deac/gitolite
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

gl-compile-conf changed (see below) and "rc" file added

Browse source 
- factored out all the pathnames etc to an rc
  - taught it to create repos that dont exist but are mentioned
  - promoted user up one level (moving ref down) because gl-auth needs it
  - REPO_BASE no longer contains $HOME so that has to be added in manually

  - little bugs here and there, like in @refs
This commit is contained in:
Sitaram Chamarty 2009-08-23 14:55:50 +05:30 committed by Sitaram Chamarty
parent dc4193e633
commit 7d016908bd
2 changed files with 75 additions and 21 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
example.gitosis-lite.rc Normal file
View file

@ -0,0 +1,14 @@
# this is meant to be pulled into a perl program using "do"
# gitosis-lite admin directory, files, etc
$GL_ADMINDIR=$ENV{HOME} . "/.gitosis-lite";
$GL_CONF="$GL_ADMINDIR/gitosis-lite.conf";
$GL_KEYDIR="$GL_ADMINDIR/keydir";
# this one has to agree with the other programs, watch out:
$GL_CONF_COMPILED=$ENV{HOME} . "/.ssh/gitosis-lite.conf-compiled.pm";
# base directory for all the repos
$REPO_BASE="repositories";
# this should be the last line in this file
1;

82
gl-compile-conf
View file

@ -16,15 +16,14 @@ use Data::Dumper;
# how run: manual, by GL admin # how run: manual, by GL admin
# when: # when:
# - anytime a pubkey is added/deleted (i.e., contents of # - anytime a pubkey is added/deleted
# ~/.gitosis-lite/keydir change)
# - anytime gitosis-lite.conf is changed # - anytime gitosis-lite.conf is changed
# input: # input:
# - ~/.gitosis-lite/gitosis-lite.conf # - GL_CONF (default: ~/.gitosis-lite/gitosis-lite.conf)
# - ~/.gitosis-lite/keydir # - GL_KEYDIR (default: ~/.gitosis-lite/keydir)
# output: # output:
# - ~/.ssh/authorized_keys # - ~/.ssh/authorized_keys (dictated by sshd)
# - ~/.ssh/gitosis-lite.conf-compiled.pm # - GL_CONF_COMPILED (default: ~/.gitosis-lite/gitosis-lite.conf-compiled.pm)
# security: # security:
# - touches a very critical system file that manages the restrictions on # - touches a very critical system file that manages the restrictions on
# incoming users. Be sure to audit AUTH_COMMAND and AUTH_OPTIONS (see # incoming users. Be sure to audit AUTH_COMMAND and AUTH_OPTIONS (see
@ -37,18 +36,39 @@ use Data::Dumper;
# but we do have a "vim -d" popping up so you can see the changes being # but we do have a "vim -d" popping up so you can see the changes being
# made, just in case... # made, just in case...
# other notes: # ----------------------------------------------------------------------------
# - keys are added/deleted from the keystore **manually**, and all keys # common definitions
# are named "name.pub". Keep the names simple. # ----------------------------------------------------------------------------
our $GL_ADMINDIR;
our $GL_CONF;
our $GL_KEYDIR;
our $GL_CONF_COMPILED;
our $REPO_BASE;
my $glrc = $ENV{HOME} . "/.gitosis-lite.rc";
unless (my $ret = do $glrc)
{
die "parse $glrc failed: $@" if $@;
die "couldn't do $glrc: $!" unless defined $ret;
die "couldn't run $glrc" unless $ret;
}
# ----------------------------------------------------------------------------
# definitions specific to this program
# ----------------------------------------------------------------------------
# command and options for authorized_keys # command and options for authorized_keys
our $AUTH_COMMAND=$ENV{HOME} . "/.gitosis-lite/gl-auth-command"; our $AUTH_COMMAND="$GL_ADMINDIR/gl-auth-command";
our $AUTH_OPTIONS="no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty"; our $AUTH_OPTIONS="no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty";
our %groups = (); our %groups = ();
our %repos = (); our %repos = ();
# quick subroutines # ----------------------------------------------------------------------------
# subroutines
# ----------------------------------------------------------------------------
sub my_chdir sub my_chdir
{ {
chdir($_[0]) or die "chdir $_[0] failed: $!"; chdir($_[0]) or die "chdir $_[0] failed: $!";
@ -91,7 +111,7 @@ while (<INF>)
