Commit graph

836 commits

Author SHA1 Message Date
Sitaram Chamarty d78f66af52 doc for change in info/expand command outputs 2010-08-24 17:52:14 +05:30
Sitaram Chamarty 2b066fc9f0 info/expand print better(?) permission codes
see doc/report-output.mkd for details
2010-08-24 17:51:33 +05:30
Sitaram Chamarty d6704d052a doc cleanup on info and expand command
jefferai pointed out that some of the links about this were broken, and
a quick look showed that it was described in multiple places too.
Brought it all together...
2010-08-21 17:02:12 +05:30
Sitaram Chamarty 6e2db12302 allow @groups in setperms command also
This should hopefully be the final step in making wildrepos as close to
normal repos as possible.  You can now do pretty much anything with them
that you can do with normal repos [1]

Implementation notes:

  - compile puts out %groups into the compiled config file regardless of
    GL_BIG_CONFIG because this feature needs it
  - wild_repo_rights caches %groups because the part of the %groups hash
    we care about will not change between calls in the same run

----

[1] **except** use the full-blown config file syntax within the gl-perms
    file :-)  I don't plan to do that; it's too complicated! [2]

[2] yeah yeah I know -- famous last words!
2010-08-21 13:04:13 +05:30
Sitaram Chamarty 34965b1b03 (tests) added tests for delegating with wildcards 2010-08-21 10:48:39 +05:30
Sitaram Chamarty 8faba23177 (minor) make time-style=long-iso explicit in t00
(side-effect of switching one machine from Mandriva to Fedora; nothing
to do with gitolite per se...)
2010-08-21 10:47:47 +05:30
Sitaram Chamarty 3a8f32ac9b minor fixups to the "gitweb/daemon from setperms" code...
- fork was not printing a newline after the permissions
  - "add_del_line" to properly handle that damn projects.list file!
2010-08-20 23:09:11 +05:30
Sitaram Chamarty 870983086c CHANGELOG and progit article updates 2010-08-20 21:03:48 +05:30
Sitaram Chamarty 648676faec gitweb and daemon should now work even from within setperms
modifications:

  - call setup_gitweb_access and setup_daemon_access from with
    get_set_perms so when the user sets a perm explicitly it works
  - in setup_gitweb_access, do not delete description file or
    gitweb.owner if the repo is wild
  - make the "fork" adc set gitweb.owner *and* call setperms using
    GL_WILDREPOS_DEFPERMS
  - add tests

bug fixes:

  - gl-auth did not even *look* at GL_WILDREPOS_DEFPERMS when
    auto-"C"reating a wild repo; fixed
  - setup_gitweb_access did not delete the description file as
    consistently as it deleted the owner

what will NOT work:

  - removing gitweb permissions does not clear the name from
    "projects.list".  That's complicated, so just wait till the next
    "compile" to make this happen

(thanks to Jefferai for driving this...)

----

mildly puzzling:

    for some strange reason, after a "git ls-remote ...try3" in t58,
    instead of not creating a "description" file, we started seeing a
    73-byte file containing this message:

    Unnamed repository; edit this file 'description' to name the repository.
2010-08-20 21:02:18 +05:30
Sitaram Chamarty 0979f02927 expand t58 to check projects.list being created on create 2010-08-20 19:50:44 +05:30
Sitaram Chamarty 38d5ab5e47 (minor) rmrepo has 2 alternatives for who can delete 2010-08-20 19:50:44 +05:30
Sitaram Chamarty 1b5294f26d make info and expand run faster
using a wee bit of local optimisation in an inner function
2010-08-20 19:50:20 +05:30
Sitaram Chamarty da210f21bd log elapsed time
I'm an idiot.  I say I won't do it, then I go and do it anyway.

Fortunately, in this case, the code and execution remain exactly the
same for people who do not set $GL_PERFLOGT in the rc file, so it's
tolerable.

