Commit graph

303 commits

Author SHA1 Message Date
Sitaram Chamarty 3914dc0161 tighten permissions on install
- hardcode 0700 mode for GL_ADMINDIR tree (thanks to ma at
    ibitsense.com) for catching this
  - honor REPO_UMASK for GL_REPO_BASE_ABS creation
  - plus a minor doc update
2010-10-02 05:55:33 +05:30
Sitaram Chamarty 4957900360 (doc) who-uses-it 2010-09-28 20:26:26 +05:30
Sitaram Chamarty da9a1b5cbf gitosis migr doc update to handle user@foo type keys
thanks to frogonwheels for catching this...
2010-09-28 11:46:39 +05:30
Sitaram Chamarty 67a72a3f5b added support for a post-repo-create hook (gl-post-init)
...some people want to run a special function after a repo is created
2010-09-24 16:58:46 +05:30
Sitaram Chamarty c18514e213 (minor) doc updates
inspired by various denizens of #git and the internet at large
2010-09-24 06:04:13 +05:30
Sitaram Chamarty 3f57f18ee2 wildrepos doc badly needed update due to new features:
- 79f0a5f ("(big one!) more than one wildcard may match a repo...")
    makes some of the dire warnings about this irrelevant
  - d1d2c3e and ad64f99 ("git config settings in wild repos: part 1" and
    "...part 2") makes this caveat also useless

While we were about it, we added a quick intro and tried to make some
other details a little clearer.
2010-09-23 14:44:23 +05:30
Sitaram Chamarty 4dd17b96cb (http) https tested 2010-09-08 19:34:38 +05:30
Sitaram Chamarty 595410aa55 (http) first level error reporting now works
I didn't know that remote-curl.c requires 200 OK even if you want to
report an error.

With Ilari's patch at [1] you'll get a more readable message but it is
still good enough now.

[1]: http://permalink.gmane.org/gmane.comp.version-control.git/155464
2010-09-06 12:11:19 +05:30
Sitaram Chamarty cc8ccab924 (http) gitolite without ssh? smart http support is here!
As usual there's more documentation than code.

Unlike usual, however, this isn't completely tested.  Please read the
documentation for details of what works, what doesn't, what has been
tested, what hasn't, and so on.
2010-09-05 21:04:39 +05:30
Sitaram Chamarty 5f342c0444 more doc revamp; some notes below
- all anchors prefixed by AUTO_ now
  - some bad links fixed (maybe still a few I didn't catch)
  - misc wording changes/additions (support section to README,
    "technical skills" section to install doc, etc).
2010-09-04 03:10:20 +05:30
Sitaram Chamarty 2cf382ca4e (minor) some doc typos 2010-09-03 09:02:47 +05:30
Sitaram Chamarty 6c48647c15 (more ssh documentation shenanigans) 2010-09-01 12:43:35 +05:30
Sitaram Chamarty c1bd3ca69c umpteenth doc revamp...
because someone else found the doc overwhelming.  However, the suggested
reading order (which so far existed only on the wiki) was probably a
good thing to have at the top of the README, and the disclaimers about
ssh may help keep my sanity a little longer ;-)
2010-08-27 16:54:38 +05:30
Sitaram Chamarty d78f66af52 doc for change in info/expand command outputs 2010-08-24 17:52:14 +05:30
Sitaram Chamarty d6704d052a doc cleanup on info and expand command
jefferai pointed out that some of the links about this were broken, and
a quick look showed that it was described in multiple places too.
Brought it all together...
2010-08-21 17:02:12 +05:30
Sitaram Chamarty 870983086c CHANGELOG and progit article updates 2010-08-20 21:03:48 +05:30
Sitaram Chamarty fda10c2805 mirroring support...
conf/example.gitolite.rc
  - "slave mode" flag to disable pushes and "list of slaves"

hooks/common/post-receive.mirrorpush
  - code to push to the mirror, creating the repo if needed

src/mirror-shell
  - shell for master pushing to a slave, because we don't actually want
    to go through gitolite itself, yet we have to take care of
    $REPO_BASE being wherever.  And of course we have to set
    GL_BYPASS_UPDATE_HOOK to 1 for the push to happen!

src/gl-mirror-sync
  - manually runnable program to sync from current server to another
2010-08-11 22:37:35 +05:30
Sitaram Chamarty 2dc02e9a75 (minor) document GL_BYPASS_UPDATE_HOOK 2010-08-09 23:21:14 +05:30
Sitaram Chamarty 4fa5442daa two months too late for towel day... but "dont-panic"!
gl-emergency-addkey replaced by totally new gl-dont-panic, which does
more (including recovering from a botched push, not just lost keys), is
cleaner, and works for all install methods
2010-08-09 23:21:14 +05:30
Sitaram Chamarty c1eeaf3c2c detect gl-emergency-addkey attempt for server side installs
and give a suitable message, fix the doc, etc.

(error found by "ry" on #git backlog; couldn't contact him later)
2010-08-09 23:21:13 +05:30
Sitaram Chamarty 5753557b52 mob branches document! (wow, that easy? hmm...) 2010-08-09 23:01:01 +05:30
Adilson Carvalho 7056a1a653 Edited a little English mistake 2010-08-03 23:22:29 -03:00
Sitaram Chamarty f0c280cd38 allow "info" to have some chance of working on big-config setups!
Fedora, till now, had no hope in hell of running the info command.  Why?
Because the output of the info command is semantically the same as the
output of the compile script *before* the big-config mode was created.

