all src: (please read full commit message): allow local admin-defined hooks
You can now add your own hooks into src/hooks/ and they get propagated along with the update hook that is present there now. Please read the new section in the admin document, and make sure you understand the security implications of accidentally fiddling with the "update" script. This also prompted a major rename spree of all the files to be consistent, etc. Plus people said that the .sh and .pl suffixes should be avoided (and I was feeling the same way). I've also been inconsistent with that "gl-" prefix, so I cleaned that up, and the 00- and 99- were also funny animals. Time to get all this cleaned up before we get 1.0 :) So these are the changes, in case you're looking at just the commit message and not the diffstat: src/pta-hook.sh -> src/ga-post-update-hook src/conf-convert.pl -> src/gl-conf-convert src/00-easy-install.sh -> src/gl-easy-install src/99-emergency-addkey.sh -> src/gl-emergency-addkey src/install.pl -> src/gl-install src/update-hook.pl -> src/hooks/update
This commit is contained in:
parent
3838be2b50
commit
c54d3eabbc
|
@ -39,7 +39,7 @@ Assumptions/pre-requisites:
|
||||||
new keypair if needed, then run `ssh-copy-id user@host`)
|
new keypair if needed, then run `ssh-copy-id user@host`)
|
||||||
* you have a clone or an archive of gitolite somewhere on your workstation
|
* you have a clone or an archive of gitolite somewhere on your workstation
|
||||||
|
|
||||||
If so, just `cd` to that clone and run `src/00-easy-install.sh` and follow the
|
If so, just `cd` to that clone and run `src/gl-easy-install` and follow the
|
||||||
prompts! (Running it without any arguments shows you usage plus other useful
|
prompts! (Running it without any arguments shows you usage plus other useful
|
||||||
info).
|
info).
|
||||||
|
|
||||||
|
@ -47,7 +47,7 @@ info).
|
||||||
|
|
||||||
A typical run for me is:
|
A typical run for me is:
|
||||||
|
|
||||||
src/00-easy-install.sh -q git my.git.server sitaram
|
src/gl-easy-install -q git my.git.server sitaram
|
||||||
|
|
||||||
`-q` stands for "quiet" mode -- very minimal output, no verbose descriptions
|
`-q` stands for "quiet" mode -- very minimal output, no verbose descriptions
|
||||||
of what it is going to do, and no pauses unless absolutely needed. However,
|
of what it is going to do, and no pauses unless absolutely needed. However,
|
||||||
|
@ -73,7 +73,7 @@ actually doing, I suggest you skip the `-q`.
|
||||||
### manual install
|
### manual install
|
||||||
|
|
||||||
If you don't have bash, it's not very complicated to do it manually. Just
|
If you don't have bash, it's not very complicated to do it manually. Just
|
||||||
open the file `src/00-easy-install.sh` in a nice, syntax coloring, text
|
open the file `src/gl-easy-install` in a nice, syntax coloring, text
|
||||||
editor, and follow the instructions marked "MANUAL" :-)
|
editor, and follow the instructions marked "MANUAL" :-)
|
||||||
|
|
||||||
### upgrades
|
### upgrades
|
||||||
|
@ -94,7 +94,7 @@ opposed to merely creating one which did not exist) is best left to a human.
|
||||||
|
|
||||||
### other notes
|
### other notes
|
||||||
|
|
||||||
* if you run `src/00-easy-install.sh` without the `-q` option, you will be
|
* if you run `src/gl-easy-install` without the `-q` option, you will be
|
||||||
given a chance to edit `~/.gitolite.rc`. You can change any options (such
|
given a chance to edit `~/.gitolite.rc`. You can change any options (such
|
||||||
as paths, for instance), but be sure to keep the perl syntax -- you
|
as paths, for instance), but be sure to keep the perl syntax -- you
|
||||||
*don't* have to know perl to do so, it's fairly easy to guess in this
|
*don't* have to know perl to do so, it's fairly easy to guess in this
|
||||||
|
|
|
@ -46,7 +46,7 @@ Now, log off the server and get back to the client:
|
||||||
gitosis-admin clone in `$GSAC` below, and similarly the path for your
|
gitosis-admin clone in `$GSAC` below, and similarly the path for your
|
||||||
gito**lite**-admin clone in `$GLAC`
|
gito**lite**-admin clone in `$GLAC`
|
||||||
|
|
||||||
src/conf-convert.pl < $GSAC/gitosis.conf > $GLAC/gitolite.conf
|
src/gl-conf-convert < $GSAC/gitosis.conf > $GLAC/gitolite.conf
|
||||||
|
|
||||||
Be sure to check the file to make sure it converted correctly
|
Be sure to check the file to make sure it converted correctly
|
||||||
|
|
||||||
|
|
|
@ -3,6 +3,13 @@
|
||||||
*Note*: some of the paths in this document use variable names. Just refer to
|
*Note*: some of the paths in this document use variable names. Just refer to
|
||||||
`~/.gitolite.rc` for the correct values for *your* installation.
