Commit graph

711 commits

Author SHA1 Message Date
Sitaram Chamarty b11d44e036 (mirroring) make cron jobs easier to write
gl-mirror-shell will now take a list of slaves and/or keys, expanding
the keys in place.  See doc for even more improvements and conveniences.
2011-08-15 07:02:42 +05:30
Sitaram Chamarty aa7ff8ac27 (mirroring) some more error checking 2011-08-14 22:22:31 +05:30
Sitaram Chamarty e3b1fdfd69 (mirroring doc) explain how this is more than just 'backup' 2011-08-14 08:20:03 +05:30
Sitaram Chamarty a3ffc9d8fd (mirroring) reject non-local pushes if GL_HOSTNAME not set
We previously said all mirroring features are disabled if GL_HOSTNAME is
not set.

But what if, after mirroring has been setup, and master/slaves defined
for a repo, a slave admin fat-fingers the RC file and accidentally
comments out GL_HOSTNAME?  We might end up violating RULE NUMBER ONE!
2011-08-13 14:32:38 +05:30
Sitaram Chamarty 37ce28a43b (new mirroring) documentation 2011-08-13 09:03:13 +05:30
Sitaram Chamarty 5143cc890f (new mirroring) enhance gl-tool
...it now does the mirroring peer key setup, unlike the kludgy manual way in the old setup
2011-08-12 22:51:44 +05:30
Sitaram Chamarty 68b45e1616 (new mirroring) bulk of the changes are here:
- post-receive now just calls mirror-push
  - mirror-push is a medium complex shell script (all that backgrounding
    etc., can't be done so easily in God's first language!)
  - mirror-shell is now a perl program that does a few different things
    (receive mirror-pushes, command line re-sync, re-sync requests from a
    slave, etc)
  - auth-command changes to reject/redirect non-native pushes
2011-08-12 22:51:44 +05:30
Sitaram Chamarty 15db108e45 (new mirroring) helpers, hostname, detect use of older RC variables, delete mirror-sync 2011-08-12 22:51:44 +05:30
Sitaram Chamarty b70cf05b43 (minor) allow a comma in regex pattern for wild repos
This was an oversight.  We already allow { and } anyway...
2011-08-12 21:45:23 +05:30
Sitaram Chamarty 0b68365860 fix accumulation of 'config' (git config) lines
If a repo matches multiple patterns, 'config' lines were being picked up
only from one of the 'repo' paras, instead of from all applicable ones.
2011-08-08 09:47:56 +05:30
Sitaram Chamarty 4c1e4b2b1a v2.0.3 2011-08-08 09:47:56 +05:30
Sitaram Chamarty 66f2065098 deal with a perl 5.14 deprecation on qw()
Apparently 5.14 deprecates using qw() as parentheses

(thanks to Benjamin Severs)
2011-08-04 22:01:13 +05:30
Sitaram Chamarty 817c1835ae (docfix) you need RW+ to overwrite a tag
to my eternal shame (considering how proud I am of my documentation)
this was not mentioned anywhere!  I'm getting old...

thanks to Pierre Habouzit for catching this

(also slipped in a few other minor doc changes.  I wouldn't mix
unrelated stuff in a commit when doing code changes but it seems ok to
do this for docfixes, for some reason).
2011-08-01 08:12:23 +05:30
Sitaram Chamarty 49f5361799 (minor) don't ignore dirty-ness when generating version number 2011-07-29 14:12:56 +05:30
Sitaram Chamarty 973157d777 (doc) "authentication-vs-authorisation"
"gitolite-without-ssh" doc name was misleading; rename to
"authentication-vs-authorisation"

also restructure the whole thing to answer the main question better, and
fix up links from other places
2011-07-25 20:28:03 +05:30
Sitaram Chamarty 6b65ffbab4 (minor) setperms and DOS users
Supporting git on DOS may be a fact of life, but it felt good to make
them use the "right" editor (hint: starts with v, ends with m, has three
letters), or at least something equivalent, to produce their setperms
input files.

I'd say "yes Fred I know.  However, Unix doesn't work like that, and
when talking to a big, important, OS like Unix from your little
single-user workstation, you do have to go the extra mile.  It's not
that different from going into a meeting with the CEO you know -- you
dress up a little for that meeting don't you?".  And Fred would nod, a
little awed by the analogy.  Maybe the awe was tinged with a wee bit of
anger but not much; he knows there's a hierarchy among OSs, just like
among people, and he knows where his OS stands in that hierarchy...

----

For the humour impaired, that was a joke.  To start with, I don't know
anyone called Fred.

