Commit graph

430 commits

Author SHA1 Message Date
Sitaram Chamarty b11d44e036 (mirroring) make cron jobs easier to write
gl-mirror-shell will now take a list of slaves and/or keys, expanding
the keys in place.  See doc for even more improvements and conveniences.
2011-08-15 07:02:42 +05:30
Sitaram Chamarty aa7ff8ac27 (mirroring) some more error checking 2011-08-14 22:22:31 +05:30
Sitaram Chamarty a3ffc9d8fd (mirroring) reject non-local pushes if GL_HOSTNAME not set
We previously said all mirroring features are disabled if GL_HOSTNAME is
not set.

But what if, after mirroring has been setup, and master/slaves defined
for a repo, a slave admin fat-fingers the RC file and accidentally
comments out GL_HOSTNAME?  We might end up violating RULE NUMBER ONE!
2011-08-13 14:32:38 +05:30
Sitaram Chamarty 5143cc890f (new mirroring) enhance gl-tool
...it now does the mirroring peer key setup, unlike the kludgy manual way in the old setup
2011-08-12 22:51:44 +05:30
Sitaram Chamarty 68b45e1616 (new mirroring) bulk of the changes are here:
- post-receive now just calls mirror-push
  - mirror-push is a medium complex shell script (all that backgrounding
    etc., can't be done so easily in God's first language!)
  - mirror-shell is now a perl program that does a few different things
    (receive mirror-pushes, command line re-sync, re-sync requests from a
    slave, etc)
  - auth-command changes to reject/redirect non-native pushes
2011-08-12 22:51:44 +05:30
Sitaram Chamarty 15db108e45 (new mirroring) helpers, hostname, detect use of older RC variables, delete mirror-sync 2011-08-12 22:51:44 +05:30
Sitaram Chamarty b70cf05b43 (minor) allow a comma in regex pattern for wild repos
This was an oversight.  We already allow { and } anyway...
2011-08-12 21:45:23 +05:30
Sitaram Chamarty 0b68365860 fix accumulation of 'config' (git config) lines
If a repo matches multiple patterns, 'config' lines were being picked up
only from one of the 'repo' paras, instead of from all applicable ones.
2011-08-08 09:47:56 +05:30
Sitaram Chamarty 66f2065098 deal with a perl 5.14 deprecation on qw()
Apparently 5.14 deprecates using qw() as parentheses

(thanks to Benjamin Severs)
2011-08-04 22:01:13 +05:30
Sitaram Chamarty 49f5361799 (minor) don't ignore dirty-ness when generating version number 2011-07-29 14:12:56 +05:30
Sitaram Chamarty 6b65ffbab4 (minor) setperms and DOS users
Supporting git on DOS may be a fact of life, but it felt good to make
them use the "right" editor (hint: starts with v, ends with m, has three
letters), or at least something equivalent, to produce their setperms
input files.

I'd say "yes Fred I know.  However, Unix doesn't work like that, and
when talking to a big, important, OS like Unix from your little
single-user workstation, you do have to go the extra mile.  It's not
that different from going into a meeting with the CEO you know -- you
dress up a little for that meeting don't you?".  And Fred would nod, a
little awed by the analogy.  Maybe the awe was tinged with a wee bit of
anger but not much; he knows there's a hierarchy among OSs, just like
among people, and he knows where his OS stands in that hierarchy...

----

For the humour impaired, that was a joke.  To start with, I don't know
anyone called Fred.

It *is* true that I tend to ignore DOS if at all possible, especially in
my *code*.  But since I don't really use wildrepos at work, this issue
would never have come up for me, even in the DOS projects I manage.

In this case someone who's contributed a heck of a lot to the evolution
of gitolite asked, so here it is.

----

oh and in case you were wondering, DOS stands for "dominant operating
system" ;-)
2011-07-23 08:31:33 +05:30
Sitaram Chamarty 42df4c01a9 gl-dont-panic replaced by more generic gl-admin-push
(sorry Douglas Adams; the "towel day" program is no more!)
2011-07-13 22:29:44 +05:30
Sitaram Chamarty c7d95293dd revert part of 9ad7ea4
Fix a problem with authkeys perms when REPO_UMASK is too loose.

(To duplicate it, run a fresh, non-root install, and when gl-setup pops
up an editor, change the REPO_UMASK to 0007 (from the default 0077).
You'll find that ~/.ssh/authorized_keys now has g+w set, causing sshd to
refuse key-based access.)

