Commit graph

351 commits

Author SHA1 Message Date
Denis Knauf a6f6886e84 README.txt -> README.md + clean up 2013-01-02 14:55:04 +01:00
Sitaram Chamarty 089f0f9d9e on removing a repo...
Not following through on instructions to remove a repo, per [1], is not
sufficient.  Even if you did just the first step, the repo should  no
longer be accessible.  See [2] for discussion.

As a bonus, we get rid of one pesky warning that always confused people.
(In hindsight -- this confusion itself should have been a warning that
something is wrong and needed fixing!)

[1]: http://sitaramc.github.com/gitolite/repos.html
[2]: http://groups.google.com/group/gitolite/browse_thread/thread/a3d4c3e917056abb
2012-12-31 06:23:28 +05:30
Sitaram Chamarty 5aef1adc7b list-dangling-repos: are we there yet?
<sigh>First I forgot @groups that may contain repos and patterns, then I
forgot patterns where the CREATOR token is used (this is the fix here).
2012-12-31 05:48:18 +05:30
Sitaram Chamarty 1fefb1c0d9 v3.3 2012-12-29 13:58:12 +05:30
Sitaram Chamarty ea3d04ea0a perms batch mode confuses; print something to help
What happens is that running

    ssh git@host perms reponame

appears to hang, since it is waiting for STDIN.  I added a message to
help, since we don't want users losing files accidentally!

(The other alternative is to add a specific option for batch mode, but
this is backward incompatible for people who have scripts that may be
doing this).

thanks to Caleb Cushing for catching this

----

The "make sure Ctrl-C gets caught" thing needs some explanation.

Without it, a user could inadvertently lose his gl-perms file if he ran
the command in batch mode.  You'd think that the Ctrl-C would hit the

    for (<>) {

line and bail, but it manages to reach the

    _print( $pf, @a );

line somehow.  Even trapping SIG INT does not help.

I suspect it is to do with how signals are propagated by ssh across a
"no-pty" session, but am not sure.
2012-12-29 13:40:13 +05:30
Sitaram Chamarty 84424e48b9 bug fix: perms propagation to slaves...
Sometime after v3.2, I fixed what looked like an information disclosure
issue, where a user could determine if an arbitrary repo existed or not,
even if he had no rights to see the repo.  This was:

    96cc2ea "new features relating to creating wild repos:"

Unfortunately, this appears to have broken gl-perms propagation to
slaves, because now running "perm -c" on an existing repo dies!

If you run

    git diff 96cc2ea^ <this commit> -- src/commands/perms

you'll see how simple the fix *should* have been :-(
2012-12-29 13:40:13 +05:30
Sitaram Chamarty b303694882 minor bugly...
please remember we make up words here, like refex was a word we created
to mean "a regex that matches a ref".

A "bugly", then, is a bug that's merely ugly (and not a real problem!)
2012-12-29 13:40:13 +05:30
Sitaram Chamarty b9bbb78278 D: allow rm and unlock to be disabled 2012-12-19 07:19:50 +05:30
Sitaram Chamarty 3513f4a153 fix bug in list-dangling-repos
Still, I would advise caution if you use this as a basis for deleting
repos from the file system.  A bug in this program could cause you to
lose important data!
2012-12-19 06:31:11 +05:30
Sitaram Chamarty 4f4658274d CREATOR need only be a "word" in wild repo patterns
this was a v2 compat breakage, caught by Dominik Schäfer
(schaedpq at gmail)
2012-12-19 06:27:24 +05:30
Sitaram Chamarty 2048484578 add more detail to error message
this error normally happens due to some permission issue on the log
file, but we weren't printing the actual cause, so it was confusing
2012-12-14 07:58:14 +05:30
Sitaram Chamarty 8e3ee2f9c1 (minor) macro buglets
- allow parameter-less macros
  - allow macro body to start on next line
2012-12-14 07:58:14 +05:30
Sitaram Chamarty 3103d68a75 new trigger: update-gitweb-daemon-from-options
another way to update gitweb and daemon access lists
2012-12-14 07:58:14 +05:30
Sven Strickroth f89408adb1 Set Content-Type to text/plain for gitolite commands over http
Explicitly set "Content-Type: text/plain" for gitolite commands when
issued over http, so that it is possible to see the output with normal
browsers.