And we all know how _that_ went ;-)

So now you get to give "info" a partial reponame or a pattern, just like
in the case of "expand".  And if you're under GL_BIG_CONFIG this pattern
is mandatory.  And if you try to cheat it'll still stop after showing 5
entries to prevent (accidental?) DOSs

Anyway, see doc changes in this commit for more details.
2010-07-31 01:30:43 +05:30
Sitaram Chamarty 063d2f9c6e (minor) don't assume "ssh gitolite" applicable always in docs
[thanks to hal-eisen on github for catching this, although I could not
directly use his patches.]
2010-07-29 09:05:35 +05:30
Sitaram Chamarty 0d0e7e5d72 (really big config) 2 new rc variables
...to prevent auto-creation of repos from config, and to prevent
processing of ssh keys.  Also doc update
2010-07-23 20:21:52 +05:30
Sitaram Chamarty 988934dec1 (minor) admin doc change on moving existing repos into gitolite 2010-07-23 17:06:48 +05:30
Sitaram Chamarty 1488973412 (doc) INSTALL doc needs info on URLs
More and more people are using one of the first 3 methods of install
(the ones that don't involve running "src/gl-easy-install" from the
client side) usualy due to RPM/DEB being available now.

Previously, the ending message on running that command was serving this
purpose, and so it never really got written down in so many words.

[thanks to antgel for catching this]

----

while we were there, we removed a now-obsolete section that talks about
how to use just one key; there are better methods now
2010-07-05 16:22:10 +05:30
Sitaram Chamarty d6a7e3b182 (minor) install doc, new hooks 2010-06-22 14:52:05 +05:30
Sitaram Chamarty acff0bd3d0 hook propagation doc much expanded now 2010-06-20 08:06:54 +05:30
Sitaram Chamarty bc5fc5793d (minor) added hook propagation doc 2010-06-19 11:33:18 +05:30
Sitaram Chamarty a430cc57c7 separating "push" from "create"
This is what I *should* have done back then; thanks to Jeff Mitchell for
pointing out a problem with the old method.

The old one is *definitely* a kludge.  <shamefaced grin>
2010-06-18 21:34:43 +05:30
Sitaram Chamarty 78c8caa24c Revert "now you can disallow creation of new refs if you like"
This reverts commit 6d32e4e920.

see subsequent commits for why
2010-06-18 19:31:06 +05:30
Sitaram Chamarty 0f5f82e4f5 log message changes (warning: minor backward compat breakage)
The log message format has changed.  All log messages now have a common
prefix (timestamp, user, IP).  This is followed by $SSH_ORIGINAL_COMMAND
(or, in one special case, the name of the user's login shell).  Any
further text appears after this (currently this only happens in the case
of a successful push -- one for each ref pushed successfully)
2010-06-16 17:22:37 +05:30
Sitaram Chamarty 1ecc7ae74e (minor) added overkill doc 2010-06-16 14:19:31 +05:30
Sitaram Chamarty 97b094bccb some doc updates (plus CHANGELOG) 2010-06-15 23:01:22 +05:30
Sitaram Chamarty 517786572d (adc fork) fork is now fast and space-efficient on the server
uses "git clone -l" then manually sets up the gl-creater and hooks

(thanks to Jeff and the kde gang for asking ;-)
2010-06-12 16:26:38 +05:30
Sitaram Chamarty 6d32e4e920 now you can disallow creation of new refs if you like
see doc/3 for details (look for "separating delete and rewind rights"

----

and for gerrit, this is one more thing it can do that we can too ;-)

[the original text was somewhat misleading.  We mean "prevent someone
from creating a branch that they have permissions to push".  That is
what is now possible, where it was not possible before.]
2010-06-02 06:47:22 +05:30
Sitaram Chamarty 18267706db doc/0: a minor clarification and a minor re-ordering 2010-06-02 06:19:54 +05:30
Sitaram Chamarty faf1629fd8 better anchors in docs: changed autotoc and ran it through all docs 2010-06-01 06:16:13 +05:30
Sitaram Chamarty 5bbd102059 (contrib) how to enable or disable push for maintenance
...for some or all repos

(and a minor bug fix in the adc.common-functions file)
2010-05-31 20:49:14 +05:30
Sitaram Chamarty ce2e8b6788 (minor) doc/6: mention putty/plink 2010-05-29 19:16:48 +05:30
Sitaram Chamarty 701b182021 document the add_host_nickname branch changes 2010-05-23 12:04:01 +05:30
Sitaram Chamarty 196b41e0fd *major* doc revamp
people will NOT read documentation, especially the bloody install
documentation.  I'm about ready to throw in the towel and declare
gitolite unsupported, take-it-or-leave-it.

But I'm making one last attempt to refocus the install doc to better
suit the "I know I'm very smart and I dont have to read docs so it's
clearly your fault that I am not able to install gitolite" crowd.

As a bonus, though, I ended up making proper, hyper-linked, TOCs for
most of the docs, and moved a whole bunch of stuff around.  Also finally
got some of the ssh stuff over from my git-notes repo because it really
belongs here.
2010-05-21 21:36:58 +05:30
Sitaram Chamarty fd85ee2c91 *try* to make upgrades resilient to format changes (pkg maintainers please read)
the commits leading up to v1.5 caused the data format to change (we
added a rule sequence number).

