detect gl-emergency-addkey attempt for server side installs

and give a suitable message, fix the doc, etc.

(error found by "ry" on #git backlog; couldn't contact him later)
This commit is contained in:
Sitaram Chamarty 2010-06-23 20:00:23 +05:30
parent 5753557b52
commit c1eeaf3c2c
2 changed files with 32 additions and 14 deletions

View file

@ -429,8 +429,7 @@ first place, so the simplest way is to enable it from the server side only.
If you lost the admin key, and need to re-establish ownership of the
gitolite-admin repository with a fresh key, take a look at the
`src/gl-emergency-addkey` program. You will need shell access to the server
of course. The top of the script has useful information on how to use it and
what it needs.
of course. Run it without arguments to get instructions.
<a name="simulating_ssh_copy_id"></a>

View file

@ -1,30 +1,49 @@
#!/bin/sh
# what/why: re-establish gitolite admin access when admin key(s) lost
# where: on server (NOT client!)
# Use this to re-establish gitolite admin access when admin key(s) are lost.
# pre-req: shell access to the server (even with password is fine)
# pre-work: - make yourself a new keypair on your workstation
# - copy the pubkey and this script to the server
# RUN THIS ON THE SERVER, NOT THE CLIENT! (so you need shell access to the
# server; even with password is fine)
# usage: $0 admin_name client_host_shortname pubkeyfile
# notes: - admin_name should already have RW or RW+ access to the
# gitolite-admin repo
# - client_host_shortname is any simple word; see example below
# HOW TO USE (substitute your admin name for "sitaram" below)
# - make yourself a new keypair on your workstation
# - copy the pubkey to the server, call it "sitaram.pub" and put it in $HOME
# - run this command:
# ~/.gitolite/src/gl-emergency-addkey sitaram emergency sitaram.pub
# this will add a new key called sitaram@emergency.pub. Since the "userid"
# that key pertains to is "sitaram", whoever has the private key for this now
# has the same rights as "sitaram"
# WARNING: ABSOLUTELY NO ARGUMENT CHECKING DONE
# WARNING: NEWER GITS ONLY ON SERVER SIDE (for now)
# example: $0 sitaram laptop /tmp/sitaram.pub
# result: a new keyfile named sitaram@laptop.pub would be added
# ENDHELP
# we can't use this program unless it was installed using gl-easy-install
GL_PACKAGE_CONF=$( cd; perl -e 'do ".gitolite.rc"; print $GL_PACKAGE_CONF' )
if [ -n "$GL_PACKAGE_CONF" ]
then
cat <<EOF
This is not a "from-client method" install; you cannot add an emergency
key using this program.
Please do the following (change "sitaram" below to whatever your admin
username is):
- get your *new* public key to the server
- call it "sitaram.pub"; put it in \$HOME
- run "gl-setup \$HOME/sitaram.pub"
EOF
exit 1
fi
[ -z "$1" ] && { perl -pe "s(\\\$0)($0); last if /ENDHELP/" < $0; exit 1; }
set -e
cd
REPO_BASE=$( perl -e 'do ".gitolite.rc"; print $REPO_BASE' )
GL_ADMINDIR=$(perl -e 'do ".gitolite.rc"; print $GL_ADMINDIR')