(At least) Apache httpd might set the Content-Type to something
different and triggers a download instead of showing the text directly.

Signed-off-by: Sven Strickroth <email@cs-ware.de>
2012-12-09 08:09:02 +05:30
Sitaram Chamarty fc7ddfc818 (minor) lint had syntax errors
thanks to xcat on #gitolite for catching it
(shows you how often it gets used I guess!)
2012-12-07 17:30:56 +05:30
Sitaram Chamarty f1c69a3ec0 bugfix: don't delete description file when running perms
thanks to drue on #gitolite for catching it
2012-12-05 06:00:00 +05:30
Sitaram Chamarty 2741fadc9d a few minor changes
* minor typos
  * perltidy on Tsh
  * a minor optimisation to "do" in gl-conf
  * remove inapplicable caveat in fork command
2012-12-04 05:43:48 +05:30
Sitaram Chamarty b6d6260dbb prevent empty %groups being created in compiled conf
this would happen if @all was used but no actual groups were defined,
and would in turn cause a parse error on the compiled conf because it
now ends with a 'false'.

thanks to Jelle Raaijmakers
2012-11-28 06:22:55 +05:30
Sitaram Chamarty 72e36f32aa oops; hashes were getting printed twice in certain cases...
harmless but wasteful
2012-11-28 05:49:48 +05:30
Stephen Palmer d2214b06b5 Fixed bug in lock script
the unlock command was not checking the correct hash key to match
the user name
2012-11-27 08:09:46 +05:30
Sitaram Chamarty 96cc2eaf41 new features relating to creating wild repos:
- new 'create' command for explicit creation
  - new 'AutoCreate' trigger to prevent auto-creation on read operations
    or both read and write operations
  - a few related fixups to the perms command
2012-11-22 20:50:20 +05:30
Sebastian Koslowski 96be9503ef sudo command: CLI fix: 2 non-empty args required 2012-11-22 20:50:20 +05:30
Sitaram Chamarty 7cec71b0ef minor fixups to some non-core programs
(following a bit of a doc shakeup)
2012-11-22 15:59:48 +05:30
Sitaram Chamarty cd838411fa 'gitolite mirror' needs to set exit code on push failure 2012-11-21 21:16:01 +05:30
Sitaram Chamarty 2018267a45 (minor) fixes to lint program, mainly usage message 2012-11-21 19:55:12 +05:30
Sitaram Chamarty a26532d635 allow simple macros in conf file 2012-11-19 07:48:41 +05:30
Sitaram Chamarty 5f9789ed8e v3.2 2012-11-14 15:45:45 +05:30
Sitaram Chamarty d3d93961a0 Uggh; horrible inner loop screwing up all performance :-(
This might actually make the redis version unnecessary for most people!
And if it does, well shame on me for not instrumenting things at a more
granular level before going all "oh we need a cache!"

[In my defense, I blame redis for being such a sweet little tool that I
felt compelled to use it somehow!]

