detect gl-emergency-addkey attempt for server side installs
and give a suitable message, fix the doc, etc. (error found by "ry" on #git backlog; couldn't contact him later)
This commit is contained in:
parent
5753557b52
commit
c1eeaf3c2c
|
@ -429,8 +429,7 @@ first place, so the simplest way is to enable it from the server side only.
|
||||||
If you lost the admin key, and need to re-establish ownership of the
|
If you lost the admin key, and need to re-establish ownership of the
|
||||||
gitolite-admin repository with a fresh key, take a look at the
|
gitolite-admin repository with a fresh key, take a look at the
|
||||||
`src/gl-emergency-addkey` program. You will need shell access to the server
|
`src/gl-emergency-addkey` program. You will need shell access to the server
|
||||||
of course. The top of the script has useful information on how to use it and
|
of course. Run it without arguments to get instructions.
|
||||||
what it needs.
|
|
||||||
|
|
||||||
<a name="simulating_ssh_copy_id"></a>
|
<a name="simulating_ssh_copy_id"></a>
|
||||||
|
|
||||||
|
|
|
@ -1,30 +1,49 @@
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
# what/why: re-establish gitolite admin access when admin key(s) lost
|
# Use this to re-establish gitolite admin access when admin key(s) are lost.
|
||||||
# where: on server (NOT client!)
|
|
||||||
|
|
||||||
# pre-req: shell access to the server (even with password is fine)
|
# RUN THIS ON THE SERVER, NOT THE CLIENT! (so you need shell access to the
|
||||||
# pre-work: - make yourself a new keypair on your workstation
|
# server; even with password is fine)
|
||||||
# - copy the pubkey and this script to the server
|
|
||||||
|
|
||||||
# usage: $0 admin_name client_host_shortname pubkeyfile
|
# HOW TO USE (substitute your admin name for "sitaram" below)
|
||||||
# notes: - admin_name should already have RW or RW+ access to the
|
# - make yourself a new keypair on your workstation
|
||||||
# gitolite-admin repo
|
# - copy the pubkey to the server, call it "sitaram.pub" and put it in $HOME
|
||||||
# - client_host_shortname is any simple word; see example below
|
# - run this command:
|
||||||
|
# ~/.gitolite/src/gl-emergency-addkey sitaram emergency sitaram.pub
|
||||||
|
|
||||||
|
# this will add a new key called sitaram@emergency.pub. Since the "userid"
|
||||||
|
# that key pertains to is "sitaram", whoever has the private key for this now
|
||||||
|
# has the same rights as "sitaram"
|
||||||
|
|
||||||
# WARNING: ABSOLUTELY NO ARGUMENT CHECKING DONE
|
# WARNING: ABSOLUTELY NO ARGUMENT CHECKING DONE
|
||||||
# WARNING: NEWER GITS ONLY ON SERVER SIDE (for now)
|
# WARNING: NEWER GITS ONLY ON SERVER SIDE (for now)
|
||||||
|
|
||||||
# example: $0 sitaram laptop /tmp/sitaram.pub
|
|
||||||
# result: a new keyfile named sitaram@laptop.pub would be added
|
|
||||||
|
|
||||||
# ENDHELP
|
# ENDHELP
|
||||||
|
|
||||||
|
# we can't use this program unless it was installed using gl-easy-install
|
||||||
|
GL_PACKAGE_CONF=$( cd; perl -e 'do ".gitolite.rc"; print $GL_PACKAGE_CONF' )
|
||||||
|
if [ -n "$GL_PACKAGE_CONF" ]
|
||||||
|
then
|
||||||
|
cat <<EOF
|
||||||
|
This is not a "from-client method" install; you cannot add an emergency
|
||||||
|
key using this program.
|
||||||
|
|
||||||
|
Please do the following (change "sitaram" below to whatever your admin
|
||||||
|
username is):
|
||||||
|
|
||||||
|
- get your *new* public key to the server
|
||||||
|
- call it "sitaram.pub"; put it in \$HOME
|
||||||
|
- run "gl-setup \$HOME/sitaram.pub"
|
||||||
|
EOF
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
[ -z "$1" ] && { perl -pe "s(\\\$0)($0); last if /ENDHELP/" < $0; exit 1; }
|
[ -z "$1" ] && { perl -pe "s(\\\$0)($0); last if /ENDHELP/" < $0; exit 1; }
|
||||||
|
|
||||||
set -e
|
set -e
|
||||||
|
|
||||||
cd
|
cd
|
||||||
|
|
||||||
REPO_BASE=$( perl -e 'do ".gitolite.rc"; print $REPO_BASE' )
|
REPO_BASE=$( perl -e 'do ".gitolite.rc"; print $REPO_BASE' )
|
||||||
GL_ADMINDIR=$(perl -e 'do ".gitolite.rc"; print $GL_ADMINDIR')
|
GL_ADMINDIR=$(perl -e 'do ".gitolite.rc"; print $GL_ADMINDIR')
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue