Commit graph

858 commits

Author SHA1 Message Date
Tomas Paladin Volf b6ba3cc975 (password access) specify comment field in generated ssh pub key
since gl-shell-setup runs as root, the comment in the generated key was
'root@...' instead of whatever userid it was being created for.

This does not affect gitolite or ssh but it seems some people don't
treat "comment" and "comment" and actually *do* stuff with it.

(only code is from author; commit message is from committer)
2011-11-27 08:24:06 +05:30
Sitaram Chamarty af6820a94b new functions (can_*, is_admin, in_group) for ADCs
(can_* == can_read, can_write, and can_create)

See top of contrib/adc/adc.common-functions for more on this.

Note: the old style (calling get_rights_and_owner with $repo, then
checking $perm_read, $perm_write, etc.), will still work fine.
2011-11-22 19:31:41 +05:30
Sitaram Chamarty d5d982d602 (minor doc update) to ssh-troubleshooting doc
missed this one when I did c5f342a (sshkeys-lint total rewrite, and
gl-setup now uses it)
2011-11-22 10:09:05 +05:30
Sitaram Chamarty ab9d0d2f57 a couple of very minor oopsies
(1) c5f342a forgot authkeys can have blank lines also

(2) f0cedeb ended gl-system-install on a non-0 ret code

both caught by matthewtdawson at gmail
2011-11-17 21:32:11 +05:30
Sitaram Chamarty 66634d687d docbug
caught by larsbj at gullik dot org
2011-11-17 05:50:06 +05:30
Sitaram Chamarty 15b17d7a0c v2.2 2011-11-16 05:53:56 +05:30
Sitaram Chamarty a103417da2 (password access) backward compat breakage for gl-shell-setup; read below
gl-shell-setup has a "run as hosting user" piece that basically
automates the adding of the user's (new) key to the admin repo.

This is now gone.  (It's not that hard to automate yourself if you want
to do it anyway, using gl-admin-push).

I did this because I needed to allow someone in through a gateway, and
realised that that has the exact same needs.  So the whole scheme has
been changed to treat the proxy and the gitolite host as being two
different servers.

At that point it became cumbersome to do the second bit, and I left it
out.

Other changes:
  - you can define exceptions for the default shell in gl-shell
  - the doc has been simplified.
2011-11-15 17:20:17 +05:30
Sitaram Chamarty 97bd5c5c96 (minor) fix hooklet setup instructions 2011-11-15 14:07:53 +05:30
Sitaram Chamarty be8d5f4487 hide output of commands to check for existence of valid user.* keys
could be confusing to people, and is not at all needed to be shown.
2011-11-15 10:03:01 +05:30
Sitaram Chamarty dc79c20709 minor oops in previous commit (would fail on perl older than 5.10 or so) 2011-11-15 10:01:40 +05:30
Sitaram Chamarty c5f342a835 sshkeys-lint total rewrite, and gl-setup now uses it
...in "admin check" mode
2011-11-13 18:02:28 +05:30
Sitaram Chamarty ec93fc7601 (minor) add link to master TOC in main README 2011-11-13 07:52:45 +05:30
Sitaram Chamarty f3eae5e170 maintaining a partial copy of a repo...
...with gl-pre-git and update.secondary hooks
2011-11-09 20:02:10 +05:30
Sitaram Chamarty 5858ecb56e puppet wants to send in keys with comment lines 2011-11-08 12:05:44 +05:30
Sitaram Chamarty b4f96e0a47 added "gitolite flow" picture 2011-11-07 22:27:40 +05:30
Matt Kimmel 39148282cc * Add "pull gitolite-admin" step to moving server instructions in admin.mkd
* Correct the git remote set-url command syntax in admin.mkd
2011-11-06 17:37:22 -05:00
Sitaram Chamarty 582c1873e2 ...because gh-pages won't show files starting with an underscore :(
(and they replied saying "it's by design" so no expectation of a fix)
2011-11-05 06:43:26 +05:30
gross aka Kostya Gribov f6dd9dda0a Added note about chown when migrating to another server
committer note: changed text slightly...
2011-11-03 04:40:25 +05:30
Sitaram Chamarty 6e29365316 MASSIVE set of changes to documents!
I got tired of being told "TL;DR".  Now the online versions of most
documents fit on a page or two, or at least most of them do.  The rest
has been split out (and you can see the links to the split out sections
right where the text is in the raw Markdown).

This is much more pleasant to read, and I've improved the linking so
it's much less effort for me to keep the links correct.
2011-11-02 21:04:33 +05:30
Sitaram Chamarty 3f87430c5a yaay! pictures... (well, sorta...) 2011-11-02 20:48:44 +05:30
Sitaram Chamarty bee5a11d4b (minor) nagp.mkd 2011-11-02 20:48:33 +05:30
Sitaram Chamarty 30d46947ab (minor) added kernel.org to who-uses document 2011-10-30 09:11:22 +05:30
Sitaram Chamarty 877c6625dc minor docfixes
typos, minor clarifications, removing outdated stuff that got missed,
adding some emphasis here and there, re-phrasing some places, etc.
2011-10-30 09:11:04 +05:30
Sitaram Chamarty 200db6e486 user-manual added ("user" as opposed to "admin")
Normally, I use the word "user" in gitolite to mean *my* users, who are
actually admins on their setups.  All my documentation has been geared
to that class of person.

