deac/gitolite
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

support git installed outside default $PATH

Browse source 
(also some minor fixes to doc/3)
This commit is contained in:
Sitaram Chamarty 2009-10-13 10:02:45 +05:30
parent 030b3f29ef
commit 59e15e62a1
6 changed files with 64 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
conf/example.gitolite.rc
View file

@ -88,6 +88,16 @@ $PERSONAL="";
# NOTE: whatever value you choose, for security reasons it is better to make # NOTE: whatever value you choose, for security reasons it is better to make
# it fully qualified -- that is, starting with "refs/" # it fully qualified -- that is, starting with "refs/"
# --------------------------------------
# if git on your server is on a standard path (that is
# ssh git@server git --version
# works), leave this setting as is. Otherwise, choose one of the
# alternatives, or write your own
$GIT_PATH=""
# $GIT_PATH="/opt/bin/"
# -------------------------------------- # --------------------------------------
# per perl rules, this should be the last line in such a file: # per perl rules, this should be the last line in such a file:
1; 1;

26
doc/3-faq-tips-etc.mkd
View file

@ -14,6 +14,7 @@ In this document:
* easier to specify gitweb/daemon access * easier to specify gitweb/daemon access
* better logging * better logging
* one user, many keys * one user, many keys
* support for git installed outside default PATH
* who am I? * who am I?
* other cool things * other cool things
* "personal" branches * "personal" branches
@ -226,7 +227,7 @@ bits and pieces. Here's an example, using short repo names for convenience:
repo r2 repo r2
# ...and so on... # ...and so on...
### better logging #### better logging
If you have been too liberal with the permission to rewind, it has built-in If you have been too liberal with the permission to rewind, it has built-in
logging as an emergency fallback if someone goes too far, or for audit logging as an emergency fallback if someone goes too far, or for audit
@ -271,6 +272,27 @@ the extra "@" stuff.
I think this is easier to maintain if you have to delete or change one of I think this is easier to maintain if you have to delete or change one of
those keys. those keys.
#### support for git installed outside default PATH
The normal solution is to add to the system default PATH somehow, either by
munging `/etc/profile` or by enabling `PermitUserEnvironment` in
`/etc/ssh/sshd_config` and then setting the PATH in `~/.ssh/.environment`.
All these are security risks because they allow a lot more than just you and
your git install :-)
And if you don't have root, you can't do this anyway.
The only solution till now has been to ask every client to set the config
parameters `remote.<name>.receivepack` and `remote.<name>.uploadpack`. But
telling *every* client to do so is a pain...
Gitolite lets you specify the directory in which git binaries are to be found,
via a new variable (`$GIT_PATH`) in the "rc" file. If this variable is
non-empty, it will be appended to the PATH environment variable before
attempting to run git stuff.
Very easy, very simple, and completely transparent to the users :-)
#### who am I? #### who am I?
As a developer, I send a file called `id_rsa.pub` to the gitolite admin. He As a developer, I send a file called `id_rsa.pub` to the gitolite admin. He
@ -292,7 +314,7 @@ In gitolite, it's simple: just ask nicely :-)
### other cool things ### other cool things
### "personal" branches #### "personal" branches
"personal" branches are great for corporate environments, where "personal" branches are great for corporate environments, where
unauthenticated pull/clone is a no-no. Since a dev workstation cannot do unauthenticated pull/clone is a no-no. Since a dev workstation cannot do

22
src/00-easy-install.sh
View file

@ -239,14 +239,28 @@ prompt "the gitolite rc file needs to be edited by hand. The defaults
# lets try and get the file from there first # lets try and get the file from there first
if scp -P $port $user@$host:.gitolite.rc . if scp -P $port $user@$host:.gitolite.rc .
then then
prompt "Oh hey... you already had a '.gitolite.rc' file on the server. I'll use prompt "Oh hey... you already had a '.gitolite.rc' file on the server.
that instead of the default one..." Let's see if we can use that instead of the default one..."
sort < .gitolite.rc | perl -ne 'print "$1\n" if /^(\$\w+) *=/' > glrc.old
sort < conf/example.gitolite.rc | perl -ne 'print "$1\n" if /^(\$\w+) *=/' > glrc.new
if diff -u glrc.old glrc.new
then
prompt " looks like you're upgrading! I'm going to run your editor
with *both* the old and the new files (in that order), so you can add
in the lines pertaining to the variables shown with a '+' sign in the
above diff. This is necessary; please dont skip this
[It's upto you to figure out how your editor handles 2 filename
arguments, switch between them, copy lines, etc ;-)]"
${VISUAL:-${EDITOR:-vi}} .gitolite.rc conf/example.gitolite.rc
else
${VISUAL:-${EDITOR:-vi}} .gitolite.rc
fi
else else
cp conf/example.gitolite.rc .gitolite.rc cp conf/example.gitolite.rc .gitolite.rc
${VISUAL:-${EDITOR:-vi}} .gitolite.rc
fi fi
${VISUAL:-${EDITOR:-vi}} .gitolite.rc
# copy the rc across # copy the rc across
scp -P $port .gitolite.rc $user@$host: scp -P $port .gitolite.rc $user@$host:

