Commit graph

257 commits

Author SHA1 Message Date
Sitaram Chamarty 8ad1eee220 migrated 'who-pushed' command (manual smoke test only) 2012-07-17 16:52:56 +05:30
Sitaram Chamarty fd0778e6d6 (minor) don't keep adding the same thing to $PATH 2012-07-10 21:10:06 +05:30
Sitaram Chamarty f545bc08f6 minor fixups 2012-07-03 08:06:59 +05:30
Sitaram Chamarty db2cf23379 logical expressions on refexes :-) 2012-06-29 22:19:06 +05:30
Sitaram Chamarty 53543ee3e6 partial-copy would not propagate deletes; fixed 2012-06-23 09:11:08 +05:30
Konstantin Gribov fb9829a698 Fixed url decoding in http gitolite command bypass.
Only '+' sign was unescaped in `http_simulate_ssh_connection()`.
When user translates `ssh git@host perms <repo> + <role> <user>` to
`curl https://host/git/perms?<repo>+%2b+<role>+<user>` nothing happens.
This commit fixes it modifying url unescaping.

committer notes: changed the regex per 'man URI::Escape'
2012-06-22 11:49:28 +05:30
Sitaram Chamarty 621815611c (duh!) report rc file syntax errors
the "duh!" is because I should have done this long ago...
2012-06-21 06:49:22 +05:30
Sitaram Chamarty a454111d32 repo-specific umask
manually smoke tested but should be fine
2012-06-21 05:31:15 +05:30
Sitaram Chamarty c9d5a13194 help command learns to deal with LOCAL_CODE 2012-06-19 21:00:53 +05:30
Sitaram Chamarty 56d11deb55 (minor) one more 'internal' message bites the dust 2012-06-19 12:11:27 +05:30
Sitaram Chamarty a171053ab3 (minor) improve SNR of some error messages :) 2012-06-17 09:31:38 +05:30
Sitaram Chamarty fbd745958e PRE_ and POST_CREATE triggers get an extra argument...
...when invoked by single-repo operations like auto-creating a wild
repo, or running perms or fork.
2012-06-14 19:22:12 +05:30
Sitaram Chamarty 57f82ee044 new 'list-dangling-repos' command 2012-06-14 19:22:12 +05:30
Sitaram Chamarty 4373c5c74c GL_BINDIR2 becomes LOCAL_CODE, allows hook propagation also...
plus a bunch of doc changes
2012-06-14 19:22:12 +05:30
Sitaram Chamarty 3c0f177481 Allow user-specified programs to override system-installed ones
(manually tested)

  - new rc var: GL_BINDIR2; see doc update in this commit

  - added _which() function to search both $GL_BINDIR and $GL_BINDIR2
  - 'gitolite <command>', non-perl triggers, VREFs, and sugar, use this

  - unshifted $GL_BINDIR2/lib into @INC upfront in Rc.pm
  - perl triggers use this
2012-06-09 08:25:51 +05:30
Randal L. Schwartz 8e15d3a510 gitolite patch to enable keydir to be a symlink 2012-06-08 03:47:04 +05:30
Sitaram Chamarty 5300809103 ACCESS_2 gets 2 more arguments, and gets called for each VREF 2012-06-06 20:33:59 +05:30
Sitaram Chamarty 10cd5b9abe 'upstream' trigger can now be used as a server command also
i.e., a client fetch will invoke the push, (subject to 'nice' setting),
but you can also force a fetch regardless of last fetch time by running
this command directly on the server:

    gitolite ../triggers/upstream fetch <reponame>

Also, use FETCH_HEAD instead of own sentinel file (idea courtesy Luke Lu)
2012-06-06 19:28:18 +05:30
Sitaram Chamarty 8b78dee18c 'upstream' -- script to maintain local copies of external repos
instructions and notes in the source
2012-06-05 22:23:23 +05:30
Sitaram Chamarty f59ad8cafc (accumulated docfixes) esp a large section on the INPUT trigger 2012-06-05 11:39:18 +05:30
Sitaram Chamarty 17c41ce63b new 'sudo' command 2012-06-03 14:20:27 +05:30
Sitaram Chamarty ad34cf2856 minor backward incompat breakage in 'gitolite query-rc'
'gitolite query-rc' now only queries one variable at a time.  That is,
you cannot do something like this:

    gitolite query-rc UMASK GL_ADMIN_BASE

to query both variables.  I think this is rarely used, plus it is easy
to work-around (just run two separate commands), so it was sacrificed
for the ability to do this:

    gitolite query-rc -q COMMANDS fork

which tells you whether $rc{COMMANDS}{fork} exists or not.
2012-06-03 13:00:38 +05:30
John Keeping 4abadc2b54 Grant shell access to all keys for shell users
If a user has multiple keys, ssh-authkeys-shell-users will only add the
"-s" flag to the first key it finds.  Change the substitution to apply
to all matching lines and hence grant shell access to all of the user's
keys.

Signed-off-by: John Keeping <john@keeping.me.uk>
2012-06-03 13:00:38 +05:30
Sitaram Chamarty db70595b87 fixup to pushing wild repos permissions...
- fix docs to explicitly state that mirroring wild repos is a bad idea
    if the authentication data is not the same on the peers.

  - an important check against a malicious peer was missed out.  If
    people heed the warning above this check is not really needed but it
    is good for completeness.

  - warning about redirected pushes removed, thanks to Ronald Ip having
    tested it and reported it working.
2012-06-03 07:44:08 +05:30
Sitaram Chamarty 78866f6f28 (experimental code) push wild repos across a master slave connection
It creates the repo on the remote side (getting the creator name from
the gl-creator file and sending it across), as well as sending gl-perms
on subsequent connections.

This has only been minimally tested.  E.g., complex setups or asymmetric
configs on master and slave, etc. have NOT been tested.

This has also not been tested with redirected pushes.
2012-06-01 17:28:14 +05:30
Sitaram Chamarty 42e0bac48c 'perms' command learns to create repo if needed 2012-06-01 16:01:36 +05:30
Sitaram Chamarty d9df70a04f allow getting config settings for non-existant repos also
It's reasonable to want to see config items (for example, mirror
settings) that *would* apply if the repo existed.
2012-06-01 16:01:36 +05:30
Sitaram Chamarty 7170ad9124 allow pubkey filename as extra argument to command in authkeys 2012-05-30 15:02:35 +05:30
Sitaram Chamarty 21dbe53d39 fix minor bug in handling 'desc = "some description"'
repo foo
        desc = "foo"
        RW  =   u1
        ...etc...

The order of the clauses was parsing this like the old 'reponame = "some
description"' and end up creating a repo called 'desc'!

It would also, as a side-effect, change the repo so what you thought
were access rules for 'foo' would become access rules for 'desc'.
2012-05-29 20:55:53 +05:30
Sitaram Chamarty 06d3398fb0 lock binary files... (manually tested)
Remember that true locking is not possible in a DVCS; see
doc/locking.mkd for details and limitations of what is offered here.
2012-05-27 19:06:46 +05:30
Sitaram Chamarty d623388c9f (BSD compat) apparently 'wc -l' on BSD adds spaces in front
Larry was right.  It's probably easier to port a shell than a shell
script!
2012-05-27 05:58:43 +05:30
Sitaram Chamarty 8595303c82 migrated symbolic-ref command 2012-05-27 05:58:43 +05:30
Sitaram Chamarty 17841e8208 gitolite setup learns --hooks-only option 2012-05-25 12:54:06 +05:30
Sitaram Chamarty e1d9aee98b delete the 'description' file for new repos 2012-05-25 12:54:06 +05:30
Sitaram Chamarty 37e97d29fe the 3 shipped post-create programs should exit when called on a normal repo creation 2012-05-25 12:47:12 +05:30
Sitaram Chamarty 0f3a09ce60 PRE_ and POST_CREATE should work for normal repos also 2012-05-25 12:47:12 +05:30
Sitaram Chamarty 04367af3e8 Revert "simulate POST_CREATE for newly created "normal" repos"
This reverts commit bc3eb34211.
2012-05-25 12:47:12 +05:30
Sitaram Chamarty 5298a79cb5 MAJOR BUGFIX: disallow "hooks" directory in admin repo
Although this is not a "hole" that allows a normal user to bypass
controls, I still consider this a hole in the sense that I want to
separate "admin push" rights from "shell access on server" rights.

