Commit graph

583 commits

Author SHA1 Message Date
Sitaram Chamarty 83a017f884 htpassword: disallow empty passwords
[TODO: allow a callback for a password checking function, such as
"passwd_policy_check".  Question is where the function would go.
~/.gitolite.rc is the only possible place among the current set of files
but I'd rather leave that as a list of simple name=value lines for all
sorts of reasons.  So maybe something like ~/.gitolite.pm (analogous to
the "gitolite.pm" in the sources I supply), which would get "require'd"
if found, and would contain all user-defined functions like this one...
needs some thinking about]
2010-02-14 09:51:51 +05:30
Sitaram Chamarty 690604d79a compile: users and repos have groups... why not refs?
this came up in some other discussion with bremner.  As usual I said no
I won't do it because I don't see any real need.

...then I realised it's just one line :)
2010-02-13 20:07:29 +05:30
Sitaram Chamarty 998ff2d13b doc/1 minor fix
thanks to bremner for catching this...
2010-02-13 19:53:50 +05:30
Sitaram Chamarty e674a7c64a (package maintainers read this) install doc updated
(about this commit)

    The install doc now describes both the ways of installing gitolite.
    It also has a handy appendix for package maintainers describing what
    they need to do.

(about the "dps" -- distro packaging support -- commit series)

    This commit is the last in the chain meant to make gitolite more
    friendly for package maintainers.

    Frankly, I never really thought gitolite would get big enough or
    important enough for someone to package it, and I always did just
    the bare minimum I needed to get it working, first for myself, then
    anyone who hopped onto #git and asked.  As a result, it had some
    quirks in terms of what is expected where and so on...

    Luckily, it didn't take a lot of changes to fix it, and this series
    of commits should help make it very easy to package gitolite for
    system-wide use.
2010-02-13 13:02:25 +05:30
Sitaram Chamarty 06d8ab4c18 make VERSION work in both types of setups
The old install method will now use conf/VERSION instead of src/VERSION everywhere.

The new one, if you use the builtin make file to "make branch.tar" will also create just such a file
2010-02-13 13:02:25 +05:30
Sitaram Chamarty e11f9521fe added server-side setup script 2010-02-13 13:02:25 +05:30
Sitaram Chamarty 927b6bb1aa dps: make install aware of distro-based setup
gl-install copies
  - the initial rc file to ~/.gitolite.rc if it doesn't exist
  - src and hooks to GL_ADMINDIR

Make it aware of a package-based setup sequence, where the above two
change somewhat; see code diff.

This should be the last bit of change needed to prepare gitolite setup
so that a distro package maintainer does not have to fiddle too much
with code inside.

(What remains is docs, and a setup script for server-side use, to
replace the latter part of easy install)
2010-02-13 13:02:25 +05:30
Sitaram Chamarty 59004b87a1 install: initial create of glrc should not assume PWD is project root
make it work regardless of how it is invoked, though we *do* assume
../conf/example.gitolite.rc exists
2010-02-13 13:02:24 +05:30
Sitaram Chamarty 74d70e3b9f move hooks out of src
src/hooks is now hooks/common
src/ga... is now hooks/gitolite-admin/post-update
2010-02-13 13:02:24 +05:30
Sitaram Chamarty 65b8c0c48a make $bindir absolute 2010-02-13 13:02:21 +05:30
Sitaram Chamarty 7e34a39050 doc/3 reorg; one section was getting too long! 2010-02-11 09:04:07 +05:30
Sitaram Chamarty 72bac2a21a dps: (distro packaging support) dont let install copy the sample conf 2010-02-08 16:46:30 +05:30
Sitaram Chamarty 0e96c2f08a example conf: doc on NAME/ being a refex etc was not clear 2010-02-08 09:59:27 +05:30
Sitaram Chamarty a6b7928bc1 example RC: GL_GITCONFIG_KEYS was not showing up in easy install diff 2010-02-08 06:02:36 +05:30
Sitaram Chamarty 1f9fbfa71e get "info" for users other than yourself
if you have read access to the admin repo, you can say

    ssh git@server info user1 [...]

Original idea and code by Karteek E.  The motivation is to quickly and
easily check what perms a user has.  Technically nothing that you can't
glean from the config file itself but it serves as a double check or a
mild debugging aid perhaps.

However note that the branch level rules are much more complex and they
do not, as yet, have any such "helpful" aids.  Life is like that
sometimes.
2010-02-07 19:23:08 +05:30
Sitaram Chamarty a472bf30df compile: tighten up the 'git config' feature
Gitolite allows you to set git repo options using the "config" keyword;
see conf/example.conf for details and syntax.