5
src/gl-auth-command
View file

@ -24,13 +24,16 @@ use warnings;
# ---------------------------------------------------------------------------- # ----------------------------------------------------------------------------
our ($GL_LOGT, $GL_CONF_COMPILED, $REPO_BASE); our ($GL_LOGT, $GL_CONF_COMPILED, $REPO_BASE, $GIT_PATH);
our %repos; our %repos;
my $glrc = $ENV{HOME} . "/.gitolite.rc"; my $glrc = $ENV{HOME} . "/.gitolite.rc";
die "parse $glrc failed: " . ($! or $@) unless do $glrc; die "parse $glrc failed: " . ($! or $@) unless do $glrc;
die "parse $GL_CONF_COMPILED failed: " . ($! or $@) unless do $GL_CONF_COMPILED; die "parse $GL_CONF_COMPILED failed: " . ($! or $@) unless do $GL_CONF_COMPILED;
# add a custom path for git binaries, if specified
$ENV{PATH} .= ":$GIT_PATH" if $GIT_PATH;
# ---------------------------------------------------------------------------- # ----------------------------------------------------------------------------
# definitions specific to this program # definitions specific to this program
# ---------------------------------------------------------------------------- # ----------------------------------------------------------------------------

5
src/gl-compile-conf
View file

@ -47,7 +47,7 @@ $Data::Dumper::Indent = 1;
# common definitions # common definitions
# ---------------------------------------------------------------------------- # ----------------------------------------------------------------------------
our ($GL_ADMINDIR, $GL_CONF, $GL_KEYDIR, $GL_CONF_COMPILED, $REPO_BASE, $REPO_UMASK, $PROJECTS_LIST); our ($GL_ADMINDIR, $GL_CONF, $GL_KEYDIR, $GL_CONF_COMPILED, $REPO_BASE, $REPO_UMASK, $PROJECTS_LIST, $GIT_PATH);
# now that this thing *may* be run via "push to admin", any errors have to # now that this thing *may* be run via "push to admin", any errors have to
# grab the admin's ATTENTION so he won't miss them among the other messages a # grab the admin's ATTENTION so he won't miss them among the other messages a
@ -57,6 +57,9 @@ my $ATTN = "\n\t\t***** ERROR *****\n ";
my $glrc = $ENV{HOME} . "/.gitolite.rc"; my $glrc = $ENV{HOME} . "/.gitolite.rc";
die "$ATTN parse $glrc failed: " . ($! or $@) unless do $glrc; die "$ATTN parse $glrc failed: " . ($! or $@) unless do $glrc;
# add a custom path for git binaries, if specified
$ENV{PATH} .= ":$GIT_PATH" if $GIT_PATH;
# ---------------------------------------------------------------------------- # ----------------------------------------------------------------------------
# definitions specific to this program # definitions specific to this program
# ---------------------------------------------------------------------------- # ----------------------------------------------------------------------------

5
src/install.pl
View file

@ -3,7 +3,7 @@
use strict; use strict;
use warnings; use warnings;
our ($REPO_BASE, $GL_ADMINDIR, $GL_CONF); our ($REPO_BASE, $GL_ADMINDIR, $GL_CONF, $GIT_PATH);
# wrapper around mkdir; it's not an error if the directory exists, but it is # wrapper around mkdir; it's not an error if the directory exists, but it is
# an error if it doesn't exist and we can't create it # an error if it doesn't exist and we can't create it
@ -33,6 +33,9 @@ unless (-f $glrc) {
# ok now $glrc exists; read it to get the other paths # ok now $glrc exists; read it to get the other paths
die "parse $glrc failed: " . ($! or $@) unless do $glrc; die "parse $glrc failed: " . ($! or $@) unless do $glrc;
# add a custom path for git binaries, if specified
$ENV{PATH} .= ":$GIT_PATH" if $GIT_PATH;
# mkdir $REPO_BASE, $GL_ADMINDIR if they don't already exist # mkdir $REPO_BASE, $GL_ADMINDIR if they don't already exist
my $repo_base_abs = ( $REPO_BASE =~ m(^/) ? $REPO_BASE : "$ENV{HOME}/$REPO_BASE" ); my $repo_base_abs = ( $REPO_BASE =~ m(^/) ? $REPO_BASE : "$ENV{HOME}/$REPO_BASE" );
wrap_mkdir($repo_base_abs); wrap_mkdir($repo_base_abs);