(I realise that most people don't make this distinction, but I do, and
for me and most sites I consult for it is important).

Thanks to drue on #gitolite who pointed it out excitedly, and apologies
for killing what he thought of as a feature!
2012-05-23 04:33:54 +05:30
Sitaram Chamarty dd083085cf (fix bugly) info -ld should handle missing description files more gracefully
bugly = bug that makes the output ugly :)
2012-05-23 03:37:52 +05:30
Sitaram Chamarty 2907561529 (minor) solaris doesn't like "shift" when there are no arguments remaining 2012-05-22 13:17:10 +05:30
Sitaram Chamarty 55d64752ae fix repo alias to work when reponame has leading "/"
as in git@host:repo.git works but ssh://git@host/repo.git doesn't
2012-05-22 11:57:40 +05:30
Sitaram Chamarty b6ce11a19f (minor) permissions fixup -- sugar scripts do not need +x 2012-05-22 07:06:41 +05:30
Sitaram Chamarty d04e79d291 (minor) single quotes around variables in error messages
(plus a couple of other minor fixups)
2012-05-21 17:44:30 +05:30
Sitaram Chamarty 20d2120ea5 move input command check so it works for non-ssh modes also 2012-05-21 15:24:40 +05:30
Sitaram Chamarty 3a59f5aff0 line up regexes for easier review 2012-05-21 15:24:40 +05:30
Sitaram Chamarty 72b6a54e0a test packaging instructions and make required changes 2012-05-20 14:21:23 +05:30
Sitaram Chamarty 8644690506 (ssh) make it easier to make give some users a full shell 2012-05-19 06:01:05 +05:30
Sitaram Chamarty 07169c37ec allow aliasing a repo to another name
all documentation is inside Alias.pm.
2012-05-19 06:01:05 +05:30
Sitaram Chamarty bc3eb34211 simulate POST_CREATE for newly created "normal" repos
See "background" in new program src/triggers/new-normal-repos
2012-05-16 18:55:06 +05:30
Sitaram Chamarty e511943a45 just for kicks, a VREF that allows voting on changes to a branch
(manually smoke tested; no test script)

I've been meaning to do this for a while, since someone told me that is
one of gerrit's features they like.

Of course, gitolite can't/won't do the whole "code review" thing (nor
the workflow enforcement that follows).

But voting is simple -- literally 2-3 lines of code in a VREF.  (The
rest is inline documentation).
2012-05-10 12:28:37 +05:30
Sitaram Chamarty fa2893be7c the dupkeys function was already in ssh-authkeys...
...so there's no need for the VREF.

Ironically, while I was arguing with Eli that I wouldn't do it and why,
the code was *already* there, and had been for over a month!  (It must
have been there for much longer for me to have forgotten!)

TODO: convert from using fingerprint compute to actual key strings when
the complaints about speed start appearing.

My own personal speed up loop [1] I guess :)

[1]: http://thedailywtf.com/Articles/Classic-WTF-The-Speedup-Loop.aspx
2012-05-07 15:08:46 +05:30
Sitaram Chamarty e76be7ff11 move repo/user validity check deeper
(but change repo check to allow repoPATT instead of just repoNAME)

This is because there are/will be some situations where access() is
called without those two checks being done (i.e., it is not only from
src/commands/access that it is called).
2012-05-06 19:02:42 +05:30
Sitaram Chamarty 196706c145 bugfix: smart http mode wasn't running pre_ and post_ git triggers
(while we're about it, we also steal Michael Brown's idea (patch #2 in
[1] and get rid of GIT_HTTP_BACKEND).

[1]: http://groups.google.com/group/gitolite/msg/adfae758dd28f2a8
2012-05-05 18:07:15 +05:30
Sitaram Chamarty 6d057fb84c allow info to print description also 2012-05-04 18:13:42 +05:30
Sitaram Chamarty d8df4a9344 git-config bugfix + backward compat breakage in usage of 'config'
(1) the backward compat breakage: you can't create empty-valued config
    keys anymore.  That is, you can't do the eqvt of the following shell
    command using gitolite

        git config foo.bar ""

(2) fixed a bug where this:

        repo foo
            config foo.bar =

    when queried using

        gitolite git-config -r foo .

    would return even the empty valued ones, which -- remember! -- are
    not supposed to exist anymore.

