Commit graph

810 commits

Author SHA1 Message Date
Sitaram Chamarty
d08aca63ff gl-setup: dont try to 'git add' and all that when no key was provided
Apparently some people want gitolite-admin as a non-repo.  Completely
outside gitolite, managed by puppet or such, and leaving only symlinks
for 'conf' and 'keydir' in $GL_ADMINDIR.

But then when they have to run 'gl-setup', the 'git add' complains about
the symlink.  Hence this patch.

----

Meanwhile, if you're one of those puppet masters, here's the script I
gave them for the *compile* (this has nothing to do with this patch; I'm
just throwing it in here so I won't lose it):

    #!/bin/bash

    # let's say you install using "non-root" method.  (Adjust GL_BINDIR for root
    # method or package method).

    # install normally, then make changes directly in $GL_ADMINDIR/conf and
    # $GL_ADMINDIR/keydir.  (Please leaves "logs/" and "hooks/" alone).

    # Then run this:

    export GL_ADMINDIR=$HOME/.gitolite
    export GL_BINDIR=$HOME/bin
    export GL_RC=$HOME/.gitolite.rc

    cd $GL_ADMINDIR
    $GL_BINDIR/gl-compile-conf

    # BE SURE TO REMOVE THE ADMIN REPO ITSELF FROM conf/gitolite.conf, as well as
    # repositories/gitolite-admin.git, lest a push by someone end up overwriting
    # this hand- (or machine-) crafted config.

    # you can get away even further from gitolite's control.  You can, for
    # example, set GL_NO_SETUP_AUTHKEYS in the rc file, and manage even the keys
    # yourself.  Just put the full path to $GL_BINDIR/gl-auth-command followed by
    # the username in the "command=" part of the authkeys file you generate.
2011-11-29 06:41:10 +05:30
Sitaram Chamarty
bd789c029b (git version change causes change in some output) 2011-11-27 08:43:36 +05:30
Tomas Paladin Volf
b6ba3cc975 (password access) specify comment field in generated ssh pub key
since gl-shell-setup runs as root, the comment in the generated key was
'root@...' instead of whatever userid it was being created for.

This does not affect gitolite or ssh but it seems some people don't
treat "comment" and "comment" and actually *do* stuff with it.

(only code is from author; commit message is from committer)
2011-11-27 08:24:06 +05:30
Sitaram Chamarty
af6820a94b new functions (can_*, is_admin, in_group) for ADCs
(can_* == can_read, can_write, and can_create)

See top of contrib/adc/adc.common-functions for more on this.

Note: the old style (calling get_rights_and_owner with $repo, then
checking $perm_read, $perm_write, etc.), will still work fine.
2011-11-22 19:31:41 +05:30
Sitaram Chamarty
d5d982d602 (minor doc update) to ssh-troubleshooting doc
missed this one when I did c5f342a (sshkeys-lint total rewrite, and
gl-setup now uses it)
2011-11-22 10:09:05 +05:30
Sitaram Chamarty
ab9d0d2f57 a couple of very minor oopsies
(1) c5f342a forgot authkeys can have blank lines also

(2) f0cedeb ended gl-system-install on a non-0 ret code

both caught by matthewtdawson at gmail
2011-11-17 21:32:11 +05:30
Sitaram Chamarty
66634d687d docbug
caught by larsbj at gullik dot org
2011-11-17 05:50:06 +05:30
Sitaram Chamarty
15b17d7a0c v2.2 2011-11-16 05:53:56 +05:30
Sitaram Chamarty
a103417da2 (password access) backward compat breakage for gl-shell-setup; read below
gl-shell-setup has a "run as hosting user" piece that basically
automates the adding of the user's (new) key to the admin repo.

This is now gone.  (It's not that hard to automate yourself if you want
to do it anyway, using gl-admin-push).

I did this because I needed to allow someone in through a gateway, and
realised that that has the exact same needs.  So the whole scheme has
been changed to treat the proxy and the gitolite host as being two
different servers.

At that point it became cumbersome to do the second bit, and I left it
out.

