From c54d3eabbc4ffe448ee38f91a6431784d7303d3e Mon Sep 17 00:00:00 2001 From: Sitaram Chamarty Date: Fri, 13 Nov 2009 05:03:09 +0530 Subject: [PATCH] all src: (please read full commit message): allow local admin-defined hooks You can now add your own hooks into src/hooks/ and they get propagated along with the update hook that is present there now. Please read the new section in the admin document, and make sure you understand the security implications of accidentally fiddling with the "update" script. This also prompted a major rename spree of all the files to be consistent, etc. Plus people said that the .sh and .pl suffixes should be avoided (and I was feeling the same way). I've also been inconsistent with that "gl-" prefix, so I cleaned that up, and the 00- and 99- were also funny animals. Time to get all this cleaned up before we get 1.0 :) So these are the changes, in case you're looking at just the commit message and not the diffstat: src/pta-hook.sh -> src/ga-post-update-hook src/conf-convert.pl -> src/gl-conf-convert src/00-easy-install.sh -> src/gl-easy-install src/99-emergency-addkey.sh -> src/gl-emergency-addkey src/install.pl -> src/gl-install src/update-hook.pl -> src/hooks/update --- doc/0-INSTALL.mkd | 8 ++--- doc/1-migrate.mkd | 2 +- doc/2-admin.mkd | 23 ++++++++++++++ doc/6-ssh-troubleshooting.mkd | 4 +-- src/{pta-hook.sh => ga-post-update-hook} | 0 src/gl-compile-conf | 3 +- src/{conf-convert.pl => gl-conf-convert} | 0 src/{00-easy-install.sh => gl-easy-install} | 30 ++++++++++--------- ...mergency-addkey.sh => gl-emergency-addkey} | 0 src/{install.pl => gl-install} | 14 ++++++--- src/{update-hook.pl => hooks/update} | 0 11 files changed, 58 insertions(+), 26 deletions(-) rename src/{pta-hook.sh => ga-post-update-hook} (100%) rename src/{conf-convert.pl => gl-conf-convert} (100%) rename src/{00-easy-install.sh => gl-easy-install} (96%) rename src/{99-emergency-addkey.sh => gl-emergency-addkey} (100%) rename src/{install.pl => gl-install} (82%) rename src/{update-hook.pl => hooks/update} (100%) diff --git a/doc/0-INSTALL.mkd b/doc/0-INSTALL.mkd index c5ef5b1..984f040 100644 --- a/doc/0-INSTALL.mkd +++ b/doc/0-INSTALL.mkd @@ -39,7 +39,7 @@ Assumptions/pre-requisites: new keypair if needed, then run `ssh-copy-id user@host`) * you have a clone or an archive of gitolite somewhere on your workstation -If so, just `cd` to that clone and run `src/00-easy-install.sh` and follow the +If so, just `cd` to that clone and run `src/gl-easy-install` and follow the prompts! (Running it without any arguments shows you usage plus other useful info). @@ -47,7 +47,7 @@ info). A typical run for me is: - src/00-easy-install.sh -q git my.git.server sitaram + src/gl-easy-install -q git my.git.server sitaram `-q` stands for "quiet" mode -- very minimal output, no verbose descriptions of what it is going to do, and no pauses unless absolutely needed. However, @@ -73,7 +73,7 @@ actually doing, I suggest you skip the `-q`. ### manual install If you don't have bash, it's not very complicated to do it manually. Just -open the file `src/00-easy-install.sh` in a nice, syntax coloring, text +open the file `src/gl-easy-install` in a nice, syntax coloring, text editor, and follow the instructions marked "MANUAL" :-) ### upgrades @@ -94,7 +94,7 @@ opposed to merely creating one which did not exist) is best left to a human. ### other notes - * if you run `src/00-easy-install.sh` without the `-q` option, you will be + * if you run `src/gl-easy-install` without the `-q` option, you will be given a chance to edit `~/.gitolite.rc`. You can change any options (such as paths, for instance), but be sure to keep the perl syntax -- you *don't* have to know perl to do so, it's fairly easy to guess in this diff --git a/doc/1-migrate.mkd b/doc/1-migrate.mkd index fb5de34..c09fe13 100644 --- a/doc/1-migrate.mkd +++ b/doc/1-migrate.mkd @@ -46,7 +46,7 @@ Now, log off the server and get back to the client: gitosis-admin clone in `$GSAC` below, and similarly the path for your gito**lite**-admin clone in `$GLAC` - src/conf-convert.pl < $GSAC/gitosis.conf > $GLAC/gitolite.conf + src/gl-conf-convert < $GSAC/gitosis.conf > $GLAC/gitolite.conf Be sure to check the file to make sure it converted correctly diff --git a/doc/2-admin.mkd b/doc/2-admin.mkd index 240b647..7038fb9 100644 --- a/doc/2-admin.mkd +++ b/doc/2-admin.mkd @@ -3,6 +3,13 @@ *Note*: some of the paths in this document use variable names. Just refer to `~/.gitolite.rc` for the correct values for *your* installation. +In this document: + + * administer + * adding users and repos + * specifying gitweb and daemon access + * custom hooks + ### administer First of all, ***do NOT add new repos manually***, unless you know how to add @@ -62,3 +69,19 @@ a one-time setup you must do separately. All this does is: The "compile" script will keep these files consistent with the config settings -- this includes removing such settings/files if you remove "read" permissions for the special usernames or remove the description line. + +#### custom hooks + +If you want to put in your own, custom, hooks every time a new repo is created +by gitolite, put a **tested** hook script in `src/hooks`. As distributed, the +only file there is the `update` hook, but everything (*everything*) in that +directory will get copied to the `hooks/` subdirectory of every *new* repo +created. + +In order to push a new or updated hook script to *existing* repos as well, +just run easy install once again; it'll do it to existing repos also. + +**VERY IMPORTANT SECURITY NOTE: the `update` hook in `src/hooks` is what +implements all the branch-level permissions in gitolite. If you fiddle with +the hooks directory, please make sure you do not mess with this file +accidentally, or all your fancy per-branch permissions will stop working.** diff --git a/doc/6-ssh-troubleshooting.mkd b/doc/6-ssh-troubleshooting.mkd index 2bc04a0..462b59a 100644 --- a/doc/6-ssh-troubleshooting.mkd +++ b/doc/6-ssh-troubleshooting.mkd @@ -117,7 +117,7 @@ Here's how it all hangs together. ~/.ssh/id_rsa.pub * gitolite keypair; the "sitaram" in this is the 3rd argument to the - `src/00-easy-install.sh` command you ran; the easy install script does the + `src/gl-easy-install` command you ran; the easy install script does the rest ~/.ssh/sitaram @@ -200,7 +200,7 @@ that should have enough info to get you going (but it helps to know ssh well): cp id_rsa sitaram cp id_rsa.pub sitaram.pub cd ~/gitolite-clone - src/00-easy-install.sh -q git my.git.server sitaram + src/gl-easy-install -q git my.git.server sitaram that last command produces something like the following: diff --git a/src/pta-hook.sh b/src/ga-post-update-hook similarity index 100% rename from src/pta-hook.sh rename to src/ga-post-update-hook diff --git a/src/gl-compile-conf b/src/gl-compile-conf index ab8774f..de3cf00 100755 --- a/src/gl-compile-conf +++ b/src/gl-compile-conf @@ -317,7 +317,8 @@ for my $repo (keys %repos) # erm, note that's "and die" not "or die" as is normal in perl wrap_chdir("$repo.git"); system("git --bare init"); - system("cp $GL_ADMINDIR/src/update-hook.pl hooks/update"); + # propagate our own, plus any local admin-defined, hooks + system("cp $GL_ADMINDIR/src/hooks/* hooks/"); chmod 0755, "hooks/update"; wrap_chdir("$repo_base_abs"); $git_too_old++ if $git_version < 10602; # that's 1.6.2 to you diff --git a/src/conf-convert.pl b/src/gl-conf-convert similarity index 100% rename from src/conf-convert.pl rename to src/gl-conf-convert diff --git a/src/00-easy-install.sh b/src/gl-easy-install similarity index 96% rename from src/00-easy-install.sh rename to src/gl-easy-install index eea3997..e5d23da 100755 --- a/src/00-easy-install.sh +++ b/src/gl-easy-install @@ -120,7 +120,7 @@ Notes: Pre-requisites: - you must run this from the gitolite working tree top level directory. - This means you run this as "src/00-easy-install.sh" + This means you run this as "src/gl-easy-install" - you must already have pubkey based access to user@host. If you currently only have password access, use "ssh-copy-id" or something equivalent (or copy the key