Commit graph

855 commits

Author SHA1 Message Date
Sitaram Chamarty 33289bdbc5 (minor fixups related to virtual ref) 2012-02-26 19:33:26 +05:30
Sitaram Chamarty 1839520134 3 new VREFs plus doc
- 'dupkeys' -- catch duplicate keys in keydir
  - 'email-check' -- "you can only push your own commits"

plus, 'merge-check' -- how we could have done the no-merges policy
2012-02-26 19:27:33 +05:30
Sitaram Chamarty ed85bf3c08 vref: docs 2012-02-26 09:04:30 +05:30
Sitaram Chamarty e1a78fdbbc 'filetype' VREF 2012-02-26 09:04:30 +05:30
Sitaram Chamarty b22aa284c3 vref: tests 2012-02-26 09:04:30 +05:30
Sitaram Chamarty 56f975d14c vref: code
- compile: VREF/ is special, like NAME/
  - update hook: use a new "check_vrefs" sub to
      - spawn helpers for each vref in @allowed_refs
      - for each vref returned by the helper, call check_ref
2012-02-26 09:04:30 +05:30
Sitaram Chamarty 29b2c2fdce next round of doc changes 2012-02-24 12:47:28 +05:30
Sitaram Chamarty dceb40a104 <sigh> why won't people read just *one* para more...?
OK I agree the starting line was *just* misleading enough to give the
opposite impression, but still, when the next para starts with "The
rules are..." wouldn't you expect people would read *that* too?
2012-02-22 06:29:13 +05:30
Sitaram Chamarty 9dd191ef7f fix http install (broken by d08aca); add a quick smoke test 2012-02-22 06:29:13 +05:30
Sitaram Chamarty 776e5c7298 add a standalone test for gl-system-install 2012-02-22 06:29:13 +05:30
Sitaram Chamarty 6e7404fe8a clean up gl-system-install
- redo it in perl
  - make it flow easier, with all the cruft in subs

and overall, make it obvious that this program does for a manual install
what doc/packaging.mkd advices packagers to do.
2012-02-22 06:25:22 +05:30
Sitaram Chamarty 92e0577154 clean up gl-install
- move wrap_mkdir() to gitolite.pm
  - remove junk left over from days when dinosaurs ruled the world
  - reuse setup_environment() from gitolite.pm instead of rolling our
    own code for PATH and umask
    part of it's function (the rest is harmless)

  - and most important, remove the last vestiges of the old 'from
    client' install method, in the form of 'if ($GL_PACKAGE_HOOKS)'
    lines

  - clean up the symlinking to be more precisely in line with
    doc/hook-propagation.mkd (especially, remove the 'quirk' that
    package hooks would also get copied to the user hooks area)
2012-02-22 06:12:22 +05:30
Sitaram Chamarty ceb11543b1 make log_it() put out a little more info if called prematurely 2012-02-21 12:19:05 +05:30
Sitaram Chamarty 98720c1bba simplified steps for moving servers
The instructions were written before gl-admin-push was created, I guess,
making things sound a lot more complicated than they should be.

Thanks to Nick (see gitolite mailing list messages, subject line
"replicating a gitolite installation") for helping me realise this
needed fixing.
2012-02-21 12:19:05 +05:30
wu-lee d75a165f1e gitolite.rc.mkd - documentation updates
- use single quotes in examples for GL_GITCONFIG_KEYS regex, and
    briefly explain why

  - emphasise that $GL_GITCONFIG_KEYS patterns match the whole key
2012-02-16 00:05:37 +05:30
Sitaram Chamarty 6baa57b5a0 replace <<EOF type constructs with multi-line echo
This compensates for an selinux bug reported on #gitolite by John Hawley
(warthog9).  sh/bash uses a tempfile to do this, which in turn causes
some problems in selinux; I really don't [need to] know more than that.

*Technically* this is a bug in selinux/policy, and would qualify for an
entry in "nagp"... but:

(1) the changes are small and localised
(2) the problem makes gitolite -- currently -- unusable with selinux,
    and what use is a security program which can't run under selinux
    (regardless of whose fault it is)?

and finally

(3) if I can't break my own rules for one of my most high-profile users
    then what's the point of owning the code?

