support git installed outside default $PATH
(also some minor fixes to doc/3)
This commit is contained in:
Sitaram Chamarty
parent
030b3f29ef
commit
59e15e62a1
|
|
@ -88,6 +88,16 @@ $PERSONAL="";
|
|||
# NOTE: whatever value you choose, for security reasons it is better to make
|
||||
# it fully qualified -- that is, starting with "refs/"
|
||||
|
||||
# --------------------------------------
|
||||
|
||||
# if git on your server is on a standard path (that is
|
||||
# ssh git@server git --version
|
||||
# works), leave this setting as is. Otherwise, choose one of the
|
||||
# alternatives, or write your own
|
||||
|
||||
$GIT_PATH=""
|
||||
# $GIT_PATH="/opt/bin/"
|
||||
|
||||
# --------------------------------------
|
||||
# per perl rules, this should be the last line in such a file:
|
||||
1;
|
||||
|
|
|
|||
|
|
@ -14,6 +14,7 @@ In this document:
|
|||
* easier to specify gitweb/daemon access
|
||||
* better logging
|
||||
* one user, many keys
|
||||
* support for git installed outside default PATH
|
||||
* who am I?
|
||||
* other cool things
|
||||
* "personal" branches
|
||||
|
|
@ -226,7 +227,7 @@ bits and pieces. Here's an example, using short repo names for convenience:
|
|||
repo r2
|
||||
# ...and so on...
|
||||
|
||||
### better logging
|
||||
#### better logging
|
||||
|
||||
If you have been too liberal with the permission to rewind, it has built-in
|
||||
logging as an emergency fallback if someone goes too far, or for audit
|
||||
|
|
@ -271,6 +272,27 @@ the extra "@" stuff.
|
|||
I think this is easier to maintain if you have to delete or change one of
|
||||
those keys.
|
||||
|
||||
#### support for git installed outside default PATH
|
||||
|
||||
The normal solution is to add to the system default PATH somehow, either by
|
||||
munging `/etc/profile` or by enabling `PermitUserEnvironment` in
|
||||
`/etc/ssh/sshd_config` and then setting the PATH in `~/.ssh/.environment`.
|
||||
All these are security risks because they allow a lot more than just you and
|
||||
your git install :-)
|
||||
|
||||
And if you don't have root, you can't do this anyway.
|
||||
|
||||
The only solution till now has been to ask every client to set the config
|
||||
parameters `remote.<name>.receivepack` and `remote.<name>.uploadpack`. But
|
||||
telling *every* client to do so is a pain...
|
||||
|
||||
Gitolite lets you specify the directory in which git binaries are to be found,
|
||||
via a new variable (`$GIT_PATH`) in the "rc" file. If this variable is
|
||||
non-empty, it will be appended to the PATH environment variable before
|
||||
attempting to run git stuff.
|
||||
|
||||
Very easy, very simple, and completely transparent to the users :-)
|
||||
|
||||
#### who am I?
|
||||
|
||||
As a developer, I send a file called `id_rsa.pub` to the gitolite admin. He
|
||||
|
|
@ -292,7 +314,7 @@ In gitolite, it's simple: just ask nicely :-)
|
|||
|
||||
### other cool things
|
||||
|
||||
### "personal" branches
|
||||
#### "personal" branches
|
||||
|
||||
"personal" branches are great for corporate environments, where
|
||||
unauthenticated pull/clone is a no-no. Since a dev workstation cannot do
|
||||
|
|
|
|||
|
|
@ -239,14 +239,28 @@ prompt "the gitolite rc file needs to be edited by hand. The defaults
|
|||
# lets try and get the file from there first
|
||||
if scp -P $port $user@$host:.gitolite.rc .
|
||||
then
|
||||
prompt "Oh hey... you already had a '.gitolite.rc' file on the server. I'll use
|
||||
that instead of the default one..."
|
||||
prompt "Oh hey... you already had a '.gitolite.rc' file on the server.
|
||||
Let's see if we can use that instead of the default one..."