# add our "start" line, each key on its own line (prefixed by command and # add our "start" line, each key on its own line (prefixed by command and
# options, in the standard ssh authorized_keys format), then the "end" line. # options, in the standard ssh authorized_keys format), then the "end" line.
print OUT "# gitosis-lite start\n"; print OUT "# gitosis-lite start\n";
my_chdir($ENV{HOME} . "/.gitosis-lite/keydir"); my_chdir($GL_KEYDIR);
for my $pubkey (glob("*.pub")) for my $pubkey (glob("*.pub"))
{ {
my $user = $pubkey; $user =~ s/\.pub$//; my $user = $pubkey; $user =~ s/\.pub$//;
@ -110,12 +130,12 @@ system("rm ~/.ssh/new_authkeys");
# if the gl admin directory (~/.gitosis-lite) is itself a git repo, do an # if the gl admin directory (~/.gitosis-lite) is itself a git repo, do an
# autocheckin. nothing fancy; this is a "just in case" type of thing. # autocheckin. nothing fancy; this is a "just in case" type of thing.
my_chdir($ENV{HOME} . "/.gitosis-lite"); my_chdir($GL_ADMINDIR);
if (-d ".git") if (-d ".git")
{ {
system("git add -A keydir"); # stage all changes in keydir system("git add -A keydir"); # stage all changes in keydir
if (! system("git diff --cached --quiet") )
# and if there are any # and if there are any
if (system("git diff --cached --quiet") )
{ {
open(COMMIT, "|-", "git commit -F -") open(COMMIT, "|-", "git commit -F -")
or die "pipe commit failed: $!"; or die "pipe commit failed: $!";
@ -129,9 +149,9 @@ if (-d ".git")
# "compile" GL conf # "compile" GL conf
# ---------------------------------------------------------------------------- # ----------------------------------------------------------------------------
open(INF, "<", $ENV{HOME} . "/.gitosis-lite/gitosis-lite.conf") open(INF, "<", $GL_CONF)
or die "open GL conf failed: $!"; or die "open GL conf failed: $!";
open(OUT, ">", $ENV{HOME} . "/.ssh/gitosis-lite.conf-compiled.pm") open(OUT, ">", $GL_CONF_COMPILED)
or die "open GL conf compiled failed: $!"; or die "open GL conf compiled failed: $!";
# the syntax is fairly simple, so we parse it inline # the syntax is fairly simple, so we parse it inline
@ -164,14 +184,14 @@ while (<INF>)
elsif (/^(R|RW|RW\+) (.* )?= (.+)/) elsif (/^(R|RW|RW\+) (.* )?= (.+)/)
{ {
my @perms = split //, $1; my @perms = split //, $1;
my @refs = split ' ', $2 if $2; my @refs; @refs = split(' ', $2) if $2;
my @users = split ' ', $3; my @users = split ' ', $3;
# if no ref is given, this PERM applies to all refs # if no ref is given, this PERM applies to all refs
@refs = qw(refs/.*) unless @refs; @refs = qw(refs/.*) unless @refs;
# fully qualify refs that dont start with "refs/"; prefix them with # fully qualify refs that dont start with "refs/"; prefix them with
# "refs/heads/" # "refs/heads/"
@refs = map { m(^refs/) or s(^)(refs/heads/) } @refs; @refs = map { m(^refs/) or s(^)(refs/heads/); $_ } @refs;
# expand the user list, unless it is just "@all" # expand the user list, unless it is just "@all"
@users = expand_userlist ( @users ) @users = expand_userlist ( @users )
@ -182,11 +202,11 @@ while (<INF>)
{ {
for my $perm (@perms) for my $perm (@perms)
{ {
for my $ref (@refs) for my $user (@users)
{ {
for my $user (@users) for my $ref (@refs)
{ {
$repos{$repo}{$perm}{$ref}{$user} = 1; $repos{$repo}{$perm}{$user}{$ref} = 1;
} }
} }
} }
@ -196,3 +216,23 @@ while (<INF>)
print OUT Data::Dumper->Dump([\%repos], [qw(*repos)]); print OUT Data::Dumper->Dump([\%repos], [qw(*repos)]);
close(OUT); close(OUT);
# ----------------------------------------------------------------------------
# any new repos created?
# ----------------------------------------------------------------------------
# modern gits allow cloning from an empty repo, so we just create it. Gitosis
# did not have that luxury, so it was forced to detect the first push and
# create it then
my_chdir("$ENV{HOME}/$REPO_BASE");
for my $repo (keys %repos)
{
unless (-d "$repo.git")
{
mkdir("$repo.git") or die "mkdir $repo.git failed: $!";
my_chdir("$repo.git");
system("git init --bare");
my_chdir("$ENV{HOME}/$REPO_BASE");
}
}