|
`~/.gitolite.rc` for the correct values for *your* installation.
|
||||||
|
|
||||||
|
In this document:
|
||||||
|
|
||||||
|
* administer
|
||||||
|
* adding users and repos
|
||||||
|
* specifying gitweb and daemon access
|
||||||
|
* custom hooks
|
||||||
|
|
||||||
### administer
|
### administer
|
||||||
|
|
||||||
First of all, ***do NOT add new repos manually***, unless you know how to add
|
First of all, ***do NOT add new repos manually***, unless you know how to add
|
||||||
|
@ -62,3 +69,19 @@ a one-time setup you must do separately. All this does is:
|
||||||
The "compile" script will keep these files consistent with the config settings
|
The "compile" script will keep these files consistent with the config settings
|
||||||
-- this includes removing such settings/files if you remove "read" permissions
|
-- this includes removing such settings/files if you remove "read" permissions
|
||||||
for the special usernames or remove the description line.
|
for the special usernames or remove the description line.
|
||||||
|
|
||||||
|
#### custom hooks
|
||||||
|
|
||||||
|
If you want to put in your own, custom, hooks every time a new repo is created
|
||||||
|
by gitolite, put a **tested** hook script in `src/hooks`. As distributed, the
|
||||||
|
only file there is the `update` hook, but everything (*everything*) in that
|
||||||
|
directory will get copied to the `hooks/` subdirectory of every *new* repo
|
||||||
|
created.
|
||||||
|
|
||||||
|
In order to push a new or updated hook script to *existing* repos as well,
|
||||||
|
just run easy install once again; it'll do it to existing repos also.
|
||||||
|
|
||||||
|
**VERY IMPORTANT SECURITY NOTE: the `update` hook in `src/hooks` is what
|
||||||
|
implements all the branch-level permissions in gitolite. If you fiddle with
|
||||||
|
the hooks directory, please make sure you do not mess with this file
|
||||||
|
accidentally, or all your fancy per-branch permissions will stop working.**
|
||||||
|
|
|
@ -117,7 +117,7 @@ Here's how it all hangs together.
|
||||||
~/.ssh/id_rsa.pub
|
~/.ssh/id_rsa.pub
|
||||||
|
|
||||||
* gitolite keypair; the "sitaram" in this is the 3rd argument to the
|
* gitolite keypair; the "sitaram" in this is the 3rd argument to the
|
||||||
`src/00-easy-install.sh` command you ran; the easy install script does the
|
`src/gl-easy-install` command you ran; the easy install script does the
|
||||||
rest
|
rest
|
||||||
|
|
||||||
~/.ssh/sitaram
|
~/.ssh/sitaram
|
||||||
|
@ -200,7 +200,7 @@ that should have enough info to get you going (but it helps to know ssh well):
|
||||||
cp id_rsa sitaram
|
cp id_rsa sitaram
|
||||||
cp id_rsa.pub sitaram.pub
|
cp id_rsa.pub sitaram.pub
|
||||||
cd ~/gitolite-clone
|
cd ~/gitolite-clone
|
||||||
src/00-easy-install.sh -q git my.git.server sitaram
|
src/gl-easy-install -q git my.git.server sitaram
|
||||||
|
|
||||||
that last command produces something like the following:
|
that last command produces something like the following:
|
||||||
|
|
||||||
|
|
|
@ -317,7 +317,8 @@ for my $repo (keys %repos)
|
||||||
# erm, note that's "and die" not "or die" as is normal in perl
|
# erm, note that's "and die" not "or die" as is normal in perl
|
||||||
wrap_chdir("$repo.git");
|
wrap_chdir("$repo.git");
|
||||||
system("git --bare init");
|
system("git --bare init");
|
||||||
system("cp $GL_ADMINDIR/src/update-hook.pl hooks/update");
|
# propagate our own, plus any local admin-defined, hooks
|
||||||
|
system("cp $GL_ADMINDIR/src/hooks/* hooks/");
|
||||||
chmod 0755, "hooks/update";
|
chmod 0755, "hooks/update";
|
||||||
wrap_chdir("$repo_base_abs");
|
wrap_chdir("$repo_base_abs");
|
||||||
$git_too_old++ if $git_version < 10602; # that's 1.6.2 to you
|
$git_too_old++ if $git_version < 10602; # that's 1.6.2 to you
|
||||||
|
|
|
@ -120,7 +120,7 @@ Notes:
|
||||||
|
|
||||||
Pre-requisites:
|
Pre-requisites:
|
||||||
- you must run this from the gitolite working tree top level directory.