<evil grin> People who want even more than this can contact Greg Lonnon
(see the mailing list archives at
http://groups.google.com/group/gitolite for an obfuscated but easy to
guess email address) ;-)
2010-08-17 22:35:16 +05:30
Sitaram Chamarty 79f0a5fd52 (big one!) more than one wildcard may match a repo...
plus it can also be matched by a normal repo line.  In other words, with

    repo foo/bar
        RW  =   u1

    repo foo/..*
        RW  =   u2

user u2 has access to foo/bar (the non-wild does not cause the wild to
be completely ignored any longer)

implementation notes:

    get_memberships:

      - no more highlander ("there can only be one") for patterns in
        @repo_plus
      - return $wild as a space-separated list of matched patterns

    collect_repo_patts:

      - as of the last change to this section of code it appears we
        weren't using the values anyway, but I had forgotten :-)

    repo_rights: (big change: $wild no longer implies $creator present,
    or vice versa)

      - new type of "creator" (like "was_sitaram") is now possible
2010-08-11 22:38:17 +05:30
Kevin P. Fleming a5601970da make repo patterns work in fragment-named groups 2010-08-11 22:38:17 +05:30
Sitaram Chamarty 204b34e525 lots of changes to tests for big-config
as well as wild, and (as much as I could) both together
2010-08-11 22:38:16 +05:30
Sitaram Chamarty f21e7780a1 fix up gitweb, daemon, for wild + big-config
Implementation notes:

  - %repo_config is now "our", not "my"
  - collect_repo_patts now uses repo_rights to get the name of the wild
    card repo (if any) that pertains to the physical $repo, instead of
    all that new code (duh!)
  - new "can_read(repo, user)" sub (to help daemon and gitweb use)
  - the "convenience copy on steroids" thing now copies %repo_config
    also, not just %repos.  This makes setup_repo_configs simpler
  - $creator gets substituted into %groups also; we need that now that
    we (%repos and %groups) are working closer together :)
2010-08-11 22:38:16 +05:30
Sitaram Chamarty 8deee9b6bd (tests) added t57 for daemon and gitweb stuff 2010-08-11 22:38:16 +05:30
Sitaram Chamarty 509c73b888 gitweb/daemon now work for wild repos also
(thanks to Kevin Fleming for the need/use case)

TODO: tests
TODO: proper documentation; meanwhile, just read this:

  - you can give gitweb and daemon read rights to wild card repos also,
    and it'll all just work -- when a new repo is 'C'reated, it'll pick
    up those rights etc

  - you can assign descriptions (and owners) to individual repos as
    before, except now you can assign them to repos that actually were
    created from wild card patterns.  So for example, you can define
    rules for

        repo foo/..*

    and then assign descriptions like

        foo/repo1 = "repo one"
        foo/repo2 = "repo two"
        foo/dil "scott" = "scott's dilbert repo"

    However, this only works for repos that already exist, and only when
    you push the admin repo.

    Thumb rule: have the user create his wild repo, *then* add and push
    the admin config file with the description.  Not the other way
    around.

implementation notes:

  - wildcard support for git config revamped, refactored...

    it's not just git config that needs wildcard support.  daemon and
    gitweb access also will be needing it soon, so we start by factoring
    out the part that finds the "pattern" given a "real" repo name.

  - GL_NO_DAEMON_NO_GITWEB now gates more than just those two things;
    see doc/big-config.mkd for details

  - we trawl through $GL_REPO_BASE_ABS *once* only, collecting repo
    names and tying them to either the same name or to a wild pattern
    that the repo name was created from

  - nice little subs to setup gitweb, daemon, and git config

  - god bless $GL_REPOPATT and the day I decided to set that env var
    whenever a user hits a wild repo in any way :-)

  - the code in gl-compile-conf is very simple now.  Much nicer than
    before
2010-08-11 22:38:16 +05:30
Sitaram Chamarty 61802045d9 (mini refactor) clean up the repo_base_abs stuff
make it a sort of "super global" (an ENV var) all through, because
*everyone* seems to need it *and* this variable is pretty much constant
for the entire install
2010-08-11 22:38:16 +05:30
Kevin P. Fleming 33d052dc7d it is not an error for a wildcard repository to not match any patterns... that just means it does not have any config keys defined 2010-08-11 22:38:15 +05:30
Sitaram Chamarty 3172c67dbe new tests: t55 and t56 for repo config with wildrepos 2010-08-11 22:38:15 +05:30
Sitaram Chamarty ad64f99522 git config settings in wild repos: part 2
call it after the new_repo in auth also
2010-08-11 22:38:15 +05:30
Sitaram Chamarty d1d2c3e054 git config settings in wild repos: part 1
- new GL_GITCONFIG_WILD to gate it
  - new sub to do all the hard work (refactored from a few lines in
    compile)
  - split the call from "compile" into two sets -- first for non-wild,
    then for wild

This ensures that after a "compile" (admin push) all git configs are
applied.

