Commit graph

46 commits

Author SHA1 Message Date
Sitaram Chamarty cf1987e747 (sskm) document courtesy Jeff Mitchell
I'd originally written some minimal documentation for this ADC, but I
liked Jeff's version so much that I borrowed it, added the final section
("important notes for the admin"), made a few other minor fixups, and
then happily ditched my version.
2011-06-01 20:17:55 +05:30
Sitaram Chamarty d402b093b7 (sskm) hush output from internal git commands
(the ones that require GL_BYPASS_UPDATE_HOOK to be set are done slightly
differently because I just didn't want all the hassle of saving and
restoring that variable on the perl side)
2011-06-01 12:16:23 +05:30
Sitaram Chamarty 4942fdbe0e (sskm) not finding a key in the list is not always fatal...
[caught by Jeff...]
2011-06-01 12:16:23 +05:30
Sitaram Chamarty 9e01778796 (sskm) self-service key management -- new adc
based on a discussion with Jeff from the KDE team; see doc for more.
2011-06-01 12:16:19 +05:30
Sitaram Chamarty 867b34f32c (doc) ADCs now have an overview doc, plus...
- repo-deletion is now a proper doc
  - other doc enhancements and clarifications
2011-05-12 09:33:19 +05:30
Sitaram Chamarty 18c69e8612 su-getperms and su-setperms 2011-05-08 11:22:42 +05:30
Sitaram Chamarty 89b68bf5ca new adc to allow deleting a branch that you created; see below
The need for this comes about as follows:

  - a project may allow its developers "RWC" (or "RW+C") so that they
    can create feature branches when needed.  Note that these are
    *feature* branches, so they can't use the "personal branches"
    mechanism that gitolite already has.

  - the developers are *not* given RWCD (or RW+CD) to prevent accidental
    deletion of an important branch.  Branch *deletion* is something
    that only a few trusted admins can do.

  - as a result, there are sometimes situations where a developer
    creates a misnamed branch and then has to ask the admins to help get
    rid of it.

What the KDE folks wanted was a way to allow the creator of a branch to
be able to delete it.  In addition, they needed this allowed only for a
fixed duration after the creation of a branch, not forever (for the same
reason they don't get RWCD, to prevent accidents).

These are my reasons why this feature is implemented as an ADC instead
of being "in core":

  - we'd need additional syntax to differentiate this special case
    (which is sort of in between RWC and RWCD, if you think about it).

    I'm reluctant to complicate the syntax further for something that is
    only occasionally needed.

  - we'd need either (a) code to parse the log files, or, (b) code to
    maintain "who created this ref" on every push that creates a ref.

      - parsing the log files is too kludgy and inelegant to be in core,
        not to mention potentially very slow for really large projects

      - code to maintain the a history of "who created this ref" is too
        cumbersome, especially because of the need to expire old entries
        after a time.
2011-05-02 07:15:12 +05:30
Sitaram Chamarty 6a51bae400 update s3backup adc to disable pushes first
(ref http://sitaramc.github.com/gitolite/doc/3-faq-tips-etc.html#_disabling_write_access_to_take_backups)

code from David Bremner via email
2011-04-24 15:14:37 +05:30
Sitaram Chamarty e73f1cea93 'hub' adc request-status subcommand can ask for details by request-number 2011-03-13 16:57:54 +05:30
Sitaram Chamarty 719edd007c 's3backup' adc contributed by David Bremner 2011-03-13 09:37:50 +05:30
Sitaram Chamarty c3787e2d17 hub adc had an unused extra return value from check_access; fixed 2011-03-13 09:37:50 +05:30
Sitaram Chamarty aab5ec9e6a 'hub' ADC takes patterns for 'list-request', has new 'accept' command
(plus a few minor fixes)
2011-03-05 12:23:17 +05:30
Sitaram Chamarty 6d3c2fbcef 'hub' ADC doc and rudimentary test script 2011-03-03 15:39:54 +05:30
Sitaram Chamarty 49e64a4f11 'hub' ADC 2011-03-03 15:39:54 +05:30
Sitaram Chamarty e7d55899f3 fork adc acquired some good ideas from the KDE folks 2011-02-25 21:15:08 +05:30
Sitaram Chamarty cec94a3664 (minor) who-pushed adc falls afoul of egrep incompat between Linux distros!
It seems even within Linux, not all "egrep"s are equal.  So we fall back
to the one true standard :-)

