Commit graph

831 commits

Author SHA1 Message Date
Sitaram Chamarty 396bfaa3b9 gl-auth now checks for and run a hook called 'gl-pre-git'
see sample code for motivation; other uses at your discretion
2011-03-05 12:23:17 +05:30
Sitaram Chamarty aab5ec9e6a 'hub' ADC takes patterns for 'list-request', has new 'accept' command
(plus a few minor fixes)
2011-03-05 12:23:17 +05:30
Sitaram Chamarty ca913af6cd for cool 'cat's who use 'putty' :-)
ryan-c on #gitolite (ryan.castellucci@gmail.com) found that if a user
types in
        ssh git@server `echo -e "\033[2J"`
or eqvt, he can get raw ASCII control characters into gitolite's log
file.  Then if a gitolite admin 'cat's the log file (instead of using a
pager, or uses a pager in raw mode like 'less -r'), those control
characters hit his screen and do stuff.

While clearing the screen etc is probably harmless and I would not have
bothered, we know that the old vt100 would allow the keyboard to be
remapped by the server sending control codes, and we're not really sure
which of the currently in use terminals emulate this.

And finally, I found somewhere that "PuTTY allows the server to send
control codes that let it take over the mouse".  Scary...

(...of course, I hate putty/plink so I was sorely tempted to leave this
as is to punish people who use it <grin> but not really; I'd joke about
it but won't actually *do* it!)
2011-03-05 05:56:58 +05:30
Sitaram Chamarty 6d3c2fbcef 'hub' ADC doc and rudimentary test script 2011-03-03 15:39:54 +05:30
Sitaram Chamarty 49e64a4f11 'hub' ADC 2011-03-03 15:39:54 +05:30
Sitaram Chamarty 284431e661 (minor) added info on config vars to admin-defined-commands.mkd 2011-03-02 23:24:45 +05:30
Dmitrijs Ledkovs a78d969f7c Fix a typo in docs 2011-03-01 12:29:57 +00:00
Sitaram Chamarty 635ccfafd0 (minor doc enhancement) how to rename a repo 2011-02-26 00:32:53 +05:30
Sitaram Chamarty e7d55899f3 fork adc acquired some good ideas from the KDE folks 2011-02-25 21:15:08 +05:30
Sitaram Chamarty 46528f0cc7 squelch useless "undefined" warnings
Normal users will never need this change but the big boys like to play
on the server side directly... and sometimes the SSH_CONNECTION var is
not set
2011-02-25 20:39:59 +05:30
Sitaram Chamarty cec94a3664 (minor) who-pushed adc falls afoul of egrep incompat between Linux distros!
It seems even within Linux, not all "egrep"s are equal.  So we fall back
to the one true standard :-)

[caught by Jeff from the KDE team]
2011-02-25 06:21:17 +05:30
Sitaram Chamarty bdef55eee9 (minor) bashism fixes, usability fix, for "able" adc 2011-02-25 06:21:13 +05:30
Sitaram Chamarty 9a49487d0a minor bug in data format fixup code
Earlier, it wasn't as critical for gl-setup to be run with the full
path; the BINDIR deduction used to happen in almost every program.  Now
it's a lot more important.

Apparently I never noticed that "/bin/bash -l gl-setup" does not set $0
to the correct, fq path.  Adding a "-c" does, however...

[thanks to Jeff from the KDE team for finding this]
2011-02-25 06:20:41 +05:30
Sitaram Chamarty bc5e995078 reach out and touch someone
This shaves 3 seconds off of KDE's config compile time :-)

