Commit graph

192 commits

Author SHA1 Message Date
Sitaram Chamarty bede47e2db Merge branch 'master' into wildrepos
Conflicts:
	src/hooks/update
2010-01-14 20:47:04 +05:30
Sitaram Chamarty ecfd20e793 @SHELL is now $SHELL_USERS in the rc file (warning: backward compat breakage)
Stop conflating the privilege to push changes to the admin repo with the
privilege to get a shell on the server.

Please read doc/6 carefully before upgrading to this version.  Also
please ensure that the gitolite key is *not* your only means to get a
command line on the server
2010-01-14 19:35:46 +05:30
Sitaram Chamarty 839027f7a7 change delegation to NAME/ style (warning: backward compat breakage)
This is a backward incompatible change.  If you are using delegation and
you upgrade to this version, please do the following:

  * change your gitolite.conf file to use the new syntax (see
    doc/5-delegation.mkd in this commit)

  * for each branch "foo" in the gitolite-admin repo, do this:

        # (on "master" branch)
        git checkout foo -- conf/fragments/foo.conf

  * git add all those new fragments and commit to master

  * delete all the branches on your clone and the server

        # again, for each branch foo
        git branch -D foo
        git push origin :foo
2010-01-10 09:50:08 +05:30
Sitaram Chamarty 7124faa9f3 NAME-based restrictions
Gitolite allows you to restrict changes by file/dir name.  The syntax
for this used "PATH/" as a prefix to denote such file/dir patterns.
This has now been changed to "NAME/" because PATH is potentially
confusing.

While this is technically a backward-incompatible change, the feature
itself was hitherto undocumented, and only a few people were using it,
so I guess it's not that bad...

Also added documentation now.
2010-01-09 20:30:53 +05:30
Sitaram Chamarty 5ad2056a9c typo fix in doc/4; thanks Teemu! 2010-01-08 06:20:19 +05:30
Sitaram Chamarty d03152316f install transcript 2009-12-25 01:05:21 +05:30
Sitaram Chamarty 1a80f0182d Merge branch 'master' into wildrepos 2009-12-23 20:00:56 +05:30
Sitaram Chamarty b0ce84d47f document @SHELL feature, allow "info" for all,
...but still distinguish shell folks with a small extra line telling
them they have shell access
2009-12-23 19:57:36 +05:30
Sitaram Chamarty 203d5690be Merge branch '@all-for-repos' into wildrepos
Conflicts:
	src/gl-compile-conf
2009-12-21 23:02:02 +05:30
Sitaram Chamarty ba3cbd7ecf doc/3, conf: document @all for repos
plus some refactoring of doc/3
2009-12-21 22:58:47 +05:30
Sitaram Chamarty 6f45f75ca1 minor docfix 2009-12-21 06:23:25 +05:30
Sitaram Chamarty 714e214258 wildrepos: catch-all disclaimer for missing features ;-) 2009-12-20 11:57:53 +05:30
Sitaram Chamarty d49bb6b423 Merge branch 'master' into wildrepos
Conflicts:
	src/gitolite.pm
	src/gl-auth-command
2009-12-20 06:58:33 +05:30
Sitaram Chamarty ed2bf526f8 minor docfix 2009-12-13 19:17:18 +05:30
Sitaram Chamarty ff28acb059 Merge branch 'master' into wildrepos
master brought in:

  - full email addresses as usernames
  - repo-specific git config

Conflicts:
	doc/3-faq-tips-etc.mkd
	src/gitolite.pm
	src/gl-compile-conf
2009-12-11 11:23:26 +05:30
Sitaram Chamarty 780b4cca20 ssh-copy-id workaround detail plus a couple other doc fixes 2009-12-10 17:07:46 +05:30
Sitaram Chamarty 64979c18ea document repo config support 2009-12-09 12:16:22 +05:30
Sitaram Chamarty 4441ed82e4 compile: allow full email addresses as usernames
we had usurped the email style syntax to separate multiple keys
belonging to the same person, like sitaram@desktop.pub and
sitaram@laptop.pub.  If you have so many users that you need the full
email address to disambiguate some of them (or you want to do it for
just plain convenience), you couldn't.