And before you ask, even though gl-setup does it, I won't fiddle with
the permissions of an existing file in *this* code.  (gl-setup is run
manually by the admin, this one gets run on every push).

----

Side note: 9ad7ea4 was somewhat forced on me, and I didn't really agree
with parts of it.  I have no idea why I gave in so easily, but it won't
happen again!
2011-06-11 14:02:26 +05:30
miiihi f8812b7822 Allowing customization of authentication options thru gitolite.rc 2011-06-11 13:04:12 +05:30
Sitaram Chamarty 7a0f517afe sometimes you shouldn't call log_it()...
a warn/die may happen even before setup_environment() has been called,
so then log_it() tries to use uninitialised variables and it then adds
to the confusion complaining about *those*
2011-06-11 13:04:12 +05:30
Sitaram Chamarty 660fad954a make gl-system-install easier to run
make the arguments optional (with documented defaults) plus they need
not exist a priori, reducing one command (the silly mkdir!) that the
user has to run.

All this is preparatory to deprecating the from-client method.  We've
even switched the test suite to 'non-root' method now
2011-05-28 18:14:19 +05:30
Sitaram Chamarty 936f8719ce make projects.list (and some other files) writes atomic
The KDE folks have a projects.list file that gets picked up by rsync and
sent elsewhere in some cron-ish manner.  They noticed that occasionally
the file that went across was truncated, which indicates that maybe it
got picked up while it was still being written.

oh and this change also affects any files that get written using
wrap_print()
2011-05-25 08:15:36 +05:30
Sitaram Chamarty 3d9b4fae9f (minor) make htpasswd use md5 passwords
(thanks to yoonique dot net at gmail; he also tested that files with
some normal and some md5 passwords, such as would happen on an upgrade,
work fine)
2011-05-24 06:30:55 +05:30
Sitaram Chamarty 7bea99148c tighten up adc arguments a bit more 2011-05-19 09:29:47 +05:30
Sitaram Chamarty 74c1736222 (sshkeys-lint) add detection of duplicate *.pub files 2011-05-10 10:17:05 +05:30
Sitaram Chamarty 836faf915f forcibly set user.{name,email} if needed
git 1.7.4+ insists on these two being defined.  So I reduce my support
load by forcing them if they were not set.

Much easier than explaining to people what should be obvious from the
error message.
2011-05-04 14:04:10 +05:30
Sitaram Chamarty 78444c2e76 gl-system-install: optional 4th arg to help packagers
(buildroot in RPM-speak, DESTDIR in DEB-speak)

based on a patch sent by Francis Galiegue (fgaliegue at gmail)
2011-04-03 21:23:16 +05:30
Sitaram Chamarty 1006eba2fc allow the include statement to use globs
(bonus: we now have a test case for "include" itself, should it ever
decide to take an unplanned vacation!)
2011-04-01 16:11:59 +05:30
Dylan Simon 58064b8e20 Make limit on number of repos displayed by info with GL_BIG_CONFIG configurable
[doc added by Sitaram]
2011-03-30 20:27:12 +05:30
Sitaram Chamarty 0f377a7679 new doc on gitolite without ssh, plus some minor docfixes 2011-03-30 18:42:39 +05:30
Jos Houtman afc3a06c56 mirror-shell fix: setup GL_RC; post-update needs it 2011-03-21 07:51:24 +05:30
Sitaram Chamarty 6539009cb5 make REPO_BASE absolute early
$ENV{GL_REPO_BASE_ABS} is meant to point to the same directory as
$REPO_BASE, except it is meant to be passed to hooks, ADCs and other
child programs.  And since you can't be sure where the child program
starts in, this became an absolute path.

Gradually, however, I started using it wherever I needed an absolute
path (mostly in code that jumps around various directories to do stuff).
Which is silly, because there's no reason $REPO_BASE cannot also be made
an absolute, even if the rc file has a relative path.

So that's what I did now: made $REPO_BASE absolute very early on, and
then systematically changed all uses of the longer form to the shorter
form when appropriate.  And so the only thing we now use the longer one
for is to pass to child programs.

(Implementation note: The actual change is not very big, but while I was
about it I decided to make the test suite able to test with an absolute
REPO_BASE also, which is why the commit seems so large.)

----

This all started with a complaint from Damien Regad.  He had an
extremely odd setup where his bashrc changed PWD to something other than
$HOME before anything else ran.  This caused those two variables to
beceom inconsistent, and he had a 1-line fix he wanted me to apply.

