Commit graph

409 commits

Author SHA1 Message Date
Sitaram Chamarty 701b182021 document the add_host_nickname branch changes 2010-05-23 12:04:01 +05:30
Sitaram Chamarty 89655a141c Merge branch 'add_host_nickname' into pu
Conflicts:
	src/gl-easy-install
2010-05-23 09:26:12 +05:30
Sitaram Chamarty f4d21db590 easy install: clone even if a non-default host_nickname is used 2010-05-23 09:25:58 +05:30
Sitaram Chamarty c013dbf8f0 (minor fixups) 2010-05-23 09:25:58 +05:30
Matt Perzel 41bec9f25f Added host_nickname parameter to gl-easy-install 2010-05-22 17:27:23 -07:00
Sitaram Chamarty 196b41e0fd *major* doc revamp
people will NOT read documentation, especially the bloody install
documentation.  I'm about ready to throw in the towel and declare
gitolite unsupported, take-it-or-leave-it.

But I'm making one last attempt to refocus the install doc to better
suit the "I know I'm very smart and I dont have to read docs so it's
clearly your fault that I am not able to install gitolite" crowd.

As a bonus, though, I ended up making proper, hyper-linked, TOCs for
most of the docs, and moved a whole bunch of stuff around.  Also finally
got some of the ssh stuff over from my git-notes repo because it really
belongs here.
2010-05-21 21:36:58 +05:30
Sitaram Chamarty 025de395dc (minor) 2010-05-21 21:32:55 +05:30
Sitaram Chamarty fd85ee2c91 *try* to make upgrades resilient to format changes (pkg maintainers please read)
the commits leading up to v1.5 caused the data format to change (we
added a rule sequence number).

This in turn caused a problem for people who may have installed using
the "system install / user setup" mode of install (which includes people
who used RPM/DEB to install it) -- they would now have to *manually* run
"gl-setup" once after the rpm/deb upgrade.

This commit *tries* to mitigate this problem by recording a data format
version number in the compiled output file.  On any access to that file,
if the version number is not found or is found to be not equal to the
current version, gl-setup is run again.

The reason I say "*tries*" is that the exact command used to do this is
a bit of a hack for now.  However, if it works for Fedora and Debian,
I'm going to leave it at that :)
2010-05-21 14:40:03 +05:30
Sitaram Chamarty c993050ef9 (minor) doc/3: doc fix on multikeys 2010-05-20 17:08:21 +05:30
Sitaram Chamarty 3ddc8aa0ca (important upgrade info here)
There has been a format change to the compiled output file.  As the
CHANGELOG says:

    Upgrading to v1.5 from any version prior to v1.5 requires an extra
    step for people who installed gitolite using the "system install /
    user setup" method described in doc/0-INSTALL.mkd.  For such
    installations, after the administrator has upgraded gitolite
    system-wide, each "gitolite host" user must run `gl-setup` once
    (without any arguments).

    This is *not* an issue if you installed using src/gl-easy-install.
2010-05-19 14:33:35 +05:30
Sitaram Chamarty f9e5c8b7b2 (big-config) doc fixup 2010-05-18 17:51:46 +05:30
Sitaram Chamarty be3d00079a Revert "allow setperms to override config file permissions"
This reverts commit 9612e3a4cc, since it
is no longer needed as of the rule sequencing changes we just made.

Conflicts:

	src/gl-compile-conf
2010-05-18 16:40:15 +05:30
Sitaram Chamarty 32056e0b7f (big one!) rule sequencing changes!
There were 2 problems with rule sequencing.

Eli had a use case where everyone is equal, but some are more equal than
the others ;-)  He wanted a way to say "everyone can create repos under
their own names, but only some people should be able to rewind their
branches".

Something like this would be ideal (follow the rules in sequence for
u1/u2/u3/u4, and you will see that the "deny" rule kicks in to prevent
u1/u2 from being able to rewind, although they can certainly delete
their branches):

    @private-owners = u1 u2
    @experienced-private-owners = u3 u4

    repo CREATOR/.*
      C   = @private-owners @experienced-private-owners
      RWD = CREATOR
      RW  = WRITERS
      R   = READERS
      -   = @private-owners
      RW+D = CREATOR

In normal gitolite this doesn't work because the CREATOR rules (which
get translated to "u1" at runtime) end up over-writing the "deny" rule
when u1 or u2 are the creators.  This over-writing happens directly at
the "do compiled.pm" step.

With big-config, this does not happen (because @private-owners does not
get expanded to u1 and u2), but the problem remains: the order of
picking up elements of repo_plus and user_plus is such that, again, the
RW+D wins (it appears before the "-" rule).