----

t/sequence failed because the test itself was in error; fixed.
2012-11-14 15:43:57 +05:30
Sitaram Chamarty 1f96180df0 allow multi-line pubkeys; see code for doc 2012-11-13 08:45:45 +05:30
gitolite tester 57760d7e1b refex-expr: die when admin forgets to add the required line to the rc 2012-11-13 08:09:14 +05:30
gitolite tester 16f2d9b879 gl-conf must be created even if the repo para has only config lines
(i.e., no access rules but only config lines)
2012-11-13 07:00:22 +05:30
Sitaram Chamarty c03d107bac help run some trigger programs in the background 2012-11-10 14:21:52 +05:30
Sitaram Chamarty d491b5384f (minor) add quick and dirty timer code to Common.pm 2012-11-09 18:02:16 +05:30
Sitaram Chamarty 8a9564f171 some minor rearrangements of code...
why?  now that would be telling!
2012-11-08 19:12:20 +05:30
Sitaram Chamarty a509b208e3 move %GL_REPO and %GL_CREATOR substitution into core
see usage example at the end of src/triggers/upstream
2012-11-07 05:36:28 +05:30
Sitaram Chamarty be61cd2d66 make sure gl-perms exists, even if it is empty...
I expect this to help if we optimise the rule generation by caching.
2012-11-06 09:15:55 +05:30
Sitaram Chamarty 70ad045e08 (minor fixups to some non-code parts) 2012-10-31 06:24:44 +05:30
Andrew Page 2aa129bc70 fix for keysubdirs-as-groups sugar script to support "old style multi-keys" for users 2012-10-29 17:15:52 -06:00
Sitaram Chamarty a802071a5e (test suite) stop using 'ls' to test for presence/absence of files/directories
another of those "duh!  what was I thinking" moments, this specific one
being "why test that files/directories are created with the right user
and group IDs?  Shouldn't that be out of your control, as well as
totally unnecessary on a sane system?"
2012-10-27 13:20:55 +05:30
Sitaram Chamarty 4eb8cd4ad1 (minor) bash -> sh changes in some non-core code
/bin/bash is muscle memory for me, although it appears that not too much
of the actual code is bash-specific, so it's reasonably easy to fix.
2012-10-27 07:07:30 +05:30
Sitaram Chamarty 3eefc06551 (minor) clarify that D only works on wild repos 2012-10-10 13:43:17 +05:30
Eugene E. Kashpureff Jr 896ada58c0 Fix spurious error in triggers/upstream
The initial fetch of a new repo which has 'upstream' read-only mirroring
configured will cause a spurious error concerning FETCH_HEAD not yet
existing. This silences the error.
2012-10-10 07:59:52 +00:00
Sitaram Chamarty 51ab768e2a v3.1 2012-10-05 14:42:25 +05:30
Sitaram Chamarty f636ce3ba3 (security) fix bug in pattern to detect path traversal
while we're about it, add the same check to some of the internal
routines, so that commands can also be protected.

finally, just to make sure we don't lose it again in some other fashion,
add a few tests for path traversal...
2012-10-05 12:28:20 +05:30
Sitaram Chamarty 0d371ac957 call GROUPLIST_PGM before determining user_roles()...
thanks to Stephane Chazelas [1]

[1]: https://groups.google.com/d/topic/gitolite/gy_ZkrxGSjg
2012-10-04 22:03:19 +05:30
Sitaram Chamarty 2dbaa4d12e (minor) move a small chunk of code out of a loop 2012-09-26 14:58:56 +05:30
Sitaram Chamarty 6328ec2cbe dont auto-vivify empty entries in %repos...
before this, trying to access a wild repo would create an empty hash in
%repos.  This is pretty harmless, but at some later point, memberships()
would try to use that in a pattern, attempting to match the real repo
being access-checked.

Which is still fine if your repo doesn't look like "libstdc++" AND
you're using some recent perl.

However, for perl 5.8.8, and if the repo has a ++ in it, perl barfs.

Here's a test program to check your perl:

    #!/usr/bin/perl

    $base="foo/u1/libstdc++";
    $i="foo/u1/libstdc++";

    if ( $base =~ /^$i$/ ) {
        print 1;
    } else {
        print 2;
    }

On 5.14.2 I get "2".  On 5.8.8 I get:

    Nested quantifiers in regex; marked by <-- HERE in m/^foo/u1/libstdc++ <-- HERE $/ at ./aa.pl line 6.
2012-09-25 19:10:47 +05:30
Sitaram Chamarty 3fe8ecf974 (minor) avoid spurious 'repo missing' messages for repo patterns 2012-09-25 19:05:57 +05:30
Sitaram Chamarty 9606e35528 help cgit folks out a bit :) 2012-09-24 04:53:20 +05:30
Sitaram Chamarty 724c741335 prevent barfage when presetting the rc file 2012-09-20 06:21:44 +05:30