Commit graph

214 commits

Author SHA1 Message Date
Sitaram Chamarty 820d3f5948 the most common problems an admin will see
an admin who refuses to read messages that show up on the screen, that is ;-)
2010-04-22 07:57:25 +05:30
Sitaram Chamarty 38337551b1 (minor) helpful message when git isn't found in PATH on server 2010-04-20 21:21:42 +05:30
Sitaram Chamarty 45ecc518f0 WARNING: WE NOW REFUSE TO RUN IF GIT ON THE SERVER IS < 1.6.2
I just got tired of supporting old gits.  Sorry.  Had to happen sooner
or later.

I know you feel upset right now but later you'll thank me.
2010-04-19 21:57:47 +05:30
Sitaram Chamarty 34aad34478 make "expand" also print version, like "info" does
(thanks to Ilari for catching this)
2010-04-16 19:23:18 +05:30
Sebastian Schuberth 8b31956c32 Do not override the SSH port if standard port 22 is used
Always passing "-p 22" to ssh (or "-P 22" to scp) if no custom port is given on
the command line causes trouble when not using a host name but an SSH session
name (as defined in .ssh/config) which defines a non-standard port, because the
port given on the command line overrides that port.

Signed-off-by: Sebastian Schuberth <sschuberth@gmail.com>
2010-04-16 13:22:49 +05:30
Sitaram Chamarty 2a776e56ad "D" must be combined with RW or RW+ (warning: minor backward compat breakage)
Having to specify "D" separately from RW or RW+ was cumbersome, and
although I don't actually use this feature, I can see the point.

One way to think of this is:

  - RW and RW+ were the only existing branch level rights
  - it doesnt make sense to have D rights without W (hence RW) rights
  - so we simply suffix a D to these if required.

Thus you can have RW, RW+, RWD, RW+D.

I hope the (hopefully few) of you who have started to use this feature
will convert your configs when you next upgrade to "pu".

I now regret pushing the previous syntax to master too quickly -- lots
of people use master only, and on the next promotion of pu the syntax
will change.  To reduce this exposure, this change will be promoted to
master very soon.
2010-04-15 06:37:35 +05:30
Sitaram Chamarty 8d55bd722c (minor fixup) 2010-04-14 09:49:09 +05:30
Sitaram Chamarty 9b35f84f55 fix bug in 7bfb367 that causes "@all.git" to be created! 2010-04-13 10:07:59 +05:30
Sitaram Chamarty e0fe73ac18 compile: recurse through keydir/ for pubkeys 2010-04-10 09:05:50 +05:30
Sitaram Chamarty 246165537d new server-side program "gl-tool", subcommand "shell-add"
Previous implementations of "give shell access to some gitolite users"
feature were crap.  There was no easy/elegant way to ensure that someone
who had repo admin access would not manage to get himself shell access.

Giving someone shell access requires that you should have shell access
in the first place, so the simplest way is to enable it from the server
side only.

So now that we decided to do that, we may as well prepare for other,
future, commands by starting a server-side utility program with
sub-commands (the only current one being "shell-add")
2010-04-09 21:05:17 +05:30
Sitaram Chamarty 5deffee3cf security: gitolite admin can get shell access by using screwy pubkey name
example: keydir/sitaram@$(some-dangerous-command; echo hi).pub

(still won't get the reward; that is only if a non-admin user gets
privs!)
2010-04-09 16:48:46 +05:30
Sitaram Chamarty e6ee5cdb30 4b7d144 should have touched this also 2010-03-31 14:42:41 +05:30
Sitaram Chamarty 967af2c993 compile/update: new "D" permission
normally, RW+ means permission to rewind or delete.

Now, if you use "D" permission anywhere in a repo config, that means
"delete" and RW+ then means only "rewind", no delete.
2010-03-30 23:28:26 +05:30
Sitaram Chamarty 33b886c512 we're getting a nice solaris workout after a long time :) 2010-03-30 19:37:22 +05:30
Sitaram Chamarty 72b63abaf2 auth, gitolite.pm: do not leak info about repo existence
All this is about a user trying to look if a repo exists or not, when he
does not have any access to that repo.  Ideally, "repo does not exist"
should be indistinguishable from "you dont have perms to that repo".

(1) if $GL_WILDREPOS is not set, you either get a permissions error, or
    a "$repo not found in compiled config" death.  Fixed.

(2) if $GL_WILDREPOS is set, you either get either a permissions error,
    or a "$repo has no matches" death.  Fixed.

(3) The following combination leaks info about repo existence:

      - actual repo doesn't exist
      - spying user don't have C perms
      - repo patt doesn't contain CREATER
      - RW+ = CREATER is specified (as is normal)

    In such case, the "convenience copy" of the ACL that parse_acl
    makes, coupled with substituting CREATER for the invoking user means
    $repos{$actual_repo} has RW+ for the spying user.  This means the
    access denied doesn't happen, and control passes to git, which
    promptly expresses it unhappiness and angst over being given a repo
    that 'does not appear to be a git repository'

    This doesn't happen if all those conditions are not met:

      - if repo exists, CREATER is set to the real creater, so RW+ =
        CREATER does not gain spying user anything
      - if spying user has C perms it just gets created, because he has
        rights.  This is also info leak but we can't prevent it; tighten
        the config (maybe by including CREATER in repo pattern) if this
        is not wanted
      - if repo patt contains CREATER it will never match someone else's
        repo anyway!
2010-03-29 21:18:39 +05:30
Sitaram Chamarty a45d2d9912 auth: do not implicitly assign RW access for creaters
a configuration like this:

    repo CREATER/.*
        C       =   CREATER
        RW+     =   WRITERS

was buggy; CREATER was implicitly part of WRITERS so he got RW
permissions implicitly, so the push went through
2010-03-27 22:55:58 +05:30
Sitaram Chamarty 6e17c74abf silly little PATH bug...
what this means is that until now, everyone who used easy-install
(without needing to set $GIT_PATH in the rc file) had a client-side PATH
that was perfectly valid on the server side also!
2010-03-26 21:36:28 +05:30
Sitaram Chamarty 7bfb3676b7 @all for repos is now much cleaner; a true @all...
- no need to put it at the end of the config file now, yeaaay!
  - @all for @all is meaningless and not supported.  People asking will
    be told to get a life or use git-daemon.
  - NAME/ limits for @all repos is ignored for efficiency reasons.
2010-03-26 21:36:05 +05:30
Sitaram Chamarty a3f1258a0a reduce a bit of code duplication in check_access; make it call check_ref 2010-03-23 14:59:33 +05:30
Sitaram Chamarty bad0723974 allow @all to be used as a "user" in setperms 2010-03-18 22:06:25 +05:30
Sitaram Chamarty f282b8f926 gl-setup: dash-compat
before someone runs it on the new Ubuntu :)
2010-03-18 20:48:43 +05:30
Sitaram Chamarty bfc9c7aeb5 minor fixup; spurious error killed 2010-03-17 20:43:20 +05:30
Sitaram Chamarty 412a691810 compile: remove the sortsub for data dumper
Data dumper was failing (returning an empty string!) on an input config
file of about 350 lines or so (output 2400 lines or so).

Removing the sort sub fixed the problem.

To recap why that sub was put in (see deleted lines in this commit for
details), what we really want is that $creater must appear *last* in the
resulting dump.

So we trick it.  "man ascii" tells you that ~ is the highest valued
ASCII character (yes, I know, not utf-8 safe etc... I'll deal with that
if and when needed or punt!).  So we just put that in front of $creater
and remove it later...

You *don't* want to do this for $readers and $writers -- then they will
once again sort *after* $creater, which would be a bad thing.  Also,
it's probably better this way, because now the order of the hash keys
will be: $readers, $writers, any actual users listed, and then $creater.

This means the effective access rights will be:

1.  if you are the creater you get CREATER's rights
2.  else if your userid is listed *explicitly* in the config, you get
    those rights
3.  else if you've been setperm'd as a writer, you get WRITERS rights
4.  else if you've been setperm'd as a reader, you get READERS rights

This is different from what used to happen till now; READERS and WRITERS
used to trump explicitly given rights.  I'd been meaning to fix that
somehow, but never got around to it, until this DDD (damn Data Dumper!)
forced my hand :)
2010-03-17 19:30:14 +05:30
Sitaram Chamarty 83884aa758 compile/update hook: enable new style personal branches
The new style personal branches work by interpreting the special
sequence /USER/ (including the slashes) in a refname.  Docs should be in
the next commit...
2010-03-16 18:27:22 +05:30
Sitaram Chamarty ed5c78349e update hook now allows chaining to "update.secondary"
the changes to cp/scp are because without "-p" they dont carry perms
across to existing files.  So if you forgot to chmod +x your custom
hook and ran easy install, then after that you have to go to the server
side to fix the perms...
2010-03-14 22:48:25 +05:30
Sitaram Chamarty 367e8f8932 minor LFCR -> CRLF fix 2010-03-12 11:08:51 +05:30
Sitaram Chamarty 7588c8cf54 dps: gl-setup may have to create ~/.ssh and touch the authkeys file...
I've been unwilling to create the authkeys file if it does not already
exist, because it represents a significant change in accessibility for
that account.

However, in the "distro package" scenario, one wants to make it as easy
as possible for the end-user (who is actually an admin for the gitolite
being hosted on his account, let's not forget) to use.

And it seems that in some cases that might mean he does not (yet) have a
~/.ssh even...
2010-03-12 09:16:39 +05:30
Sitaram Chamarty 4b7d144971 easy install: suppress that misleading "fatal"
get rid of the "fatal: No HEAD commit to compare with (yet)" message
2010-03-09 22:17:17 +05:30
Sitaram Chamarty 369ff45d92 easy install seemed to out of the GIT_PATH loop
for some reason, I apparently did not test easy install with a
non-standard path!  Fixed...
2010-03-09 22:12:29 +05:30
Sitaram Chamarty 08811fa9c2 easy install: update ending message when non-std ssh port used 2010-03-07 19:33:33 +05:30
Sitaram Chamarty de0ecd0431 compile: make it easier to move repos into gitolite
when repos are copied over from elsewhere, one had to run easy install
once again to make the new (OS-copied) repo contain the proper update
hook.

We eliminate this step now, using a new, empty, "hook" as a sentinel and
having "compile" check/fix all repos' hooks.

Since you have to add the repos to conf anyway, this makes it as
seamless as possible.  The correct sequence now is

  - (server) copy the repo at the OS level
  - (admin clone) add it to conf/gitolite.conf, commit, push
2010-03-07 19:05:56 +05:30
Sitaram Chamarty 6dbaa0d325 auth: expand etc. *may* have single-quotes around reponame 2010-03-01 20:34:25 +05:30
Teemu Matilainen deda3da182 auth: do not anchor the pattern given for expand
Currently the pattern of expand command is line anchored.  This is
different than in e.g. grep, and causes extra work to add '.*' prefix
and/or suffix in many use cases.

The new semantics now mean you might get more matches than you would
have gotten earlier.  However, the expand command is still totally
undocumented, so I think it is acceptable to change the functionality.
;)

This patch removes the anchoring.  So for earlier behavior the specified
pattern needs be in form of '^<pattern>$'.  The default pattern is also
changed from '.*' to '^', so there might be even a small speed
improvement. =)

Signed-off-by: Teemu Matilainen <teemu.matilainen@reaktor.fi>
2010-02-27 12:30:39 +05:30
Sitaram Chamarty de74e8d343 Merge branch 'master' into pu (damn!)
stupid me; committed the easy install patch on master *and* pushed,
instead of on pu...

Since I dont want to rewind master, we end up with this completely
unnecessary merge.
2010-02-26 07:29:18 +05:30
Sitaram Chamarty 42cc720eaa easy install: be more specific about NOT adding repos manually 2010-02-26 07:13:19 +05:30
Sitaram Chamarty ea123bbfb4 Merge branch 'dps' into master
Conflicts:
	doc/0-INSTALL.mkd
2010-02-25 20:28:02 +05:30
Sitaram Chamarty 1de9e963f0 auth: behave better when no argument supplied to wild commands
expand gets a default '.*' argument
others die with an error message
2010-02-18 19:20:46 +05:30
Sitaram Chamarty 8054a9e6d5 Merge branch 'teemu/topic/expand_all_repos' into pu 2010-02-18 18:44:58 +05:30
Teemu Matilainen e7ac085d61 List also non-wildcard repos in expand_wild
List also all matching and accessible non-wildcard repositories
in ssh expand command.