Last night my most famous "user" (not "admin", a real gitolite user)
mentioned that he found it very hard to find info on what a *user* could
do, and he was right.  So here goes...
2011-10-29 06:28:33 +05:30
Sitaram Chamarty 57b3ac3a91 (nomenclature in documentation) changed "category" to "role"
I sometimes think my English is not as good as I claim it is.  Or at
least when I'm thinking in perl my English shuts down...
2011-10-29 05:59:03 +05:30
Sitaram Chamarty 26155c4027 gitolite.conf by example
inspired by someone I would prefer not to have as a user, but hopefully
it will help others with more genuine problems.
2011-10-26 10:01:32 +05:30
Sitaram Chamarty f0cedeb04f gl-system-install now tries to catch PATH issues for gl-setup
any sane system should have $HOME/bin in $PATH, but apparently there are
quite a few insane systems around ;-)

(also changes the usage message etc a bit)
2011-10-21 17:18:38 +05:30
Sitaram Chamarty 7682543385 silently disable URI escaping if CGI::Util is not found
e5c3b0e on a machine without CGI::Util makes gitolite unusable.  I
checked that it was part of perl core, since `corelist CGI::Util`
returns `CGI::Util was first released with perl 5.006001`.

But apparently Fedora (at least) splits out core perl itself into
smaller chunks.  And on my devbox I never noticed because I had gitweb
installed, which pulled it in as a dep.

I found this out when I tried to upgrade my own prod server!
2011-10-21 11:59:58 +05:30
Sitaram Chamarty 5a125fac96 It's official now; Solaris sh is brain dead...
For example, this program

    #!/bin/sh

    die() { echo die called with $1; exit 1; } >&2

    die foo
    die bar

will print *both* those messages!

I honestly don't care if this is posix or not, but it is BRAIN DEAD for
the ">&2" to change the meaning from {} to ()

Oh and the grep thing is even worse.

    echo foo | grep ^/

works fine in an interactive shell but in a script it attempts to
*execute* "/", complains, while simultaneously complaining about usage
of grep.

It's almost like it's treating ^ like |
2011-10-20 16:39:18 +05:30
Sitaram Chamarty f050938171 (minor) add a warning to rsync ADC
...in case someone wants to make it "ua"
2011-10-20 16:39:18 +05:30
Jeff Mitchell 1a6fa8b718 Add option to have "list" be the default action for the help ADC 2011-10-18 09:27:21 +05:30
Javier Domingo e5c2372609 Corrected doc/3-faq-tips-etc.mkd as refering to previous config (using GL_REPO_BASE) 2011-10-18 09:24:52 +05:30
Joey Hess e2d9ce6368 update documentation for git-annex-shell ua ADC 2011-10-18 08:13:57 +05:30
Sitaram Chamarty c553e393c3 make all the DENIED messages consistent
how did I not notice this before?
2011-10-18 08:03:05 +05:30
Sitaram Chamarty d750725a34 fix rsync adc to call check_access the correct way...
also a test fix
2011-10-17 22:10:18 +05:30
Sitaram Chamarty 85da5572b2 some nice ADC changes... (warning: minor backward compat breakage)
- support for ADCs with unchecked arguments
  - rsync, htpasswd, and svnserve gone from core; turned into ADCs

Backward compat breakage and fix: Please see documentation for details,
but if you're using gitolite to control rsync you will now need to setup
ADCs (admin defined commands), and install at least the new "rsync" ADC.

----

Thanks to Joey Hess (see commit prior to this) for forcing me to stop
being lazy and get this out of my long term todo list.
2011-10-17 18:42:57 +05:30
Joey Hess 955edcc5ec git-annex support via unrestricted ADC 2011-10-17 17:33:03 +05:30
Sitaram Chamarty fd0e229054 some more bashisms fixed... 2011-10-16 17:32:30 +05:30
Sitaram Chamarty 36dfb85e1b Merge branch 'test-suite-revamp' into pu 2011-10-11 15:04:16 +05:30
Sitaram Chamarty 3c62fe8ad4 (test suite) added documentation for changes 2011-10-11 15:03:31 +05:30
Sitaram Chamarty fdf424ea4f (test suite) dont put adc's in /tmp 2011-10-11 13:53:58 +05:30
Sitaram Chamarty f48a0b9d73 (test suite) changes to test-driver for "all in one user" testing 2011-10-11 13:53:58 +05:30
Sitaram Chamarty 7729433c05 (test suite) remove hardcoded username 'gitolite-test' 2011-10-11 13:53:58 +05:30
Sitaram Chamarty f77d0d2cf1 (test suite) t/install also serves as a quick way to "play install" gitolite
(t/install-gitolite has been renamed to t/install)
2011-10-11 13:53:57 +05:30
Sitaram Chamarty 09f57beea6 (next round of minor changes) 2011-10-10 14:21:38 +05:30
Sitaram Chamarty 5e3a051a95 "deny" rules for entire repo
- strictly speaking, this should be phrased: "deny" rules for the
    first level access check

  - requires a gitolite option to be set, like so:

        config gitolite-options.deny-repo = 1
2011-10-10 14:18:49 +05:30
Sitaram Chamarty a1270ba778 allow defining and checking 'config gitolite-options.foo = bar' type keys 2011-10-07 19:27:28 +05:30
Sitaram Chamarty 77f0b2da0e the rarely-useful "@all users can access @all repos" thing... 2011-10-07 13:53:10 +05:30
Svend Sorensen 696bffe605 Use sed instead of bashism (pattern substitution) in gl-mirror-push
gl-mirror-push fails with dash as /bin/sh due to the use of bash pattern
substition (${parameter/pattern/string}). Use sed instead.
2011-10-06 21:09:55 +05:30
Sitaram Chamarty eabbffb564 mirroring log entries need the *date* also in the timestamp!
(Not sure how I missed this earlier, but if you can't upgrade yet, a
mitigation is to note the job number that gets printed on your terminal
when a mirror push starts, and look a log file entries beginning with
that number.)
2011-10-06 21:09:55 +05:30