I generally don't like making special fixes for for non-standard setups,
and anyway all he had to do was set the full path to REPO_BASE in the rc
file to get around this.  Which is what I told him and he very politely
left it at that.

However, this did get me thinking, and I soon realised I was needlessly
conflating "relative versus absolute" with "able to be passed to child
programs".  Fixing that solved his problem also, as a side-effect.

So I guess this is all thanks to Damien!
2011-03-21 07:51:10 +05:30
Sitaram Chamarty 32646e9cf0 (minor) make it clearer when easy install aborts
Technically this does not add any new information, but I'm hoping it
will help the folks just won't read what's on the screen otherwise.

The main impetus this time is git 1.7.4, which is strict about
user.email and user.name and rejects commits when those config variables
are not set.  As a result, the number of times gl-easy-install hits a
fatal error and bombs out without completing its job, has increased
drastically.
2011-03-13 09:37:50 +05:30
Sitaram Chamarty 3677bc5a4d one more slurp
see 9ad7ea4 -- "(minor) some changes to system(), ``, etc."
2011-03-12 04:52:34 +05:30
Sitaram Chamarty b7944ed4d1 (minor) do not purge projects.list if GL_NO_DAEMON_NO_GITWEB set
The code that sets %projlist doesn't even run if GL_NO_DAEMON_NO_GITWEB
is set, so it doesn't make sense to then *use* that (empty) variable and
effectively wipe out the projects.list file.

Thanks to m0 for asking...
2011-03-10 22:12:42 +05:30
Sitaram Chamarty 9ad7ea4e19 (minor) some changes to system(), ``, etc.
(suggested by cmyers and ryan_c on #gitolite)

Between wrap_print(), which now takes a list, and the new slurp(),
pretty much everything to do with 'cat' or 'echo' has been converted to
pure perl.

----

Personally, I consider these changes to be somewhat gratuitous, because
none of these had a security *or* a performance concern.  But since the
amount of new perl code was not too high (just the slurp() function,
really), I figure it's not a big deal to do it.
2011-03-09 20:11:30 +05:30
Sitaram Chamarty 91a8379f9f change some 'warn's to 'print STDERR' and vice versa
with warns now being logged, it's nice to make sure that anything that
could even vaguely be considered someone playing with the system, *or*
is otherwise noteworthy, be emitted as a 'warn' instead of as a 'print
STDERR'.  Similarly stuff that is clearly a syntactic warning or typo
should come from 'print STDERR', instead of from a 'warn'.
2011-03-08 14:20:35 +05:30
Carl Myers 59a1855e38 Added handler to ensure warn and die are logged
(with some extra changes by Sitaram)
2011-03-08 14:20:35 +05:30
Sitaram Chamarty 396bfaa3b9 gl-auth now checks for and run a hook called 'gl-pre-git'
see sample code for motivation; other uses at your discretion
2011-03-05 12:23:17 +05:30
Sitaram Chamarty ca913af6cd for cool 'cat's who use 'putty' :-)
ryan-c on #gitolite (ryan.castellucci@gmail.com) found that if a user
types in
        ssh git@server `echo -e "\033[2J"`
or eqvt, he can get raw ASCII control characters into gitolite's log
file.  Then if a gitolite admin 'cat's the log file (instead of using a
pager, or uses a pager in raw mode like 'less -r'), those control
characters hit his screen and do stuff.

While clearing the screen etc is probably harmless and I would not have
bothered, we know that the old vt100 would allow the keyboard to be
remapped by the server sending control codes, and we're not really sure
which of the currently in use terminals emulate this.

And finally, I found somewhere that "PuTTY allows the server to send
control codes that let it take over the mouse".  Scary...

(...of course, I hate putty/plink so I was sorely tempted to leave this
as is to punish people who use it <grin> but not really; I'd joke about
it but won't actually *do* it!)
2011-03-05 05:56:58 +05:30
Sitaram Chamarty 46528f0cc7 squelch useless "undefined" warnings
Normal users will never need this change but the big boys like to play
on the server side directly... and sometimes the SSH_CONNECTION var is
not set
2011-02-25 20:39:59 +05:30
Sitaram Chamarty 9a49487d0a minor bug in data format fixup code
Earlier, it wasn't as critical for gl-setup to be run with the full
path; the BINDIR deduction used to happen in almost every program.  Now
it's a lot more important.

