|
||||
sitaramc.pub sitaramc
|
||||
sitaramc@laptop.pub sitaramc
|
||||
sitaramc@desktop.pub sitaramc
|
||||
|
||||
* new style, email keys; there is a "." in hostname part; so it's an email
|
||||
address
|
||||
|
||||
sitaramc@gmail.com.pub sitaramc@gmail.com
|
||||
|
||||
* multikeys *with* email address
|
||||
|
||||
sitaramc@gmail.com@laptop.pub sitaramc@gmail.com
|
||||
sitaramc@gmail.com@desktop.pub sitaramc@gmail.com
|
||||
|
||||
#### support for git installed outside default PATH
|
||||
|
||||
The normal solution is to add to the system default PATH somehow, either by
|
||||
|
|
|
@ -24,9 +24,9 @@ $WARN = "\n\t\t***** WARNING *****\n ";
|
|||
$R_COMMANDS=qr/^(git[ -]upload-pack|git[ -]upload-archive)$/;
|
||||
$W_COMMANDS=qr/^git[ -]receive-pack$/;
|
||||
|
||||
# note that REPONAME_PATT allows a "/" also, which USERNAME_PATT doesn't
|
||||
$REPONAME_PATT=qr(^\@?[0-9a-zA-Z][0-9a-zA-Z._/-]*$); # very simple pattern
|
||||
$USERNAME_PATT=qr(^\@?[0-9a-zA-Z][0-9a-zA-Z._-]*$); # very simple pattern
|
||||
# note that REPONAME_PATT allows "/", while USERNAME_PATT allows "@"
|
||||
$REPONAME_PATT=qr(^\@?[0-9a-zA-Z][0-9a-zA-Z._/-]*$); # very simple pattern
|
||||
$USERNAME_PATT=qr(^\@?[0-9a-zA-Z][0-9a-zA-Z._\@-]*$); # very simple pattern
|
||||
|
||||
# ----------------------------------------------------------------------------
|
||||
# convenience subs
|
||||
|
|
|
@ -121,7 +121,7 @@ sub expand_list
|
|||
{
|
||||
# we test with the slightly more relaxed pattern here; we'll catch the
|
||||
# "/" in user name thing later; it doesn't affect security anyway
|
||||
die "$ABRT bad user or repo name $item\n" unless $item =~ $REPONAME_PATT;
|
||||
die "$ABRT bad user or repo name $item\n" unless $item =~ $REPONAME_PATT or $item =~ $USERNAME_PATT;
|
||||
if ($item =~ /^@/) # nested group
|
||||
{
|
||||
die "$ABRT undefined group $item\n" unless $groups{$item};
|
||||
|
@ -174,7 +174,6 @@ sub parse_conf_file
|
|||
# store the members of each group as hash key. Keep track of when
|
||||
# the group was *first* created by using $fragment as the *value*
|
||||
do { $groups{$1}{$_} ||= $fragment } for ( expand_list( split(' ', $2) ) );
|
||||
# again, we take the more "relaxed" pattern
|
||||
die "$ABRT bad group $1\n" unless $1 =~ $REPONAME_PATT;
|
||||
}
|
||||
# repo(s)
|
||||
|
@ -200,7 +199,7 @@ sub parse_conf_file
|
|||
# expand the user list, unless it is just "@all"
|
||||
@users = expand_list ( @users )
|
||||
unless (@users == 1 and $users[0] eq '@all');
|
||||
do { die "$ABRT bad username $_\n" unless $_ =~ $USERNAME_PATT } for @users;
|
||||
do { die "$ABRT bad username $_ PATT is $USERNAME_PATT,\n" unless $_ =~ $USERNAME_PATT } for @users;
|
||||
|
||||
# ok, we can finally populate the %repos hash
|
||||
for my $repo (@repos) # each repo in the current stanza
|
||||
|
@ -408,7 +407,7 @@ for my $pubkey (glob("*"))
|
|||
print STDERR "WARNING: pubkey files should end with \".pub\", ignoring $pubkey\n";
|
||||
next;
|
||||
}
|
||||
my $user = $pubkey; $user =~ s/(\@.+)?\.pub$//;
|
||||
my $user = $pubkey; $user =~ s/(\@[^.]+)?\.pub$//;
|
||||
# lint check 2
|
||||
print STDERR "WARNING: pubkey $pubkey exists but user $user not in config\n"
|
||||
unless $user_list{$user};
|
||||
|
|
Loading…
Reference in a new issue