It *is* true that I tend to ignore DOS if at all possible, especially in
my *code*.  But since I don't really use wildrepos at work, this issue
would never have come up for me, even in the DOS projects I manage.

In this case someone who's contributed a heck of a lot to the evolution
of gitolite asked, so here it is.

----

oh and in case you were wondering, DOS stands for "dominant operating
system" ;-)
2011-07-23 08:31:33 +05:30
Sitaram Chamarty 8710521f30 gitosis migration document overhaul (I need feedback on this) 2011-07-18 21:07:38 +05:30
Sitaram Chamarty b649536847 (minor) fixed some broken links due to 867b34f
thanks to j416 for catching this...
2011-07-18 21:06:14 +05:30
Sitaram Chamarty 9882e24084 (a few minor doc fixes) 2011-07-14 19:20:24 +05:30
Sitaram Chamarty 42df4c01a9 gl-dont-panic replaced by more generic gl-admin-push
(sorry Douglas Adams; the "towel day" program is no more!)
2011-07-13 22:29:44 +05:30
Christopher M. Fuhrman df885e5989 Documentation tweaks
- Add note about daemon user
 - In example, set gitweb.url to proper URL

Signed-off-by: Christopher M. Fuhrman <cfuhrman@panix.com>
2011-07-04 09:08:38 +05:30
Sitaram Chamarty 6ad6bf95e6 (adc) change quoting when calling cli_repo_rights from shell
otherwise repo names containing "@" in them were causing the @foo part
to be interpolated (as empty of course) instead of being taken literally

reported by silvio dot fricke at googlemail
2011-06-26 11:33:56 +05:30
Sitaram Chamarty fda9f37b3a die() needs to be defined in post-update hook
(and in one other place it needs to be defined earlier)

I never caught this because in my testing those error conditions --
caused by lack of afc3a06 -- never came up.
2011-06-19 06:54:52 +05:30
Sitaram Chamarty 1f768a1763 (minor) some minor doc fixes 2011-06-14 20:22:04 +05:30
Sitaram Chamarty 5381dbb2da (doc) upgrading a 'from-client' installation to 'non-root' 2011-06-14 20:21:11 +05:30
Sitaram Chamarty c7d95293dd revert part of 9ad7ea4
Fix a problem with authkeys perms when REPO_UMASK is too loose.

(To duplicate it, run a fresh, non-root install, and when gl-setup pops
up an editor, change the REPO_UMASK to 0007 (from the default 0077).
You'll find that ~/.ssh/authorized_keys now has g+w set, causing sshd to
refuse key-based access.)

And before you ask, even though gl-setup does it, I won't fiddle with
the permissions of an existing file in *this* code.  (gl-setup is run
manually by the admin, this one gets run on every push).

----

Side note: 9ad7ea4 was somewhat forced on me, and I didn't really agree
with parts of it.  I have no idea why I gave in so easily, but it won't
happen again!
2011-06-11 14:02:26 +05:30
miiihi f8812b7822 Allowing customization of authentication options thru gitolite.rc 2011-06-11 13:04:12 +05:30
Sitaram Chamarty 7a0f517afe sometimes you shouldn't call log_it()...
a warn/die may happen even before setup_environment() has been called,
so then log_it() tries to use uninitialised variables and it then adds
to the confusion complaining about *those*
2011-06-11 13:04:12 +05:30
Sitaram Chamarty 436662f28f v2.0.2 2011-06-01 20:17:55 +05:30
Sitaram Chamarty cf1987e747 (sskm) document courtesy Jeff Mitchell
I'd originally written some minimal documentation for this ADC, but I
liked Jeff's version so much that I borrowed it, added the final section
("important notes for the admin"), made a few other minor fixups, and
then happily ditched my version.
2011-06-01 20:17:55 +05:30
Sitaram Chamarty d402b093b7 (sskm) hush output from internal git commands
(the ones that require GL_BYPASS_UPDATE_HOOK to be set are done slightly
differently because I just didn't want all the hassle of saving and
restoring that variable on the perl side)
2011-06-01 12:16:23 +05:30
Sitaram Chamarty 4942fdbe0e (sskm) not finding a key in the list is not always fatal...
[caught by Jeff...]
2011-06-01 12:16:23 +05:30
Sitaram Chamarty 9e01778796 (sskm) self-service key management -- new adc
based on a discussion with Jeff from the KDE team; see doc for more.
2011-06-01 12:16:19 +05:30
Sitaram Chamarty a6a0db10e9 oopsies... should be checking for "-x" not just "-f or -l" to chain a hook
it was trying to execute a broken symlink!  (Thanks to Jeff of KDE for
catching this)
2011-05-28 20:33:21 +05:30
Sitaram Chamarty b706719a56 (here's more proof that writing code is easier...)
streamline the README and the install doc a fair bit, especially make
'from-client' install deprecated, and relegate it to an Appendix.
2011-05-28 18:14:19 +05:30
Sitaram Chamarty 660fad954a make gl-system-install easier to run
make the arguments optional (with documented defaults) plus they need
not exist a priori, reducing one command (the silly mkdir!) that the
user has to run.