:-)

----

Implementation notes: I've only done this for code that is likely/meant
to be used in production

I also slip-streamed in a URL fix (from when I changed all the online
document rendering)
2012-02-14 11:41:13 +05:30
Sitaram Chamarty 01e789a1e1 v2.3 2012-02-13 08:45:33 +05:30
Sitaram Chamarty f1930941da (testing) make t/install not wait to accept host key on first run
Please don't use this setting in a production system but in some
environments it is needed for completely automated *testing* to be able
to use ssh correctly.
2012-02-13 08:39:09 +05:30
Sitaram Chamarty b325efe601 added an "nagp" issue found by EspadaV8 on the #gitolite channel 2012-02-08 07:10:00 +05:30
Sitaram Chamarty 520eff6189 added ADC overrides for setdesc and getdesc
John from kernel.org wanted this; for details see [1]

[1]: http://groups.google.com/group/gitolite/browse_thread/thread/daf92ef85d121234
2012-02-07 06:26:57 +05:30
Sitaram Chamarty 1363534d8d honor GL_NO_DAEMON_NO_GITWEB for wild repos also
Thanks to Kacper Kornet for catching this...

(by the way, there's a simple workaround if you are affected by this but
can't upgrade to this commit or later: just create an empty
$PROJECTS_LIST file, which is by default ~/projects.list)
2012-02-03 14:03:57 +05:30
Sitaram Chamarty ef751c4d07 allow comments in setperms inputs 2012-01-26 10:49:51 +05:30
Sitaram Chamarty c59bf16942 (minor) validate all role names, not just the first line!
If you use a role name that was not in GL_WILDREPOS_PERM_CATS, it will
get caught later when someone whom youhave given that role tries to
access the repo (look for another occurrence of the same error message
as this one).

So there's no access violation but it would be nice to be told upfront
that it won't work.
2012-01-26 07:29:03 +05:30
Sitaram Chamarty 7e81458f04 (doc) move NAME/ details from example.conf to doc/gitolite.conf.mkd 2012-01-23 05:53:29 +05:30
Sitaram Chamarty bb7b185c3c fix annoying but harmless bug that affected t01/2/3
...if you called check_config_key() from new_repo()
2012-01-19 17:43:09 +05:30
Sitaram Chamarty 70a9ea5e16 reformatted my spanking new showcase tsh-based test script 2012-01-17 20:31:52 +05:30
Sitaram Chamarty 7744143f6c minor fixup to previous commit documenting merge-check
thanks to Heiko Carstens for convincing me there are valid workflows
that need this feature (forgot to put this in the earlier commit)
2012-01-17 04:20:38 +05:30
Sitaram Chamarty fdfad75210 merge-check: documentation 2012-01-16 10:33:04 +05:30
Sitaram Chamarty 2762f7abfd merge-check: test script (first test using 'tsh', yaaay!) 2012-01-16 10:33:04 +05:30
Sitaram Chamarty d500d30854 merge-check feature; first cut 2012-01-16 09:40:14 +05:30
Stefan Naewe a06235e536 adc: make 'help' work when HELP_LIST_DEFAULT is set to 0
Signed-off-by: Stefan Naewe <stefan.naewe@gmail.com>
2012-01-12 10:14:43 +05:30
Sitaram Chamarty c15ceeb3eb (doc) '-q' option to gl-setup, plus significance of pubkey filename
And the quick install instructions should really show the "-q"...
2012-01-11 03:53:31 +05:30
Sitaram Chamarty 95906455ab (github specific notice at top of README) 2012-01-04 15:03:55 +05:30
Jari Aalto ad28509a02 gl-setup: (sshkeys-lint): Move file redirection to the end
Signed-off-by: Jari Aalto <jari.aalto@cante.net>
2012-01-04 06:47:10 +05:30
Sitaram Chamarty b8f19f340f next round of doc changes 2012-01-02 15:56:28 +05:30
Sitaram Chamarty 9b66643f3a hook propagation document redone; should flow much easier now 2012-01-02 15:56:28 +05:30
Sitaram Chamarty f19a9cf480 new support document, other related changes 2012-01-02 15:56:28 +05:30
Sitaram Chamarty 7e02a13a60 (minor fixup to the github "_" adjustment) 2012-01-02 15:56:28 +05:30
Sitaram Chamarty bc09564ab6 (minor) warning message clarity
Using a username in an unused group name will still cause the warning,
but the message was misleading in that context
2011-12-25 20:46:54 +05:30
Luis Lloret f0d712ed4e Add README file that points to emacs major mode for gitolite.conf files. 2011-12-13 22:20:20 +05:30
Sitaram Chamarty 8067c8e532 partial-copy: test script uses new 'Tsh' now 2011-12-05 10:23:34 +05:30
Sitaram Chamarty 8c4d1aa10c minor fixup to 54f5906d ("add the missing die function") 2011-12-04 07:09:47 +05:30
Georges Discry edb868ffe3 fix the comments to match the current behavior 2011-12-02 05:21:40 +01:00
Georges Discry 54f5906de3 add the missing die function 2011-12-02 05:14:57 +01:00
Georges Discry 35ac093742 add GL_REPO to the environment variables
When a slave receives a mirror push (git-receive-pack), set the GL_REPO
environment variable so that custom hooks can use it.
2011-12-02 02:13:13 +01:00
Sitaram Chamarty d08aca63ff gl-setup: dont try to 'git add' and all that when no key was provided
Apparently some people want gitolite-admin as a non-repo.  Completely
outside gitolite, managed by puppet or such, and leaving only symlinks
for 'conf' and 'keydir' in $GL_ADMINDIR.