Yes, I know wrap_print has that extra print statement, but otherwise it
was lying around not earning its keep so I gave it a little side job :-)
2011-02-22 13:28:02 +05:30
Sitaram Chamarty 02128ff48f (minor doc fixes) 2011-02-21 21:25:43 +05:30
Sitaram Chamarty dfdab0f3c8 allow gitolite_rc.mkd values to be overridden by ~/.gitolite.rc
you might wonder why these are different from all the other variables in
the rc file... it's just that I never thought people would want to
change these!
2011-02-15 15:10:29 +05:30
Sitaram Chamarty b97115f85b Merge branch 'master' into pu 2011-02-15 15:10:14 +05:30
Sitaram Chamarty 4ce00aef84 security fix for optional ADC (admin-defined command) feature
Thanks to Dylan Simon for catching it...
2011-02-15 14:58:42 +05:30
Sitaram Chamarty a33f0f8504 security fix for optional ADC (admin-defined command) feature
Thanks to Dylan Simon for catching it...
2011-02-13 08:15:01 +05:30
Sitaram Chamarty a10287a4cd update hook: bypass check needs to go into BEGIN block 2011-02-12 20:55:34 +05:30
Sitaram Chamarty 948f700c7a supercool new admin-defined command "git" (disabled by default)
This new adc allows you to run arbitrary git commands on the server.

It is disabled by default, and you have to READ ALL INSTRUCTIONS **AND**
SOURCE CODE BEFORE DEPLOYING.
2011-02-10 14:01:08 +05:30
Sitaram Chamarty 1c3d96e7cb (minor doc fix) how to change $REPO_BASE 2011-02-09 09:37:39 +05:30
Sitaram Chamarty 1c1ae6061d "git config foo.bar = 0" was not working; fixed
(because perl treats 0 as false and I'd not accounted for that)

thanks to idl0r for catching this
2011-02-06 07:14:25 +05:30
Sitaram Chamarty 9b212ed0ef (minor) doc the effect of openssh 5.6 more clearly 2011-02-06 06:24:40 +05:30
Sitaram Chamarty df157e72b5 <sigh> gitweb doc fixes
This patch is dedicated to the person who, when referred to [1] for
gitweb access help, assumed we're talking about a Unix userid called
"gitweb" and said it still doesn't work.  He looked at the description
examples and wasn't sure what to do with them.  Finally, he missed the
sentence "All gitolite does is:" in the document, and assumed *he* was
supposed to do what the next 3 bullets said (in this case, create the
"description" file manually).

He didn't once think of the gitolite.conf file as being the location for
these instructions, or that "give read access" means "R = ..." instead
of a Unix level "chmod ...".

Do things have to be spelled out so goddamn clearly?  Can't people think
for a few seconds and see if there is another way before giving up?

I blame the prevalence of Windows and GUI IDEs.  People can only
"click".  They can't "think" anymore...

[1]: http://sitaramc.github.com/gitolite/doc/2-admin.html#gwd
2011-02-04 09:57:49 +05:30
Sitaram Chamarty 86206641c8 warnings on non-root method were not scary enough
(plus some other minor ssh/install related doc enhancements)
2011-02-03 19:47:11 +05:30
Sitaram Chamarty a1cbcf2001 migrate doc neglected to mention that gitolite needs update hook)
(although it *is* documented in doc/2, I can see where a migrating user
may miss that)
2011-02-02 06:38:03 +05:30
Sitaram Chamarty 86852dabe9 (v2 status) mob branches tested (manually) 2011-01-29 17:28:03 +05:30
Sitaram Chamarty d2cef2d05e doc fixes related to conf and rc getting their own doc files 2011-01-29 17:07:57 +05:30
Sitaram Chamarty 81f39bd64c gitweb.conf updated to v2.0rc1
thanks to Jack Zielke for testing it for me
2011-01-29 17:05:31 +05:30
Sitaram Chamarty 6a5d564917 (minor) less important docs have "## title" now
this is so the make-gh-pages (not part of gitolite) script can boldface
the ones which have "# title"
2011-01-29 15:47:53 +05:30
Sitaram Chamarty 76ae0268fa post-update learns to be quieter
apparently people run it from cron, so this causes a silly one-line
email saying just "Already on master"