This patch fixes that in a backward compatible way.  See
doc/3-faq-tips-etc.mkd for details.
2009-12-08 15:14:05 +05:30
Sitaram Chamarty 135079c9d7 minor docfix 2009-12-06 20:40:23 +05:30
Sitaram Chamarty 02cee1d5cf wildrepos: expanded access reporting
This feature has *no* warranty, and so no documentation.  Not more than
this transcript anyway.

config file:

    @prof = u1
    @TAs = u2 u3
    @students = u4 u5 u6

    repo    assignments/CREATER/a[0-9][0-9]
        C   =   @students
        RW+ =   CREATER
        RW  =   WRITERS @TAs
        R   =   READERS @prof

session:

as user "u4":
    # check your permissions
    $ ssh git@server
    PTY allocation request failed on channel 0
    hello u4, the gitolite version here is v0.95-31-gbcb14ca
    you have the following permissions:
     C      assignments/CREATER/a[0-9][0-9]
       @ @  testing
    Connection to localhost closed.

    # autovivify repos for assignment 12 and 24
    $ git clone git@server:assignments/u4/a12 a12
    Initialized empty Git repository in /home/sitaram/t/a12/.git/
    Initialized empty Git repository in /home/gitolite/repositories/assignments/u4/a12.git/
    warning: You appear to have cloned an empty repository.
    $ git clone git@server:assignments/u4/a24 a24
    Initialized empty Git repository in /home/sitaram/t/a24/.git/
    Initialized empty Git repository in /home/gitolite/repositories/assignments/u4/a24.git/
    warning: You appear to have cloned an empty repository.

    # check what repos you autovivified
    $ ssh git@server expand assignments/u4/a[0-9][0-9]
    (u4)    assignments/u4/a12
    (u4)    assignments/u4/a24

as user "u5":
    # check your basic permissions
    $ ssh git@server
    PTY allocation request failed on channel 0
    hello u5, the gitolite version here is v0.95-31-gbcb14ca
    you have the following permissions:
     C      assignments/CREATER/a[0-9][0-9]
       @ @  testing
    Connection to localhost closed.

    # see if you have access to any of u4's repos
    $ ssh git@server expand assignments/u4/a[0-9][0-9]
    # (no output produced)

as user "u4":
    # allow "u5" read access to assignment 12
    # note you type in "R u5", hit enter, then hit Ctrl-D.  Gitolite
    # then produces a confirmation message starting "New perms are:"
    $ ssh git@server setperms assignments/u4/a12
    R u5
    New perms are:
    R u5

as user "u5":
    # again see if you have access to any u4 repos
    $ ssh git@server expand assignments/u4/a[0-9][0-9]
    (u4)    assignments/u4/a12

as user "u4":
    # check what permissions you gave to assignment 12
    $ ssh git@server getperms assignments/u4/a12
    R u5

    # add RW access to "u6" to assignment 12
    # again, type 'em in, then hit Ctrl-D; and note each time you run
    # this you're starting from scratch -- you can't "add to" the
    # permissions.  Deal with it...
    $ ssh git@server setperms assignments/u4/a12
    R u5
    RW u6
    New perms are:
    R u5
    RW u6

as user "u6":
    # check what u4 stuff you have access to
    $ ssh git@server expand assignments/u4/a[0-9][0-9]
    (u4)    assignments/u4/a12
2009-12-06 20:36:16 +05:30
Sitaram Chamarty 6214ad3ab6 wildrepos: first cut documentation 2009-12-06 20:36:12 +05:30
Sitaram Chamarty 8a4bb453a0 document that @all doesnt work as expected in deny rules
@all in a deny rule doesnt work as it might look in the config file,
because @all rights are checked last.  This is fine if you dont have any
DENYs (and so rule order doesn't matter), but with DENY it causes some
problems.

I never bothered to document it because I did not expect that any repo
that is "serious" enough to have deny rules *at all* should then allow
*any* kind of "write* access to @all.  That's a very big contradiction
in terms of paranoia!