But then when they have to run 'gl-setup', the 'git add' complains about
the symlink.  Hence this patch.

----

Meanwhile, if you're one of those puppet masters, here's the script I
gave them for the *compile* (this has nothing to do with this patch; I'm
just throwing it in here so I won't lose it):

    #!/bin/bash

    # let's say you install using "non-root" method.  (Adjust GL_BINDIR for root
    # method or package method).

    # install normally, then make changes directly in $GL_ADMINDIR/conf and
    # $GL_ADMINDIR/keydir.  (Please leaves "logs/" and "hooks/" alone).

    # Then run this:

    export GL_ADMINDIR=$HOME/.gitolite
    export GL_BINDIR=$HOME/bin
    export GL_RC=$HOME/.gitolite.rc

    cd $GL_ADMINDIR
    $GL_BINDIR/gl-compile-conf

    # BE SURE TO REMOVE THE ADMIN REPO ITSELF FROM conf/gitolite.conf, as well as
    # repositories/gitolite-admin.git, lest a push by someone end up overwriting
    # this hand- (or machine-) crafted config.

    # you can get away even further from gitolite's control.  You can, for
    # example, set GL_NO_SETUP_AUTHKEYS in the rc file, and manage even the keys
    # yourself.  Just put the full path to $GL_BINDIR/gl-auth-command followed by
    # the username in the "command=" part of the authkeys file you generate.
2011-11-29 06:41:10 +05:30
Sitaram Chamarty bd789c029b (git version change causes change in some output) 2011-11-27 08:43:36 +05:30
Tomas Paladin Volf b6ba3cc975 (password access) specify comment field in generated ssh pub key
since gl-shell-setup runs as root, the comment in the generated key was
'root@...' instead of whatever userid it was being created for.

This does not affect gitolite or ssh but it seems some people don't
treat "comment" and "comment" and actually *do* stuff with it.

(only code is from author; commit message is from committer)
2011-11-27 08:24:06 +05:30
Sitaram Chamarty af6820a94b new functions (can_*, is_admin, in_group) for ADCs
(can_* == can_read, can_write, and can_create)

See top of contrib/adc/adc.common-functions for more on this.

Note: the old style (calling get_rights_and_owner with $repo, then
checking $perm_read, $perm_write, etc.), will still work fine.
2011-11-22 19:31:41 +05:30
Sitaram Chamarty d5d982d602 (minor doc update) to ssh-troubleshooting doc
missed this one when I did c5f342a (sshkeys-lint total rewrite, and
gl-setup now uses it)
2011-11-22 10:09:05 +05:30