TODO: apply them when a new wild repo is created by a user, and then on
the "fork" (admin-defined command)
2010-08-11 22:38:15 +05:30
Sitaram Chamarty c944a8a3b9 new test: t54-repo-configs 2010-08-11 22:38:14 +05:30
Sitaram Chamarty fda10c2805 mirroring support...
conf/example.gitolite.rc
  - "slave mode" flag to disable pushes and "list of slaves"

hooks/common/post-receive.mirrorpush
  - code to push to the mirror, creating the repo if needed

src/mirror-shell
  - shell for master pushing to a slave, because we don't actually want
    to go through gitolite itself, yet we have to take care of
    $REPO_BASE being wherever.  And of course we have to set
    GL_BYPASS_UPDATE_HOOK to 1 for the push to happen!

src/gl-mirror-sync
  - manually runnable program to sync from current server to another
2010-08-11 22:37:35 +05:30
Sitaram Chamarty 74e15d06a0 add "addrc" function to test driver 2010-08-10 12:31:46 +05:30
Sitaram Chamarty c8879264e6 separate out the code that sets up ~/.ssh/authorized_keys
NOTE: there are no *functional* changes in this for *normal*
    gitolite users.  It's just a chunk of code moving into a new
    subroutine etc.

KDE needs to populate the authkeys file from an LDAP store.  Other large
projects may have similar means to store keys, depending on how they do
their user provisioning so a generic solution is worth exploring.

This means that in these special cases
  - the gitolite-admin repo's keydir/ directory is not needed [1]
  - but they still need to create the authkeys file somehow

Implementation:

  - write a shim program to make the authkeys-generation code callable
    from the command line/shell.
  - set $GL_NO_SETUP_AUTHKEYS=1 in the rc file to disable authkey
    generation during a "compile" (admin repo push)

Expected usage of new program gl-setup-authkeys:

  - LDAP change triggers some script
  - this script collects all keys from LDAP, puts them in some
    directory, and then calls gl-setup-authkeys, passing it the name of
    the directory

ALSO PLEASE SEE COMMENTS AT THE TOP OF THE NEW PROGRAM IN THIS COMMIT
FOR SOME IMPORTANT DISCUSSION.

----

Footnotes:

[1] It doesn't make sense to use it if the keys will be maintained by
some other entity and can be called up as needed, and it adds an
unnecessary extra step.
2010-08-09 23:21:15 +05:30
Sitaram Chamarty 2dc02e9a75 (minor) document GL_BYPASS_UPDATE_HOOK 2010-08-09 23:21:14 +05:30
Sitaram Chamarty e115129776 (minor) gl-setup fixes
- stop erroring out if run from elsewhere than $HOME (by localising
    the "cd" we need somewhere in between)
  - catch the admin@home.pub usage early
  - minor fix to the backticked commands
  - gl-setup now does 'chmod go-rwx .ssh'
2010-08-09 23:21:14 +05:30
Sitaram Chamarty 4fa5442daa two months too late for towel day... but "dont-panic"!
gl-emergency-addkey replaced by totally new gl-dont-panic, which does
more (including recovering from a botched push, not just lost keys), is
cleaner, and works for all install methods
2010-08-09 23:21:14 +05:30
Sitaram Chamarty fbb9dafbd1 gqt -- gitolite quick (re-)test
sometimes I want to quickly test a few lines of change within the context of
a currently-running/just-ran test, *without* doing the rollback etc.

Here's how you do that now:

  - in your source tree, make the change and then run:
        cp -a src hooks contrib/adc /some/tmp/place
  - go to the tester userid and re-run your tests like so:
        GQT=/some/tmp/place ./test-driver.sh
    it'll rollback as normal then overwrite src and hooks from $GQT

Also, there's now a "dbg" sub that can be used for quick printf-style
debugging.
2010-08-09 23:21:14 +05:30
Sitaram Chamarty 97126608b9 (minor) fixes to test driver 2010-08-09 23:21:14 +05:30
Sitaram Chamarty 416d3398b3 (minor) update example RC file docs on GL_GITCONFIG_KEYS usage 2010-08-09 23:21:13 +05:30
Paweł Zuzelski 1315b1ad11 Better warning message for multi-keys per pubkey file
"WARNING: a pubkey file can only have one line (key); ignoring $pubkey"
message was a bit confusing, because elsewhere the docs claim multiple
keys are suported.  Added note on how to add multiple keys for single
user and pointer to the doc file concerned.
2010-08-09 23:21:13 +05:30
Sitaram Chamarty c1eeaf3c2c detect gl-emergency-addkey attempt for server side installs
and give a suitable message, fix the doc, etc.

