Commit graph

650 commits

Author SHA1 Message Date
Sitaram Chamarty 9e46920fe3 faq: explain one user many keys a bit better 2009-10-12 20:02:38 +05:30
Sitaram Chamarty 48e18e1d2d easy install: some minor fixes
- fix typo in introduction
  - detect if you're not running strictly as src/00-easy-install.sh
2009-10-12 10:37:51 +05:30
Sitaram Chamarty 0b81bfd6ec easy install: allow ports other than 22 for ssh to server 2009-10-11 14:19:00 +05:30
Sitaram Chamarty d78bbe8c3e lots of doc changes reflecting "push to admin" is default now :)
- added comments to easy install to help do it manually
  - README: some stuff moved to tips doc, brief summary of extras
    (over gitosis) added
  - INSTALL: major revamp, easy install and manual install,
    much shorter and much more readable!

plus other docs changed as needed, and updated the tips doc to roll in
some details from "update.mkd" in the "ml" branch
2009-10-11 14:19:00 +05:30
Sitaram Chamarty d0d9cbe3af easy install comment about clientside/serverside was wrong 2009-10-11 14:19:00 +05:30
Sitaram Chamarty ccd8372bb3 aa ha! easy install script!
src/00-easy-install.sh does *everything* needed, and it's mostly
self-documented
2009-10-11 14:19:00 +05:30
Sitaram Chamarty 9d2c9662a2 install: can't assume p-t-a is setup!
make installing the p-u hook conditional to avoid ugly error
2009-10-11 14:18:59 +05:30
Sitaram Chamarty af7fd0bf2e Merge branch 'master' into delegation 2009-10-07 12:40:08 +05:30
Sitaram Chamarty 410c9ba46c doc/install: add missing "cd" 2009-10-07 12:33:49 +05:30
Sitaram Chamarty f883fe7d71 compile: comments+efficiency
- add better comments on the 2 main hashes
  - work around an inefficiency caused by the exclude prep code needing
    a list instead of a hash at a certain place
2009-10-05 20:21:33 +05:30
Sitaram Chamarty ec2ad64b38 doc/delegation: never ending quest to write well :) 2009-10-05 19:39:55 +05:30
Sitaram Chamarty 8096cc8e9c install.pl, pta hook, upgrade doc:
- install the post-update hook also
  - fix bashism in pta-hook

Also, since delegation works best with PTA, reflect that in the upgrade doc
2009-10-05 16:55:14 +05:30
Sitaram Chamarty 3c960aa5e1 pta hook: avoid spurious error messages on old fragments 2009-10-04 15:51:32 +05:30
Sitaram Chamarty 616d8a5f7d compile: (large changes) parse delegated fragments if any
[Note: this is a fairly involved commit, compared to most of the others.
    See doc/5-delegation.mkd for a user-level feature description.]

    parse delegated config fragments (found as conf/fragments/*.conf).  Any
    repos being referenced within a fragment config *must* belong to the
    "@group" with the same name as the fragment.

    That is, a fragment called conf/fragments/abc.conf can only refer to repos
    that are members of the "@abc" repo group.  It cannot specify access
    control for any other repos.  If it does, those settings are ignored, and
    a warning message is produced.

    since the delegated config must have the flexibility of (re-)defining
    group names for internal convenience, and since all such definitions go
    into the same "groups" hash, it is quite easy for conf/fragments/abc.conf
    to write in its own (re-)definition of "@abc"!  That would be a neat
    little security hole :)

    The way to close it is to consider only members of the "@abc" groupset
    defined in the main ("master") config file for this purpose.
2009-10-04 10:22:57 +05:30
Sitaram Chamarty fa5567f22c doc/5-delegation added, doc/4 (PTA) enhanced
This is complete user documentation for delegation
2009-10-04 10:22:41 +05:30
Sitaram Chamarty 2f2af033f5 pta-hook.sh: collect delegated config fragments
collect the delegated config fragments from correspondingly named branches of
the gitolite-admin repo, and put them all in conf/fragments/

also deprecate changes to conf and keydir locations from now on
2009-10-04 10:10:40 +05:30
Sitaram Chamarty 5bb0850c5c p-t-a: make the post-update hook a separate file...
...and just refer to it in the doc.  This hook will acquire more code soon,
when we do delegations :)
2009-10-04 10:10:39 +05:30
Sitaram Chamarty 34a6f89c26 compile: make the parse a function instead of inline
Again, prep for delegation, when we'll be reading fragments of config rules
from various files and tacking them onto the %repos hash.

note: this patch best viewed with "git diff -w", clicking "Ignore space
change" in gitk, or eqvt :-)
2009-10-04 10:10:39 +05:30
Sitaram Chamarty 3267c3f4be compile: change %groups from hash of lists to hash of hashes
This makes it easier to test if a repo is a member of a group, which is
required for the delegation feature coming up
2009-10-04 10:10:39 +05:30
Sitaram Chamarty c15c75749b compile: special-case 'gitweb' and 'daemon' from the linting
not a big deal since there's a very simple and obvious workaround -- create a
new keypair, throw away the private key, and use the pubkey
2009-10-03 10:55:30 +05:30
Sitaram Chamarty 1b9969f3d6 auth: better message, remove unsightly perl warning on bad command 2009-09-27 23:52:04 +05:30
Sitaram Chamarty c66e1ad732 compile: pubkey related linting added
- warn about files in keydir/ that dont end with ".pub"
  - warn about pubkey files for which the user is not mentioned in config
  - warn more sternly about the opposite (user in config, no pubkey!)