Translation: this will not be supported.  Don't bother asking.  You know
who you are :)
2009-12-05 14:57:21 +05:30
Sitaram Chamarty d71720d050 fold rebel into master :) [please read]
Well, something even more outrageous than deny rules and path-based
limits came along, so I decided that "rebel" was actually quite
"conformist" in comparision ;-)

Jokes apart, the fact is that the access control rules, even when using
deny rules and path-limits, are still *auditable*.  Which means it is
good enough for "corporate use".

[The stuff that I'm working on now takes away the auditability aspect --
individual users can "own" repos, create rules for themselves, etc.

So let's just say that is the basis of distinguishing "master" now.]
2009-12-01 07:15:05 +05:30
Sitaram Chamarty 601eaf8ea1 tips doc: add pointer to later section on excludes 2009-12-01 05:55:59 +05:30
Sitaram Chamarty 604669ca02 rebel edition -- cos when you need it, you need it bad :-)
Summary: much as I did not want to use "excludes", I guess if we don't put the
code in "master" it's OK to at least *write* (and test) the code!

See the example config file for how to use it.

See "design choices" section in the "faq, tips, etc" document for how it
works.
2009-12-01 05:55:58 +05:30
Sitaram Chamarty d8cb62934f docs: document how to specify "owner" for gitweb 2009-11-27 13:47:33 +05:30
Sitaram Chamarty a02a48e8f5 easy install: dont allow root, plus warn about shell access using the given key
- refuse to install to root
  - when a pubkey is being used that was not freshly created by
    ourselves, warn the user that this key can not be used to get shell
    access to the server.  Prevents some corner cases of people being
    locked out...

Also, change the final message to be even more clear that this is all on
the workstation, not the server
2009-11-26 12:13:42 +05:30
Sitaram Chamarty 9a85f5d0d6 auth: print permissions for @all also
I don't have a use for "@all" at all (pun not intended!) other than the
"testing" repo, but <teemu dot matilainen at iki dot fi> sent in a patch
to mark those repos with "R" and "W" in the permissions list, and I
started thinking about it.

This could actually be useful if we *differentiated* such access from
normal (explicit username) access.  From the "corporate environment"
angle, it would be nice if a project manager could quickly check if any
of his projects have erroneously been made accessible by @all.

So what we do now is print "@" in the corresponding column if "@all" has
the corresponding access.

Also, when someone has access both as himself *and* via @all, we print
the "@"; printing the "R" or "W" would hide the "@", and wouldn't
correctly satisfy the use case described above.
2009-11-25 09:15:36 +05:30
Sitaram Chamarty 1c786d880a doc/3: $repo_base -> $projectroot; honor @all in perm check
- it appears that what we call $repo_base, gitweb already needs as
    $projectroot
  - allow read of repos defined as readable by @all

plus some minor declaration changes to make the sample code work as is

(thanks to teemu dot matilainen at iki dot fi)
2009-11-25 08:46:21 +05:30
Sitaram Chamarty de2e38c372 minor doc/message updates/clarifications 2009-11-24 09:16:29 +05:30
Sitaram Chamarty 23be2b6240 easy install (+doc): make it run from msys. Here's how:
- all $HOME/blah becomes "$HOME/blah" (bl**dy "Documents and Settings" crap)
  - replace bash regex with perl, and in one case replace the check with
    something else
  - rsync changed to appropriate scp
  - since we no longer insist on running from a specific directory, create
    tmpgli dir *after* you cd to the right place
2009-11-19 17:39:14 +05:30
Sitaram Chamarty c727d68caa install doc: server and client requirements spelled out 2009-11-18 15:40:37 +05:30
Sitaram Chamarty 05a06a2c75 README, doc/3: gitweb "description" feature 2009-11-18 07:18:05 +05:30
Sitaram Chamarty c54d3eabbc all src: (please read full commit message): allow local admin-defined hooks
You can now add your own hooks into src/hooks/ and they get propagated
along with the update hook that is present there now.  Please read the
new section in the admin document, and make sure you understand the
security implications of accidentally fiddling with the "update" script.

This also prompted a major rename spree of all the files to be
consistent, etc.  Plus people said that the .sh and .pl suffixes should
be avoided (and I was feeling the same way).  I've also been
inconsistent with that "gl-" prefix, so I cleaned that up, and the 00-
and 99- were also funny animals.

