detect gl-emergency-addkey attempt for server side installs

and give a suitable message, fix the doc, etc.

(error found by "ry" on #git backlog; couldn't contact him later)
This commit is contained in:
Sitaram Chamarty 2010-06-23 20:00:23 +05:30
parent 5753557b52
commit c1eeaf3c2c
2 changed files with 32 additions and 14 deletions

View file

@ -429,8 +429,7 @@ first place, so the simplest way is to enable it from the server side only.
If you lost the admin key, and need to re-establish ownership of the If you lost the admin key, and need to re-establish ownership of the
gitolite-admin repository with a fresh key, take a look at the gitolite-admin repository with a fresh key, take a look at the
`src/gl-emergency-addkey` program. You will need shell access to the server `src/gl-emergency-addkey` program. You will need shell access to the server
of course. The top of the script has useful information on how to use it and of course. Run it without arguments to get instructions.
what it needs.
<a name="simulating_ssh_copy_id"></a> <a name="simulating_ssh_copy_id"></a>

View file

@ -1,30 +1,49 @@
#!/bin/sh #!/bin/sh
# what/why: re-establish gitolite admin access when admin key(s) lost # Use this to re-establish gitolite admin access when admin key(s) are lost.
# where: on server (NOT client!)
# pre-req: shell access to the server (even with password is fine) # RUN THIS ON THE SERVER, NOT THE CLIENT! (so you need shell access to the
# pre-work: - make yourself a new keypair on your workstation # server; even with password is fine)
# - copy the pubkey and this script to the server
# usage: $0 admin_name client_host_shortname pubkeyfile # HOW TO USE (substitute your admin name for "sitaram" below)
# notes: - admin_name should already have RW or RW+ access to the # - make yourself a new keypair on your workstation
# gitolite-admin repo # - copy the pubkey to the server, call it "sitaram.pub" and put it in $HOME
# - client_host_shortname is any simple word; see example below # - run this command:
# ~/.gitolite/src/gl-emergency-addkey sitaram emergency sitaram.pub
# this will add a new key called sitaram@emergency.pub. Since the "userid"
# that key pertains to is "sitaram", whoever has the private key for this now
# has the same rights as "sitaram"
# WARNING: ABSOLUTELY NO ARGUMENT CHECKING DONE # WARNING: ABSOLUTELY NO ARGUMENT CHECKING DONE
# WARNING: NEWER GITS ONLY ON SERVER SIDE (for now) # WARNING: NEWER GITS ONLY ON SERVER SIDE (for now)
# example: $0 sitaram laptop /tmp/sitaram.pub
# result: a new keyfile named sitaram@laptop.pub would be added
# ENDHELP # ENDHELP
# we can't use this program unless it was installed using gl-easy-install
GL_PACKAGE_CONF=$( cd; perl -e 'do ".gitolite.rc"; print $GL_PACKAGE_CONF' )
if [ -n "$GL_PACKAGE_CONF" ]
then
cat <<EOF
This is not a "from-client method" install; you cannot add an emergency
key using this program.
Please do the following (change "sitaram" below to whatever your admin
username is):
- get your *new* public key to the server
- call it "sitaram.pub"; put it in \$HOME
- run "gl-setup \$HOME/sitaram.pub"
EOF
exit 1
fi
[ -z "$1" ] && { perl -pe "s(\\\$0)($0); last if /ENDHELP/" < $0; exit 1; } [ -z "$1" ] && { perl -pe "s(\\\$0)($0); last if /ENDHELP/" < $0; exit 1; }
set -e set -e
cd cd
REPO_BASE=$( perl -e 'do ".gitolite.rc"; print $REPO_BASE' ) REPO_BASE=$( perl -e 'do ".gitolite.rc"; print $REPO_BASE' )
GL_ADMINDIR=$(perl -e 'do ".gitolite.rc"; print $GL_ADMINDIR') GL_ADMINDIR=$(perl -e 'do ".gitolite.rc"; print $GL_ADMINDIR')