compile: allow full email addresses as usernames
we had usurped the email style syntax to separate multiple keys belonging to the same person, like sitaram@desktop.pub and sitaram@laptop.pub. If you have so many users that you need the full email address to disambiguate some of them (or you want to do it for just plain convenience), you couldn't. This patch fixes that in a backward compatible way. See doc/3-faq-tips-etc.mkd for details.
This commit is contained in:
parent
8a4bb453a0
commit
4441ed82e4
|
@ -6,9 +6,13 @@
|
||||||
# the description string for gitweb)
|
# the description string for gitweb)
|
||||||
# - comments in the normal shell-ish style; no surprises there
|
# - comments in the normal shell-ish style; no surprises there
|
||||||
# - there are NO continuation lines of any kind
|
# - there are NO continuation lines of any kind
|
||||||
# - user/repo names as simple as possible
|
# - user/repo names as simple as possible; they must start with an
|
||||||
# (usernames: only alphanumerics, ".", "_", "-";
|
# alphanumeric, but after that they can also contain ".", "_", "-".
|
||||||
# reponames: same, plus "/", but not at the start)
|
# - usernames can optionally be followed by an "@" and a domainname
|
||||||
|
# containing at least one "." (this allows you to use an email
|
||||||
|
# address as someone's username)
|
||||||
|
# - reponames can contain "/" characters (this allows you to
|
||||||
|
# put your repos in a tree-structure for convenience)
|
||||||
|
|
||||||
# objectives, over and above gitosis:
|
# objectives, over and above gitosis:
|
||||||
# - simpler syntax
|
# - simpler syntax
|
||||||
|
|
|
@ -344,12 +344,36 @@ gitolite knows these two keys belong to the same person.
|
||||||
|
|
||||||
Note that you don't say "sitaram@laptop" and so on in the **config** file --
|
Note that you don't say "sitaram@laptop" and so on in the **config** file --
|
||||||
as far as the config file is concerned there's just **one** user called
|
as far as the config file is concerned there's just **one** user called
|
||||||
"sitaram" -- so you only say "sitaram" there. Only the **pubkey files** have
|
"sitaram" -- so you only say "sitaram" there.
|
||||||
the extra "@" stuff.
|
|
||||||
|
|
||||||
I think this is easier to maintain if you have to delete or change one of
|
I think this is easier to maintain if you have to delete or change one of
|
||||||
those keys.
|
those keys.
|
||||||
|
|
||||||
|
However, now that `sitaramc@gmail.com` is also a valid username, we need to
|
||||||
|
distinguish between `sitaramc@gmail.com.pub` and `sitaramc@desktop.pub`. We
|
||||||
|
do that by requiring that the multi-key suffix you use (like "desktop" and
|
||||||
|
"laptop") should not have a `"."` in it. If it does, it looks like an email
|
||||||
|
address. The following table lists sample pubkey filenames and the
|
||||||
|
corresponding derived usernames (which is what goes into the
|
||||||
|
`conf/gitolite.conf` file):
|
||||||
|
|
||||||
|
* old style multikeys; not mistaken for emails because there is no "." in
|
||||||
|
hostname part
|
||||||
|
|
||||||
|
sitaramc.pub sitaramc
|
||||||
|
sitaramc@laptop.pub sitaramc
|
||||||
|
sitaramc@desktop.pub sitaramc
|
||||||
|
|
||||||
|
* new style, email keys; there is a "." in hostname part; so it's an email
|
||||||
|
address
|
||||||
|
|
||||||
|
sitaramc@gmail.com.pub sitaramc@gmail.com
|
||||||
|
|
||||||
|
* multikeys *with* email address
|
||||||
|
|
||||||
|
sitaramc@gmail.com@laptop.pub sitaramc@gmail.com
|
||||||
|
sitaramc@gmail.com@desktop.pub sitaramc@gmail.com
|
||||||
|
|
||||||
#### support for git installed outside default PATH
|
#### support for git installed outside default PATH
|
||||||
|
|
||||||
The normal solution is to add to the system default PATH somehow, either by
|
The normal solution is to add to the system default PATH somehow, either by
|
||||||
|
|
|