This in turn caused a problem for people who may have installed using
the "system install / user setup" mode of install (which includes people
who used RPM/DEB to install it) -- they would now have to *manually* run
"gl-setup" once after the rpm/deb upgrade.

This commit *tries* to mitigate this problem by recording a data format
version number in the compiled output file.  On any access to that file,
if the version number is not found or is found to be not equal to the
current version, gl-setup is run again.

The reason I say "*tries*" is that the exact command used to do this is
a bit of a hack for now.  However, if it works for Fedora and Debian,
I'm going to leave it at that :)
2010-05-21 14:40:03 +05:30
Sitaram Chamarty c993050ef9 (minor) doc/3: doc fix on multikeys 2010-05-20 17:08:21 +05:30
Sitaram Chamarty 3ddc8aa0ca (important upgrade info here)
There has been a format change to the compiled output file.  As the
CHANGELOG says:

    Upgrading to v1.5 from any version prior to v1.5 requires an extra
    step for people who installed gitolite using the "system install /
    user setup" method described in doc/0-INSTALL.mkd.  For such
    installations, after the administrator has upgraded gitolite
    system-wide, each "gitolite host" user must run `gl-setup` once
    (without any arguments).

    This is *not* an issue if you installed using src/gl-easy-install.
2010-05-19 14:33:35 +05:30
Sitaram Chamarty f9e5c8b7b2 (big-config) doc fixup 2010-05-18 17:51:46 +05:30
Sitaram Chamarty c3d23f8734 Merge branch 'pu-big-config' into pu 2010-05-18 15:40:18 +05:30
Sitaram Chamarty 35750c1abe (big-config) update doc and rc, allow skipping gitweb/daemon
skipping gitweb/daemon has an enormous impact on speed of an admin-push!
2010-05-16 12:51:03 +05:30
Sitaram Chamarty 58fc6a3252 (big-config) documentation 2010-05-14 21:44:51 +05:30
Teemu Matilainen 42c3543e97 contrib: Add gitweb example configurations
Move the example code from doc/3 to contrib/gitweb/ and modify it
to work with both wildcard and non-wildcard setups.

Signed-off-by: Teemu Matilainen <teemu.matilainen@reaktor.fi>
2010-05-14 19:07:16 +03:00
Sitaram Chamarty 3d9f230b41 Merge branch 'master' into pu (svnserve contrib code)
Conflicts:
	src/gl-auth-command
2010-05-10 08:12:09 +05:30
Sitaram Chamarty 4ad9807225 doc/3: made doc for extcmd a little more generic,
with specific sections for commands as needed
2010-05-10 07:25:23 +05:30
Vladimir Panteleev cf9bb98e87 tweaked and documented svnserve support 2010-05-10 07:01:50 +05:30
Sitaram Chamarty 6c682721b5 (minor) doc updates 2010-04-29 19:25:40 +05:30
Sitaram Chamarty 2eaa2c6416 (minor) update changelog, features lists in both readme and doc/3
(and raise the reward, though Teemu already wont it actually!)
2010-04-29 19:25:39 +05:30
Sitaram Chamarty 6787dc2c84 (minor) fix docs about admin-ing a gitolite installation
(since easy-install is no longer the *only* install method)
2010-04-29 19:25:39 +05:30
Sitaram Chamarty ffccd0a4d3 gl-system-install -- system-wide install program
(as if we didn't already have enough programs with the word "install" in
their names!)

Anyway, this does what an RPM or a DEB would do -- basically implement
the instructions in Appendix C of doc/0.

You can use this to do a system-wide install if your distro isn't as
smart, forward-looking, and uptodate as Fedora ;-)

Clone the repo somewhere, cd to it, and run, for example:

    sudo src/gl-system-install /usr/local/bin /var/gitolite/conf /var/gitolite/hooks

or something like that.  See doc/0 for details.  Run without arguments
for help.
2010-04-29 19:25:39 +05:30
Sitaram Chamarty c4cbfabd4c spelling cluestick...
Ouch!  How mortifying :)  I'd always thought this was one of the Brit/US
differences, but to find out that it really *isn't* a word... hmph!

Anyway, in the interest of not breaking existing wild repos, the
ownership file is still called "gl-creater".  Everything else has been
changed.

(...thanks to Sverre)
2010-04-29 19:25:39 +05:30
Sitaram Chamarty ff2be4c1ed (adc) documentation 2010-04-25 13:21:17 +05:30
Sitaram Chamarty 6edc7a4d5f (rrq) document the report output 2010-04-25 13:21:16 +05:30
Sitaram Chamarty 820d3f5948 the most common problems an admin will see
an admin who refuses to read messages that show up on the screen, that is ;-)
2010-04-22 07:57:25 +05:30
Sitaram Chamarty 45ecc518f0 WARNING: WE NOW REFUSE TO RUN IF GIT ON THE SERVER IS < 1.6.2
I just got tired of supporting old gits.  Sorry.  Had to happen sooner
or later.

I know you feel upset right now but later you'll thank me.
2010-04-19 21:57:47 +05:30
Sitaram Chamarty fabeedf103 document the info and expand commands 2010-04-16 20:07:50 +05:30
Sitaram Chamarty 8a4cccf236 doc/7 and doc/0: how to clear out a botched install 2010-04-16 06:34:45 +05:30
Sitaram Chamarty 2a776e56ad "D" must be combined with RW or RW+ (warning: minor backward compat breakage)
Having to specify "D" separately from RW or RW+ was cumbersome, and
although I don't actually use this feature, I can see the point.