(error found by "ry" on #git backlog; couldn't contact him later)
2010-08-09 23:21:13 +05:30
Sitaram Chamarty 5753557b52 mob branches document! (wow, that easy? hmm...) 2010-08-09 23:01:01 +05:30
Adilson Carvalho 7056a1a653 Edited a little English mistake 2010-08-03 23:22:29 -03:00
Sitaram Chamarty f0c280cd38 allow "info" to have some chance of working on big-config setups!
Fedora, till now, had no hope in hell of running the info command.  Why?
Because the output of the info command is semantically the same as the
output of the compile script *before* the big-config mode was created.

And we all know how _that_ went ;-)

So now you get to give "info" a partial reponame or a pattern, just like
in the case of "expand".  And if you're under GL_BIG_CONFIG this pattern
is mandatory.  And if you try to cheat it'll still stop after showing 5
entries to prevent (accidental?) DOSs

Anyway, see doc changes in this commit for more details.
2010-07-31 01:30:43 +05:30
Sitaram Chamarty a12eb15252 make compile atomic by writing a different and rename-ing when done 2010-07-31 00:47:18 +05:30
Sitaram Chamarty cd0835feb1 (tests) t59 to test previous commit...
(the one that distinguishes "repo not found" from "no access")
2010-07-30 13:51:41 +05:30
Sitaram Chamarty c25e05d87b distinguish "repo not found" from "no access" if the user has rights anyway
thanks to Jesse from the Fedora team for pointing this out.  They use
GL_NO_CREATE_REPOS, so sometimes the physical repo on disk doesn't exist
at the time the config file is written.

We're talking about non-wild repos only here, so this means it should
never happen to normal gitolite users.  But now -- in the rare case that
there is a disk-side problem -- people who have rights to a repo will
get a more specific error message.
2010-07-30 09:32:38 +05:30
Sitaram Chamarty adbafdfc2d (minor) updated fedora test case to add new RC vars introduced 2 commits in HEAD^^ 2010-07-30 08:48:20 +05:30
Sitaram Chamarty 063d2f9c6e (minor) don't assume "ssh gitolite" applicable always in docs
[thanks to hal-eisen on github for catching this, although I could not
directly use his patches.]
2010-07-29 09:05:35 +05:30
Sitaram Chamarty 0d0e7e5d72 (really big config) 2 new rc variables
...to prevent auto-creation of repos from config, and to prevent
processing of ssh keys.  Also doc update
2010-07-23 20:21:52 +05:30
Sitaram Chamarty 988934dec1 (minor) admin doc change on moving existing repos into gitolite 2010-07-23 17:06:48 +05:30
Sitaram Chamarty e9787b03f8 darn... git 1.7+ puts out different messages on clone... 2010-07-23 17:06:47 +05:30
Sitaram Chamarty bdb7cd6903 move empty ARGV check down after "-s" check
to make calling "gl-auth -s" (no username) work
2010-07-21 06:27:43 +05:30
Sitaram Chamarty 20c2e1aac8 <sigh>
there are people who cannot click a "doc/" link on the first google hit,
and think you have to clone the whole thing to see the docs...

I suspect they aren't even hitting the "read more" link that github
shows in the description blurb, or if they go there they aren't even
going to the end of the second para, which contains a nice link.
2010-07-06 05:53:35 +05:30
Sitaram Chamarty 1488973412 (doc) INSTALL doc needs info on URLs
More and more people are using one of the first 3 methods of install
(the ones that don't involve running "src/gl-easy-install" from the
client side) usualy due to RPM/DEB being available now.

Previously, the ending message on running that command was serving this
purpose, and so it never really got written down in so many words.

[thanks to antgel for catching this]

----

while we were there, we removed a now-obsolete section that talks about
how to use just one key; there are better methods now
2010-07-05 16:22:10 +05:30