|
||||
sort < .gitolite.rc | perl -ne 'print "$1\n" if /^(\$\w+) *=/' > glrc.old
|
||||
sort < conf/example.gitolite.rc | perl -ne 'print "$1\n" if /^(\$\w+) *=/' > glrc.new
|
||||
if diff -u glrc.old glrc.new
|
||||
then
|
||||
prompt " looks like you're upgrading! I'm going to run your editor
|
||||
with *both* the old and the new files (in that order), so you can add
|
||||
in the lines pertaining to the variables shown with a '+' sign in the
|
||||
above diff. This is necessary; please dont skip this
|
||||
|
||||
[It's upto you to figure out how your editor handles 2 filename
|
||||
arguments, switch between them, copy lines, etc ;-)]"
|
||||
${VISUAL:-${EDITOR:-vi}} .gitolite.rc conf/example.gitolite.rc
|
||||
else
|
||||
${VISUAL:-${EDITOR:-vi}} .gitolite.rc
|
||||
fi
|
||||
else
|
||||
cp conf/example.gitolite.rc .gitolite.rc
|
||||
${VISUAL:-${EDITOR:-vi}} .gitolite.rc
|
||||
fi
|
||||
|
||||
${VISUAL:-${EDITOR:-vi}} .gitolite.rc
|
||||
|
||||
# copy the rc across
|
||||
scp -P $port .gitolite.rc $user@$host:
|
||||
|
||||
|
|
|
|||
|
|
@ -24,13 +24,16 @@ use warnings;
|
|||
# ----------------------------------------------------------------------------
|
||||
|
||||
|
||||
our ($GL_LOGT, $GL_CONF_COMPILED, $REPO_BASE);
|
||||
our ($GL_LOGT, $GL_CONF_COMPILED, $REPO_BASE, $GIT_PATH);
|
||||
our %repos;
|
||||
|
||||
my $glrc = $ENV{HOME} . "/.gitolite.rc";
|
||||
die "parse $glrc failed: " . ($! or $@) unless do $glrc;
|
||||
die "parse $GL_CONF_COMPILED failed: " . ($! or $@) unless do $GL_CONF_COMPILED;
|
||||
|
||||
# add a custom path for git binaries, if specified
|
||||
$ENV{PATH} .= ":$GIT_PATH" if $GIT_PATH;
|
||||
|
||||
# ----------------------------------------------------------------------------
|
||||
# definitions specific to this program
|
||||
# ----------------------------------------------------------------------------
|
||||
|
|
|
|||
|
|
@ -47,7 +47,7 @@ $Data::Dumper::Indent = 1;
|
|||
# common definitions
|
||||
# ----------------------------------------------------------------------------
|
||||
|
||||
our ($GL_ADMINDIR, $GL_CONF, $GL_KEYDIR, $GL_CONF_COMPILED, $REPO_BASE, $REPO_UMASK, $PROJECTS_LIST);
|
||||
our ($GL_ADMINDIR, $GL_CONF, $GL_KEYDIR, $GL_CONF_COMPILED, $REPO_BASE, $REPO_UMASK, $PROJECTS_LIST, $GIT_PATH);
|
||||
|
||||
# now that this thing *may* be run via "push to admin", any errors have to
|
||||
# grab the admin's ATTENTION so he won't miss them among the other messages a
|
||||
|
|
@ -57,6 +57,9 @@ my $ATTN = "\n\t\t***** ERROR *****\n ";
|
|||
my $glrc = $ENV{HOME} . "/.gitolite.rc";
|
||||
die "$ATTN parse $glrc failed: " . ($! or $@) unless do $glrc;
|
||||
|
||||
# add a custom path for git binaries, if specified
|
||||
$ENV{PATH} .= ":$GIT_PATH" if $GIT_PATH;
|
||||
|
||||
# ----------------------------------------------------------------------------
|
||||
# definitions specific to this program
|
||||
# ----------------------------------------------------------------------------
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
use strict;
|
||||
use warnings;
|
||||
|
||||
our ($REPO_BASE, $GL_ADMINDIR, $GL_CONF);
|
||||
our ($REPO_BASE, $GL_ADMINDIR, $GL_CONF, $GIT_PATH);
|
||||
|
||||
# wrapper around mkdir; it's not an error if the directory exists, but it is
|
||||
# an error if it doesn't exist and we can't create it
|
||||
|
|
@ -33,6 +33,9 @@ unless (-f $glrc) {
|
|||
# ok now $glrc exists; read it to get the other paths
|
||||
die "parse $glrc failed: " . ($! or $@) unless do $glrc;
|
||||
|
||||
# add a custom path for git binaries, if specified
|
||||
$ENV{PATH} .= ":$GIT_PATH" if $GIT_PATH;
|
||||
|
||||
# mkdir $REPO_BASE, $GL_ADMINDIR if they don't already exist
|
||||
my $repo_base_abs = ( $REPO_BASE =~ m(^/) ? $REPO_BASE : "$ENV{HOME}/$REPO_BASE" );
|
||||
wrap_mkdir($repo_base_abs);
|
||||
|
|
|
|||
Loading…
Reference in a new issue