Apparently I never noticed that "/bin/bash -l gl-setup" does not set $0
to the correct, fq path.  Adding a "-c" does, however...

[thanks to Jeff from the KDE team for finding this]
2011-02-25 06:20:41 +05:30
Sitaram Chamarty bc5e995078 reach out and touch someone
This shaves 3 seconds off of KDE's config compile time :-)

Yes, I know wrap_print has that extra print statement, but otherwise it
was lying around not earning its keep so I gave it a little side job :-)
2011-02-22 13:28:02 +05:30
Sitaram Chamarty dfdab0f3c8 allow gitolite_rc.mkd values to be overridden by ~/.gitolite.rc
you might wonder why these are different from all the other variables in
the rc file... it's just that I never thought people would want to
change these!
2011-02-15 15:10:29 +05:30
Sitaram Chamarty a33f0f8504 security fix for optional ADC (admin-defined command) feature
Thanks to Dylan Simon for catching it...
2011-02-13 08:15:01 +05:30
Sitaram Chamarty 1c1ae6061d "git config foo.bar = 0" was not working; fixed
(because perl treats 0 as false and I'd not accounted for that)

thanks to idl0r for catching this
2011-02-06 07:14:25 +05:30
Sitaram Chamarty d2cef2d05e doc fixes related to conf and rc getting their own doc files 2011-01-29 17:07:57 +05:30
Sitaram Chamarty 1fce051ea1 add -prune to find commands
Apparently it makes a huge difference with some kinds of network drives
(guess which company's software ;-)

http://groups.google.com/group/gitolite/browse_thread/thread/66b888f11dc5a365
2011-01-28 04:55:04 +05:30
Sitaram Chamarty 0360dc9f3f test smart http mode, update docs (including mob mode)
- allow a mob username to be defined; all unauthenticated access will
    look to gitolite like this user (if you setup apache also properly)

  - update doc with more details (some repeat stuff from `man
    git-http-backend` but it's probably worth having everything in one
    place
2011-01-17 22:04:10 +05:30
Sitaram Chamarty 3c1633c659 (minor) gl-setup learns "-q"
suppresses popping an editor when run for the first time
2011-01-16 14:42:11 +05:30
Sitaram Chamarty 692552d146 gitolite v2.0rc1 -- please see new developer-notes doc 2011-01-16 07:26:13 +05:30
Sitaram Chamarty d8789a3af0 get rid of wasted parse in wild_repo_rights 2011-01-12 00:37:09 +05:30
Sitaram Chamarty 10a30c961d (major change in big-config mode) split the compiled config file
Fedora's config has over 11,000 repositories and the compiled config
file is over 20 MB in size.  Although negligible on a server class
machine, on my laptop just parsing this file takes a good 2.5 seconds.

Even if you use GL_ALL_READ_ALL (see a couple of commits before this
one) to remove the overhead for 'read's, that's still a pretty big
overhead for writes.  And GL_ALL_READ_ALL is not really a solution for
most people anyway.

With this commit, using GL_BIG_CONFIG adds another optimisation; see
doc/big-config.mkd for details (look for the word "split config" to find
the section that talks about it).

----

Implementation notes:

  - the check for GL_NO_CREATE_REPOS has moved *into* the loop (which it
    completely bypassed earlier) so that write_1_compiled_conf can be
    called on each item
2011-01-02 11:30:29 +05:30
Sitaram Chamarty 7fc1e9459f (data format change) fix misnamed 'repo_config' to 'git_configs'
this change includes a minor data format change.  This should be mostly
transparent for upgrades though.
2011-01-02 10:21:39 +05:30
Sitaram Chamarty 27081ad1c1 new rc var: GL_ALL_READ_ALL 2011-01-02 10:21:39 +05:30
Sitaram Chamarty e98bde322e allow gitolite to be used when the users already have real IDs
Fedora (for example) runs like this:

  * each user has his own userid and login
  * his/her ~/.ssh/authkeys file (containing only his/her key) has a
    "command=" clause invoking just "gl-auth-command"
  * trusted users have "gl-auth-command -s" meaning they can get a shell if
    they want to

As a result, there is no specific $HOME where you can look for
.gitolite.rc.  Hence this patch

----

Side note: in addition, Fedora may have one or more of the following
characteristics (writing them here for convenience; they're not directly
relevant to this patch):

  * actual git repos are under "git" (or some such), and include the chmod g+s
    (git init --shared) unix perms tricks for shared access