|
- you must run this from the gitolite working tree top level directory.
|
||||||
This means you run this as "src/00-easy-install.sh"
|
This means you run this as "src/gl-easy-install"
|
||||||
- you must already have pubkey based access to user@host. If you currently
|
- you must already have pubkey based access to user@host. If you currently
|
||||||
only have password access, use "ssh-copy-id" or something equivalent (or
|
only have password access, use "ssh-copy-id" or something equivalent (or
|
||||||
copy the key manually). Somehow (doesn't matter how), get to the point
|
copy the key manually). Somehow (doesn't matter how), get to the point
|
||||||
|
@ -137,13 +137,13 @@ EOFU
|
||||||
# ----------------------------------------------------------------------
|
# ----------------------------------------------------------------------
|
||||||
|
|
||||||
basic_sanity() {
|
basic_sanity() {
|
||||||
# MANUAL: this *must* be run as "src/00-easy-install.sh", not by cd-ing to
|
# MANUAL: this *must* be run as "src/gl-easy-install", not by cd-ing to
|
||||||
# src and then running "./00-easy-install.sh"
|
# src and then running "./gl-easy-install"
|
||||||
|
|
||||||
[[ $0 =~ ^src/00-easy-install.sh$ ]] ||
|
[[ $0 =~ ^src/gl-easy-install$ ]] ||
|
||||||
{
|
{
|
||||||
die "please cd to the gitolite repo top level directory and run this as
|
die "please cd to the gitolite repo top level directory and run this as
|
||||||
'src/00-easy-install.sh'"
|
'src/gl-easy-install'"
|
||||||
}
|
}
|
||||||
|
|
||||||
# are we in quiet mode?
|
# are we in quiet mode?
|
||||||
|
@ -175,10 +175,12 @@ basic_sanity() {
|
||||||
# MANUAL: make sure you're in the gitolite directory, at the top level.
|
# MANUAL: make sure you're in the gitolite directory, at the top level.
|
||||||
# The following files should all be visible:
|
# The following files should all be visible:
|
||||||
|
|
||||||
ls src/gl-auth-command \
|
ls src/ga-post-update-hook \
|
||||||
|
src/gitolite.pm \
|
||||||
|
src/gl-install \
|
||||||
|
src/gl-auth-command \
|
||||||
src/gl-compile-conf \
|
src/gl-compile-conf \
|
||||||
src/install.pl \
|
src/hooks/update \
|
||||||
src/update-hook.pl \
|
|
||||||
conf/example.conf \
|
conf/example.conf \
|
||||||
conf/example.gitolite.rc >/dev/null ||
|
conf/example.gitolite.rc >/dev/null ||
|
||||||
die "cant find at least some files in gitolite sources/config; aborting"
|
die "cant find at least some files in gitolite sources/config; aborting"
|
||||||
|
@ -349,9 +351,9 @@ run_install() {
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# MANUAL: still in the "gitolite-install" directory? Good. Run
|
# MANUAL: still in the "gitolite-install" directory? Good. Run
|
||||||
# "src/install.pl"
|
# "src/gl-install"
|
||||||
|
|
||||||
ssh -p $port $user@$host "cd gitolite-install; src/install.pl $quiet"
|
ssh -p $port $user@$host "cd gitolite-install; src/gl-install $quiet"
