Commit graph

10 commits

Author SHA1 Message Date
Sitaram Chamarty a9e9f98a7e (minor) fixup to post-update hook 2010-09-05 20:46:58 +05:30
Sitaram Chamarty 1e06fea3b6 (security) a different fix in place of 5fd9328
SECURITY NOTE: if you deleted or renamed a pubkey file after 5fd9328
went in (April 12th), please:

  - upgrade asap, then
  - go to your latest gitolite-admin clone and "git push -f"

Otherwise this is not urgent.

5fd9328 (and its minor successor 813a2a9) were about preventing the
gitolite admin from sneaking in files to src/ and hooks/ into
$GL_ADMINDIR.  It seemed easy enough to do this by converting the
path-less checkout to a with-paths checkout, but this has caused a worse
problem -- deleting a keydir/foo.pub now no longer has an effect; the
file still hangs around in the work tree.

Ouch!  (and thanks to teukka for noticing)

We now do this check as a separate step, so the checkout can revert to
being path-less.
2010-04-20 19:46:27 +05:30
Sitaram Chamarty 344fb0a2b7 allow user to define filenames that our hooks chain to
(although the defaults are still update.secondary and
post-update.secondary if you don't do anything)
2010-04-13 18:26:34 +05:30
Sitaram Chamarty 813a2a9908 (ls-tree has --name-only now!)
thanks to Teukka for pointing it out
2010-04-12 23:46:29 +05:30
Sitaram Chamarty 5fd9328c1c "accidental [mis]feature" -- yet another admin->shell hole blocked!
This is a pretty big hole, really.  Only the fact that Eli called it an
"accidental feature" helped catch it :)

Notes on the code:

An explicit list of paths -- maybe just "conf", "keydir", and "local" --
would have been easier, but this isn't too bad, I think.
2010-04-12 21:10:56 +05:30
Sitaram Chamarty 33b886c512 we're getting a nice solaris workout after a long time :) 2010-03-30 19:37:22 +05:30
Sitaram Chamarty b537a4acd4 dash it all!
Ubuntu now defaults to /bin/sh -> /bin/dash, while my brain seems to
default to bash.

I guess it's easier to fix my brain, and my code <sigh>
2010-03-18 09:13:41 +05:30
Sitaram Chamarty e91e8c80d9 minor oopsie in post-update hook chaining 2010-03-17 20:37:41 +05:30
Sitaram Chamarty 05431233a2 post-update hook now chains to post-update.secondary
undocumented but analogous to the documented update hook chaining
2010-03-16 19:27:29 +05:30
Sitaram Chamarty 74d70e3b9f move hooks out of src
src/hooks is now hooks/common
src/ga... is now hooks/gitolite-admin/post-update
2010-02-13 13:02:24 +05:30