  * but since they're coming through gl-auth, branch-level acls are in effect

  * the gitolite config file is generated from some database and compiled (all
    via cron)

  * they keydir/ is empty; in fact they probably don't use the admin repo at
    all, AFAIK
2010-12-28 13:58:53 +05:30
Sitaram Chamarty 5b9bf700cc allow access checks from ADC or hook
For sample code see new file contrib/adc/get-rights-and-owner.in-perl.
Despite the name, you can use similar code in a hook also -- comments in
that file will tell you how.

implementation notes:

  - check_access now takes an optional last arg "dry_run", which is also
    passes through to check_ref
  - check_ref returns a "DENIED by ..." instead of die-ing if dry_run is
    passed in

  - as a side effect, cli_repo_rights is now just a stub calling
    check_access (we kept it hanging around for backward compat -- too
    much adc pain for too many people if we change it now)
2010-12-25 12:40:41 +05:30
Sitaram Chamarty 975a0d05b0 minor fix to mirror-shell...
needed if $REPO_BASE contains slashes.

(reported/code sent by Dylan Simon)
2010-12-25 05:58:26 +05:30
Sitaram Chamarty 45a696c419 fine tune "no pubkeys" warning
perm categories (like READERS and WRITERS, or whatever you put in your
$GL_WILDREPOS_PERM_CATS) are *supposed* to "have no pubkeys"; don't warn
about them
2010-12-25 05:58:26 +05:30
Sitaram Chamarty 2bbcc8239c tighten up pattern to check rsync arguments
thanks to Joe Schaefer at the ASF for catching it.  Note that this new
pattern *may* be too restrictive -- if you're using this feature and
have a problem with the new pattern please email me.

See email to gitolite mailing list around this date (2010-11-28) for
more details.
2010-11-28 20:12:39 +05:30
Sitaram Chamarty db97c5a40a (minor) indentation fix
been meaning to do it for a while, but I got a push:

http://colabti.org/irclogger/irclogger_log/git?date=2010-11-26#l622

----

If I had been on the channel at that time I may have quoted Emerson on
"consistency" just for the fun of it...  ;-)
2010-11-28 09:34:47 +05:30
Teemu Matilainen 21a00bd6a9 gl-setup: Replace similar long one-liners with functions 2010-11-21 19:16:52 +05:30
Teemu Matilainen b0d641ef48 gl-setup: Avoid stupid "cd -" simulation tricks
They don't work if someone calls the script for example
    su - gitolite -c gl-setup <key>
from a directory where "gitolite" user does not have permissions (e.g.
0700), then 'cd $od' fails and we stay in gitolite's $HOME.

[commit message changed by committer; author was more polite ;-)]
2010-11-20 22:18:16 +05:30
Teemu Matilainen d8179f09bf Print to STDERR when dying
Signed-off-by: Teemu Matilainen <teemu.matilainen@reaktor.fi>
2010-11-20 21:54:56 +05:30
Sitaram Chamarty c1b27eae22 stick to regex metas that come with perl 5.8
we have a stated aim to work with any perl that git is happy with, which
means it should work with perl 5.8.  At least :)
2010-11-18 19:23:13 +05:30
Sitaram Chamarty 7313d48247 gitolite-down: disable write-access to take backups
(we quietly do not document the 'able' adc, which is now the most
"official" adc in the sense that it has a new test, t64-write-able!)

other notes: fix bug in 'able' (not setting $loc)
2010-11-16 22:57:23 +05:30
Sitaram Chamarty acfaa421d1 BSD compat changes
- openssh 5.6 doesn't like "ssh user@host" with no command following
    it, because they changed the rules for pty allocation failure.

    I'm calling this a BSD compat change because BSD hit it first, but
    really, the "ssh -T" will eventually be needed by Linuxes also, as
    they start upgrading to openssh 5.6

  - FreeBSD (and I presume the other BSDs also) *require* a "-t"
    argument to mktemp (thanks to matias for finding this).