Time to get all this cleaned up before we get 1.0 :)

So these are the changes, in case you're looking at just the commit
message and not the diffstat:

    src/pta-hook.sh -> src/ga-post-update-hook
    src/conf-convert.pl -> src/gl-conf-convert
    src/00-easy-install.sh -> src/gl-easy-install
    src/99-emergency-addkey.sh -> src/gl-emergency-addkey
    src/install.pl -> src/gl-install
    src/update-hook.pl -> src/hooks/update
2009-11-13 18:37:46 +05:30
Sitaram Chamarty 76520693a3 doc/2: add docs for gitweb description, plus some minor cleanup 2009-11-12 18:54:16 +05:30
Sitaram Chamarty be972d04d0 doc/6: added two keys explanation and workaround 2009-11-12 10:28:23 +05:30
Sitaram Chamarty c4069dd85f (please read full commit message) upgrade behaviour changed
**upgrades no longer touch the config or the keydir**

When you first install gitolite, the easy install script has to do two
*distinct* things:

  * install the software
  * create and seed the gitolite-admin repo with a minimum config file
    and the newly created pubkey

That's fine for an install, because nothing exists yet anyway.

Subsequent invocations of the script should only do the first task (so
that gitolite itself can be upgraded), and not attempt to fiddle with
the config file and pubkeys.

Unfortunately, until now I had not been separating these two activities
cleanly enough.  For instance, the commit message for 8e47e01 said:

    IMPORTANT: we assume that $admin_name remains the same in an upgrade
    -- that's how we detect it is an upgrade!  Change that name or his
    pubkey, and you're toast!

Ouch!

So now I decided to clean things up.  The "Usage" message tells you
clearly what to do for an upgrade.

Should have been like this from the beginning, but hey we got there
eventually :)

----

Code-wise, this is a major refactor of the easy install script.  It uses
an old forgotten trick to get forward refs for bash functions ;-) and in
the process cleans up the flow quite a bit.
2009-11-06 15:37:03 +05:30
Sitaram Chamarty 8aecaa2da2 doc/6: rename the file, change focus completely 2009-11-05 23:13:39 +05:30
Sitaram Chamarty 33305ed8e7 doc/1: fix formatting problem on github
(local mkd worked fine... weird!)
2009-11-05 23:13:38 +05:30
Sitaram Chamarty 92d5062ad0 doc/src: major doc/help text revamp
also removed some dead code from compile (pre PTA days)
2009-10-31 00:21:37 +05:30
Sitaram Chamarty b94ff910d1 doc/6: explain that all this is *only* for the admin 2009-10-30 17:42:26 +05:30
Sitaram Chamarty a19a7f01d7 auth, doc/3: print useful information when no command given 2009-10-28 21:46:57 +05:30
Sitaram Chamarty a23622a31b doc/3: add section on unexpected gitwebauth good-ness! 2009-10-28 21:46:57 +05:30
Sitaram Chamarty 593ed765a7 Merge branch 'system-install' 2009-10-28 21:46:27 +05:30
Sitaram Chamarty 98124596ed doc/6: no idea how but this ended up with CRLF line endings (ugh!) 2009-10-25 21:32:32 +05:30
Sitaram Chamarty 999513c1d9 doc/install: document the new -q flag 2009-10-25 19:23:15 +05:30
Sitaram Chamarty 8eefc036e0 rc, pta-hook/doc: don't assume $HOME of 'git' user is /home/git
(Thanks to Jerome Arbez-Gindre)
2009-10-23 10:23:06 +05:30
Sitaram Chamarty 96fa0da946 allow a/b/c type repos to be created 2009-10-23 10:14:41 +05:30
Sitaram Chamarty d6dc1c0856 added doc/6: more complex ssh setups 2009-10-21 19:19:20 +05:30
Sitaram Chamarty 536e3198bf doc fixes...
- README: add a "what" section first, plus a few minor fixes
  - doc/5:
      - remove reference to obsolete ml branch URL; point it to the right
        place with the right section name
      - change text to reflect the fact that p-t-a is now the default!
2009-10-14 14:09:34 +05:30
Sitaram Chamarty 481242f6cb doc/3: minor fix to an already minor change :) 2009-10-13 11:46:04 +05:30
Sitaram Chamarty 59e15e62a1 support git installed outside default $PATH
(also some minor fixes to doc/3)
2009-10-13 10:03:12 +05:30
Sitaram Chamarty d125488107 doc/3 minor re-arrangement 2009-10-13 10:03:12 +05:30
Sitaram Chamarty 9e46920fe3 faq: explain one user many keys a bit better 2009-10-12 20:02:38 +05:30
Sitaram Chamarty d78bbe8c3e lots of doc changes reflecting "push to admin" is default now :)
- added comments to easy install to help do it manually
  - README: some stuff moved to tips doc, brief summary of extras
    (over gitosis) added
  - INSTALL: major revamp, easy install and manual install,
    much shorter and much more readable!