|
||||||
|
|
||||||
# MANUAL: if you're upgrading, run "src/gl-compile-conf" and you're done!
|
# MANUAL: if you're upgrading, run "src/gl-compile-conf" and you're done!
|
||||||
# -- ignore the rest of this file for the purposes of an upgrade
|
# -- ignore the rest of this file for the purposes of an upgrade
|
||||||
|
@ -412,9 +414,9 @@ GIT_WORK_TREE=$GL_ADMINDIR git commit -am start --allow-empty
|
||||||
|
|
||||||
# MANUAL: now that the admin repo is created, you have to set the hooks
|
# MANUAL: now that the admin repo is created, you have to set the hooks
|
||||||
# properly. The install program does this. So cd back to the
|
# properly. The install program does this. So cd back to the
|
||||||
# "gitolite-install" directory and run "src/install.pl"
|
# "gitolite-install" directory and run "src/gl-install"
|
||||||
|
|
||||||
ssh -p $port $user@$host "cd gitolite-install; src/install.pl $quiet"
|
ssh -p $port $user@$host "cd gitolite-install; src/gl-install $quiet"
|
||||||
|
|
||||||
# MANUAL: you're done! Log out of the server, come back to your
|
# MANUAL: you're done! Log out of the server, come back to your
|
||||||
# workstation, and clone the admin repo using "git clone
|
# workstation, and clone the admin repo using "git clone
|
|
@ -66,20 +66,26 @@ unless (-f $GL_CONF) {
|
||||||
EOF
|
EOF
|
||||||
}
|
}
|
||||||
|
|
||||||
# finally, any potential changes to src/update-hook.pl must be propagated to
|
# finally, hooks must be propagated to all the repos in case they changed
|
||||||
# all the repos' hook directories
|
|
||||||
chdir("$repo_base_abs") or die "chdir $repo_base_abs failed: $!\n";
|
chdir("$repo_base_abs") or die "chdir $repo_base_abs failed: $!\n";
|
||||||
for my $repo (`find . -type d -name "*.git"`) {
|
for my $repo (`find . -type d -name "*.git"`) {
|
||||||
chomp ($repo);
|
chomp ($repo);
|
||||||
system("cp $GL_ADMINDIR/src/update-hook.pl $repo/hooks/update");
|
# propagate our own, plus any local admin-defined, hooks
|
||||||
|
system("cp $GL_ADMINDIR/src/hooks/* $repo/hooks/");
|
||||||
chmod 0755, "$repo/hooks/update";
|
chmod 0755, "$repo/hooks/update";
|
||||||
}
|
}
|
||||||
|
|
||||||
# oh and one of those repos is a bit more special and has an extra hook :)
|
# oh and one of those repos is a bit more special and has an extra hook :)
|
||||||
if ( -d "gitolite-admin.git/hooks" ) {
|
if ( -d "gitolite-admin.git/hooks" ) {
|
||||||
print "copying post-update hook to gitolite-admin repo...\n";
|
print "copying post-update hook to gitolite-admin repo...\n";
|
||||||
system("cp -v $GL_ADMINDIR/src/pta-hook.sh gitolite-admin.git/hooks/post-update");
|
system("cp -v $GL_ADMINDIR/src/ga-post-update-hook gitolite-admin.git/hooks/post-update");
|
||||||
system("perl", "-i", "-p", "-e", "s(export GL_ADMINDIR=.*)(export GL_ADMINDIR=$GL_ADMINDIR)",
|
system("perl", "-i", "-p", "-e", "s(export GL_ADMINDIR=.*)(export GL_ADMINDIR=$GL_ADMINDIR)",
|
||||||
"gitolite-admin.git/hooks/post-update");
|
"gitolite-admin.git/hooks/post-update");
|
||||||
chmod 0755, "gitolite-admin.git/hooks/post-update";
|
chmod 0755, "gitolite-admin.git/hooks/post-update";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# fixup program renames
|
||||||
|
for my $oldname qw(pta-hook.sh conf-convert.pl 00-easy-install.sh 99-emergency-addkey.sh install.pl update-hook.pl) {
|
||||||
|
unlink "$GL_ADMINDIR/src/$oldname";
|
||||||
|
unlink "$ENV{HOME}/gitolite-install/src/$oldname";
|
||||||
|
}
|
Loading…
Reference in a new issue