One way to think of this is:

  - RW and RW+ were the only existing branch level rights
  - it doesnt make sense to have D rights without W (hence RW) rights
  - so we simply suffix a D to these if required.

Thus you can have RW, RW+, RWD, RW+D.

I hope the (hopefully few) of you who have started to use this feature
will convert your configs when you next upgrade to "pu".

I now regret pushing the previous syntax to master too quickly -- lots
of people use master only, and on the next promotion of pu the syntax
will change.  To reduce this exposure, this change will be promoted to
master very soon.
2010-04-15 06:37:35 +05:30
Sitaram Chamarty 461a581322 (minor) document what to do when you have *two* gits
...and the wrong one ends up runing
2010-04-14 23:19:20 +05:30
Sitaram Chamarty 9df775413c document the change in a982446
(thanks to Eli for catching this!)
2010-04-13 23:17:04 +05:30
Sitaram Chamarty 850e583ac7 changelog for v1.4 2010-04-13 18:35:33 +05:30
Sitaram Chamarty 344fb0a2b7 allow user to define filenames that our hooks chain to
(although the defaults are still update.secondary and
post-update.secondary if you don't do anything)
2010-04-13 18:26:34 +05:30
Sitaram Chamarty 55e754a09f added notes on how to do more things via admin push 2010-04-12 21:10:52 +05:30
Sitaram Chamarty 4b65cc51d3 document how to create multiple gitolite instances on one server...
...and provide a pointer from the delegations doc for people taking
delegation too far ;-)
2010-04-11 04:09:50 +05:30
Sitaram Chamarty 246165537d new server-side program "gl-tool", subcommand "shell-add"
Previous implementations of "give shell access to some gitolite users"
feature were crap.  There was no easy/elegant way to ensure that someone
who had repo admin access would not manage to get himself shell access.

Giving someone shell access requires that you should have shell access
in the first place, so the simplest way is to enable it from the server
side only.

So now that we decided to do that, we may as well prepare for other,
future, commands by starting a server-side utility program with
sub-commands (the only current one being "shell-add")
2010-04-09 21:05:17 +05:30
Sitaram Chamarty 5aba13cd80 allow 'D' for @all repos
...so that the new semantics can be made system-default if someone wants
to do that
2010-03-31 06:45:29 +05:30
Sitaram Chamarty 967af2c993 compile/update: new "D" permission
normally, RW+ means permission to rewind or delete.

Now, if you use "D" permission anywhere in a repo config, that means
"delete" and RW+ then means only "rewind", no delete.
2010-03-30 23:28:26 +05:30
Sitaram Chamarty 6a44c564a2 doc/4: added "how it actually works" section
thanks to Ilari for helping fix a bug (see previous commit) and then
prompting this documentation
2010-03-28 12:30:43 +05:30
Sitaram Chamarty 7bfb3676b7 @all for repos is now much cleaner; a true @all...
- no need to put it at the end of the config file now, yeaaay!
  - @all for @all is meaningless and not supported.  People asking will
    be told to get a life or use git-daemon.
  - NAME/ limits for @all repos is ignored for efficiency reasons.
2010-03-26 21:36:05 +05:30
Sitaram Chamarty b3c5d14421 relent a little and document the expand command a tiny bit :) 2010-03-20 09:59:07 +05:30
Sitaram Chamarty 2456cc17c8 personal branches: de-emphasise old-style, document new-style
There are some disadvantages to the old-style personal branch scheme.
It only allows one specific pattern (of refname) to be used, forces that
pattern to be applicable to *all* repos in the entire config, and
requires editing the rc file (on the server) to be edited to achieve
this.

In other words, it's a very blunt instrument...

The new style depends on using lines like this within a specific repo
config:

        RW+ personal/USER/      =   @userlist

The important thing is that the "branch" name should contain `/USER/`
(including the slashes).  Access is still determined by the right hand
side of course.

This gives you the following advantages:

  - allow it only for repos that need it
  - allow different patterns to be used for different repos
  - allow *multiple* patterns; just add more than one such line
  - allow the pattern to have suffixes (eg: foo/USER/bar)
2010-03-16 18:27:26 +05:30
Sitaram Chamarty ed5c78349e update hook now allows chaining to "update.secondary"
the changes to cp/scp are because without "-p" they dont carry perms
across to existing files.  So if you forgot to chmod +x your custom
hook and ran easy install, then after that you have to go to the server
side to fix the perms...
2010-03-14 22:48:25 +05:30
Sitaram Chamarty bf7aba7e0b changelog 2010-03-12 17:20:12 +05:30
Sitaram Chamarty d660822ab5 dps: made dps section clearer and more step-by-step 2010-03-12 10:24:53 +05:30
Sitaram Chamarty b3945d44c9 docs and .gitattributes hadn't been updated for the change in hooks dir 2010-03-10 06:24:53 +05:30
Sitaram Chamarty de0ecd0431 compile: make it easier to move repos into gitolite
when repos are copied over from elsewhere, one had to run easy install
once again to make the new (OS-copied) repo contain the proper update
hook.

We eliminate this step now, using a new, empty, "hook" as a sentinel and
having "compile" check/fix all repos' hooks.