thanks to shruggar on #git for pointing out to me that it is quite safe
to use --quiet and will not lose any actual error messages :)
2011-01-29 06:16:13 +05:30
Sitaram Chamarty 1fce051ea1 add -prune to find commands
Apparently it makes a huge difference with some kinds of network drives
(guess which company's software ;-)

http://groups.google.com/group/gitolite/browse_thread/thread/66b888f11dc5a365
2011-01-28 04:55:04 +05:30
Sitaram Chamarty dab35f3565 fixup all docs to allow URLs pointing to gh-pages 2011-01-26 08:08:18 +05:30
Sitaram Chamarty 12f75cdc41 (minor doc fixes for next commit) 2011-01-26 08:08:18 +05:30
Sitaram Chamarty 6bcb5c162d gitolite.conf gets its own document now 2011-01-24 06:21:00 +05:30
Richard Bateman 00a926bf48 Added perms PDC to supplement setperms/getperms
- Also added pygitolite.py as a helper library for python PDC apps
2011-01-21 14:14:09 +05:30
Richard Bateman 108f8e96a2 Added PDC set-head for setting the HEAD ref on a remote branch that you have write access to 2011-01-21 14:14:09 +05:30
Sitaram Chamarty 2cbe807b34 (doc) clarify GIT_HTTP_EXPORT_ALL is not mandatory for mixed ssh+http setups 2011-01-20 07:14:19 +05:30
Sitaram Chamarty 0360dc9f3f test smart http mode, update docs (including mob mode)
- allow a mob username to be defined; all unauthenticated access will
    look to gitolite like this user (if you setup apache also properly)

  - update doc with more details (some repeat stuff from `man
    git-http-backend` but it's probably worth having everything in one
    place
2011-01-17 22:04:10 +05:30
Jan Koprowski c8b1d8cc5b Document handling non-openssh but ssh2-compatible public keys by gitolite. 2011-01-16 20:20:14 +05:30
Sitaram Chamarty 3c1633c659 (minor) gl-setup learns "-q"
suppresses popping an editor when run for the first time
2011-01-16 14:42:11 +05:30
Sitaram Chamarty 692552d146 gitolite v2.0rc1 -- please see new developer-notes doc 2011-01-16 07:26:13 +05:30
Sitaram Chamarty d022d90031 some tests added/expanded 2011-01-15 19:18:31 +05:30
Sitaram Chamarty 9b5793f2d1 v1.5.9 2011-01-15 19:02:34 +05:30
Sitaram Chamarty efa8e0ff16 new contrib/ldap with 3 useful scripts (thanks to Nokia MeeGo folks) 2011-01-13 13:24:01 +05:30
Sitaram Chamarty d8789a3af0 get rid of wasted parse in wild_repo_rights 2011-01-12 00:37:09 +05:30
Sitaram Chamarty c642d9660e (forgot some test output files from an earlier commit) 2011-01-05 19:13:07 +05:30
Sitaram Chamarty 5004369e17 minor doc fix re @all and deny rules
http://groups.google.com/group/gitolite/browse_thread/thread/aa5f87e826cef687
2011-01-05 18:25:12 +05:30
Sitaram Chamarty 10a30c961d (major change in big-config mode) split the compiled config file
Fedora's config has over 11,000 repositories and the compiled config
file is over 20 MB in size.  Although negligible on a server class
machine, on my laptop just parsing this file takes a good 2.5 seconds.

Even if you use GL_ALL_READ_ALL (see a couple of commits before this
one) to remove the overhead for 'read's, that's still a pretty big
overhead for writes.  And GL_ALL_READ_ALL is not really a solution for
most people anyway.

With this commit, using GL_BIG_CONFIG adds another optimisation; see
doc/big-config.mkd for details (look for the word "split config" to find
the section that talks about it).

----

Implementation notes:

  - the check for GL_NO_CREATE_REPOS has moved *into* the loop (which it
    completely bypassed earlier) so that write_1_compiled_conf can be
    called on each item
2011-01-02 11:30:29 +05:30