From 66bf4a20f9f171895ab7c12c6b2fec04e9e9371c Mon Sep 17 00:00:00 2001 From: Sitaram Chamarty Date: Tue, 25 Aug 2009 09:57:19 +0530 Subject: [PATCH] all: lexical file handles instead of bare --- gl-auth-command | 9 ++++++--- gl-compile-conf | 44 +++++++++++++++++++++++--------------------- update-hook.pl | 14 ++++++-------- 3 files changed, 35 insertions(+), 32 deletions(-) diff --git a/gl-auth-command b/gl-auth-command index 8d02d3d..eb809ee 100755 --- a/gl-auth-command +++ b/gl-auth-command @@ -99,9 +99,12 @@ die "access denied" unless $repos{$repo}{$perm}{$user}; # ( but first save the reponame; we can save some time later in the hook ) $ENV{GL_REPO}=$repo; -open(LOG, ">>", "$GL_ADMINDIR/log"); -print LOG "\n", scalar(localtime), " $ENV{SSH_ORIGINAL_COMMAND} $user\n"; -close(LOG); +# if log failure isn't important enough to block access, get rid of all the +# error checking +open my $log_fh, ">>", "$GL_ADMINDIR/log" + or die "open log failed: $!"; +print $log_fh "\n", scalar(localtime), " $ENV{SSH_ORIGINAL_COMMAND} $user\n"; +close $log_fh or die "close log failed: $!"; $repo = "'$REPO_BASE/$repo.git'"; exec("git", "shell", "-c", "$verb $repo"); diff --git a/gl-compile-conf b/gl-compile-conf index b668228..6568c0f 100755 --- a/gl-compile-conf +++ b/gl-compile-conf @@ -105,13 +105,13 @@ sub expand_userlist # "compile" GL conf # ---------------------------------------------------------------------------- -open(INF, "<", $GL_CONF) - or die "open GL conf failed: $!"; +open my $conf_fh, "<", $GL_CONF + or die "open conf failed: $!"; # the syntax is fairly simple, so we parse it inline my @repos; -while () +while (<$conf_fh>) { # normalise whitespace; keeps later regexes very simple s/=/ = /; @@ -170,10 +170,10 @@ while () } } -open(OUT, ">", $GL_CONF_COMPILED) - or die "open GL conf compiled failed: $!"; -print OUT Data::Dumper->Dump([\%repos], [qw(*repos)]); -close(OUT); +open my $compiled_fh, ">", $GL_CONF_COMPILED + or die "open compiled-conf failed: $!"; +print $compiled_fh Data::Dumper->Dump([\%repos], [qw(*repos)]); +close $compiled_fh or die "close compiled-conf failed: $!"; # ---------------------------------------------------------------------------- # any new repos created? @@ -201,26 +201,28 @@ for my $repo (keys %repos) # "compile" ssh authorized_keys # ---------------------------------------------------------------------------- -open(INF, "<", $ENV{HOME} . "/.ssh/authorized_keys") or die "open old authkeys failed: $!"; -open(OUT, ">", $ENV{HOME} . "/.ssh/new_authkeys") or die "open new authkeys failed: $!"; +open my $authkeys_fh, "<", $ENV{HOME} . "/.ssh/authorized_keys" + or die "open authkeys failed: $!"; +open my $newkeys_fh, ">", $ENV{HOME} . "/.ssh/new_authkeys" + or die "open newkeys failed: $!"; # save existing authkeys minus the GL-added stuff -while () +while (<$authkeys_fh>) { - print OUT unless (/^# gitosis-lite start/../^# gitosis-lite end/); + print $newkeys_fh unless (/^# gitosis-lite start/../^# gitosis-lite end/); } # add our "start" line, each key on its own line (prefixed by command and # options, in the standard ssh authorized_keys format), then the "end" line. -print OUT "# gitosis-lite start\n"; +print $newkeys_fh "# gitosis-lite start\n"; my_chdir($GL_KEYDIR); for my $pubkey (glob("*.pub")) { my $user = $pubkey; $user =~ s/\.pub$//; - print OUT "command=\"$AUTH_COMMAND $user\",$AUTH_OPTIONS "; - print OUT `cat $pubkey`; + print $newkeys_fh "command=\"$AUTH_COMMAND $user\",$AUTH_OPTIONS "; + print $newkeys_fh `cat $pubkey`; } -print OUT "# gitosis-lite end\n"; -close(OUT); +print $newkeys_fh "# gitosis-lite end\n"; +close $newkeys_fh or die "close newkeys failed: $!"; # check what changes are being made; just a comfort factor # system("vim -d ~/.ssh/authorized_keys ~/.ssh/new_authkeys"); @@ -238,10 +240,10 @@ if (-d ".git") # and if there are any if (system("git diff --cached --quiet") ) { - open(COMMIT, "|-", "git commit -F -") - or die "pipe commit failed: $!"; - print COMMIT "keydir changed\n\n"; - print COMMIT `git diff --cached --name-status`; - close(COMMIT) or die "close commit failed: $!"; + open my $commit_ph, "|-", "git commit -F -" + or die "open commit failed: $!"; + print $commit_ph "keydir changed\n\n"; + print $commit_ph `git diff --cached --name-status`; + close $commit_ph or die "close commit failed: $!"; } } diff --git a/update-hook.pl b/update-hook.pl index 8c6d917..babd005 100755 --- a/update-hook.pl +++ b/update-hook.pl @@ -41,12 +41,6 @@ unless (my $ret = do $glrc) die "couldnt do perms file" unless (my $ret = do $GL_CONF_COMPILED); -# ---------------------------------------------------------------------------- -# definitions specific to this program -# ---------------------------------------------------------------------------- - -open(LOG, ">>", "$GL_ADMINDIR/log"); - # ---------------------------------------------------------------------------- # start... # ---------------------------------------------------------------------------- @@ -78,8 +72,12 @@ for my $refex (@$allowed_refs) { if ($ref =~ /$refex/) { - print LOG "$perm: $ENV{GL_USER} $ENV{GL_REPO} $ref $oldsha $newsha\n"; - close (LOG); + # if log failure isn't important enough to block pushes, get rid of + # all the error checking + open my $log_fh, ">>", "$GL_ADMINDIR/log" + or die "open log failed: $!"; + print $log_fh "$perm: $ENV{GL_USER} $ENV{GL_REPO} $ref $oldsha $newsha\n"; + close $log_fh or die "close log failed: $!"; exit 0; } }