all src: (please read full commit message): allow local admin-defined hooks

You can now add your own hooks into src/hooks/ and they get propagated
along with the update hook that is present there now.  Please read the
new section in the admin document, and make sure you understand the
security implications of accidentally fiddling with the "update" script.

This also prompted a major rename spree of all the files to be
consistent, etc.  Plus people said that the .sh and .pl suffixes should
be avoided (and I was feeling the same way).  I've also been
inconsistent with that "gl-" prefix, so I cleaned that up, and the 00-
and 99- were also funny animals.

Time to get all this cleaned up before we get 1.0 :)

So these are the changes, in case you're looking at just the commit
message and not the diffstat:

    src/pta-hook.sh -> src/ga-post-update-hook
    src/conf-convert.pl -> src/gl-conf-convert
    src/00-easy-install.sh -> src/gl-easy-install
    src/99-emergency-addkey.sh -> src/gl-emergency-addkey
    src/install.pl -> src/gl-install
    src/update-hook.pl -> src/hooks/update
This commit is contained in:
Sitaram Chamarty 2009-11-13 05:03:09 +05:30
parent 3838be2b50
commit c54d3eabbc
11 changed files with 58 additions and 26 deletions

View file

@ -39,7 +39,7 @@ Assumptions/pre-requisites:
new keypair if needed, then run `ssh-copy-id user@host`) new keypair if needed, then run `ssh-copy-id user@host`)
* you have a clone or an archive of gitolite somewhere on your workstation * you have a clone or an archive of gitolite somewhere on your workstation
If so, just `cd` to that clone and run `src/00-easy-install.sh` and follow the If so, just `cd` to that clone and run `src/gl-easy-install` and follow the
prompts! (Running it without any arguments shows you usage plus other useful prompts! (Running it without any arguments shows you usage plus other useful
info). info).
@ -47,7 +47,7 @@ info).
A typical run for me is: A typical run for me is:
src/00-easy-install.sh -q git my.git.server sitaram src/gl-easy-install -q git my.git.server sitaram
`-q` stands for "quiet" mode -- very minimal output, no verbose descriptions `-q` stands for "quiet" mode -- very minimal output, no verbose descriptions
of what it is going to do, and no pauses unless absolutely needed. However, of what it is going to do, and no pauses unless absolutely needed. However,
@ -73,7 +73,7 @@ actually doing, I suggest you skip the `-q`.
### manual install ### manual install
If you don't have bash, it's not very complicated to do it manually. Just If you don't have bash, it's not very complicated to do it manually. Just
open the file `src/00-easy-install.sh` in a nice, syntax coloring, text open the file `src/gl-easy-install` in a nice, syntax coloring, text
editor, and follow the instructions marked "MANUAL" :-) editor, and follow the instructions marked "MANUAL" :-)
### upgrades ### upgrades
@ -94,7 +94,7 @@ opposed to merely creating one which did not exist) is best left to a human.
### other notes ### other notes
* if you run `src/00-easy-install.sh` without the `-q` option, you will be * if you run `src/gl-easy-install` without the `-q` option, you will be
given a chance to edit `~/.gitolite.rc`. You can change any options (such given a chance to edit `~/.gitolite.rc`. You can change any options (such
as paths, for instance), but be sure to keep the perl syntax -- you as paths, for instance), but be sure to keep the perl syntax -- you
*don't* have to know perl to do so, it's fairly easy to guess in this *don't* have to know perl to do so, it's fairly easy to guess in this

View file

@ -46,7 +46,7 @@ Now, log off the server and get back to the client:
gitosis-admin clone in `$GSAC` below, and similarly the path for your gitosis-admin clone in `$GSAC` below, and similarly the path for your
gito**lite**-admin clone in `$GLAC` gito**lite**-admin clone in `$GLAC`
src/conf-convert.pl < $GSAC/gitosis.conf > $GLAC/gitolite.conf src/gl-conf-convert < $GSAC/gitosis.conf > $GLAC/gitolite.conf
Be sure to check the file to make sure it converted correctly Be sure to check the file to make sure it converted correctly