[caught by Jeff from the KDE team]
2011-02-25 06:21:17 +05:30
Sitaram Chamarty bdef55eee9 (minor) bashism fixes, usability fix, for "able" adc 2011-02-25 06:21:13 +05:30
Sitaram Chamarty 02128ff48f (minor doc fixes) 2011-02-21 21:25:43 +05:30
Sitaram Chamarty 948f700c7a supercool new admin-defined command "git" (disabled by default)
This new adc allows you to run arbitrary git commands on the server.

It is disabled by default, and you have to READ ALL INSTRUCTIONS **AND**
SOURCE CODE BEFORE DEPLOYING.
2011-02-10 14:01:08 +05:30
Richard Bateman 00a926bf48 Added perms PDC to supplement setperms/getperms
- Also added pygitolite.py as a helper library for python PDC apps
2011-01-21 14:14:09 +05:30
Richard Bateman 108f8e96a2 Added PDC set-head for setting the HEAD ref on a remote branch that you have write access to 2011-01-21 14:14:09 +05:30
Sitaram Chamarty 692552d146 gitolite v2.0rc1 -- please see new developer-notes doc 2011-01-16 07:26:13 +05:30
Sitaram Chamarty 5b9bf700cc allow access checks from ADC or hook
For sample code see new file contrib/adc/get-rights-and-owner.in-perl.
Despite the name, you can use similar code in a hook also -- comments in
that file will tell you how.

implementation notes:

  - check_access now takes an optional last arg "dry_run", which is also
    passes through to check_ref
  - check_ref returns a "DENIED by ..." instead of die-ing if dry_run is
    passed in

  - as a side effect, cli_repo_rights is now just a stub calling
    check_access (we kept it hanging around for backward compat -- too
    much adc pain for too many people if we change it now)
2010-12-25 12:40:41 +05:30
Sitaram Chamarty 74726fdc31 added watch ADC (includes documentation), courtesy mitchell@kde.org 2010-11-18 12:40:09 +05:30
Sitaram Chamarty 7313d48247 gitolite-down: disable write-access to take backups
(we quietly do not document the 'able' adc, which is now the most
"official" adc in the sense that it has a new test, t64-write-able!)

other notes: fix bug in 'able' (not setting $loc)
2010-11-16 22:57:23 +05:30
Sitaram Chamarty 6386d8ca2f gl-reflog adc gains 'usage', loses some crappy warnings
(actually these warnings can come in many other situations; I just
noticed them when testing this adc)
2010-10-28 19:34:46 +05:30
Sitaram Chamarty 5b3dcb3757 a slew of adc changes; details below:
- get_rights_and_owner normalises its arg1 by stripping .git if
    supplied, then sets the variable "repo" to the result as a side
    effect
  - new "help" adc with some default text but main purpose is to allow
    site local help text
  - other adc's refer to 'help' adc when appropriate
  - 'undelete' renamed to 'restore'; that's what the KDE "trashcan"
    program calls that operation
  - minor typo in sample script in documentation
  - main adc doc points to contrib/adc/repo-deletion.README now
2010-10-28 16:43:04 +05:30
Sitaram Chamarty 9fc521930d new adc: "who-pushed" prints the last person who pushed the given sha 2010-10-27 18:45:51 +05:30
Sitaram Chamarty 66b65e5e1d (doh!) make gitolite.pm easier for packagers
should have done this long ago...
2010-10-23 17:43:19 +05:30
Sitaram Chamarty cb0a9bdb0c ADC "rmrepo" replaced by "rm" and "trash", with helper ADCs
helpers for 'rm': lock, unlock
helpers for 'trash': list-trash, undelete

common functions updated with local settings for ADCs as well
2010-10-22 17:43:09 +05:30
Sitaram Chamarty 99d6b4875c adc su-expand to allow admin to run 'expand' on other users 2010-10-16 12:22:47 +05:30
Sitaram Chamarty ba39d93e28 (minor glitch in sudo adc)
thanks to jeff for finding it...
2010-10-06 22:57:45 +05:30
Sitaram Chamarty afbab1dd8d "sudo" adc
The sudo adc should make life easier for any admin wishing to run an adc
as some other user.