Since you have to add the repos to conf anyway, this makes it as
seamless as possible.  The correct sequence now is

  - (server) copy the repo at the OS level
  - (admin clone) add it to conf/gitolite.conf, commit, push
2010-03-07 19:05:56 +05:30
Sitaram Chamarty 8031f72fa8 progit article added to doc/ 2010-02-27 17:28:06 +05:30
Sitaram Chamarty 572a34740f doc/0: emphasise the importance of ssh 2010-02-27 12:46:17 +05:30
Eli Barzilay 9f805646fe minor typos 2010-02-27 12:32:28 +05:30
Sitaram Chamarty ea123bbfb4 Merge branch 'dps' into master
Conflicts:
	doc/0-INSTALL.mkd
2010-02-25 20:28:02 +05:30
Sitaram Chamarty 802f925f1d doc/CHANGELOG added 2010-02-25 20:13:51 +05:30
Sitaram Chamarty 087aa274c6 doc/0: added uninstall instructions 2010-02-16 07:03:54 +05:30
Sitaram Chamarty 8d382a6d25 doc/6 now has anchors 2010-02-16 05:02:14 +05:30
Sitaram Chamarty 6f740339e4 doc/3 last reorg missed moving some anchors and preamble text 2010-02-16 04:57:14 +05:30
Sitaram Chamarty 998ff2d13b doc/1 minor fix
thanks to bremner for catching this...
2010-02-13 19:53:50 +05:30
Sitaram Chamarty e674a7c64a (package maintainers read this) install doc updated
(about this commit)

    The install doc now describes both the ways of installing gitolite.
    It also has a handy appendix for package maintainers describing what
    they need to do.

(about the "dps" -- distro packaging support -- commit series)

    This commit is the last in the chain meant to make gitolite more
    friendly for package maintainers.

    Frankly, I never really thought gitolite would get big enough or
    important enough for someone to package it, and I always did just
    the bare minimum I needed to get it working, first for myself, then
    anyone who hopped onto #git and asked.  As a result, it had some
    quirks in terms of what is expected where and so on...

    Luckily, it didn't take a lot of changes to fix it, and this series
    of commits should help make it very easy to package gitolite for
    system-wide use.
2010-02-13 13:02:25 +05:30
Sitaram Chamarty 7e34a39050 doc/3 reorg; one section was getting too long! 2010-02-11 09:04:07 +05:30
Sitaram Chamarty 388f4d873d (IMPORTANT; read this in full) no more "wildrepos"
The wildrepos branch has been merged into master, and deleted.  It will no
longer exist as a separate branch.  Instead, a new variable
called $GL_WILDREPOS has been added which acts as a switch; when
off (which is the default), many wildrepos features are disabled.
(the "C" permissions, and the getperms (etc.) commands mainly).

Important: if you are using wildrepos, please set "$GL_WILDREPOS = 1;" in
the RC file when you upgrade to this version (or just before you do the
upgrade).
2010-02-07 13:22:43 +05:30
Sitaram Chamarty c43560d2ef Merge branch 'master' into wildrepos
lots of conflicts, esp in gl-auth-command, due to refactoring the
"special commands" stuff on master

Conflicts:
	doc/3-faq-tips-etc.mkd
	src/gitolite.pm
	src/gl-auth-command
	src/gl-compile-conf
2010-02-04 14:42:10 +05:30
Sitaram Chamarty 67c10a34fe auth: new subcommand "htpasswd"
great idea by Robin Smidsrød: since users are already capable of
authenticating themselves to gitolite via ssh keys, use that to let them
set or change their own HTTP passwords (ie, run the "htpasswd" command
with the correct parameters on behalf of the "git" user on the server)

code, rc para, and documentation.  In fact everything except... ahem...
testing ;-)

and while we're about it, we also reorganised the way these helper
commands (including the venerable "info" are called)
2010-02-04 11:55:24 +05:30
Sitaram Chamarty 09195afd44 document deny rules a bit better 2010-02-01 15:59:03 +05:30
Sitaram Chamarty 98a4c79dce (read this in full) access control for non-git commands running over ssh
This is actually a pretty big deal, and I am seriously starting wonder
if calling this "gito*lite*" is justified anymore.

Anyway, in for a penny, in for a pound...

This patch implements a generic way to allow access control for external
commands, as long as they are invoked via ssh and present a server-side
command that contains enough information to make an access control
decision.

The first (and only, so far) such command implemented is rsync.

Please read the changes in this commit (at least the ones in conf/ and
doc/) carefully.
2010-02-01 11:49:21 +05:30
Sitaram Chamarty 29260476fb Merge branch 'master' into pu-wildrepos 2010-02-01 10:48:17 +05:30
Sitaram Chamarty 90fed77927 Merge remote branch 'origin/pu' 2010-02-01 10:44:48 +05:30
Sitaram Chamarty b4a65ab73c doc/3: couple of clarifications
- deny rules only apply to "W" ops
  - be more specific about what allows "R" to pass
2010-01-30 08:35:43 +05:30
Sitaram Chamarty 76f8615a92 Merge branch 'pu' into pu-wildrepos 2010-01-29 09:12:24 +05:30
Sitaram Chamarty 7afaafc54a document the "include" mechanism 2010-01-27 16:48:56 +05:30
Sitaram Chamarty c3ec349721 sshkeys-lint: new program
run without arguments for usage
2010-01-25 13:17:14 +05:30
Sitaram Chamarty 11e8ab048a doc/6 revamp: minor addition 2010-01-25 09:53:13 +05:30
Sitaram Chamarty e68d76f127 doc/6 revamp; would appreciate reviews ;-) 2010-01-22 20:28:35 +05:30
Sitaram Chamarty c1de05a8a5 doc/3: gitweb integ; trailing slash on $projectroot
It's not clear whether $projectroot has or does not have a trailing
slash.  Current code assumes it does, but we need to cater for it not
having one also.  Otherwise the final reponame ends up with a leading
slash, once $projectroot has been stripped from the beginning of the
full repo path.
2010-01-22 06:15:34 +05:30
Sitaram Chamarty e7962e5eda delegation doc: minor oops
I know hardly anyone is using delegation, but if you find yourself
locked out from pushing because of this one little thing, do this:

  * on your gitolite-admin clone, add the required lines per this patch,
    and commit

  * on the server, edit ~/.gitolite/conf/gitolite.conf-compiled.pm, and
    delete the following line

        'NAME_LIMITS' => 1

    from the entry for "gitolite-admin" (if you don't know what that
    means delete *all* such lines) and save the file

  * back on your admin repo clone, do a push
2010-01-15 10:19:33 +05:30
Sitaram Chamarty d61890301f delegation doc: minor oops
I know hardly anyone is using delegation, but if you find yourself
locked out from pushing because of this one little thing, do this:

  * on your gitolite-admin clone, add the required lines per this patch,
    and commit

  * on the server, edit ~/.gitolite/conf/gitolite.conf-compiled.pm, and
    delete the following line

        'NAME_LIMITS' => 1

    from the entry for "gitolite-admin" (if you don't know what that
    means delete *all* such lines) and save the file

  * back on your admin repo clone, do a push
2010-01-15 10:18:33 +05:30
Sitaram Chamarty bede47e2db Merge branch 'master' into wildrepos
Conflicts:
	src/hooks/update
2010-01-14 20:47:04 +05:30
Sitaram Chamarty ecfd20e793 @SHELL is now $SHELL_USERS in the rc file (warning: backward compat breakage)
Stop conflating the privilege to push changes to the admin repo with the
privilege to get a shell on the server.

Please read doc/6 carefully before upgrading to this version.  Also
please ensure that the gitolite key is *not* your only means to get a
command line on the server
2010-01-14 19:35:46 +05:30
Sitaram Chamarty 839027f7a7 change delegation to NAME/ style (warning: backward compat breakage)
This is a backward incompatible change.  If you are using delegation and
you upgrade to this version, please do the following:

  * change your gitolite.conf file to use the new syntax (see
    doc/5-delegation.mkd in this commit)

  * for each branch "foo" in the gitolite-admin repo, do this:

        # (on "master" branch)
        git checkout foo -- conf/fragments/foo.conf

  * git add all those new fragments and commit to master

  * delete all the branches on your clone and the server

        # again, for each branch foo
        git branch -D foo
        git push origin :foo
2010-01-10 09:50:08 +05:30
Sitaram Chamarty 7124faa9f3 NAME-based restrictions
Gitolite allows you to restrict changes by file/dir name.  The syntax
for this used "PATH/" as a prefix to denote such file/dir patterns.
This has now been changed to "NAME/" because PATH is potentially
confusing.

While this is technically a backward-incompatible change, the feature
itself was hitherto undocumented, and only a few people were using it,
so I guess it's not that bad...

Also added documentation now.
2010-01-09 20:30:53 +05:30
Sitaram Chamarty 5ad2056a9c typo fix in doc/4; thanks Teemu! 2010-01-08 06:20:19 +05:30
Sitaram Chamarty d03152316f install transcript 2009-12-25 01:05:21 +05:30
Sitaram Chamarty 1a80f0182d Merge branch 'master' into wildrepos 2009-12-23 20:00:56 +05:30
Sitaram Chamarty b0ce84d47f document @SHELL feature, allow "info" for all,
...but still distinguish shell folks with a small extra line telling
them they have shell access
2009-12-23 19:57:36 +05:30
Sitaram Chamarty 203d5690be Merge branch '@all-for-repos' into wildrepos
Conflicts:
	src/gl-compile-conf
2009-12-21 23:02:02 +05:30
Sitaram Chamarty ba3cbd7ecf doc/3, conf: document @all for repos
plus some refactoring of doc/3
2009-12-21 22:58:47 +05:30
Sitaram Chamarty 6f45f75ca1 minor docfix 2009-12-21 06:23:25 +05:30
Sitaram Chamarty 714e214258 wildrepos: catch-all disclaimer for missing features ;-) 2009-12-20 11:57:53 +05:30
Sitaram Chamarty d49bb6b423 Merge branch 'master' into wildrepos
Conflicts:
	src/gitolite.pm
	src/gl-auth-command
2009-12-20 06:58:33 +05:30
Sitaram Chamarty ed2bf526f8 minor docfix 2009-12-13 19:17:18 +05:30
Sitaram Chamarty ff28acb059 Merge branch 'master' into wildrepos
master brought in:

  - full email addresses as usernames
  - repo-specific git config

Conflicts:
	doc/3-faq-tips-etc.mkd
	src/gitolite.pm
	src/gl-compile-conf
2009-12-11 11:23:26 +05:30
Sitaram Chamarty 780b4cca20 ssh-copy-id workaround detail plus a couple other doc fixes 2009-12-10 17:07:46 +05:30
Sitaram Chamarty 64979c18ea document repo config support 2009-12-09 12:16:22 +05:30
Sitaram Chamarty 4441ed82e4 compile: allow full email addresses as usernames
we had usurped the email style syntax to separate multiple keys
belonging to the same person, like sitaram@desktop.pub and
sitaram@laptop.pub.  If you have so many users that you need the full
email address to disambiguate some of them (or you want to do it for
just plain convenience), you couldn't.