    Fixing this bug allows situations like this to not show the admin
    repo in gitweb:

        repo [a-z].*
            config gitweb.owner = P-h B

        repo gitolite-admin
            config gitweb.owner =

----

background...

Somewhere in g3 (well actually in 057506b), we lost the ability to
distinguish
    config foo.bar  =   ""
from
    config foo.bar =

I decided that conflating them is more intuitive for most people,
because a survey [1] revealed that no one seemed to want the equivalent
of the following shell command:

----

[1] ...of a (small prime greater than 1) number of people on #git
2012-05-04 17:30:22 +05:30
Andreas Stenius 47a0c44540 migrated htpasswd command from g2.
(with some fixups by committer)
2012-05-03 11:04:22 +05:30
Sitaram Chamarty 49d132a969 minor fix to info command output under httpd...
when running under httpd, $ENV{USER} is not set, so we use a (hopefully
informative) default to print.

Thanks to Thomas Hager (duke at sigsegv dot at) for catching this.
2012-05-01 15:06:06 +05:30
Sitaram Chamarty c145528849 (minor typo fix) 2012-05-01 14:20:13 +05:30
Sitaram Chamarty 850882c1a6 allow VREF code to print to STDOUT...
Using a g2-style "chained update hook" as a VREF doesn't *quite* work:

  - all STDOUT from the hook is lost
  - worse, all lines get parsed as a ref followed by a message, and if
    the ref doesn't look like a ref it dies

So now we do all this only if the message starts with 'VREF/'.  Any
other output is just printed out as is.
2012-04-30 06:02:17 +05:30
Sitaram Chamarty 48ed4deb8f BSD compat changes
thanks to milki for all the efforts!

Details:

  - partial-copy fell afoul of BSD not having $RANDOM
  - test suite: fix bad GNU sort with good perl sort
  - test suite: fix md5sum dependency (which BSD doesn't have or can't
    easily have or requires extra options or whatever...), by doing it
    in perl.  (Requires Digest::MD5, which is probably available
    anyway, but since this is only for the test suite, meh!)
2012-04-28 22:58:09 +05:30
Sitaram Chamarty e919a0b7ca solaris doesn't like 'hostname -s'...
(luckily, unlike linux, it doesn't spew a usage message to STDOUT!)
2012-04-28 12:04:51 +05:30
Sitaram Chamarty 7d6b04605d fix test suite's dependency on time zone
I had not remembered that the 'tc' subcommand in tsh adds *text* that
contains the current time, so commit SHAs were changing.

Thanks to milki for catching this, and in fact being the only person who
ever appears to have attempted to run the test suite at all!
2012-04-28 04:55:49 +05:30
Sitaram Chamarty 5d366b5c0e new VREF: MAX_NEWBIN_SIZE (manual spot testing only) 2012-04-23 17:27:00 +05:30
Sitaram Chamarty d74f596e23 make can_write() in Easy.pm more flexible 2012-04-23 17:27:00 +05:30
Sitaram Chamarty 198dcfd4c8 POST_CREATE efficiency... (please read below if you care)
The POST_CREATE trigger is called when

  * a user creates a new "wild" repo,
  * a user uses the "perms" command, and
  * a user uses the "fork" command.

The trigger calls 3 programs (see rc file):

    post-compile/update-git-configs
    post-compile/update-gitweb-access-list
    post-compile/update-git-daemon-access-list

(They are also called by the POST_COMPILE trigger, by the way.)

However, the 3 programs shown are a bit wasteful -- they run through
*all* the repos when really only *one* repo has been affected.

This patch

  * passes the repo name to the 3 programs (duh!)

  * adds the optimisation to the first of the 3 programs listed above
    (the one dealing with 'git config').

For the other two programs (gitweb and git-daemon), you have 3 choices:

  * if you don't have too many repos, ignore the problem.

  * take out the 2nd and 3rd lines from the POST_CREATE list in the rc
    file, so they don't run.

    Then run 'gitolite trigger POST_COMPILE' from cron at regular
    intervals.  (Note that is POST_COMPILE not POST_CREATE!)  However,
    this means that gitweb and daemon permissions won't be current
    immediately after someone adds a new repo or sets perms etc.; they
    get updated only on the next cron run.