    Note that on FreeBSD, -t is a prefix (the X's are taken literally,
    and the real random stuff gets appended to the prefix), while on
    Linux, it is a template (the X's are converted to random
    characters).  Thus, on BSD you will get names like
    /tmp/tmp.XXXXXXXXXX.1BAEGkHm, whereas on Linux you'll get
    /tmp/tmp.Aq7vbdNpGp or something.
2010-11-15 05:25:19 +05:30
Sitaram Chamarty 0b6edbf7c2 (minor) fix doc refs missed when we renamed some doc files 2010-11-15 05:25:18 +05:30
Sitaram Chamarty 270e0b9157 (minor) support saying 'repo.git' in the config file
but complain loudly so they stop doing this... :-)
2010-11-10 18:07:58 +05:30
Teemu Matilainen 6eb8558e8d compile: Allow empty @group definitions
Use case: group information is generated from an external system and
because of synchronization or authorization restrictions some groups
can be empty.

Signed-off-by: Teemu Matilainen <teemu.matilainen@reaktor.fi>
2010-11-10 12:38:15 +05:30
Sitaram Chamarty 047790140a custom perm categories in setperms (WARNING: PLEASE READ FULL COMMIT MESSAGE)
THE COMPILED CONFIG FILE FORMAT CHANGES WITH THIS VERSION.  PLEASE DO
NOT MIX VERSIONS OR DOWNGRADE.  Upgrading using normal gitolite upgrade
means should be fine, though.

Originally, we only allowed "R" and "RW" as categories of users supplied
to the `setperms` command.  These map respectively to "READERS" and
"WRITERS" in the access rules.

Now:

  - we prefer READERS instead of R and WRITERS instead of RW
  - we allow the admin to define other categories as she wishes
    (example: MANAGERS, TESTERS, etc).  These do not have abbreviations,
    however, so they must be supplied in full.

PLEASE, *PLEASE*, read the section in doc/wildcard-repositories.mkd for
more info.  This is a VERY powerful feature and if you're not careful
you could mess up the ACLs nicely.

Backward compat note: you can continue to use the "R" and "RW"
categories when running the "setperms" command, and gitolite will
internally convert them to READERS and WRITERS categories.

----

implementation notes:

  - new RC var called GL_WILDREPOS_PERM_CATS that is a space-sep list of
    the allowed categories in a gl-perms file; defaults to "R RW" if not
    specified

  - wild_repo_rights no longer returns $c, $r, $wC, where $r = $user if
    "R $user", $r = '@all' if "R @all", and similarly with $w and "RW".

    Instead it returns $c and a new hash that effectively gives the same
    info, but expanded to include any other valid categories (listed in
    GL_WILDREPOS_PERM_CATS)

  - consequently, the arguments that parse_acl takes also change the
    same way

  - (side note: R and RW are quietly converted to READERS and WRITERS;
    however, new categories that you define yourself do not have
    abbreviations)

  - setperms validates perms to make sure only allowed categories are
    used; however even if someone changed them behind the scenes,
    wild_repo_rights will also check.  This is necessary in case the
    admin tightened up GL_WILDREPOS_PERM_CATS after someone had already
    setperms-d his repos.

  - as a bonus, we eliminate all the post-Dumper shenanigans, at least
    for READERS and WRITERS.  Those two now look, to the compile script,
    just like any other usernames.
2010-11-06 21:03:34 +05:30
Sitaram Chamarty 7ddc3ea4c6 gl-setup should not assume $PWD is writable
noticed by idl0r when running it via cfengine
2010-11-04 13:24:41 +05:30
Sitaram Chamarty 6386d8ca2f gl-reflog adc gains 'usage', loses some crappy warnings
(actually these warnings can come in many other situations; I just
noticed them when testing this adc)
2010-10-28 19:34:46 +05:30
Sitaram Chamarty 84fe767b64 pubkeys and the pareto principle! 2010-10-26 20:30:10 +05:30
Sitaram Chamarty 8202ad6d8a (minor) allow @all to be combined with other items
This was a very old quirk/oddity.  Doing

    R       =   @all alice

would fail, but you could still do

    R       =   @all
    R       =   alice

Now we fixed it so it's consistent.

----

This also fixed a curious bug that no one ever caught:

    @all = u1 u2        # yes -- there was no check on redefining @all
    repo foo
        R   =   @all u3 # now would not fail because of defining @all

would have given only those 3 users R access to foo, not really @all
users!  This was because the previous failure message was an artifact of
not finding an expansion for @all, not a genuine "why are you saying
@all and then specifying some user explicitly" warning!
2010-10-24 18:27:56 +05:30
Sitaram Chamarty cd0eac8c3f (minor) a slew of little docfixes 2010-10-23 23:01:12 +05:30
Sitaram Chamarty 66b65e5e1d (doh!) make gitolite.pm easier for packagers
should have done this long ago...
2010-10-23 17:43:19 +05:30
Sitaram Chamarty cb0a9bdb0c ADC "rmrepo" replaced by "rm" and "trash", with helper ADCs
helpers for 'rm': lock, unlock
helpers for 'trash': list-trash, undelete

common functions updated with local settings for ADCs as well
2010-10-22 17:43:09 +05:30
Sitaram Chamarty a0aecbb012 (minor) provide more info on symlink failure 2010-10-19 19:27:27 +05:30
Sitaram Chamarty 3cf2970e0e info leak prevention can be a little more friendly
and acquire some German formality while you're about it ;-)
2010-10-08 05:45:26 +05:30
Sitaram Chamarty db0485fa7e new method for passing usergroup info (warning: minor backward compat breakage)
The old method of passing in usergroup info had some problems, which are
now fixed.  It is also much easier to use now -- no more "wrapper"
script, plus it should work identially whether you use sshd or httpd.

See doc/big-config.mkd for details on the new method.

----

Notes on problems with the old method:

The old method for passing in usergroup info consisted of tacking them
on as extra arguments to gl-auth-command, after the username.

However, there are some problems with this method.

Some actions in gitolite look for permissions for users other than the
invoking user.  Determining permissions for gitweb and daemon is one.
An admin asking for "info" on some other user, is another.

However, the list of groups sent in via the command line
pertains only to the invoking user, so these actions don't work
correctly.  They may even pick up the wrong permissions.

What it all boils down to is that we need group information for any user
dynamically, instead of being passed a (static) list just for the
invoking user.
2010-10-07 20:20:39 +05:30
Sitaram Chamarty 8a980a60bb tighten up argument handling in ADCs even more
More and more people are using ADCs, which I originally wrote just for
adventure-loving people ;-)
2010-10-06 21:30:17 +05:30
Sitaram Chamarty b851011ce5 new RC file variable $GL_SITE_INFO to show site-specific info 2010-10-04 14:33:30 +05:30
Sitaram Chamarty 112f6fab57 mirror-shell needs to honor REPO_UMASK 2010-10-03 09:08:34 +05:30
Sitaram Chamarty 3914dc0161 tighten permissions on install
- hardcode 0700 mode for GL_ADMINDIR tree (thanks to ma at
    ibitsense.com) for catching this
  - honor REPO_UMASK for GL_REPO_BASE_ABS creation
  - plus a minor doc update
2010-10-02 05:55:33 +05:30
Sitaram Chamarty 67a72a3f5b added support for a post-repo-create hook (gl-post-init)
...some people want to run a special function after a repo is created
2010-09-24 16:58:46 +05:30
Sitaram Chamarty 37a6a6a7d3 towel needed more clarity
for people who don't get the continual reference to towels when talking
about the "gl-dont-panic" program, all I can say is that your education
is incomplete ;-)
2010-09-09 06:52:32 +05:30
Sitaram Chamarty 2349afdc78 (http) fixed up the first level error reporting even better
see http://permalink.gmane.org/gmane.comp.version-control.git/155787
2010-09-08 19:57:11 +05:30
Sitaram Chamarty f10fa00227 gl-setup now allows editing rc file on first run 2010-09-08 15:59:19 +05:30
Sitaram Chamarty 595410aa55 (http) first level error reporting now works
I didn't know that remote-curl.c requires 200 OK even if you want to
report an error.

With Ilari's patch at [1] you'll get a more readable message but it is
still good enough now.

[1]: http://permalink.gmane.org/gmane.comp.version-control.git/155464
2010-09-06 12:11:19 +05:30
Sitaram Chamarty b6c93c7ce8 (http) I'm sorry DAV, I can't let you do that... 2010-09-05 21:04:39 +05:30
Sitaram Chamarty 370135d230 (http) better guess at reponame 2010-09-05 21:04:39 +05:30
Sitaram Chamarty ec329ca13f (http) gl-setup changes...
- only admin name needed, not pubkey file
  - setup HOME from GITOLITE_HTTP_HOME
2010-09-05 20:47:10 +05:30
Sitaram Chamarty f4e011226a (http) issues of $HOME, startup (birth!), and death
- deal with issues of HOME not being available...
  - "where_is_rc" finally has a purpose; see comment block before
    function
2010-09-05 20:47:06 +05:30
Sitaram Chamarty 52e0ed3488 (http) auth: handle REQUEST_URI and friends
TODO: if the verb doesn't actually contain "git-receive-pack", I am
assuming it is some sort of read.  The list in services[] in
http-backend.c does not seem to look like any other verb is a "write";
need to check this with someone.