manually). Somehow (doesn't matter how), get to the point @@ -137,13 +137,13 @@ EOFU # ---------------------------------------------------------------------- basic_sanity() { - # MANUAL: this *must* be run as "src/00-easy-install.sh", not by cd-ing to - # src and then running "./00-easy-install.sh" + # MANUAL: this *must* be run as "src/gl-easy-install", not by cd-ing to + # src and then running "./gl-easy-install" - [[ $0 =~ ^src/00-easy-install.sh$ ]] || + [[ $0 =~ ^src/gl-easy-install$ ]] || { die "please cd to the gitolite repo top level directory and run this as - 'src/00-easy-install.sh'" + 'src/gl-easy-install'" } # are we in quiet mode? @@ -175,11 +175,13 @@ basic_sanity() { # MANUAL: make sure you're in the gitolite directory, at the top level. # The following files should all be visible: - ls src/gl-auth-command \ - src/gl-compile-conf \ - src/install.pl \ - src/update-hook.pl \ - conf/example.conf \ + ls src/ga-post-update-hook \ + src/gitolite.pm \ + src/gl-install \ + src/gl-auth-command \ + src/gl-compile-conf \ + src/hooks/update \ + conf/example.conf \ conf/example.gitolite.rc >/dev/null || die "cant find at least some files in gitolite sources/config; aborting" @@ -349,9 +351,9 @@ run_install() { fi # MANUAL: still in the "gitolite-install" directory? Good. Run - # "src/install.pl" + # "src/gl-install" - ssh -p $port $user@$host "cd gitolite-install; src/install.pl $quiet" + ssh -p $port $user@$host "cd gitolite-install; src/gl-install $quiet" # MANUAL: if you're upgrading, run "src/gl-compile-conf" and you're done! # -- ignore the rest of this file for the purposes of an upgrade @@ -412,9 +414,9 @@ GIT_WORK_TREE=$GL_ADMINDIR git commit -am start --allow-empty # MANUAL: now that the admin repo is created, you have to set the hooks # properly. The install program does this. So cd back to the - # "gitolite-install" directory and run "src/install.pl" + # "gitolite-install" directory and run "src/gl-install" - ssh -p $port $user@$host "cd gitolite-install; src/install.pl $quiet" + ssh -p $port $user@$host "cd gitolite-install; src/gl-install $quiet" # MANUAL: you're done! Log out of the server, come back to your # workstation, and clone the admin repo using "git clone diff --git a/src/99-emergency-addkey.sh b/src/gl-emergency-addkey similarity index 100% rename from src/99-emergency-addkey.sh rename to src/gl-emergency-addkey diff --git a/src/install.pl b/src/gl-install similarity index 82% rename from src/install.pl rename to src/gl-install index 09a8345..afea0dc 100755 --- a/src/install.pl +++ b/src/gl-install @@ -66,20 +66,26 @@ unless (-f $GL_CONF) { EOF } -# finally, any potential changes to src/update-hook.pl must be propagated to -# all the repos' hook directories +# finally, hooks must be propagated to all the repos in case they changed chdir("$repo_base_abs") or die "chdir $repo_base_abs failed: $!\n"; for my $repo (`find . -type d -name "*.git"`) { chomp ($repo); - system("cp $GL_ADMINDIR/src/update-hook.pl $repo/hooks/update"); + # propagate our own, plus any local admin-defined, hooks + system("cp $GL_ADMINDIR/src/hooks/* $repo/hooks/"); chmod 0755, "$repo/hooks/update"; } # oh and one of those repos is a bit more special and has an extra hook :) if ( -d "gitolite-admin.git/hooks" ) { print "copying post-update hook to gitolite-admin repo...\n"; - system("cp -v $GL_ADMINDIR/src/pta-hook.sh gitolite-admin.git/hooks/post-update"); + system("cp -v $GL_ADMINDIR/src/ga-post-update-hook gitolite-admin.git/hooks/post-update"); system("perl", "-i", "-p", "-e", "s(export GL_ADMINDIR=.*)(export GL_ADMINDIR=$GL_ADMINDIR)", "gitolite-admin.git/hooks/post-update"); chmod 0755, "gitolite-admin.git/hooks/post-update"; } + +# fixup program renames +for my $oldname qw(pta-hook.sh conf-convert.pl 00-easy-install.sh 99-emergency-addkey.sh install.pl update-hook.pl) { + unlink "$GL_ADMINDIR/src/$oldname"; + unlink "$ENV{HOME}/gitolite-install/src/$oldname"; +} diff --git a/src/update-hook.pl b/src/hooks/update similarity index 100% rename from src/update-hook.pl rename to src/hooks/update