  * patch the programs to add this optimisation (and send me the
    patches).  The optimisation would check if arg-1 ($1 in shell,
    $ARGV[0] in perl) is 'POST_CREATE', and if it is, take the *next*
    argument as a repo name that may have changed.
2012-04-22 22:44:39 +05:30
Sitaram Chamarty 895b3614ed (minor) add a bit more detail on usage text for 'info' 2012-04-22 22:43:45 +05:30
Sitaram Chamarty 6b65e7853f (minor) add quotes to make repo name stand out in error message 2012-04-22 22:43:45 +05:30
Sitaram Chamarty c3ec518cef fork command, and some core changes to make it work...
- access command allows checking ^C
  - ^C check will fail when the repo exists
2012-04-22 16:56:21 +05:30
Thomas Hager 3a7b547759 replaced /bin/echo with printf, Solaris echo doesn't recognize -n
gitolite setup fails to check admin pubkey, because $text always
contains 2 or more lines after tsh_try() (the key and -n).

[committer adds:
    I wasn't sure if 'printf' would work on cygwin, so I chose what
    looked like a safer option, but apparently it wasn't safe enough and
    fell afoul of Solaris.

    Anyway I managed to check (using a small test program) with someone
    who runs gitolite on cygwin, and it works.

    If you're wondering why I didn't just use echo followed by chomp(),
    that would of course have been the easy way out but I wanted to see
    how you'd do it without a post-processing option.  It became a
    frustrating challenge of sorts because it seems such a trivial thing!
]
2012-04-18 14:19:51 +05:30
Thomas Hager aaccb367ec changes to support Solaris default shell
Solaris default bourne shell does not recognize $(), and does not allow
exporting a variable and assigning a value to it in one step.
2012-04-18 13:42:50 +05:30
Sitaram Chamarty 1c15b4cc2d (perltidy) 2012-04-18 06:26:53 +05:30
Sitaram Chamarty 2cb7d8313e (minor) make trigger function name consistent with other similar uses
writable() in Writable.pm renamed to "access_1" to be consistent; i.e.,
reflect the trigger name
2012-04-18 06:23:21 +05:30
Sitaram Chamarty 581e79d745 logging die and warn messages
- change a few important die()s to _die()s
  - setup SIGs for both die and warn so any others will get caught
2012-04-18 06:23:21 +05:30
Sitaram Chamarty 67327ebfb4 (minor) add svnserve command 2012-04-18 06:23:21 +05:30
Sitaram Chamarty 273e6fd627 "fake Unix" strikes again...
The fix is easy enough, but I hate having to code work-arounds for
proprietary OSs when the same code works fine on Linux and BSD.

/me wisely avoids words like posix in his rant ;-)

Thanks to Franck Zoccolo for help in finding what the problem was and
when and why it occurred.

----

Someday there will be some issue that requires a fix with significant
code change (or worse, a change that is incompatible with Linux), and I
will probably refuse.  Of course, I will be properly regretful about my
inability to fix it.[1]
2012-04-17 14:14:28 +05:30
Sitaram Chamarty b5024027ca yaaay! http is finally done! 2012-04-15 21:14:56 +05:30
Sitaram Chamarty 720729e4b4 (minor) do not run gitolite query-rc from *perl* programs!
I must have blindly converted from some shell-thinking/shell-code for
these to have slipped through!

(found when doing an audit of all system, exec, ``, qx, and tsh_)
2012-04-13 15:35:13 +05:30
Sitaram Chamarty afc2c14a65 (minor) t/reset and test scripts were not getting a VERSION file 2012-04-11 19:06:13 +05:30
Sitaram Chamarty 4c5bb27739 pre-existing repo instructions were WRONG...
- fix them
  - but (at the cost of some efficiency) try to compensate if the admin
    did not follow those instructions, by running hook_1 anyway
2012-04-11 19:03:17 +05:30
Sitaram Chamarty 8c28fd2241 D...
(manually tested, no test script)

the whimsically named "D" command deletes repos, and is the opposite of
the "C" permission that enables the user to create one in the first
place.  See the usage message for user info, and look in the comments of
the code itself for admin info.
2012-04-11 07:06:45 +05:30
Sitaram Chamarty bbaacfaee7 (mostly) doc changes
- minor typo fixes, clarifications, etc.