This patch fixes that in a backward compatible way.  See
doc/3-faq-tips-etc.mkd for details.
2009-12-08 15:14:05 +05:30
Sitaram Chamarty 135079c9d7 minor docfix 2009-12-06 20:40:23 +05:30
Sitaram Chamarty 02cee1d5cf wildrepos: expanded access reporting
This feature has *no* warranty, and so no documentation.  Not more than
this transcript anyway.

config file:

    @prof = u1
    @TAs = u2 u3
    @students = u4 u5 u6

    repo    assignments/CREATER/a[0-9][0-9]
        C   =   @students
        RW+ =   CREATER
        RW  =   WRITERS @TAs
        R   =   READERS @prof

session:

as user "u4":
    # check your permissions
    $ ssh git@server
    PTY allocation request failed on channel 0
    hello u4, the gitolite version here is v0.95-31-gbcb14ca
    you have the following permissions:
     C      assignments/CREATER/a[0-9][0-9]
       @ @  testing
    Connection to localhost closed.

    # autovivify repos for assignment 12 and 24
    $ git clone git@server:assignments/u4/a12 a12
    Initialized empty Git repository in /home/sitaram/t/a12/.git/
    Initialized empty Git repository in /home/gitolite/repositories/assignments/u4/a12.git/
    warning: You appear to have cloned an empty repository.
    $ git clone git@server:assignments/u4/a24 a24
    Initialized empty Git repository in /home/sitaram/t/a24/.git/
    Initialized empty Git repository in /home/gitolite/repositories/assignments/u4/a24.git/
    warning: You appear to have cloned an empty repository.

    # check what repos you autovivified
    $ ssh git@server expand assignments/u4/a[0-9][0-9]
    (u4)    assignments/u4/a12
    (u4)    assignments/u4/a24

as user "u5":
    # check your basic permissions
    $ ssh git@server
    PTY allocation request failed on channel 0
    hello u5, the gitolite version here is v0.95-31-gbcb14ca
    you have the following permissions:
     C      assignments/CREATER/a[0-9][0-9]
       @ @  testing
    Connection to localhost closed.

    # see if you have access to any of u4's repos
    $ ssh git@server expand assignments/u4/a[0-9][0-9]
    # (no output produced)

as user "u4":
    # allow "u5" read access to assignment 12
    # note you type in "R u5", hit enter, then hit Ctrl-D.  Gitolite
    # then produces a confirmation message starting "New perms are:"
    $ ssh git@server setperms assignments/u4/a12
    R u5
    New perms are:
    R u5

as user "u5":
    # again see if you have access to any u4 repos
    $ ssh git@server expand assignments/u4/a[0-9][0-9]
    (u4)    assignments/u4/a12

as user "u4":
    # check what permissions you gave to assignment 12
    $ ssh git@server getperms assignments/u4/a12
    R u5

    # add RW access to "u6" to assignment 12
    # again, type 'em in, then hit Ctrl-D; and note each time you run
    # this you're starting from scratch -- you can't "add to" the
    # permissions.  Deal with it...
    $ ssh git@server setperms assignments/u4/a12
    R u5
    RW u6
    New perms are:
    R u5
    RW u6

as user "u6":
    # check what u4 stuff you have access to
    $ ssh git@server expand assignments/u4/a[0-9][0-9]
    (u4)    assignments/u4/a12
2009-12-06 20:36:16 +05:30
Sitaram Chamarty 6214ad3ab6 wildrepos: first cut documentation 2009-12-06 20:36:12 +05:30
Sitaram Chamarty 8a4bb453a0 document that @all doesnt work as expected in deny rules
@all in a deny rule doesnt work as it might look in the config file,
because @all rights are checked last.  This is fine if you dont have any
DENYs (and so rule order doesn't matter), but with DENY it causes some
problems.

I never bothered to document it because I did not expect that any repo
that is "serious" enough to have deny rules *at all* should then allow
*any* kind of "write* access to @all.  That's a very big contradiction
in terms of paranoia!

Translation: this will not be supported.  Don't bother asking.  You know
who you are :)
2009-12-05 14:57:21 +05:30
Sitaram Chamarty d71720d050 fold rebel into master :) [please read]
Well, something even more outrageous than deny rules and path-based
limits came along, so I decided that "rebel" was actually quite
"conformist" in comparision ;-)

Jokes apart, the fact is that the access control rules, even when using
deny rules and path-limits, are still *auditable*.  Which means it is
good enough for "corporate use".

[The stuff that I'm working on now takes away the auditability aspect --
individual users can "own" repos, create rules for themselves, etc.

So let's just say that is the basis of distinguishing "master" now.]
2009-12-01 07:15:05 +05:30
Sitaram Chamarty 601eaf8ea1 tips doc: add pointer to later section on excludes 2009-12-01 05:55:59 +05:30
Sitaram Chamarty 604669ca02 rebel edition -- cos when you need it, you need it bad :-)
Summary: much as I did not want to use "excludes", I guess if we don't put the
code in "master" it's OK to at least *write* (and test) the code!

See the example config file for how to use it.