View file

@ -3,6 +3,13 @@
*Note*: some of the paths in this document use variable names. Just refer to *Note*: some of the paths in this document use variable names. Just refer to
`~/.gitolite.rc` for the correct values for *your* installation. `~/.gitolite.rc` for the correct values for *your* installation.
In this document:
* administer
* adding users and repos
* specifying gitweb and daemon access
* custom hooks
### administer ### administer
First of all, ***do NOT add new repos manually***, unless you know how to add First of all, ***do NOT add new repos manually***, unless you know how to add
@ -62,3 +69,19 @@ a one-time setup you must do separately. All this does is:
The "compile" script will keep these files consistent with the config settings The "compile" script will keep these files consistent with the config settings
-- this includes removing such settings/files if you remove "read" permissions -- this includes removing such settings/files if you remove "read" permissions
for the special usernames or remove the description line. for the special usernames or remove the description line.
#### custom hooks
If you want to put in your own, custom, hooks every time a new repo is created
by gitolite, put a **tested** hook script in `src/hooks`. As distributed, the
only file there is the `update` hook, but everything (*everything*) in that
directory will get copied to the `hooks/` subdirectory of every *new* repo
created.
In order to push a new or updated hook script to *existing* repos as well,
just run easy install once again; it'll do it to existing repos also.
**VERY IMPORTANT SECURITY NOTE: the `update` hook in `src/hooks` is what
implements all the branch-level permissions in gitolite. If you fiddle with
the hooks directory, please make sure you do not mess with this file
accidentally, or all your fancy per-branch permissions will stop working.**

View file

@ -117,7 +117,7 @@ Here's how it all hangs together.
~/.ssh/id_rsa.pub ~/.ssh/id_rsa.pub
* gitolite keypair; the "sitaram" in this is the 3rd argument to the * gitolite keypair; the "sitaram" in this is the 3rd argument to the
`src/00-easy-install.sh` command you ran; the easy install script does the `src/gl-easy-install` command you ran; the easy install script does the
rest rest
~/.ssh/sitaram ~/.ssh/sitaram
@ -200,7 +200,7 @@ that should have enough info to get you going (but it helps to know ssh well):
cp id_rsa sitaram cp id_rsa sitaram
cp id_rsa.pub sitaram.pub cp id_rsa.pub sitaram.pub
cd ~/gitolite-clone cd ~/gitolite-clone
src/00-easy-install.sh -q git my.git.server sitaram src/gl-easy-install -q git my.git.server sitaram
that last command produces something like the following: that last command produces something like the following:

View file

@ -317,7 +317,8 @@ for my $repo (keys %repos)
# erm, note that's "and die" not "or die" as is normal in perl # erm, note that's "and die" not "or die" as is normal in perl
wrap_chdir("$repo.git"); wrap_chdir("$repo.git");
system("git --bare init"); system("git --bare init");
system("cp $GL_ADMINDIR/src/update-hook.pl hooks/update"); # propagate our own, plus any local admin-defined, hooks
system("cp $GL_ADMINDIR/src/hooks/* hooks/");
chmod 0755, "hooks/update"; chmod 0755, "hooks/update";
wrap_chdir("$repo_base_abs"); wrap_chdir("$repo_base_abs");
$git_too_old++ if $git_version < 10602; # that's 1.6.2 to you $git_too_old++ if $git_version < 10602; # that's 1.6.2 to you