As a result, the rmrepo adc also goes back to its simple roots.  Now you
just run it via the sudo adc if you (as gitolite admin) needs to rmrepo
some user's repo.
2010-10-06 22:30:54 +05:30
Sitaram Chamarty c40622b302 gl-reflog adc: tighten permissions checks
- dont do anything if he doesn't even have read access
  - move the GL_USER check to the right place!  (to when you actually
    will be doing something)

That spurious check for GL_USER that we (re)moved would not only have
shown an incomplete set of log lines, it would have made the wrong log
line look like the "last" one.  (No real harm would result, of course,
since the update-ref would blow up due to the actual SHA being something
other than what it was expecting, but it would be confusing to the user)
2010-10-06 22:21:59 +05:30
Sitaram Chamarty b4a3b812a7 adc rmrepo: delete reponame from projects.list 2010-10-06 20:04:48 +05:30
Sitaram Chamarty 51ef951768 gl-reflog -- first version; proof of concept only, NOT for production use (yet) 2010-10-05 20:46:13 +05:30
Sitaram Chamarty 67a72a3f5b added support for a post-repo-create hook (gl-post-init)
...some people want to run a special function after a repo is created
2010-09-24 16:58:46 +05:30
Sitaram Chamarty 07d07cc5f6 rmrepo alternative 2 was too lax
it would have allowed deleting a non-wild repo too!  Fixed.
2010-09-03 09:02:47 +05:30
Sitaram Chamarty 3a8f32ac9b minor fixups to the "gitweb/daemon from setperms" code...
- fork was not printing a newline after the permissions
  - "add_del_line" to properly handle that damn projects.list file!
2010-08-20 23:09:11 +05:30
Sitaram Chamarty 648676faec gitweb and daemon should now work even from within setperms
modifications:

  - call setup_gitweb_access and setup_daemon_access from with
    get_set_perms so when the user sets a perm explicitly it works
  - in setup_gitweb_access, do not delete description file or
    gitweb.owner if the repo is wild
  - make the "fork" adc set gitweb.owner *and* call setperms using
    GL_WILDREPOS_DEFPERMS
  - add tests

bug fixes:

  - gl-auth did not even *look* at GL_WILDREPOS_DEFPERMS when
    auto-"C"reating a wild repo; fixed
  - setup_gitweb_access did not delete the description file as
    consistently as it deleted the owner

what will NOT work:

  - removing gitweb permissions does not clear the name from
    "projects.list".  That's complicated, so just wait till the next
    "compile" to make this happen

(thanks to Jefferai for driving this...)

----

mildly puzzling:

    for some strange reason, after a "git ls-remote ...try3" in t58,
    instead of not creating a "description" file, we started seeing a
    73-byte file containing this message:

    Unnamed repository; edit this file 'description' to name the repository.
2010-08-20 21:02:18 +05:30
Sitaram Chamarty 38d5ab5e47 (minor) rmrepo has 2 alternatives for who can delete 2010-08-20 19:50:44 +05:30
Jeff Mitchell 38403c354f Add GL_WILDREPOS_DEFPERMS
allows a default 'setperms' string to be set for new wildcard
repositories.

Also, fix a bug in the fork script where a failure in the git command
would still cause the rest of the script to attempt to run.
2010-06-22 17:20:23 +05:30
Sitaram Chamarty 517786572d (adc fork) fork is now fast and space-efficient on the server
uses "git clone -l" then manually sets up the gl-creater and hooks

(thanks to Jeff and the kde gang for asking ;-)
2010-06-12 16:26:38 +05:30
Sitaram Chamarty 805050a129 remove a few needless bashisms...
Note: "able" still needs bash but it's an easy fix if you need to use it
on a bash-challenged machine and care enough
2010-06-01 20:07:53 +05:30
Sitaram Chamarty 5bbd102059 (contrib) how to enable or disable push for maintenance
...for some or all repos

(and a minor bug fix in the adc.common-functions file)
2010-05-31 20:49:14 +05:30
Sitaram Chamarty 0b1d31fad4 (adc) "common functions" and examples for adc usage 2010-04-25 13:21:16 +05:30