We fix all that by

  - making CREATOR complete to more than just the creator's name (for
    "u1", it now becomes "u1 - wild", which is actually illegal to use
    for real so there's no possibility of a name clash!)
  - maintaining a rule sequence number that is used to sort the rules
    eventually applied (this also resulted in the refex+perm hash
    becoming a list)
2010-05-18 16:36:06 +05:30
Sitaram Chamarty c3d23f8734 Merge branch 'pu-big-config' into pu 2010-05-18 15:40:18 +05:30
Sitaram Chamarty aa8da93016 tone down the "ZOMG users without pubkeys" hysteria :) 2010-05-16 13:36:54 +05:30
Sitaram Chamarty 35750c1abe (big-config) update doc and rc, allow skipping gitweb/daemon
skipping gitweb/daemon has an enormous impact on speed of an admin-push!
2010-05-16 12:51:03 +05:30
Sitaram Chamarty 689ff7464b Merge branch 'teemu-contrib' into pu 2010-05-14 22:22:40 +05:30
Teemu Matilainen b278d430b8 contrib: Add information about gitolite-tools
Signed-off-by: Teemu Matilainen <teemu.matilainen@iki.fi>
2010-05-14 19:28:33 +03:00
Sitaram Chamarty 58fc6a3252 (big-config) documentation 2010-05-14 21:44:51 +05:30
Sitaram Chamarty 8da223f92a (big-config) allow usergroup information to be passed in from outside
[Please NOTE: this is all about *user* groups, not *repo* groups]

SUMMARY: gl-auth-commmand can now take an optional list of usergroup
names after the first argument (which is the username).

See doc/big-config.mkd in the next commit or so
2010-05-14 21:44:51 +05:30
Sitaram Chamarty d11a27924b (big-config) compile: fragments in big-config
Since it is possible to do all sorts of shenanigans with wildcards and
repo groups, we

  - allow only a fragment called "foo" to set permissions for a group
    called "@foo", in addition to a repo called "foo"
  - forbid defining any groups within a fragment conf.  All "@foo = bar
    baz" must be done in the main config file now.

If this proves too limiting for anyone I'll worry about it then.
2010-05-14 21:44:03 +05:30
Teemu Matilainen 42c3543e97 contrib: Add gitweb example configurations
Move the example code from doc/3 to contrib/gitweb/ and modify it
to work with both wildcard and non-wildcard setups.

Signed-off-by: Teemu Matilainen <teemu.matilainen@reaktor.fi>
2010-05-14 19:07:16 +03:00
Sitaram Chamarty 0139fe0e97 (big-config) compile: dont complain about "@foo" not having a pubkey 2010-05-14 20:57:22 +05:30
Sitaram Chamarty c8f83a03dd (big-config) compile: create new repos even if GL_BIG_CONFIG is set
...by expanding the groups of course
2010-05-14 20:57:05 +05:30
Sitaram Chamarty 346b396840 (minor) move version check to the right place 2010-05-14 20:43:13 +05:30
Sitaram Chamarty cf0e568c89 (big-config) the new "big-config" for large setups
If you have many thousands of repos and users, neatly organised into
groups, etc., the normal gitolite fails.  (It actually runs out of
memory very fast while doing the "compile" when you push the config, due
to the number of combinations of repo/user being stored in the hash!)

This commit series will stop doing that if you set $GL_BIG_CONFIG = 1 in
the rc file.

Some notes:

  - deny rules will still work but somewhat differently -- now they must
    be placed all together in one place to work like before.  Ask me for
    details if you need to know before I get done with the docs

  - I've tested most of the important features, but not every single
    nuance

  - the update hook may be a tad less efficient now; we can try and
    tweak it later if needed but it shouldn't really hurt anything
    significantly even now

  - docs have not been written yet
2010-05-14 20:43:13 +05:30
Sitaram Chamarty db3c98d9e3 easy install: preserve conf/VERSION if working off a tar file 2010-05-14 12:59:47 +05:30
Sitaram Chamarty 9612e3a4cc allow setperms to override config file permissions 2010-05-14 11:32:35 +05:30
Sitaram Chamarty fbe785adea Makefile: now default is as simple as "make"
plus copies tar file to /tmp just for convenience
2010-05-14 11:27:55 +05:30
Sitaram Chamarty 3d9f230b41 Merge branch 'master' into pu (svnserve contrib code)
Conflicts:
	src/gl-auth-command
2010-05-10 08:12:09 +05:30
Sitaram Chamarty 4ad9807225 doc/3: made doc for extcmd a little more generic,
with specific sections for commands as needed
2010-05-10 07:25:23 +05:30
Vladimir Panteleev cf9bb98e87 tweaked and documented svnserve support 2010-05-10 07:01:50 +05:30
Simon Arlott d95e868620 add svnserve exec support 2010-05-10 06:59:49 +05:30
Sitaram Chamarty f1a942b7f7 (minor) more helpful message when the user forgot to set $GL_WILDREPOS
thanks to konrad for catching this