update hook: add reponame to message on deny
auth: minor typo
2009-09-27 09:51:00 +05:30
Sitaram Chamarty 70d26d810b compile, all docs/confs: specify gitweb/daemon access + bonus
bonus: documented the "bits and pieces" thing properly; should have done this
long ago, but it came to the forefront now thanks to this item
2009-09-25 13:50:59 +05:30
Sitaram Chamarty 8217ef9d5b P-T-A doc: add note about switching back and forth 2009-09-21 19:36:40 +05:30
Sitaram Chamarty 2a763dfdb1 doc/3: updated the log line description 2009-09-21 19:36:39 +05:30
Sitaram Chamarty 978046acb9 compile/update hook: COMPILED FILE CHANGE -- PLEASE READ BELOW
Summary:
    DONT forget to run src/gl-compile-conf as the last step in the upgrade

Details:

The compiled file format has changed quite a bit, to make it easier for the
rebel edition coming up :-)

compile:
  - we don't split RW/RW+ into individual perms anymore
  - we store the info required for the first level check separately now:
    (repo, R/W, user)
  - the order for second level check is now:
    repo, user, [{ref=>perms}...] (list of hashes)

update hook logic: the first refex that:
  - matches the incoming ref, AND
  - contains the perm you're trying to use,
causes the match loop to exit with success.  Fallthrough is failure
2009-09-21 19:36:39 +05:30
Sitaram Chamarty 2285e75c22 example rc: say that $PERSONAL must start with "refs/" 2009-09-21 19:36:39 +05:30
Sitaram Chamarty 09fd745255 upgrade doc: added step to compile 2009-09-21 19:36:39 +05:30
Sitaram Chamarty 344723b974 conf+doc/3: explain why we don't like "exclude rules" in refexes 2009-09-21 19:36:38 +05:30
Sitaram Chamarty 5415b425e7 example conf, doc/3: explain refexes 2009-09-21 19:36:38 +05:30
Sitaram Chamarty 780f636c0a doc warnings:
doc/admin: add warning about creating repos manually!
doc/4: add warning on compile errors when using p-t-a
2009-09-21 19:36:38 +05:30
Sitaram Chamarty 7d0e778bad Merge branch 'umask' 2009-09-21 19:18:02 +05:30
Sitaram Chamarty 4879a03c60 Makefile wraps "git archive" to record "git describe" output in tar 2009-09-21 19:01:47 +05:30
Sitaram Chamarty df3dd0de48 compile, rc, doc/3: allow custom umask 2009-09-21 14:49:27 +05:30
Sitaram Chamarty 838dd65d5f compile+doc/3: deal with older gits
- detect/warn git version < 1.6.2
  - create documentation with details on client-side workaround
  - change the "git init --bare" to (older) "git --bare init", since the old
    syntax still works anyway
2009-09-21 14:17:53 +05:30
Sitaram Chamarty 86faae4d4c compile+conf: allow lists (@listname) for reponames too
why should just usernames have all the fun :)  The "expand_userlist" function
is now "expand_list" and serves generically.  The example conf has also been
updated correspondingly
2009-09-17 20:03:38 +05:30
Sitaram Chamarty fde9708cbf compile: better message when authkeys absent
for security reasons, we refuse to create ~/.ssh/authorized_keys if it doesn't
exist.  Explain this better and point to the documentation
2009-09-17 19:57:59 +05:30
Sitaram Chamarty f54c6c7a52 compile: make error messages grab the admin's attention
required if you do "push to admin"
2009-09-15 21:02:23 +05:30
Sitaram Chamarty 5758f69a43 doc: added 4-push-to-admin 2009-09-15 12:04:49 +05:30
Sitaram Chamarty 2ca4916621 doc/3: explain how 2-level access checks affect personal branch rights 2009-09-14 13:36:51 +05:30
Sitaram Chamarty 7f9c2e6510 minor doc updates
- README: re not needing root access
  - doc/3: "empty clone error" vis-a-vis git 1.6.4.3
2009-09-14 12:33:31 +05:30
Sitaram Chamarty d9d432a483 faq/tips: added "common errors..." section with 2 examples 2009-09-11 23:03:41 +05:30
Sitaram Chamarty 694050d6c4 all src: suffixed a \n to all die's; error output looks cleaner now 2009-09-10 21:35:49 +05:30
Sitaram Chamarty 3d44b003c8 clarifications in various messages etc
(thanks to SethX for feedback)

  - install: a little more verbosity in the mkdir
  - install and example conf: some of the help text made more clear
  - auth: error message on bad $cmd is now clearer, plus no perl-warnings to
    confuse people
2009-09-10 21:26:25 +05:30
Sitaram Chamarty 7abc629d51 faq-tips doc: "compile" as a separate step vindicated :-)
it seems gitosis silently ignores config errors.  It can't do anything else,
considering *when* the config file is parsed (on every access!)
2009-09-10 15:57:52 +05:30
Sitaram Chamarty 804c70f570 almost all src/conf: logging totally redone, upgrade doc added
- logs go into $GL_ADMINDIR/logs by default, named by year-month
  - logfile name template (including dir prefix) now in $GL_LOGT
  - two new env vars passed down: GL_TS and GL_LOG (timestamp, logfilename)
  - log messages timestamps more compact, fields tab-delimited
  - old and new SHAs cut to 14 characters
2009-09-06 18:07:38 +05:30
Sitaram Chamarty 455ebe1bc9 update hook: personal branches pattern, "-" becomes "/" 2009-09-02 06:49:04 +05:30
Sitaram Chamarty 4fa1ca6652 minor doc updates re directories etc 2009-09-01 20:33:24 +05:30
Sitaram Chamarty 401c2f46d7 install: update hooks in all repos on upgrade 2009-09-01 20:33:19 +05:30
Sitaram Chamarty 208c401858 compile: chmod internal, and save "old" authkeys 2009-09-01 19:40:42 +05:30