Commit graph

439 commits

Author SHA1 Message Date
Sitaram Chamarty bdb7cd6903 move empty ARGV check down after "-s" check
to make calling "gl-auth -s" (no username) work
2010-07-21 06:27:43 +05:30
Sitaram Chamarty 20c2e1aac8 <sigh>
there are people who cannot click a "doc/" link on the first google hit,
and think you have to clone the whole thing to see the docs...

I suspect they aren't even hitting the "read more" link that github
shows in the description blurb, or if they go there they aren't even
going to the end of the second para, which contains a nice link.
2010-07-06 05:53:35 +05:30
Sitaram Chamarty 1488973412 (doc) INSTALL doc needs info on URLs
More and more people are using one of the first 3 methods of install
(the ones that don't involve running "src/gl-easy-install" from the
client side) usualy due to RPM/DEB being available now.

Previously, the ending message on running that command was serving this
purpose, and so it never really got written down in so many words.

[thanks to antgel for catching this]

----

while we were there, we removed a now-obsolete section that talks about
how to use just one key; there are better methods now
2010-07-05 16:22:10 +05:30
Jeff Mitchell 14248a3441 add '[' as allowed starting character for repo patterns
this allows the first part of the repo name (if wildcard repos are
activated) to have a regex like [a-zA-Z0-9]+.

----

Note added by committer:

he assumption used to be that all wildcard repos will have some common
prefix like "users", but I did not imagine it would be like

    repo [a-zA-Z0-9]+/users/CREATOR/[a-zA-Z0-9]+

(viz., the "users" is in the middle).

Sounds reasonable...
2010-06-22 22:00:55 +05:30
Jeff Mitchell 38403c354f Add GL_WILDREPOS_DEFPERMS
allows a default 'setperms' string to be set for new wildcard
repositories.

Also, fix a bug in the fork script where a failure in the git command
would still cause the rest of the script to attempt to run.
2010-06-22 17:20:23 +05:30
Sitaram Chamarty d6a7e3b182 (minor) install doc, new hooks 2010-06-22 14:52:05 +05:30
Sitaram Chamarty acff0bd3d0 hook propagation doc much expanded now 2010-06-20 08:06:54 +05:30
Sitaram Chamarty 98a42be614 asking for other users' perms had a bug in BIG_CONFIG mode
fixes:
  - allow "grouped" admins to get basic info for other users by checking
    more than just the *user*'s right to the admin repo
  - report_basic is called with a $user argument, but it's not easy
    (right now) to propagate this to parse_acl.  Use a simple kludge,
    (for now at least).

thanks to bcooksley for catching this
2010-06-20 00:57:21 +05:30
Sitaram Chamarty bc5fc5793d (minor) added hook propagation doc 2010-06-19 11:33:18 +05:30
Sitaram Chamarty 286ce76048 (minor) added tags to test 52 on denying creates 2010-06-18 23:16:42 +05:30
Sitaram Chamarty 3c5bd4a131 test suite: catch internal errors better
...so you don't have to look at all the output for any strangeness

(also make rollback a little quieter)
2010-06-18 22:09:30 +05:30
Sitaram Chamarty a430cc57c7 separating "push" from "create"
This is what I *should* have done back then; thanks to Jeff Mitchell for
pointing out a problem with the old method.

The old one is *definitely* a kludge.  <shamefaced grin>
2010-06-18 21:34:43 +05:30
Sitaram Chamarty 78c8caa24c Revert "now you can disallow creation of new refs if you like"
This reverts commit 6d32e4e920.

see subsequent commits for why
2010-06-18 19:31:06 +05:30
Sitaram Chamarty bf1a9720af (minor) be less noisy about pubkeys present but not used in config
The main use case is for people who give most people access via @all,
which is somewhat unusual but in some situations it probably makes
sense.

See also a related commit made a month or so ago (aa8da93).

Actually these two lint checks were made to help people spot typos in
the config, which sorta becomes meaningless if you have more than a few
such cases anyway, so for most people it should not matter that I am now
merely summarising the number of such cases if there are more then 10.
2010-06-18 16:50:45 +05:30
Sitaram Chamarty 0f5f82e4f5 log message changes (warning: minor backward compat breakage)
The log message format has changed.  All log messages now have a common
prefix (timestamp, user, IP).  This is followed by $SSH_ORIGINAL_COMMAND
(or, in one special case, the name of the user's login shell).  Any
further text appears after this (currently this only happens in the case
of a successful push -- one for each ref pushed successfully)
2010-06-16 17:22:37 +05:30
Sitaram Chamarty 1ecc7ae74e (minor) added overkill doc 2010-06-16 14:19:31 +05:30
Sitaram Chamarty 97b094bccb some doc updates (plus CHANGELOG) 2010-06-15 23:01:22 +05:30
Sitaram Chamarty 517786572d (adc fork) fork is now fast and space-efficient on the server
uses "git clone -l" then manually sets up the gl-creater and hooks