plus other docs changed as needed, and updated the tips doc to roll in
some details from "update.mkd" in the "ml" branch
2009-10-11 14:19:00 +05:30
Sitaram Chamarty ccd8372bb3 aa ha! easy install script!
src/00-easy-install.sh does *everything* needed, and it's mostly
self-documented
2009-10-11 14:19:00 +05:30
Sitaram Chamarty af7fd0bf2e Merge branch 'master' into delegation 2009-10-07 12:40:08 +05:30
Sitaram Chamarty 410c9ba46c doc/install: add missing "cd" 2009-10-07 12:33:49 +05:30
Sitaram Chamarty ec2ad64b38 doc/delegation: never ending quest to write well :) 2009-10-05 19:39:55 +05:30
Sitaram Chamarty 8096cc8e9c install.pl, pta hook, upgrade doc:
- install the post-update hook also
  - fix bashism in pta-hook

Also, since delegation works best with PTA, reflect that in the upgrade doc
2009-10-05 16:55:14 +05:30
Sitaram Chamarty fa5567f22c doc/5-delegation added, doc/4 (PTA) enhanced
This is complete user documentation for delegation
2009-10-04 10:22:41 +05:30
Sitaram Chamarty 5bb0850c5c p-t-a: make the post-update hook a separate file...
...and just refer to it in the doc.  This hook will acquire more code soon,
when we do delegations :)
2009-10-04 10:10:39 +05:30
Sitaram Chamarty 70d26d810b compile, all docs/confs: specify gitweb/daemon access + bonus
bonus: documented the "bits and pieces" thing properly; should have done this
long ago, but it came to the forefront now thanks to this item
2009-09-25 13:50:59 +05:30
Sitaram Chamarty 8217ef9d5b P-T-A doc: add note about switching back and forth 2009-09-21 19:36:40 +05:30
Sitaram Chamarty 2a763dfdb1 doc/3: updated the log line description 2009-09-21 19:36:39 +05:30
Sitaram Chamarty 978046acb9 compile/update hook: COMPILED FILE CHANGE -- PLEASE READ BELOW
Summary:
    DONT forget to run src/gl-compile-conf as the last step in the upgrade

Details:

The compiled file format has changed quite a bit, to make it easier for the
rebel edition coming up :-)

compile:
  - we don't split RW/RW+ into individual perms anymore
  - we store the info required for the first level check separately now:
    (repo, R/W, user)
  - the order for second level check is now:
    repo, user, [{ref=>perms}...] (list of hashes)

