Commit graph

2 commits

Author SHA1 Message Date
Sitaram Chamarty da210f21bd log elapsed time
I'm an idiot.  I say I won't do it, then I go and do it anyway.

Fortunately, in this case, the code and execution remain exactly the
same for people who do not set $GL_PERFLOGT in the rc file, so it's
tolerable.

<evil grin> People who want even more than this can contact Greg Lonnon
(see the mailing list archives at
http://groups.google.com/group/gitolite for an obfuscated but easy to
guess email address) ;-)
2010-08-17 22:35:16 +05:30
Sitaram Chamarty c8879264e6 separate out the code that sets up ~/.ssh/authorized_keys
NOTE: there are no *functional* changes in this for *normal*
    gitolite users.  It's just a chunk of code moving into a new
    subroutine etc.

KDE needs to populate the authkeys file from an LDAP store.  Other large
projects may have similar means to store keys, depending on how they do
their user provisioning so a generic solution is worth exploring.

This means that in these special cases
  - the gitolite-admin repo's keydir/ directory is not needed [1]
  - but they still need to create the authkeys file somehow

Implementation:

  - write a shim program to make the authkeys-generation code callable
    from the command line/shell.
  - set $GL_NO_SETUP_AUTHKEYS=1 in the rc file to disable authkey
    generation during a "compile" (admin repo push)

Expected usage of new program gl-setup-authkeys:

  - LDAP change triggers some script
  - this script collects all keys from LDAP, puts them in some
    directory, and then calls gl-setup-authkeys, passing it the name of
    the directory

ALSO PLEASE SEE COMMENTS AT THE TOP OF THE NEW PROGRAM IN THIS COMMIT
FOR SOME IMPORTANT DISCUSSION.

----

Footnotes:

[1] It doesn't make sense to use it if the keys will be maintained by
some other entity and can be called up as needed, and it adds an
unnecessary extra step.
2010-08-09 23:21:15 +05:30