  - keep sts.html url consistent, because many people link to
    http://sitaramc.github.com/gitolite/sts.html

  - create a common migration doc, so the old 'migr.html' does not 404
    when g3 docs become "main"

  - progit doc done

  - add gitosis convert script (FWIW)

  - a minor comment fix to Sugar.pm
2012-04-10 15:41:32 +05:30
Sitaram Chamarty c5e0e929a7 sskm: minimum changes, minimally smoke tested!
(thanks to fabian@hirschm.net for testing more thoroughly as well)
2012-04-10 04:23:57 +05:30
Sitaram Chamarty 48f1e7c781 'gitolite git-config' should print only value when regex not used...
not repo<tab>key<tab>value.  Also, honor '-n' (no newline)
2012-04-08 11:31:04 +05:30
Sitaram Chamarty 55e9b47bd1 CpuTime module learns to compute elapsed time 2012-04-08 06:07:14 +05:30
Sitaram Chamarty d3610191d3 supporting DOS and fake Unix...
I was very, very, tempted to say "sorry; not supported".  Sadly,
prudence won over juvenile glee...

PS: DOS == dominant operating system
2012-04-06 21:13:56 +05:30
Sitaram Chamarty 057506b73f remove quotes around option values
for example, this now works (it used to save the quotes also)

    option mirror.master = "ilh-95"
2012-04-06 17:26:27 +05:30
Sitaram Chamarty e1c7e546aa cpu-time command -> CpuTime trigger module...
...now that triggers are not restricted to external programs and can be
perl code called by gitolite-shell (thus in the same PID), there's no
need to compute and pass along the times() array.

This also changes the arguments to POST_GIT; they're now the same as
PRE_GIT's.
2012-04-06 17:26:27 +05:30
Sitaram Chamarty 7c6728af89 (some minor changes)
- whitespace change to t/reset
  - remove dbg line accidentally left in in Load.pm
  - add a bit more explanation to 'writable'
2012-04-05 21:31:59 +05:30
Sitaram Chamarty 8df28a02db (minor) comments and clarifications in default rc 2012-04-04 05:01:10 +05:30
Sitaram Chamarty 495390926d added sshkeys-lint as a command 2012-04-03 17:15:13 +05:30
Sitaram Chamarty 35953a5bd3 added 'gitolite push' to make server side pushes easier...
also force the update hook to log SHAs of bypassed pushes
2012-04-03 16:40:06 +05:30
Sitaram Chamarty ad77cef7de (mainly for fedora) '-s' gets a shell. Manual spot-testing only
also includes "use $USER if username not passed"
2012-04-03 15:06:08 +05:30
Sitaram Chamarty 81b503d2bd GROUPLIST_PGM; manually spot-tested, no test script. PW. 2012-04-03 09:47:31 +05:30
gitolite tester 8e8ccb50f4 additions to default rc (commented out) for mirroring 2012-04-02 13:18:30 +05:30
gitolite tester 25bb1c00db mirroring without sausages
(or at least without showing the making of said sausages)
2012-04-02 13:18:30 +05:30
Sitaram Chamarty b78466b164 put the VERSION file in the right place
I don't know why I had put VERSION in GL_ADMIN_BASE, which is pretty
stupid.  It should be in GL_BINDIR.

It also has nothing to do with setup -- the file needs to be generated
at 'install' time.
2012-04-02 13:18:30 +05:30
Sitaram Chamarty 4e093d5909 migration bug: admin repo hooks not updated by 'gitolite setup'
because the loop in the code below was sending out $repo =
'./gitolite-admin.git' to hook_1(), inside which there is an explicit
check for 'gitolite-admin', which of course doesn't match
'./gitolite-admin'!
2012-03-31 00:02:08 +05:30
Sitaram Chamarty 2c1f46c055 %HOSTNAME and new subconf enhancement 2012-03-30 23:08:53 +05:30
Sitaram Chamarty 0dfabe9f45 added "INPUT" trigger (not yet documented; internal use only for now) 2012-03-30 23:07:46 +05:30
Sitaram Chamarty 906ed4cbe2 logging, tracing, and perltidy, ...
...plus renamed a couple of log events for consistency
2012-03-30 23:07:46 +05:30