All this is preparatory to deprecating the from-client method.  We've
even switched the test suite to 'non-root' method now
2011-05-28 18:14:19 +05:30
Sitaram Chamarty 31cd56b76d (minor) doc tweaks 2011-05-28 17:49:22 +05:30
Sitaram Chamarty 936f8719ce make projects.list (and some other files) writes atomic
The KDE folks have a projects.list file that gets picked up by rsync and
sent elsewhere in some cron-ish manner.  They noticed that occasionally
the file that went across was truncated, which indicates that maybe it
got picked up while it was still being written.

oh and this change also affects any files that get written using
wrap_print()
2011-05-25 08:15:36 +05:30
Sitaram Chamarty 3d9b4fae9f (minor) make htpasswd use md5 passwords
(thanks to yoonique dot net at gmail; he also tested that files with
some normal and some md5 passwords, such as would happen on an upgrade,
work fine)
2011-05-24 06:30:55 +05:30
Sitaram Chamarty fe53e778c9 (minor fix to t67) 2011-05-23 21:21:43 +05:30
Sitaram Chamarty 7bea99148c tighten up adc arguments a bit more 2011-05-19 09:29:47 +05:30
Sitaram Chamarty d3a663d03f (ssh doc) (N+1)th time rewrite; the holy grail still eludes me <sigh> 2011-05-12 09:33:46 +05:30
Sitaram Chamarty 867b34f32c (doc) ADCs now have an overview doc, plus...
- repo-deletion is now a proper doc
  - other doc enhancements and clarifications
2011-05-12 09:33:19 +05:30
Sitaram Chamarty 74c1736222 (sshkeys-lint) add detection of duplicate *.pub files 2011-05-10 10:17:05 +05:30
Sitaram Chamarty 18c69e8612 su-getperms and su-setperms 2011-05-08 11:22:42 +05:30
Sitaram Chamarty 2b6d0670df (doc) a slew of minor doc fixes 2011-05-05 09:32:13 +05:30
Christopher M. Fuhrman cbb2de157c (doc) Initial entry of gitolite-gitweb-http-backend documentation
Initial entry of markdown documentation as generated by pod2markdown.
Note addition of table-of-contents and appropriate anchors

Signed-off-by: Christopher M. Fuhrman <cfuhrman@panix.com>

[some formatting type changes done by Sitaram]
2011-05-05 08:23:02 +05:30
Sitaram Chamarty 836faf915f forcibly set user.{name,email} if needed
git 1.7.4+ insists on these two being defined.  So I reduce my support
load by forcing them if they were not set.

Much easier than explaining to people what should be obvious from the
error message.
2011-05-04 14:04:10 +05:30
Sitaram Chamarty 89b68bf5ca new adc to allow deleting a branch that you created; see below
The need for this comes about as follows:

  - a project may allow its developers "RWC" (or "RW+C") so that they
    can create feature branches when needed.  Note that these are
    *feature* branches, so they can't use the "personal branches"
    mechanism that gitolite already has.

  - the developers are *not* given RWCD (or RW+CD) to prevent accidental
    deletion of an important branch.  Branch *deletion* is something
    that only a few trusted admins can do.

  - as a result, there are sometimes situations where a developer
    creates a misnamed branch and then has to ask the admins to help get
    rid of it.

What the KDE folks wanted was a way to allow the creator of a branch to
be able to delete it.  In addition, they needed this allowed only for a
fixed duration after the creation of a branch, not forever (for the same
reason they don't get RWCD, to prevent accidents).

These are my reasons why this feature is implemented as an ADC instead
of being "in core":

  - we'd need additional syntax to differentiate this special case
    (which is sort of in between RWC and RWCD, if you think about it).

    I'm reluctant to complicate the syntax further for something that is
    only occasionally needed.

  - we'd need either (a) code to parse the log files, or, (b) code to
    maintain "who created this ref" on every push that creates a ref.

      - parsing the log files is too kludgy and inelegant to be in core,
        not to mention potentially very slow for really large projects

      - code to maintain the a history of "who created this ref" is too
        cumbersome, especially because of the need to expire old entries
        after a time.
2011-05-02 07:15:12 +05:30
Sitaram Chamarty 59f3c4a512 v2.0.1 2011-04-30 06:40:53 +05:30