compile/update hook: COMPILED FILE CHANGE -- PLEASE READ BELOW

Summary:
    DONT forget to run src/gl-compile-conf as the last step in the upgrade

Details:

The compiled file format has changed quite a bit, to make it easier for the
rebel edition coming up :-)

compile:
  - we don't split RW/RW+ into individual perms anymore
  - we store the info required for the first level check separately now:
    (repo, R/W, user)
  - the order for second level check is now:
    repo, user, [{ref=>perms}...] (list of hashes)

update hook logic: the first refex that:
  - matches the incoming ref, AND
  - contains the perm you're trying to use,
causes the match loop to exit with success.  Fallthrough is failure
This commit is contained in:
Sitaram Chamarty 2009-09-18 18:00:14 +05:30 committed by Sitaram Chamarty
parent 2285e75c22
commit 978046acb9
3 changed files with 28 additions and 13 deletions

View file

@ -42,6 +42,12 @@ And you're done.
If any extra steps beyond the generic ones above are needed, they will be If any extra steps beyond the generic ones above are needed, they will be
listed here, newest first. listed here, newest first.
#### upgrading from 86faae4
Between 86faae4 and this version, gitolite had a *major* change in the
*internal* format of the compiled config file. Please do not omit step 5 in
the generic instructions above.
#### upgrading from 5758f69 #### upgrading from 5758f69
Between 5758f69 and this version, gitolite learnt to allow "groupnames" for Between 5758f69 and this version, gitolite learnt to allow "groupnames" for

View file

@ -3,6 +3,7 @@
use strict; use strict;
use warnings; use warnings;
use Data::Dumper; use Data::Dumper;
$Data::Dumper::Indent = 1;
# === add-auth-keys === # === add-auth-keys ===
@ -146,8 +147,7 @@ while (<$conf_fh>)
# actual permission line # actual permission line
elsif (/^(R|RW|RW\+) (.* )?= (.+)/) elsif (/^(R|RW|RW\+) (.* )?= (.+)/)
{ {
# split perms to separate out R, W, and + my $perms = $1;
my @perms = split //, $1;
my @refs; @refs = split(' ', $2) if $2; my @refs; @refs = split(' ', $2) if $2;
my @users = split ' ', $3; my @users = split ' ', $3;
@ -165,11 +165,16 @@ while (<$conf_fh>)
# ok, we can finally populate the %repos hash # ok, we can finally populate the %repos hash
for my $repo (@repos) # each repo in the current stanza for my $repo (@repos) # each repo in the current stanza
{ {
for my $perm (@perms) for my $user (@users)
{ {
for my $user (@users) # for 1st level check (see faq/tips doc)
$repos{$repo}{R}{$user} = 1 if $perms =~ /R/;
$repos{$repo}{W}{$user} = 1 if $perms =~ /W/;
# for 2nd level check, store each "ref, perms" pair in order
for my $ref (@refs)
{ {
push @{ $repos{$repo}{$perm}{$user} }, @refs; push @{ $repos{$repo}{$user} }, { $ref => $perms };
} }
} }
} }

View file

@ -58,13 +58,17 @@ $perm = '+' if $ref =~ m(refs/tags/) and $oldsha ne ('0' x 40);
$perm = '+' if $oldsha ne $merge_base; $perm = '+' if $oldsha ne $merge_base;
my @allowed_refs; my @allowed_refs;
push @allowed_refs, @ { $repos{$ENV{GL_REPO}}{$perm}{$ENV{GL_USER}} || [] }; # personal stuff -- right at the start in the new regime, I guess!
push @allowed_refs, @ { $repos{$ENV{GL_REPO}}{$perm}{'@all'} || [] }; push @allowed_refs, { "$PERSONAL/$ENV{GL_USER}/" => "RW+" } if $PERSONAL;
push @allowed_refs, "$PERSONAL/$ENV{GL_USER}/" if $PERSONAL; # we want specific perms to override @all, so they come first
for my $refex (@allowed_refs) push @allowed_refs, @ { $repos{$ENV{GL_REPO}}{$ENV{GL_USER}} || [] };
# refex? sure -- a regex to match a ref against :) push @allowed_refs, @ { $repos{$ENV{GL_REPO}}{'@all'} || [] };
for my $ar (@allowed_refs)
{ {
if ($ref =~ /$refex/) my $refex = (keys %$ar)[0];
# refex? sure -- a regex to match a ref against :)
next unless $ref =~ /$refex/;
if ($ar->{$refex} =~ /\Q$perm/)
{ {
# if log failure isn't important enough to block pushes, get rid of # if log failure isn't important enough to block pushes, get rid of
# all the error checking # all the error checking
@ -72,9 +76,9 @@ for my $refex (@allowed_refs)
or die "open log failed: $!\n"; or die "open log failed: $!\n";
print $log_fh "$ENV{GL_TS} $perm\t" . print $log_fh "$ENV{GL_TS} $perm\t" .
substr($oldsha, 0, 14) . "\t" . substr($newsha, 0, 14) . substr($oldsha, 0, 14) . "\t" . substr($newsha, 0, 14) .
"\t$ENV{GL_REPO}\t$ref\t$ENV{GL_USER}\n"; "\t$ENV{GL_REPO}\t$ref\t$ENV{GL_USER}\t$refex\n";
close $log_fh or die "close log failed: $!\n"; close $log_fh or die "close log failed: $!\n";
exit 0; exit 0;
} }
} }
exit 1; die "$perm $ref $ENV{GL_USER} DENIED by fallthru\n";