update hook logic: the first refex that:
  - matches the incoming ref, AND
  - contains the perm you're trying to use,
causes the match loop to exit with success.  Fallthrough is failure
2009-09-21 19:36:39 +05:30
Sitaram Chamarty 09fd745255 upgrade doc: added step to compile 2009-09-21 19:36:39 +05:30
Sitaram Chamarty 344723b974 conf+doc/3: explain why we don't like "exclude rules" in refexes 2009-09-21 19:36:38 +05:30
Sitaram Chamarty 5415b425e7 example conf, doc/3: explain refexes 2009-09-21 19:36:38 +05:30
Sitaram Chamarty 780f636c0a doc warnings:
doc/admin: add warning about creating repos manually!
doc/4: add warning on compile errors when using p-t-a
2009-09-21 19:36:38 +05:30
Sitaram Chamarty 7d0e778bad Merge branch 'umask' 2009-09-21 19:18:02 +05:30
Sitaram Chamarty 4879a03c60 Makefile wraps "git archive" to record "git describe" output in tar 2009-09-21 19:01:47 +05:30
Sitaram Chamarty df3dd0de48 compile, rc, doc/3: allow custom umask 2009-09-21 14:49:27 +05:30
Sitaram Chamarty 838dd65d5f compile+doc/3: deal with older gits
- detect/warn git version < 1.6.2
  - create documentation with details on client-side workaround
  - change the "git init --bare" to (older) "git --bare init", since the old
    syntax still works anyway
2009-09-21 14:17:53 +05:30
Sitaram Chamarty 86faae4d4c compile+conf: allow lists (@listname) for reponames too
why should just usernames have all the fun :)  The "expand_userlist" function
is now "expand_list" and serves generically.  The example conf has also been
updated correspondingly
2009-09-17 20:03:38 +05:30
Sitaram Chamarty fde9708cbf compile: better message when authkeys absent
for security reasons, we refuse to create ~/.ssh/authorized_keys if it doesn't
exist.  Explain this better and point to the documentation
2009-09-17 19:57:59 +05:30
Sitaram Chamarty 5758f69a43 doc: added 4-push-to-admin 2009-09-15 12:04:49 +05:30
Sitaram Chamarty 2ca4916621 doc/3: explain how 2-level access checks affect personal branch rights 2009-09-14 13:36:51 +05:30
Sitaram Chamarty 7f9c2e6510 minor doc updates
- README: re not needing root access
  - doc/3: "empty clone error" vis-a-vis git 1.6.4.3
2009-09-14 12:33:31 +05:30
Sitaram Chamarty d9d432a483 faq/tips: added "common errors..." section with 2 examples 2009-09-11 23:03:41 +05:30
Sitaram Chamarty 7abc629d51 faq-tips doc: "compile" as a separate step vindicated :-)
it seems gitosis silently ignores config errors.  It can't do anything else,
considering *when* the config file is parsed (on every access!)
2009-09-10 15:57:52 +05:30
Sitaram Chamarty 804c70f570 almost all src/conf: logging totally redone, upgrade doc added
- logs go into $GL_ADMINDIR/logs by default, named by year-month
  - logfile name template (including dir prefix) now in $GL_LOGT
  - two new env vars passed down: GL_TS and GL_LOG (timestamp, logfilename)
  - log messages timestamps more compact, fields tab-delimited
  - old and new SHAs cut to 14 characters
2009-09-06 18:07:38 +05:30
Sitaram Chamarty 455ebe1bc9 update hook: personal branches pattern, "-" becomes "/" 2009-09-02 06:49:04 +05:30
Sitaram Chamarty 4fa1ca6652 minor doc updates re directories etc 2009-09-01 20:33:24 +05:30
Sitaram Chamarty 53f1a77f7f admin doc: clarify why authkeys is needed and what it does
I was very insistently told by a user that I should just create the file
if it does not exist, but this is as far as I am willing to go
2009-08-30 21:27:03 +05:30
Sitaram Chamarty b916a07d28 update hook: using non-std branches revealed an unnecessary check for refs/heads/; removed 2009-08-30 17:04:27 +05:30
Sitaram Chamarty b1c329dbb6 doc fixes:
- install is even clearer now (I hope!), esp to people with root
    access who seem to expect something else :)
  - used path vars (from ~/.gitolite.rc) more consistently, and
  - added refeerences to ~/.gitolite.rc for resolving them
2009-08-30 12:08:54 +05:30
Sitaram Chamarty 4c2c55f2d1 admin doc: clarified the instructions a little more
...it seems some admins are, well, not quite ready to be admins :)

(also some minor typo fixes slipped in)
2009-08-29 19:15:59 +05:30
Sitaram Chamarty d27af37d21 faq-tips-etc: completely revamped; big "differences from gitosis" section, etc 2009-08-29 19:08:24 +05:30
Sitaram Chamarty 3161b0ac86 migration document added 2009-08-28 09:50:34 +05:30
Sitaram Chamarty 00b4baa435 doc changes after split 2009-08-28 09:50:34 +05:30
Sitaram Chamarty f0099a125e reduce clutter by making src, doc, conf subdirectories 2009-08-27 14:00:00 +05:30