However, if you are in an installation where the repo admin does not
(and should not) have shell access to the server, then allowing him to
set arbitrary repo config options *may* be a security risk -- some
config settings may allow executing arbitrary commands.

This patch fixes it, introducing a new RC variable to control the
behaviour.  See conf/example.gitolite.rc for details
2010-02-07 13:23:07 +05:30
Sitaram Chamarty b299ff09c3 rsync: restrict the "path" part of the received command
Although I have washed my hands off the security aspect if you use
external commands, that doesn't mean I won't make them as tight as I can
;-)  Right now, this is just a place holder -- if people use it and
complain that the pattern is too restrictive, I'll change it.
2010-02-07 13:23:07 +05:30
Sitaram Chamarty 388f4d873d (IMPORTANT; read this in full) no more "wildrepos"
The wildrepos branch has been merged into master, and deleted.  It will no
longer exist as a separate branch.  Instead, a new variable
called $GL_WILDREPOS has been added which acts as a switch; when
off (which is the default), many wildrepos features are disabled.
(the "C" permissions, and the getperms (etc.) commands mainly).

Important: if you are using wildrepos, please set "$GL_WILDREPOS = 1;" in
the RC file when you upgrade to this version (or just before you do the
upgrade).
2010-02-07 13:22:43 +05:30
Sitaram Chamarty fc0b627f55 Merge branch 'master' into wildrepos
Conflicts:
	src/gitolite.pm
2010-02-05 07:05:43 +05:30
Sitaram Chamarty 85cc31c771 install/pm: turn hooks from copies to symlinks 2010-02-05 06:49:07 +05:30
Sitaram Chamarty 767657c187 Merge teemu/topic/wildrepo_description_and_owner into wildrepos 2010-02-05 06:32:30 +05:30
Teemu Matilainen fa65d719a8 Enable setting desription for wildrepos
Allow users to set and display description (for gitweb) for their
own wildcard repositories using ssh commands:
  setdesc <repo>
  getdesc <repo>

Signed-off-by: Teemu Matilainen <teemu.matilainen@reaktor.fi>
2010-02-05 06:32:04 +05:30
Teemu Matilainen 00b793f5e6 Set gitweb.owner config for new wildrepos
When creating new wildrepos, add git config to tell gitweb
the owner of the repository.

Signed-off-by: Teemu Matilainen <teemu.matilainen@reaktor.fi>
2010-02-05 00:04:08 +02:00
Sitaram Chamarty 55a71f00e1 compile: die on authkeys write failure 2010-02-04 22:57:20 +05:30
Sitaram Chamarty 86166f7adc $shell_allowed needs to be passed to specal_cmds
brought on by realising that you lost $shell_allowed when refactoring
(previous commit) but perl hadn't caught it because -- damn -- you
didn't have "use strict" in gitolite.pm
2010-02-04 15:25:22 +05:30
Sitaram Chamarty c43560d2ef Merge branch 'master' into wildrepos
lots of conflicts, esp in gl-auth-command, due to refactoring the
"special commands" stuff on master

Conflicts:
	doc/3-faq-tips-etc.mkd
	src/gitolite.pm
	src/gl-auth-command
	src/gl-compile-conf
2010-02-04 14:42:10 +05:30
Sitaram Chamarty 67c10a34fe auth: new subcommand "htpasswd"
great idea by Robin Smidsrød: since users are already capable of
authenticating themselves to gitolite via ssh keys, use that to let them
set or change their own HTTP passwords (ie, run the "htpasswd" command
with the correct parameters on behalf of the "git" user on the server)

code, rc para, and documentation.  In fact everything except... ahem...
testing ;-)

and while we're about it, we also reorganised the way these helper
commands (including the venerable "info" are called)
2010-02-04 11:55:24 +05:30
martin f. krafft 0a7fa6c6b5 Tell gitweb about repo owner via git-config
Gitolite uses projects.list to set the owners for gitweb's use.
Unfortunately, this does not work for gitweb setups that set
$projectroot to a directory, thus generating the list of
repositories on the fly.

This patch changes that: gitolite now writes the gitweb.owner
configuration variable for each repository (and properly cleans up after
itself if the owner is removed).

The patch causes gitolite not to write the owner to projects.list
anymore, as this would be redundant.

The owner also needs no longer be escaped, so this patch removes the
poor man's 's/ /+/g' escaping previously in place.

Note that I am not a Perl coder. Thus there are probably better ways to
implement this, but at least it works.