For normal git commands:
  - PATH_INFO gives you the repo name
  - REQUEST_URI gives you the verb
  - we construct a fake SSH_ORIGINAL_COMMAND so the rest of the
    processing does not have to change

For our special commands:
  - PATH_INFO is actually the verb
  - QUERY_STRING has the parameters
  - we again fake out the SSH_ORIGINAL_COMMAND
  - we print the extra HTTP headers in anticipation of the actual output

Either way, we also fake out the SSH_CONNECTION so that the IP address
can get logged ok

And of course REMOTE_USER is now the incoming userid

Finally, at the end, we exec GIT_HTTP_BACKEND instead of the normal one
2010-09-05 20:47:01 +05:30
Sitaram Chamarty 6b93678ac6 (minor) sshkeys-lint prints correct path to run in instructions 2010-09-04 18:08:29 +05:30
Sitaram Chamarty 7b633049be refactored and lifted out the line parse part from inside parse_conf_file
adapted from code by kpfleming@digium.com.  I basically cherry-picked
the top commit on "pu-work" (30068d1) on his fork at github, and made
some minor fixups to it
2010-09-04 15:03:06 +05:30
Sitaram Chamarty 5188ec48ed fix a comment typo which totally changed the meaning! 2010-09-03 09:02:43 +05:30
Sitaram Chamarty bebc67eba3 towel day program was not limiting commits as stated in message 2010-09-03 09:02:42 +05:30
Sitaram Chamarty 1d566ac46b a bit of optimisation to help another one along
(thanks to reuss for telling me about the problem, although setting
BIG_CONFIG worked just as well in his case, and this patch was not
really needed)
2010-08-26 00:10:47 +05:30
Sitaram Chamarty 6b9e75dfcb allow @all to also include gitweb and daemon
By default, @all does not include gitweb and daemon, but if that's what
you want, you can make it happen...  see GL_ALL_INCLUDES_SPECIAL
variable in conf/example.gitolite.rc
2010-08-24 21:38:46 +05:30
Sitaram Chamarty 2b066fc9f0 info/expand print better(?) permission codes
see doc/report-output.mkd for details
2010-08-24 17:51:33 +05:30
Sitaram Chamarty 6e2db12302 allow @groups in setperms command also
This should hopefully be the final step in making wildrepos as close to
normal repos as possible.  You can now do pretty much anything with them
that you can do with normal repos [1]

Implementation notes:

  - compile puts out %groups into the compiled config file regardless of
    GL_BIG_CONFIG because this feature needs it
  - wild_repo_rights caches %groups because the part of the %groups hash
    we care about will not change between calls in the same run

----

[1] **except** use the full-blown config file syntax within the gl-perms
    file :-)  I don't plan to do that; it's too complicated! [2]

[2] yeah yeah I know -- famous last words!
2010-08-21 13:04:13 +05:30
Sitaram Chamarty 3a8f32ac9b minor fixups to the "gitweb/daemon from setperms" code...
- fork was not printing a newline after the permissions
  - "add_del_line" to properly handle that damn projects.list file!
2010-08-20 23:09:11 +05:30
Sitaram Chamarty 648676faec gitweb and daemon should now work even from within setperms
modifications:

  - call setup_gitweb_access and setup_daemon_access from with
    get_set_perms so when the user sets a perm explicitly it works
  - in setup_gitweb_access, do not delete description file or
    gitweb.owner if the repo is wild
  - make the "fork" adc set gitweb.owner *and* call setperms using
    GL_WILDREPOS_DEFPERMS
  - add tests

bug fixes:

  - gl-auth did not even *look* at GL_WILDREPOS_DEFPERMS when
    auto-"C"reating a wild repo; fixed
  - setup_gitweb_access did not delete the description file as
    consistently as it deleted the owner

what will NOT work:

  - removing gitweb permissions does not clear the name from
    "projects.list".  That's complicated, so just wait till the next
    "compile" to make this happen

(thanks to Jefferai for driving this...)

----

mildly puzzling:

    for some strange reason, after a "git ls-remote ...try3" in t58,
    instead of not creating a "description" file, we started seeing a
    73-byte file containing this message:

    Unnamed repository; edit this file 'description' to name the repository.
2010-08-20 21:02:18 +05:30