You can now add your own hooks into src/hooks/ and they get propagated
along with the update hook that is present there now. Please read the
new section in the admin document, and make sure you understand the
security implications of accidentally fiddling with the "update" script.
This also prompted a major rename spree of all the files to be
consistent, etc. Plus people said that the .sh and .pl suffixes should
be avoided (and I was feeling the same way). I've also been
inconsistent with that "gl-" prefix, so I cleaned that up, and the 00-
and 99- were also funny animals.
Time to get all this cleaned up before we get 1.0 :)
So these are the changes, in case you're looking at just the commit
message and not the diffstat:
src/pta-hook.sh -> src/ga-post-update-hook
src/conf-convert.pl -> src/gl-conf-convert
src/00-easy-install.sh -> src/gl-easy-install
src/99-emergency-addkey.sh -> src/gl-emergency-addkey
src/install.pl -> src/gl-install
src/update-hook.pl -> src/hooks/update
Packaging gitolite for debian requires the rc file to be in /etc/gitolite.
But non-root installs must still be supported, and they need it in $HOME.
This means the rc file is no longer in a fixed place, which needs code to find
the rc file first. See comments inside new file 'gitolite.pm' for details.
The rest of the changes are in the other programs, to replace the hard-coded
rc filename with a call to this new code.
- warn about files in keydir/ that dont end with ".pub"
- warn about pubkey files for which the user is not mentioned in config
- warn more sternly about the opposite (user in config, no pubkey!)
update hook: add reponame to message on deny
auth: minor typo
Summary:
DONT forget to run src/gl-compile-conf as the last step in the upgrade
Details:
The compiled file format has changed quite a bit, to make it easier for the
rebel edition coming up :-)
compile:
- we don't split RW/RW+ into individual perms anymore
- we store the info required for the first level check separately now:
(repo, R/W, user)
- the order for second level check is now:
repo, user, [{ref=>perms}...] (list of hashes)
update hook logic: the first refex that:
- matches the incoming ref, AND
- contains the perm you're trying to use,
causes the match loop to exit with success. Fallthrough is failure
- logs go into $GL_ADMINDIR/logs by default, named by year-month
- logfile name template (including dir prefix) now in $GL_LOGT
- two new env vars passed down: GL_TS and GL_LOG (timestamp, logfilename)
- log messages timestamps more compact, fields tab-delimited
- old and new SHAs cut to 14 characters
