detect gl-emergency-addkey attempt for server side installs
and give a suitable message, fix the doc, etc. (error found by "ry" on #git backlog; couldn't contact him later)
This commit is contained in:
Sitaram Chamarty
parent
5753557b52
commit
c1eeaf3c2c
|
|
@ -429,8 +429,7 @@ first place, so the simplest way is to enable it from the server side only.
|
|||
If you lost the admin key, and need to re-establish ownership of the
|
||||
gitolite-admin repository with a fresh key, take a look at the
|
||||
`src/gl-emergency-addkey` program. You will need shell access to the server
|
||||
of course. The top of the script has useful information on how to use it and
|
||||
what it needs.
|
||||
of course. Run it without arguments to get instructions.
|
||||
|
||||
<a name="simulating_ssh_copy_id"></a>
|
||||
|
||||
|
|
|
|||
|
|
@ -1,30 +1,49 @@
|
|||
#!/bin/sh
|
||||
|
||||
# what/why: re-establish gitolite admin access when admin key(s) lost
|
||||
# where: on server (NOT client!)
|
||||
# Use this to re-establish gitolite admin access when admin key(s) are lost.
|
||||
|
||||
# pre-req: shell access to the server (even with password is fine)
|
||||
# pre-work: - make yourself a new keypair on your workstation
|
||||
# - copy the pubkey and this script to the server
|
||||
# RUN THIS ON THE SERVER, NOT THE CLIENT! (so you need shell access to the
|
||||
# server; even with password is fine)
|
||||
|
||||
# usage: $0 admin_name client_host_shortname pubkeyfile
|
||||
# notes: - admin_name should already have RW or RW+ access to the
|
||||
# gitolite-admin repo
|
||||
# - client_host_shortname is any simple word; see example below
|
||||
# HOW TO USE (substitute your admin name for "sitaram" below)
|
||||
# - make yourself a new keypair on your workstation
|
||||
# - copy the pubkey to the server, call it "sitaram.pub" and put it in $HOME
|
||||
# - run this command:
|
||||
# ~/.gitolite/src/gl-emergency-addkey sitaram emergency sitaram.pub
|
||||
|
||||
# this will add a new key called sitaram@emergency.pub. Since the "userid"
|
||||
# that key pertains to is "sitaram", whoever has the private key for this now
|
||||
# has the same rights as "sitaram"
|
||||
|
||||
# WARNING: ABSOLUTELY NO ARGUMENT CHECKING DONE
|
||||
# WARNING: NEWER GITS ONLY ON SERVER SIDE (for now)
|
||||
|
||||
# example: $0 sitaram laptop /tmp/sitaram.pub
|
||||
# result: a new keyfile named sitaram@laptop.pub would be added
|
||||
|
||||
# ENDHELP
|
||||
|
||||
# we can't use this program unless it was installed using gl-easy-install
|
||||
GL_PACKAGE_CONF=$( cd; perl -e 'do ".gitolite.rc"; print $GL_PACKAGE_CONF' )
|
||||
if [ -n "$GL_PACKAGE_CONF" ]
|
||||
then
|
||||
cat <<EOF
|
||||
This is not a "from-client method" install; you cannot add an emergency
|
||||
key using this program.
|
||||
|
||||
Please do the following (change "sitaram" below to whatever your admin
|
||||
username is):
|
||||
|
||||
- get your *new* public key to the server
|
||||
- call it "sitaram.pub"; put it in \$HOME
|
||||
- run "gl-setup \$HOME/sitaram.pub"
|
||||
EOF
|
||||
exit 1
|
||||
fi
|
||||
|
||||
[ -z "$1" ] && { perl -pe "s(\\\$0)($0); last if /ENDHELP/" < $0; exit 1; }
|
||||
|
||||
set -e
|
||||
|
||||
cd
|
||||
|
||||
REPO_BASE=$( perl -e 'do ".gitolite.rc"; print $REPO_BASE' )
|
||||
GL_ADMINDIR=$(perl -e 'do ".gitolite.rc"; print $GL_ADMINDIR')
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue