Commit graph

56 commits

Author SHA1 Message Date
Sitaram Chamarty 85da5572b2 some nice ADC changes... (warning: minor backward compat breakage)
- support for ADCs with unchecked arguments
  - rsync, htpasswd, and svnserve gone from core; turned into ADCs

Backward compat breakage and fix: Please see documentation for details,
but if you're using gitolite to control rsync you will now need to setup
ADCs (admin defined commands), and install at least the new "rsync" ADC.

----

Thanks to Joey Hess (see commit prior to this) for forcing me to stop
being lazy and get this out of my long term todo list.
2011-10-17 18:42:57 +05:30
Joey Hess 955edcc5ec git-annex support via unrestricted ADC 2011-10-17 17:33:03 +05:30
Sitaram Chamarty 22bd3c8e72 (projects.list changes) collect gitweb-specific stuff in one place
also
  - new "WEB_INTERFACE" variable (defaults to 'gitweb')
  - setup_web_access (write a plain list of repos out)
  - add_del_web_access (add/delete a single repo from projects.list)
2011-10-06 19:32:09 +05:30
Sitaram Chamarty 8b501a1872 (doc) assorted docfixes 2011-09-28 04:23:32 +05:30
Sitaram Chamarty a2fd597c51 'symbolic-ref' ADC replaces and obsoletes 'set-head'
set-head was too specific.  See comments in symbolic-ref for more on
this ADC, but basically it lets you run 'git symbolic-ref' on a repo
that you have write access to.

(in response to http://comments.gmane.org/gmane.comp.version-control.git/182067)
2011-09-26 19:43:57 +05:30
Sitaram Chamarty 7b8866dbf6 (password access) can now do ADCs also
idea credit Jeff (though I'm sure he didn't ask this on behalf of the
KDE folks ;-)
2011-09-16 09:15:42 +05:30
Sitaram Chamarty 10985cb534 repo_rights is no longer a kosher *public* interface
so remove the last vestiges of it from the contrib area
2011-09-02 22:41:27 +05:30
Sitaram Chamarty b649536847 (minor) fixed some broken links due to 867b34f
thanks to j416 for catching this...
2011-07-18 21:06:14 +05:30
Sitaram Chamarty 6ad6bf95e6 (adc) change quoting when calling cli_repo_rights from shell
otherwise repo names containing "@" in them were causing the @foo part
to be interpolated (as empty of course) instead of being taken literally

reported by silvio dot fricke at googlemail
2011-06-26 11:33:56 +05:30
Sitaram Chamarty fda9f37b3a die() needs to be defined in post-update hook
(and in one other place it needs to be defined earlier)

I never caught this because in my testing those error conditions --
caused by lack of afc3a06 -- never came up.
2011-06-19 06:54:52 +05:30
Sitaram Chamarty cf1987e747 (sskm) document courtesy Jeff Mitchell
I'd originally written some minimal documentation for this ADC, but I
liked Jeff's version so much that I borrowed it, added the final section
("important notes for the admin"), made a few other minor fixups, and
then happily ditched my version.
2011-06-01 20:17:55 +05:30
Sitaram Chamarty d402b093b7 (sskm) hush output from internal git commands
(the ones that require GL_BYPASS_UPDATE_HOOK to be set are done slightly
differently because I just didn't want all the hassle of saving and
restoring that variable on the perl side)
2011-06-01 12:16:23 +05:30
Sitaram Chamarty 4942fdbe0e (sskm) not finding a key in the list is not always fatal...
[caught by Jeff...]
2011-06-01 12:16:23 +05:30
Sitaram Chamarty 9e01778796 (sskm) self-service key management -- new adc
based on a discussion with Jeff from the KDE team; see doc for more.
2011-06-01 12:16:19 +05:30
Sitaram Chamarty 867b34f32c (doc) ADCs now have an overview doc, plus...
- repo-deletion is now a proper doc
  - other doc enhancements and clarifications
2011-05-12 09:33:19 +05:30
Sitaram Chamarty 18c69e8612 su-getperms and su-setperms 2011-05-08 11:22:42 +05:30
Sitaram Chamarty 89b68bf5ca new adc to allow deleting a branch that you created; see below
The need for this comes about as follows:

  - a project may allow its developers "RWC" (or "RW+C") so that they
    can create feature branches when needed.  Note that these are
    *feature* branches, so they can't use the "personal branches"
    mechanism that gitolite already has.

  - the developers are *not* given RWCD (or RW+CD) to prevent accidental
    deletion of an important branch.  Branch *deletion* is something
    that only a few trusted admins can do.

  - as a result, there are sometimes situations where a developer
    creates a misnamed branch and then has to ask the admins to help get
    rid of it.

What the KDE folks wanted was a way to allow the creator of a branch to
be able to delete it.  In addition, they needed this allowed only for a
fixed duration after the creation of a branch, not forever (for the same
reason they don't get RWCD, to prevent accidents).

These are my reasons why this feature is implemented as an ADC instead
of being "in core":

  - we'd need additional syntax to differentiate this special case
    (which is sort of in between RWC and RWCD, if you think about it).

    I'm reluctant to complicate the syntax further for something that is
    only occasionally needed.

  - we'd need either (a) code to parse the log files, or, (b) code to
    maintain "who created this ref" on every push that creates a ref.

      - parsing the log files is too kludgy and inelegant to be in core,
        not to mention potentially very slow for really large projects

      - code to maintain the a history of "who created this ref" is too
        cumbersome, especially because of the need to expire old entries
        after a time.
2011-05-02 07:15:12 +05:30
Sitaram Chamarty 6a51bae400 update s3backup adc to disable pushes first
(ref http://sitaramc.github.com/gitolite/doc/3-faq-tips-etc.html#_disabling_write_access_to_take_backups)

code from David Bremner via email
2011-04-24 15:14:37 +05:30
Sitaram Chamarty e73f1cea93 'hub' adc request-status subcommand can ask for details by request-number 2011-03-13 16:57:54 +05:30
Sitaram Chamarty 719edd007c 's3backup' adc contributed by David Bremner 2011-03-13 09:37:50 +05:30
Sitaram Chamarty c3787e2d17 hub adc had an unused extra return value from check_access; fixed 2011-03-13 09:37:50 +05:30
Sitaram Chamarty aab5ec9e6a 'hub' ADC takes patterns for 'list-request', has new 'accept' command
(plus a few minor fixes)
2011-03-05 12:23:17 +05:30
Sitaram Chamarty 6d3c2fbcef 'hub' ADC doc and rudimentary test script 2011-03-03 15:39:54 +05:30
Sitaram Chamarty 49e64a4f11 'hub' ADC 2011-03-03 15:39:54 +05:30
Sitaram Chamarty e7d55899f3 fork adc acquired some good ideas from the KDE folks 2011-02-25 21:15:08 +05:30
Sitaram Chamarty cec94a3664 (minor) who-pushed adc falls afoul of egrep incompat between Linux distros!
It seems even within Linux, not all "egrep"s are equal.  So we fall back
to the one true standard :-)

[caught by Jeff from the KDE team]
2011-02-25 06:21:17 +05:30
Sitaram Chamarty bdef55eee9 (minor) bashism fixes, usability fix, for "able" adc 2011-02-25 06:21:13 +05:30
Sitaram Chamarty 02128ff48f (minor doc fixes) 2011-02-21 21:25:43 +05:30
Sitaram Chamarty 948f700c7a supercool new admin-defined command "git" (disabled by default)
This new adc allows you to run arbitrary git commands on the server.

It is disabled by default, and you have to READ ALL INSTRUCTIONS **AND**
SOURCE CODE BEFORE DEPLOYING.
2011-02-10 14:01:08 +05:30
Richard Bateman 00a926bf48 Added perms PDC to supplement setperms/getperms
- Also added pygitolite.py as a helper library for python PDC apps
2011-01-21 14:14:09 +05:30
Richard Bateman 108f8e96a2 Added PDC set-head for setting the HEAD ref on a remote branch that you have write access to 2011-01-21 14:14:09 +05:30
Sitaram Chamarty 692552d146 gitolite v2.0rc1 -- please see new developer-notes doc 2011-01-16 07:26:13 +05:30
Sitaram Chamarty 5b9bf700cc allow access checks from ADC or hook
For sample code see new file contrib/adc/get-rights-and-owner.in-perl.
Despite the name, you can use similar code in a hook also -- comments in
that file will tell you how.

implementation notes:

  - check_access now takes an optional last arg "dry_run", which is also
    passes through to check_ref
  - check_ref returns a "DENIED by ..." instead of die-ing if dry_run is
    passed in

  - as a side effect, cli_repo_rights is now just a stub calling
    check_access (we kept it hanging around for backward compat -- too
    much adc pain for too many people if we change it now)
2010-12-25 12:40:41 +05:30
Sitaram Chamarty 74726fdc31 added watch ADC (includes documentation), courtesy mitchell@kde.org 2010-11-18 12:40:09 +05:30
Sitaram Chamarty 7313d48247 gitolite-down: disable write-access to take backups
(we quietly do not document the 'able' adc, which is now the most
"official" adc in the sense that it has a new test, t64-write-able!)

other notes: fix bug in 'able' (not setting $loc)
2010-11-16 22:57:23 +05:30
Sitaram Chamarty 6386d8ca2f gl-reflog adc gains 'usage', loses some crappy warnings
(actually these warnings can come in many other situations; I just
noticed them when testing this adc)
2010-10-28 19:34:46 +05:30
Sitaram Chamarty 5b3dcb3757 a slew of adc changes; details below:
- get_rights_and_owner normalises its arg1 by stripping .git if
    supplied, then sets the variable "repo" to the result as a side
    effect
  - new "help" adc with some default text but main purpose is to allow
    site local help text
  - other adc's refer to 'help' adc when appropriate
  - 'undelete' renamed to 'restore'; that's what the KDE "trashcan"
    program calls that operation
  - minor typo in sample script in documentation
  - main adc doc points to contrib/adc/repo-deletion.README now
2010-10-28 16:43:04 +05:30
Sitaram Chamarty 9fc521930d new adc: "who-pushed" prints the last person who pushed the given sha 2010-10-27 18:45:51 +05:30
Sitaram Chamarty 66b65e5e1d (doh!) make gitolite.pm easier for packagers
should have done this long ago...
2010-10-23 17:43:19 +05:30
Sitaram Chamarty cb0a9bdb0c ADC "rmrepo" replaced by "rm" and "trash", with helper ADCs
helpers for 'rm': lock, unlock
helpers for 'trash': list-trash, undelete

common functions updated with local settings for ADCs as well
2010-10-22 17:43:09 +05:30
Sitaram Chamarty 99d6b4875c adc su-expand to allow admin to run 'expand' on other users 2010-10-16 12:22:47 +05:30
Sitaram Chamarty ba39d93e28 (minor glitch in sudo adc)
thanks to jeff for finding it...
2010-10-06 22:57:45 +05:30
Sitaram Chamarty afbab1dd8d "sudo" adc
The sudo adc should make life easier for any admin wishing to run an adc
as some other user.

As a result, the rmrepo adc also goes back to its simple roots.  Now you
just run it via the sudo adc if you (as gitolite admin) needs to rmrepo
some user's repo.
2010-10-06 22:30:54 +05:30
Sitaram Chamarty c40622b302 gl-reflog adc: tighten permissions checks
- dont do anything if he doesn't even have read access
  - move the GL_USER check to the right place!  (to when you actually
    will be doing something)

That spurious check for GL_USER that we (re)moved would not only have
shown an incomplete set of log lines, it would have made the wrong log
line look like the "last" one.  (No real harm would result, of course,
since the update-ref would blow up due to the actual SHA being something
other than what it was expecting, but it would be confusing to the user)
2010-10-06 22:21:59 +05:30
Sitaram Chamarty b4a3b812a7 adc rmrepo: delete reponame from projects.list 2010-10-06 20:04:48 +05:30
Sitaram Chamarty 51ef951768 gl-reflog -- first version; proof of concept only, NOT for production use (yet) 2010-10-05 20:46:13 +05:30
Sitaram Chamarty 67a72a3f5b added support for a post-repo-create hook (gl-post-init)
...some people want to run a special function after a repo is created
2010-09-24 16:58:46 +05:30
Sitaram Chamarty 07d07cc5f6 rmrepo alternative 2 was too lax
it would have allowed deleting a non-wild repo too!  Fixed.
2010-09-03 09:02:47 +05:30
Sitaram Chamarty 3a8f32ac9b minor fixups to the "gitweb/daemon from setperms" code...
- fork was not printing a newline after the permissions
  - "add_del_line" to properly handle that damn projects.list file!
2010-08-20 23:09:11 +05:30
Sitaram Chamarty 648676faec gitweb and daemon should now work even from within setperms
modifications:

  - call setup_gitweb_access and setup_daemon_access from with
    get_set_perms so when the user sets a perm explicitly it works
  - in setup_gitweb_access, do not delete description file or
    gitweb.owner if the repo is wild
  - make the "fork" adc set gitweb.owner *and* call setperms using
    GL_WILDREPOS_DEFPERMS
  - add tests

bug fixes:

  - gl-auth did not even *look* at GL_WILDREPOS_DEFPERMS when
    auto-"C"reating a wild repo; fixed
  - setup_gitweb_access did not delete the description file as
    consistently as it deleted the owner

what will NOT work:

  - removing gitweb permissions does not clear the name from
    "projects.list".  That's complicated, so just wait till the next
    "compile" to make this happen

(thanks to Jefferai for driving this...)

----

mildly puzzling:

    for some strange reason, after a "git ls-remote ...try3" in t58,
    instead of not creating a "description" file, we started seeing a
    73-byte file containing this message:

    Unnamed repository; edit this file 'description' to name the repository.
2010-08-20 21:02:18 +05:30