@ -24,9 +24,9 @@ $WARN = "\n\t\t***** WARNING *****\n ";
|
||||||
$R_COMMANDS=qr/^(git[ -]upload-pack|git[ -]upload-archive)$/;
|
$R_COMMANDS=qr/^(git[ -]upload-pack|git[ -]upload-archive)$/;
|
||||||
$W_COMMANDS=qr/^git[ -]receive-pack$/;
|
$W_COMMANDS=qr/^git[ -]receive-pack$/;
|
||||||
|
|
||||||
# note that REPONAME_PATT allows a "/" also, which USERNAME_PATT doesn't
|
# note that REPONAME_PATT allows "/", while USERNAME_PATT allows "@"
|
||||||
$REPONAME_PATT=qr(^\@?[0-9a-zA-Z][0-9a-zA-Z._/-]*$); # very simple pattern
|
$REPONAME_PATT=qr(^\@?[0-9a-zA-Z][0-9a-zA-Z._/-]*$); # very simple pattern
|
||||||
$USERNAME_PATT=qr(^\@?[0-9a-zA-Z][0-9a-zA-Z._-]*$); # very simple pattern
|
$USERNAME_PATT=qr(^\@?[0-9a-zA-Z][0-9a-zA-Z._\@-]*$); # very simple pattern
|
||||||
|
|
||||||
# ----------------------------------------------------------------------------
|
# ----------------------------------------------------------------------------
|
||||||
# convenience subs
|
# convenience subs
|
||||||
|
|
|
@ -121,7 +121,7 @@ sub expand_list
|
||||||
{
|
{
|
||||||
# we test with the slightly more relaxed pattern here; we'll catch the
|
# we test with the slightly more relaxed pattern here; we'll catch the
|
||||||
# "/" in user name thing later; it doesn't affect security anyway
|
# "/" in user name thing later; it doesn't affect security anyway
|
||||||
die "$ABRT bad user or repo name $item\n" unless $item =~ $REPONAME_PATT;
|
die "$ABRT bad user or repo name $item\n" unless $item =~ $REPONAME_PATT or $item =~ $USERNAME_PATT;
|
||||||
if ($item =~ /^@/) # nested group
|
if ($item =~ /^@/) # nested group
|
||||||
{
|
{
|
||||||
die "$ABRT undefined group $item\n" unless $groups{$item};
|
die "$ABRT undefined group $item\n" unless $groups{$item};
|
||||||
|
@ -174,7 +174,6 @@ sub parse_conf_file
|
||||||
# store the members of each group as hash key. Keep track of when
|
# store the members of each group as hash key. Keep track of when
|
||||||
# the group was *first* created by using $fragment as the *value*
|
# the group was *first* created by using $fragment as the *value*
|
||||||
do { $groups{$1}{$_} ||= $fragment } for ( expand_list( split(' ', $2) ) );
|
do { $groups{$1}{$_} ||= $fragment } for ( expand_list( split(' ', $2) ) );
|
||||||
# again, we take the more "relaxed" pattern
|
|
||||||
die "$ABRT bad group $1\n" unless $1 =~ $REPONAME_PATT;
|
die "$ABRT bad group $1\n" unless $1 =~ $REPONAME_PATT;
|
||||||
}
|
}
|
||||||
# repo(s)
|
# repo(s)
|
||||||
|
@ -200,7 +199,7 @@ sub parse_conf_file
|
||||||
# expand the user list, unless it is just "@all"
|
# expand the user list, unless it is just "@all"
|
||||||
@users = expand_list ( @users )
|
@users = expand_list ( @users )
|
||||||
unless (@users == 1 and $users[0] eq '@all');
|
unless (@users == 1 and $users[0] eq '@all');
|
||||||
do { die "$ABRT bad username $_\n" unless $_ =~ $USERNAME_PATT } for @users;
|
do { die "$ABRT bad username $_ PATT is $USERNAME_PATT,\n" unless $_ =~ $USERNAME_PATT } for @users;
|
||||||
|
|
||||||
# ok, we can finally populate the %repos hash
|
# ok, we can finally populate the %repos hash
|
||||||
for my $repo (@repos) # each repo in the current stanza
|
for my $repo (@repos) # each repo in the current stanza
|
||||||
|
@ -408,7 +407,7 @@ for my $pubkey (glob("*"))
|
||||||
print STDERR "WARNING: pubkey files should end with \".pub\", ignoring $pubkey\n";
|
print STDERR "WARNING: pubkey files should end with \".pub\", ignoring $pubkey\n";
|
||||||
next;
|
next;
|
||||||
}
|
}
|
||||||
my $user = $pubkey; $user =~ s/(\@.+)?\.pub$//;
|
my $user = $pubkey; $user =~ s/(\@[^.]+)?\.pub$//;
|
||||||
# lint check 2
|
# lint check 2
|
||||||
print STDERR "WARNING: pubkey $pubkey exists but user $user not in config\n"
|
print STDERR "WARNING: pubkey $pubkey exists but user $user not in config\n"
|
||||||
unless $user_list{$user};
|
unless $user_list{$user};
|
||||||
|
|
Loading…
Reference in a new issue