Cc: Sitaram Chamarty <sitaramc@gmail.com>
Signed-off-by: martin f. krafft <madduck@madduck.net>
2010-02-03 15:51:04 +05:30
Sitaram Chamarty b1659db742 more fixes to wildcard reporting...
(thank God I don't warrant this part of gitolite ;-)
2010-02-01 23:32:03 +05:30
Sitaram Chamarty 2d9c4c4ae9 oops; logging bug 2010-02-01 16:54:39 +05:30
Sitaram Chamarty 09195afd44 document deny rules a bit better 2010-02-01 15:59:03 +05:30
Sitaram Chamarty 43da598c08 auth: minor flow change when defaulting to "info" 2010-02-01 15:59:03 +05:30
Sitaram Chamarty 20c29c0145 rsync: log the command used 2010-02-01 15:59:00 +05:30
Sitaram Chamarty 18312de77a rsync: add support for delete/partial 2010-02-01 11:50:33 +05:30
Sitaram Chamarty 98a4c79dce (read this in full) access control for non-git commands running over ssh
This is actually a pretty big deal, and I am seriously starting wonder
if calling this "gito*lite*" is justified anymore.

Anyway, in for a penny, in for a pound...

This patch implements a generic way to allow access control for external
commands, as long as they are invoked via ssh and present a server-side
command that contains enough information to make an access control
decision.

The first (and only, so far) such command implemented is rsync.

Please read the changes in this commit (at least the ones in conf/ and
doc/) carefully.
2010-02-01 11:49:21 +05:30
Sitaram Chamarty 17c8075de7 Merge branch 'master' into wildrepos
factor out log_it and check_ref; update hook now requires gitolite.pm

Conflicts:
	src/hooks/update
2010-02-01 11:00:44 +05:30
Sitaram Chamarty 7f203fc020 update-hook/pm: made check_ref a common sub 2010-02-01 10:52:55 +05:30
Sitaram Chamarty 0b960cfae2 auth/update-hook/pm: make &log() a common function 2010-02-01 10:52:55 +05:30
Sitaram Chamarty 29260476fb Merge branch 'master' into pu-wildrepos 2010-02-01 10:48:17 +05:30
Sitaram Chamarty 90fed77927 Merge remote branch 'origin/pu' 2010-02-01 10:44:48 +05:30
Sitaram Chamarty b4a65ab73c doc/3: couple of clarifications
- deny rules only apply to "W" ops
  - be more specific about what allows "R" to pass
2010-01-30 08:35:43 +05:30
Sitaram Chamarty bc0a478e64 auth: minor fix to reporting on wildcard repos
Mpenz asked what would happen if the config looked like

    repo foo/abc
        R   sitaram

    repo foo/.*
        RW  sitaram

If you asked for an expand of '.*', it would pick up permissions from
the second set (i.e., "RW") and print them against "foo/abc".

This is misleading, since those are not the permissions that will
actually be *used*.  Gitolite always uses the more specific form if it
is given, which means your actual permissions are just "R".

This patch is to prevent that misleading reporting in this corner case.
2010-01-30 05:06:16 +05:30
Sitaram Chamarty 4142be4e59 auth: reporting changes for wildcard-created repos
- see *all* wildcard repos you have access to (this uses line-anchored
    regexes as described in doc/4).  Examples:
        ssh git@server expand '.*'
        ssh git@server expand 'assignment.*'

  - show perms like the info command does

Please see comments against 02cee1d for more details and caveats.
2010-01-29 16:37:34 +05:30
Sitaram Chamarty 76f8615a92 Merge branch 'pu' into pu-wildrepos 2010-01-29 09:12:24 +05:30
Teemu Matilainen 9c171d166d "expand" should print to SDTOUT instead of STDERR
Other ssh commands where fixed in 15475f666c,
but "expand" was somehow missed.

Signed-off-by: Teemu Matilainen <teemu.matilainen@reaktor.fi>
2010-01-28 22:18:12 +02:00
Sitaram Chamarty 98d73965b6 easy install: two rc file update bugs fixed
The "msysgit doesnt have 'comm'" commit (from 2 days ago), had 2 bugs:

  - (smaller) the "+++" which was part of the diff header was triggering
    a spurious rc file "new variables" warning, but there were no actual
    variables to update
  - (bigger) worse, the grep command, when there were no matches,
    coupled with the "set -e" to kill the program right there (ouch!)
2010-01-27 19:42:58 +05:30
Sitaram Chamarty 7afaafc54a document the "include" mechanism 2010-01-27 16:48:56 +05:30
Sitaram Chamarty 0fbe739772 (rats! msysgit doesnt have 'comm'...) 2010-01-25 14:36:02 +05:30
Sitaram Chamarty c3ec349721 sshkeys-lint: new program
run without arguments for usage
2010-01-25 13:17:14 +05:30
Sitaram Chamarty 11e8ab048a doc/6 revamp: minor addition 2010-01-25 09:53:13 +05:30