View file

@ -120,7 +120,7 @@ Notes:
Pre-requisites: Pre-requisites:
- you must run this from the gitolite working tree top level directory. - you must run this from the gitolite working tree top level directory.
This means you run this as "src/00-easy-install.sh" This means you run this as "src/gl-easy-install"
- you must already have pubkey based access to user@host. If you currently - you must already have pubkey based access to user@host. If you currently
only have password access, use "ssh-copy-id" or something equivalent (or only have password access, use "ssh-copy-id" or something equivalent (or
copy the key manually). Somehow (doesn't matter how), get to the point copy the key manually). Somehow (doesn't matter how), get to the point
@ -137,13 +137,13 @@ EOFU
# ---------------------------------------------------------------------- # ----------------------------------------------------------------------
basic_sanity() { basic_sanity() {
# MANUAL: this *must* be run as "src/00-easy-install.sh", not by cd-ing to # MANUAL: this *must* be run as "src/gl-easy-install", not by cd-ing to
# src and then running "./00-easy-install.sh" # src and then running "./gl-easy-install"
[[ $0 =~ ^src/00-easy-install.sh$ ]] || [[ $0 =~ ^src/gl-easy-install$ ]] ||
{ {
die "please cd to the gitolite repo top level directory and run this as die "please cd to the gitolite repo top level directory and run this as
'src/00-easy-install.sh'" 'src/gl-easy-install'"
} }
# are we in quiet mode? # are we in quiet mode?
@ -175,10 +175,12 @@ basic_sanity() {
# MANUAL: make sure you're in the gitolite directory, at the top level. # MANUAL: make sure you're in the gitolite directory, at the top level.
# The following files should all be visible: # The following files should all be visible:
ls src/gl-auth-command \ ls src/ga-post-update-hook \
src/gitolite.pm \
src/gl-install \
src/gl-auth-command \
src/gl-compile-conf \ src/gl-compile-conf \
src/install.pl \ src/hooks/update \
src/update-hook.pl \
conf/example.conf \ conf/example.conf \
conf/example.gitolite.rc >/dev/null || conf/example.gitolite.rc >/dev/null ||
die "cant find at least some files in gitolite sources/config; aborting" die "cant find at least some files in gitolite sources/config; aborting"
@ -349,9 +351,9 @@ run_install() {
fi fi
# MANUAL: still in the "gitolite-install" directory? Good. Run # MANUAL: still in the "gitolite-install" directory? Good. Run
# "src/install.pl" # "src/gl-install"
ssh -p $port $user@$host "cd gitolite-install; src/install.pl $quiet" ssh -p $port $user@$host "cd gitolite-install; src/gl-install $quiet"
# MANUAL: if you're upgrading, run "src/gl-compile-conf" and you're done! # MANUAL: if you're upgrading, run "src/gl-compile-conf" and you're done!
# -- ignore the rest of this file for the purposes of an upgrade # -- ignore the rest of this file for the purposes of an upgrade
@ -412,9 +414,9 @@ GIT_WORK_TREE=$GL_ADMINDIR git commit -am start --allow-empty
# MANUAL: now that the admin repo is created, you have to set the hooks # MANUAL: now that the admin repo is created, you have to set the hooks
# properly. The install program does this. So cd back to the # properly. The install program does this. So cd back to the
# "gitolite-install" directory and run "src/install.pl" # "gitolite-install" directory and run "src/gl-install"
ssh -p $port $user@$host "cd gitolite-install; src/install.pl $quiet" ssh -p $port $user@$host "cd gitolite-install; src/gl-install $quiet"
# MANUAL: you're done! Log out of the server, come back to your # MANUAL: you're done! Log out of the server, come back to your
# workstation, and clone the admin repo using "git clone # workstation, and clone the admin repo using "git clone

View file

@ -66,20 +66,26 @@ unless (-f $GL_CONF) {
EOF EOF
} }
# finally, any potential changes to src/update-hook.pl must be propagated to # finally, hooks must be propagated to all the repos in case they changed
# all the repos' hook directories
chdir("$repo_base_abs") or die "chdir $repo_base_abs failed: $!\n"; chdir("$repo_base_abs") or die "chdir $repo_base_abs failed: $!\n";
for my $repo (`find . -type d -name "*.git"`) { for my $repo (`find . -type d -name "*.git"`) {
chomp ($repo); chomp ($repo);
system("cp $GL_ADMINDIR/src/update-hook.pl $repo/hooks/update"); # propagate our own, plus any local admin-defined, hooks
system("cp $GL_ADMINDIR/src/hooks/* $repo/hooks/");
chmod 0755, "$repo/hooks/update"; chmod 0755, "$repo/hooks/update";
} }
# oh and one of those repos is a bit more special and has an extra hook :) # oh and one of those repos is a bit more special and has an extra hook :)
if ( -d "gitolite-admin.git/hooks" ) { if ( -d "gitolite-admin.git/hooks" ) {
print "copying post-update hook to gitolite-admin repo...\n"; print "copying post-update hook to gitolite-admin repo...\n";
system("cp -v $GL_ADMINDIR/src/pta-hook.sh gitolite-admin.git/hooks/post-update"); system("cp -v $GL_ADMINDIR/src/ga-post-update-hook gitolite-admin.git/hooks/post-update");
system("perl", "-i", "-p", "-e", "s(export GL_ADMINDIR=.*)(export GL_ADMINDIR=$GL_ADMINDIR)", system("perl", "-i", "-p", "-e", "s(export GL_ADMINDIR=.*)(export GL_ADMINDIR=$GL_ADMINDIR)",
"gitolite-admin.git/hooks/post-update"); "gitolite-admin.git/hooks/post-update");
chmod 0755, "gitolite-admin.git/hooks/post-update"; chmod 0755, "gitolite-admin.git/hooks/post-update";
} }
# fixup program renames
for my $oldname qw(pta-hook.sh conf-convert.pl 00-easy-install.sh 99-emergency-addkey.sh install.pl update-hook.pl) {
unlink "$GL_ADMINDIR/src/$oldname";
unlink "$ENV{HOME}/gitolite-install/src/$oldname";
}