Signed-off-by: Teemu Matilainen <teemu.matilainen@reaktor.fi>
2010-02-18 13:50:18 +02:00
Sitaram Chamarty 16cea9bf8c compile: move checking of reponame/repopatt/username out of expand_list
let expand_list be just that "expand a list", and leave checking to be
done outside.

otherwise, commit 690604d79 has the side effect of restricting refs to
$REPOPATT_PATT, and so for instance barfing on the perfectly valid

    RW+ refs/(?!heads/master) = alice bob

(thanks to Teemu for catching this)
2010-02-18 06:10:08 +05:30
Sitaram Chamarty 83a017f884 htpassword: disallow empty passwords
[TODO: allow a callback for a password checking function, such as
"passwd_policy_check".  Question is where the function would go.
~/.gitolite.rc is the only possible place among the current set of files
but I'd rather leave that as a list of simple name=value lines for all
sorts of reasons.  So maybe something like ~/.gitolite.pm (analogous to
the "gitolite.pm" in the sources I supply), which would get "require'd"
if found, and would contain all user-defined functions like this one...
needs some thinking about]
2010-02-14 09:51:51 +05:30
Sitaram Chamarty 690604d79a compile: users and repos have groups... why not refs?
this came up in some other discussion with bremner.  As usual I said no
I won't do it because I don't see any real need.

...then I realised it's just one line :)
2010-02-13 20:07:29 +05:30
Sitaram Chamarty e674a7c64a (package maintainers read this) install doc updated
(about this commit)

    The install doc now describes both the ways of installing gitolite.
    It also has a handy appendix for package maintainers describing what
    they need to do.

(about the "dps" -- distro packaging support -- commit series)

    This commit is the last in the chain meant to make gitolite more
    friendly for package maintainers.

    Frankly, I never really thought gitolite would get big enough or
    important enough for someone to package it, and I always did just
    the bare minimum I needed to get it working, first for myself, then
    anyone who hopped onto #git and asked.  As a result, it had some
    quirks in terms of what is expected where and so on...

    Luckily, it didn't take a lot of changes to fix it, and this series
    of commits should help make it very easy to package gitolite for
    system-wide use.
2010-02-13 13:02:25 +05:30
Sitaram Chamarty 06d8ab4c18 make VERSION work in both types of setups
The old install method will now use conf/VERSION instead of src/VERSION everywhere.

The new one, if you use the builtin make file to "make branch.tar" will also create just such a file
2010-02-13 13:02:25 +05:30
Sitaram Chamarty e11f9521fe added server-side setup script 2010-02-13 13:02:25 +05:30
Sitaram Chamarty 927b6bb1aa dps: make install aware of distro-based setup
gl-install copies
  - the initial rc file to ~/.gitolite.rc if it doesn't exist
  - src and hooks to GL_ADMINDIR

Make it aware of a package-based setup sequence, where the above two
change somewhat; see code diff.

This should be the last bit of change needed to prepare gitolite setup
so that a distro package maintainer does not have to fiddle too much
with code inside.

(What remains is docs, and a setup script for server-side use, to
replace the latter part of easy install)
2010-02-13 13:02:25 +05:30
Sitaram Chamarty 59004b87a1 install: initial create of glrc should not assume PWD is project root
make it work regardless of how it is invoked, though we *do* assume
../conf/example.gitolite.rc exists
2010-02-13 13:02:24 +05:30
Sitaram Chamarty 74d70e3b9f move hooks out of src
src/hooks is now hooks/common
src/ga... is now hooks/gitolite-admin/post-update
2010-02-13 13:02:24 +05:30
Sitaram Chamarty 65b8c0c48a make $bindir absolute 2010-02-13 13:02:21 +05:30
Sitaram Chamarty 72bac2a21a dps: (distro packaging support) dont let install copy the sample conf 2010-02-08 16:46:30 +05:30