also make lack of WILDREPOS more noticable on compile
2010-04-29 19:27:01 +05:30
Sitaram Chamarty 6c682721b5 (minor) doc updates 2010-04-29 19:25:40 +05:30
Sitaram Chamarty 2eaa2c6416 (minor) update changelog, features lists in both readme and doc/3
(and raise the reward, though Teemu already wont it actually!)
2010-04-29 19:25:39 +05:30
Sitaram Chamarty 6787dc2c84 (minor) fix docs about admin-ing a gitolite installation
(since easy-install is no longer the *only* install method)
2010-04-29 19:25:39 +05:30
Sitaram Chamarty ffccd0a4d3 gl-system-install -- system-wide install program
(as if we didn't already have enough programs with the word "install" in
their names!)

Anyway, this does what an RPM or a DEB would do -- basically implement
the instructions in Appendix C of doc/0.

You can use this to do a system-wide install if your distro isn't as
smart, forward-looking, and uptodate as Fedora ;-)

Clone the repo somewhere, cd to it, and run, for example:

    sudo src/gl-system-install /usr/local/bin /var/gitolite/conf /var/gitolite/hooks

or something like that.  See doc/0 for details.  Run without arguments
for help.
2010-04-29 19:25:39 +05:30
Sitaram Chamarty c4cbfabd4c spelling cluestick...
Ouch!  How mortifying :)  I'd always thought this was one of the Brit/US
differences, but to find out that it really *isn't* a word... hmph!

Anyway, in the interest of not breaking existing wild repos, the
ownership file is still called "gl-creater".  Everything else has been
changed.

(...thanks to Sverre)
2010-04-29 19:25:39 +05:30
Sitaram Chamarty ff2be4c1ed (adc) documentation 2010-04-25 13:21:17 +05:30
Sitaram Chamarty 30bfeb8810 (adc) clean up and extend logging 2010-04-25 13:21:16 +05:30
Sitaram Chamarty 0b1d31fad4 (adc) "common functions" and examples for adc usage 2010-04-25 13:21:16 +05:30
Sitaram Chamarty 9d0a208b26 (adc) auth: git-init subcommand added
The "fork" adc cannot simply do a "git clone..."; hooks and gl-creater
won't get set up.  We need a way to initiate the *creation* of a repo
from a shell command, and then fetch the refs over.

For a long time, we used to trick gitolite into creating a repo for us
by simply using "git ls-remote host:reponame" ;-)  Now we have an actual
command, so we can say "ssh git@server git-init \'reponame\'"

Yes; those single quotes are required.  Deal with it.
2010-04-25 13:21:16 +05:30
Sitaram Chamarty 567e70ba40 (adc) admin-defined commands
This commit series allows an admin to designate a set of commands that
users can run.  For example, he can allow users to delete a repo that
they have created:

    ssh git@server rmrepo foo/me/bar

or fork (to use github's terminology) a repo they have "R" access to,
into a new one they have "C" access to:

    ssh git@server fork foo/someone-else/bar foo/me/bar

Please see documentation for details

----

(this commit)

  - (rc) new variable $GL_ADC_PATH; without this none of this is enabled
  - (pm) new helper routine "cli_repo_rights" to get rights/ownership
    from outside
  - (auth) call $GL_ADC_PATH/$cmd if it exists
2010-04-25 13:21:16 +05:30
Sitaram Chamarty 6edc7a4d5f (rrq) document the report output 2010-04-25 13:21:16 +05:30
Sitaram Chamarty 08dced6125 (rrq) report_basic adjusts output format to match expand_wild 2010-04-25 13:21:15 +05:30
Sitaram Chamarty 382505f0e0 (rrq) expand_wild uses new repo_rights sub 2010-04-25 13:21:15 +05:30
Sitaram Chamarty 6be0946aee (rrq) gl-auth-command uses new repo_rights sub 2010-04-25 13:21:15 +05:30
Sitaram Chamarty 90e141cd61 (rrq) refactor all the rights querying
This commit series refactors all the rights querying logic.

  - old repo_rights sub renamed to wild_repo_rights
  - new repo_rights sub to be a single entry point for most rights
    queries
      - callable from gl-auth-command and expand_wild
      - callable from *outside* too, as long as $ENV{GL_USER} is set
  - the format of the returned permissions contains C, R, and W as
    applicable, with sigils reflecting the 3 possible ways in which you
    can get R or W perms (2 ways for C):
        @R  means @all users have the same access
        #R  means you're a "super user" (think root's shell prompt) so
            you can see all repos
         R  is the normal, explicit, access
2010-04-25 13:21:15 +05:30
Sitaram Chamarty 820d3f5948 the most common problems an admin will see
an admin who refuses to read messages that show up on the screen, that is ;-)
2010-04-22 07:57:25 +05:30