(thanks to Jeff and the kde gang for asking ;-)
2010-06-12 16:26:38 +05:30
Sitaram Chamarty 255a4ca9fa add a new test to make sure "info" and "expand" show the right output 2010-06-12 13:24:59 +05:30
Sitaram Chamarty 0add3d3de7 finally, open up my secret test scripts...
...after getting rid of most of the hardcoding (though not all!)
2010-06-12 13:24:55 +05:30
Sitaram Chamarty ba8094d6f5 report_basic forgot how to display wildcards during big-config change
in addition, due to "+" becoming a valid character in a normal reponame,
(think gtk+, etc), the pattern

    repo dev/CREATOR/.+

doesn't look like a wildcard repo anymore, so we add an extra check that
if CREATOR is mentioned, it *is* a wildcard.

This has been added *only* to the report_basic function; it doesn't
really matter anywhere else.
2010-06-12 09:27:25 +05:30
Sitaram Chamarty 080ec22ae9 compile: kill spurious "user ... not in config" warnings
this happens when users are given rights to a repo via a groupname, and
GL_BIG_CONFIG is in effect
2010-06-02 12:29:47 +05:30
Sitaram Chamarty 6d32e4e920 now you can disallow creation of new refs if you like
see doc/3 for details (look for "separating delete and rewind rights"

----

and for gerrit, this is one more thing it can do that we can too ;-)

[the original text was somewhat misleading.  We mean "prevent someone
from creating a branch that they have permissions to push".  That is
what is now possible, where it was not possible before.]
2010-06-02 06:47:22 +05:30
Sitaram Chamarty 18267706db doc/0: a minor clarification and a minor re-ordering 2010-06-02 06:19:54 +05:30
Sitaram Chamarty 805050a129 remove a few needless bashisms...
Note: "able" still needs bash but it's an easy fix if you need to use it
on a bash-challenged machine and care enough
2010-06-01 20:07:53 +05:30
Sitaram Chamarty faf1629fd8 better anchors in docs: changed autotoc and ran it through all docs 2010-06-01 06:16:13 +05:30
Sitaram Chamarty 5bbd102059 (contrib) how to enable or disable push for maintenance
...for some or all repos

(and a minor bug fix in the adc.common-functions file)
2010-05-31 20:49:14 +05:30
Sitaram Chamarty b4c1627130 include VERSION details when using gl-system-install from a clone
It works fine when you're installing off of a tar file because the
Makefile also generates a VERSION file, but when doing from a clone you
still need to generate it.

(plus minor fix to easy install, in the same area of code)
2010-05-31 14:20:58 +05:30
Sitaram Chamarty ce2e8b6788 (minor) doc/6: mention putty/plink 2010-05-29 19:16:48 +05:30
martin f. krafft 798762a0c3 gitweb: default GL_USER to gitweb if not provided by CGI
If CGI.pm does not have a user, this patch causes the gitweb
authentication code to assume "gitweb". This allows one to specify ACLs
specifically for gitweb, separately from the @all catch-all.

To: Sitaram Chamarty <sitaramc@gmail.com>
Cc: Teemu Matilainen <teemu.matilainen@iki.fi>
Signed-off-by: martin f. krafft <madduck@madduck.net>
2010-05-28 06:56:29 +05:30
Sitaram Chamarty 701b182021 document the add_host_nickname branch changes 2010-05-23 12:04:01 +05:30
Sitaram Chamarty 89655a141c Merge branch 'add_host_nickname' into pu
Conflicts:
	src/gl-easy-install
2010-05-23 09:26:12 +05:30
Sitaram Chamarty f4d21db590 easy install: clone even if a non-default host_nickname is used 2010-05-23 09:25:58 +05:30
Sitaram Chamarty c013dbf8f0 (minor fixups) 2010-05-23 09:25:58 +05:30
Matt Perzel 41bec9f25f Added host_nickname parameter to gl-easy-install 2010-05-22 17:27:23 -07:00
Sitaram Chamarty 196b41e0fd *major* doc revamp
people will NOT read documentation, especially the bloody install
documentation.  I'm about ready to throw in the towel and declare
gitolite unsupported, take-it-or-leave-it.

But I'm making one last attempt to refocus the install doc to better
suit the "I know I'm very smart and I dont have to read docs so it's
clearly your fault that I am not able to install gitolite" crowd.

As a bonus, though, I ended up making proper, hyper-linked, TOCs for
most of the docs, and moved a whole bunch of stuff around.  Also finally
got some of the ssh stuff over from my git-notes repo because it really
belongs here.
2010-05-21 21:36:58 +05:30
Sitaram Chamarty 025de395dc (minor) 2010-05-21 21:32:55 +05:30
Sitaram Chamarty fd85ee2c91 *try* to make upgrades resilient to format changes (pkg maintainers please read)
the commits leading up to v1.5 caused the data format to change (we
added a rule sequence number).