See "design choices" section in the "faq, tips, etc" document for how it
works.
2009-12-01 05:55:58 +05:30
Sitaram Chamarty d8cb62934f docs: document how to specify "owner" for gitweb 2009-11-27 13:47:33 +05:30
Sitaram Chamarty a02a48e8f5 easy install: dont allow root, plus warn about shell access using the given key
- refuse to install to root
  - when a pubkey is being used that was not freshly created by
    ourselves, warn the user that this key can not be used to get shell
    access to the server.  Prevents some corner cases of people being
    locked out...

Also, change the final message to be even more clear that this is all on
the workstation, not the server
2009-11-26 12:13:42 +05:30
Sitaram Chamarty 9a85f5d0d6 auth: print permissions for @all also
I don't have a use for "@all" at all (pun not intended!) other than the
"testing" repo, but <teemu dot matilainen at iki dot fi> sent in a patch
to mark those repos with "R" and "W" in the permissions list, and I
started thinking about it.

This could actually be useful if we *differentiated* such access from
normal (explicit username) access.  From the "corporate environment"
angle, it would be nice if a project manager could quickly check if any
of his projects have erroneously been made accessible by @all.

So what we do now is print "@" in the corresponding column if "@all" has
the corresponding access.

Also, when someone has access both as himself *and* via @all, we print
the "@"; printing the "R" or "W" would hide the "@", and wouldn't
correctly satisfy the use case described above.
2009-11-25 09:15:36 +05:30
Sitaram Chamarty 1c786d880a doc/3: $repo_base -> $projectroot; honor @all in perm check
- it appears that what we call $repo_base, gitweb already needs as
    $projectroot
  - allow read of repos defined as readable by @all

plus some minor declaration changes to make the sample code work as is

(thanks to teemu dot matilainen at iki dot fi)
2009-11-25 08:46:21 +05:30
Sitaram Chamarty de2e38c372 minor doc/message updates/clarifications 2009-11-24 09:16:29 +05:30
Sitaram Chamarty 23be2b6240 easy install (+doc): make it run from msys. Here's how:
- all $HOME/blah becomes "$HOME/blah" (bl**dy "Documents and Settings" crap)
  - replace bash regex with perl, and in one case replace the check with
    something else
  - rsync changed to appropriate scp
  - since we no longer insist on running from a specific directory, create
    tmpgli dir *after* you cd to the right place
2009-11-19 17:39:14 +05:30
Sitaram Chamarty c727d68caa install doc: server and client requirements spelled out 2009-11-18 15:40:37 +05:30
Sitaram Chamarty 05a06a2c75 README, doc/3: gitweb "description" feature 2009-11-18 07:18:05 +05:30
Sitaram Chamarty c54d3eabbc all src: (please read full commit message): allow local admin-defined hooks
You can now add your own hooks into src/hooks/ and they get propagated
along with the update hook that is present there now.  Please read the
new section in the admin document, and make sure you understand the
security implications of accidentally fiddling with the "update" script.

This also prompted a major rename spree of all the files to be
consistent, etc.  Plus people said that the .sh and .pl suffixes should
be avoided (and I was feeling the same way).  I've also been
inconsistent with that "gl-" prefix, so I cleaned that up, and the 00-
and 99- were also funny animals.

Time to get all this cleaned up before we get 1.0 :)

So these are the changes, in case you're looking at just the commit
message and not the diffstat:

    src/pta-hook.sh -> src/ga-post-update-hook
    src/conf-convert.pl -> src/gl-conf-convert
    src/00-easy-install.sh -> src/gl-easy-install
    src/99-emergency-addkey.sh -> src/gl-emergency-addkey
    src/install.pl -> src/gl-install
    src/update-hook.pl -> src/hooks/update
2009-11-13 18:37:46 +05:30
Sitaram Chamarty 76520693a3 doc/2: add docs for gitweb description, plus some minor cleanup 2009-11-12 18:54:16 +05:30
Sitaram Chamarty be972d04d0 doc/6: added two keys explanation and workaround 2009-11-12 10:28:23 +05:30
Sitaram Chamarty c4069dd85f (please read full commit message) upgrade behaviour changed
**upgrades no longer touch the config or the keydir**

When you first install gitolite, the easy install script has to do two
*distinct* things:

  * install the software
  * create and seed the gitolite-admin repo with a minimum config file
    and the newly created pubkey

That's fine for an install, because nothing exists yet anyway.

Subsequent invocations of the script should only do the first task (so
that gitolite itself can be upgraded), and not attempt to fiddle with
the config file and pubkeys.

Unfortunately, until now I had not been separating these two activities
cleanly enough.  For instance, the commit message for 8e47e01 said:

    IMPORTANT: we assume that $admin_name remains the same in an upgrade
    -- that's how we detect it is an upgrade!  Change that name or his
    pubkey, and you're toast!

Ouch!

So now I decided to clean things up.  The "Usage" message tells you
clearly what to do for an upgrade.

Should have been like this from the beginning, but hey we got there
eventually :)

----

Code-wise, this is a major refactor of the easy install script.  It uses
an old forgotten trick to get forward refs for bash functions ;-) and in
the process cleans up the flow quite a bit.
2009-11-06 15:37:03 +05:30
Sitaram Chamarty 8aecaa2da2 doc/6: rename the file, change focus completely 2009-11-05 23:13:39 +05:30
Sitaram Chamarty 33305ed8e7 doc/1: fix formatting problem on github
(local mkd worked fine... weird!)
2009-11-05 23:13:38 +05:30