diff --git a/conf/example.conf b/conf/example.conf index b5ead17..b2173e3 100644 --- a/conf/example.conf +++ b/conf/example.conf @@ -6,9 +6,13 @@ # the description string for gitweb) # - comments in the normal shell-ish style; no surprises there # - there are NO continuation lines of any kind -# - user/repo names as simple as possible -# (usernames: only alphanumerics, ".", "_", "-"; -# reponames: same, plus "/", but not at the start) +# - user/repo names as simple as possible; they must start with an +# alphanumeric, but after that they can also contain ".", "_", "-". +# - usernames can optionally be followed by an "@" and a domainname +# containing at least one "." (this allows you to use an email +# address as someone's username) +# - reponames can contain "/" characters (this allows you to +# put your repos in a tree-structure for convenience) # objectives, over and above gitosis: # - simpler syntax diff --git a/doc/3-faq-tips-etc.mkd b/doc/3-faq-tips-etc.mkd index 464a4e5..9a1d413 100644 --- a/doc/3-faq-tips-etc.mkd +++ b/doc/3-faq-tips-etc.mkd @@ -344,12 +344,36 @@ gitolite knows these two keys belong to the same person. Note that you don't say "sitaram@laptop" and so on in the **config** file -- as far as the config file is concerned there's just **one** user called -"sitaram" -- so you only say "sitaram" there. Only the **pubkey files** have -the extra "@" stuff. +"sitaram" -- so you only say "sitaram" there. I think this is easier to maintain if you have to delete or change one of those keys. +However, now that `sitaramc@gmail.com` is also a valid username, we need to +distinguish between `sitaramc@gmail.com.pub` and `sitaramc@desktop.pub`. We +do that by requiring that the multi-key suffix you use (like "desktop" and +"laptop") should not have a `"."` in it. If it does, it looks like an email +address. The following table lists sample pubkey filenames and the +corresponding derived usernames (which is what goes into the +`conf/gitolite.conf` file): + + * old style multikeys; not mistaken for emails because there is no "." in + hostname part + + sitaramc.pub sitaramc + sitaramc@laptop.pub sitaramc + sitaramc@desktop.pub sitaramc + + * new style, email keys; there is a "." in hostname part; so it's an email + address + + sitaramc@gmail.com.pub sitaramc@gmail.com + + * multikeys *with* email address + + sitaramc@gmail.com@laptop.pub sitaramc@gmail.com + sitaramc@gmail.com@desktop.pub sitaramc@gmail.com + #### support for git installed outside default PATH The normal solution is to add to the system default PATH somehow, either by diff --git a/src/gitolite.pm b/src/gitolite.pm index 71c0b0c..ee0fc77 100644 --- a/src/gitolite.pm +++ b/src/gitolite.pm @@ -24,9 +24,9 @@ $WARN = "\n\t\t***** WARNING *****\n "; $R_COMMANDS=qr/^(git[ -]upload-pack|git[ -]upload-archive)$/; $W_COMMANDS=qr/^git[ -]receive-pack$/; -# note that REPONAME_PATT allows a "/" also, which USERNAME_PATT doesn't -$REPONAME_PATT=qr(^\@?[0-9a-zA-Z][0-9a-zA-Z._/-]*$); # very simple pattern -$USERNAME_PATT=qr(^\@?[0-9a-zA-Z][0-9a-zA-Z._-]*$); # very simple pattern +# note that REPONAME_PATT allows "/", while USERNAME_PATT allows "@" +$REPONAME_PATT=qr(^\@?[0-9a-zA-Z][0-9a-zA-Z._/-]*$); # very simple pattern +$USERNAME_PATT=qr(^\@?[0-9a-zA-Z][0-9a-zA-Z._\@-]*$); # very simple pattern # ---------------------------------------------------------------------------- # convenience subs diff --git a/src/gl-compile-conf b/src/gl-compile-conf index 56b11ed..1125add 100755 --- a/src/gl-compile-conf +++ b/src/gl-compile-conf @@ -121,7 +121,7 @@ sub expand_list { # we test with the slightly more relaxed pattern here; we'll catch the # "/" in user name thing later; it doesn't affect security anyway - die "$ABRT bad user or repo name $item\n" unless $item =~ $REPONAME_PATT; + die "$ABRT bad user or repo name $item\n" unless $item =~ $REPONAME_PATT or $item =~ $USERNAME_PATT; if ($item =~ /^@/) # nested group { die "$ABRT undefined group $item\n" unless $groups{$item}; @@ -174,7 +174,6 @@ sub parse_conf_file # store the members of each group as hash key. Keep track of when # the group was *first* created by using $fragment as the *value* do { $groups{$1}{$_} ||= $fragment } for ( expand_list( split(' ', $2) ) ); - # again, we take the more "relaxed" pattern die "$ABRT bad group $1\n" unless $1 =~ $REPONAME_PATT; } # repo(s) @@ -200,7 +199,7 @@ sub parse_conf_file # expand the user list, unless it is just "@all" @users = expand_list ( @users ) unless (@users == 1 and $users[0] eq '@all'); - do { die "$ABRT bad username $_\n" unless $_ =~ $USERNAME_PATT } for @users; + do { die "$ABRT bad username $_ PATT is $USERNAME_PATT,\n" unless $_ =~ $USERNAME_PATT } for @users; # ok, we can finally populate the %repos hash for my $repo (@repos) # each repo in the current stanza @@ -408,7 +407,7 @@ for my $pubkey (glob("*")) print STDERR "WARNING: pubkey files should end with \".pub\", ignoring $pubkey\n"; next; } - my $user = $pubkey; $user =~ s/(\@.+)?\.pub$//; + my $user = $pubkey; $user =~ s/(\@[^.]+)?\.pub$//; # lint check 2 print STDERR "WARNING: pubkey $pubkey exists but user $user not in config\n" unless $user_list{$user};