This in turn caused a problem for people who may have installed using
the "system install / user setup" mode of install (which includes people
who used RPM/DEB to install it) -- they would now have to *manually* run
"gl-setup" once after the rpm/deb upgrade.

This commit *tries* to mitigate this problem by recording a data format
version number in the compiled output file.  On any access to that file,
if the version number is not found or is found to be not equal to the
current version, gl-setup is run again.

The reason I say "*tries*" is that the exact command used to do this is
a bit of a hack for now.  However, if it works for Fedora and Debian,
I'm going to leave it at that :)
2010-05-21 14:40:03 +05:30
Sitaram Chamarty c993050ef9 (minor) doc/3: doc fix on multikeys 2010-05-20 17:08:21 +05:30
Sitaram Chamarty 3ddc8aa0ca (important upgrade info here)
There has been a format change to the compiled output file.  As the
CHANGELOG says:

    Upgrading to v1.5 from any version prior to v1.5 requires an extra
    step for people who installed gitolite using the "system install /
    user setup" method described in doc/0-INSTALL.mkd.  For such
    installations, after the administrator has upgraded gitolite
    system-wide, each "gitolite host" user must run `gl-setup` once
    (without any arguments).

    This is *not* an issue if you installed using src/gl-easy-install.
2010-05-19 14:33:35 +05:30
Sitaram Chamarty f9e5c8b7b2 (big-config) doc fixup 2010-05-18 17:51:46 +05:30
Sitaram Chamarty be3d00079a Revert "allow setperms to override config file permissions"
This reverts commit 9612e3a4cc, since it
is no longer needed as of the rule sequencing changes we just made.

Conflicts:

	src/gl-compile-conf
2010-05-18 16:40:15 +05:30
Sitaram Chamarty 32056e0b7f (big one!) rule sequencing changes!
There were 2 problems with rule sequencing.

Eli had a use case where everyone is equal, but some are more equal than
the others ;-)  He wanted a way to say "everyone can create repos under
their own names, but only some people should be able to rewind their
branches".

Something like this would be ideal (follow the rules in sequence for
u1/u2/u3/u4, and you will see that the "deny" rule kicks in to prevent
u1/u2 from being able to rewind, although they can certainly delete
their branches):

    @private-owners = u1 u2
    @experienced-private-owners = u3 u4

    repo CREATOR/.*
      C   = @private-owners @experienced-private-owners
      RWD = CREATOR
      RW  = WRITERS
      R   = READERS
      -   = @private-owners
      RW+D = CREATOR

In normal gitolite this doesn't work because the CREATOR rules (which
get translated to "u1" at runtime) end up over-writing the "deny" rule
when u1 or u2 are the creators.  This over-writing happens directly at
the "do compiled.pm" step.

With big-config, this does not happen (because @private-owners does not
get expanded to u1 and u2), but the problem remains: the order of
picking up elements of repo_plus and user_plus is such that, again, the
RW+D wins (it appears before the "-" rule).

We fix all that by

  - making CREATOR complete to more than just the creator's name (for
    "u1", it now becomes "u1 - wild", which is actually illegal to use
    for real so there's no possibility of a name clash!)
  - maintaining a rule sequence number that is used to sort the rules
    eventually applied (this also resulted in the refex+perm hash
    becoming a list)
2010-05-18 16:36:06 +05:30
Sitaram Chamarty c3d23f8734 Merge branch 'pu-big-config' into pu 2010-05-18 15:40:18 +05:30
Sitaram Chamarty aa8da93016 tone down the "ZOMG users without pubkeys" hysteria :) 2010-05-16 13:36:54 +05:30
Sitaram Chamarty 35750c1abe (big-config) update doc and rc, allow skipping gitweb/daemon
skipping gitweb/daemon has an enormous impact on speed of an admin-push!
2010-05-16 12:51:03 +05:30
Sitaram Chamarty 689ff7464b Merge branch 'teemu-contrib' into pu 2010-05-14 22:22:40 +05:30
Teemu Matilainen b278d430b8 contrib: Add information about gitolite-tools
Signed-off-by: Teemu Matilainen <teemu.matilainen@iki.fi>
2010-05-14 19:28:33 +03:00
Sitaram Chamarty 58fc6a3252 (big-config) documentation 2010-05-14 21:44:51 +05:30
Sitaram Chamarty 8da223f92a (big-config) allow usergroup information to be passed in from outside
[Please NOTE: this is all about *user* groups, not *repo* groups]

SUMMARY: gl-auth-commmand can now take an optional list of usergroup
names after the first argument (which is the username).

See doc/big-config.mkd in the next commit or so
2010-05-14 21:44:51 +05:30