Other changes:
  - you can define exceptions for the default shell in gl-shell
  - the doc has been simplified.
2011-11-15 17:20:17 +05:30
Sitaram Chamarty
97bd5c5c96 (minor) fix hooklet setup instructions 2011-11-15 14:07:53 +05:30
Sitaram Chamarty
be8d5f4487 hide output of commands to check for existence of valid user.* keys
could be confusing to people, and is not at all needed to be shown.
2011-11-15 10:03:01 +05:30
Sitaram Chamarty
dc79c20709 minor oops in previous commit (would fail on perl older than 5.10 or so) 2011-11-15 10:01:40 +05:30
Sitaram Chamarty
c5f342a835 sshkeys-lint total rewrite, and gl-setup now uses it
...in "admin check" mode
2011-11-13 18:02:28 +05:30
Sitaram Chamarty
ec93fc7601 (minor) add link to master TOC in main README 2011-11-13 07:52:45 +05:30
Sitaram Chamarty
f3eae5e170 maintaining a partial copy of a repo...
...with gl-pre-git and update.secondary hooks
2011-11-09 20:02:10 +05:30
Sitaram Chamarty
5858ecb56e puppet wants to send in keys with comment lines 2011-11-08 12:05:44 +05:30
Sitaram Chamarty
b4f96e0a47 added "gitolite flow" picture 2011-11-07 22:27:40 +05:30
Matt Kimmel
39148282cc * Add "pull gitolite-admin" step to moving server instructions in admin.mkd
* Correct the git remote set-url command syntax in admin.mkd
2011-11-06 17:37:22 -05:00
Sitaram Chamarty
582c1873e2 ...because gh-pages won't show files starting with an underscore :(
(and they replied saying "it's by design" so no expectation of a fix)
2011-11-05 06:43:26 +05:30
gross aka Kostya Gribov
f6dd9dda0a Added note about chown when migrating to another server
committer note: changed text slightly...
2011-11-03 04:40:25 +05:30
Sitaram Chamarty
6e29365316 MASSIVE set of changes to documents!
I got tired of being told "TL;DR".  Now the online versions of most
documents fit on a page or two, or at least most of them do.  The rest
has been split out (and you can see the links to the split out sections
right where the text is in the raw Markdown).

This is much more pleasant to read, and I've improved the linking so
it's much less effort for me to keep the links correct.
2011-11-02 21:04:33 +05:30
Sitaram Chamarty
3f87430c5a yaay! pictures... (well, sorta...) 2011-11-02 20:48:44 +05:30
Sitaram Chamarty
bee5a11d4b (minor) nagp.mkd 2011-11-02 20:48:33 +05:30
Sitaram Chamarty
30d46947ab (minor) added kernel.org to who-uses document 2011-10-30 09:11:22 +05:30
Sitaram Chamarty
877c6625dc minor docfixes
typos, minor clarifications, removing outdated stuff that got missed,
adding some emphasis here and there, re-phrasing some places, etc.
2011-10-30 09:11:04 +05:30
Sitaram Chamarty
200db6e486 user-manual added ("user" as opposed to "admin")
Normally, I use the word "user" in gitolite to mean *my* users, who are
actually admins on their setups.  All my documentation has been geared
to that class of person.

Last night my most famous "user" (not "admin", a real gitolite user)
mentioned that he found it very hard to find info on what a *user* could
do, and he was right.  So here goes...
2011-10-29 06:28:33 +05:30
Sitaram Chamarty
57b3ac3a91 (nomenclature in documentation) changed "category" to "role"
I sometimes think my English is not as good as I claim it is.  Or at
least when I'm thinking in perl my English shuts down...
2011-10-29 05:59:03 +05:30
Sitaram Chamarty
26155c4027 gitolite.conf by example
inspired by someone I would prefer not to have as a user, but hopefully
it will help others with more genuine problems.
2011-10-26 10:01:32 +05:30
Sitaram Chamarty
f0cedeb04f gl-system-install now tries to catch PATH issues for gl-setup
any sane system should have $HOME/bin in $PATH, but apparently there are
quite a few insane systems around ;-)

(also changes the usage message etc a bit)
2011-10-21 17:18:38 +05:30
Sitaram Chamarty
7682543385 silently disable URI escaping if CGI::Util is not found
e5c3b0e on a machine without CGI::Util makes gitolite unusable.  I
checked that it was part of perl core, since `corelist CGI::Util`
returns `CGI::Util was first released with perl 5.006001`.

But apparently Fedora (at least) splits out core perl itself into
smaller chunks.  And on my devbox I never noticed because I had gitweb
installed, which pulled it in as a dep.

I found this out when I tried to upgrade my own prod server!
2011-10-21 11:59:58 +05:30
Sitaram Chamarty
5a125fac96 It's official now; Solaris sh is brain dead...
For example, this program

    #!/bin/sh

    die() { echo die called with $1; exit 1; } >&2

    die foo
    die bar

will print *both* those messages!

I honestly don't care if this is posix or not, but it is BRAIN DEAD for
the ">&2" to change the meaning from {} to ()

Oh and the grep thing is even worse.

    echo foo | grep ^/

works fine in an interactive shell but in a script it attempts to
*execute* "/", complains, while simultaneously complaining about usage
of grep.

It's almost like it's treating ^ like |
2011-10-20 16:39:18 +05:30
Sitaram Chamarty
f050938171 (minor) add a warning to rsync ADC
...in case someone wants to make it "ua"
2011-10-20 16:39:18 +05:30
Jeff Mitchell
1a6fa8b718 Add option to have "list" be the default action for the help ADC 2011-10-18 09:27:21 +05:30
Javier Domingo
e5c2372609 Corrected doc/3-faq-tips-etc.mkd as refering to previous config (using GL_REPO_BASE) 2011-10-18 09:24:52 +05:30
Joey Hess
e2d9ce6368 update documentation for git-annex-shell ua ADC 2011-10-18 08:13:57 +05:30
Sitaram Chamarty
c553e393c3 make all the DENIED messages consistent
how did I not notice this before?
2011-10-18 08:03:05 +05:30
Sitaram Chamarty
d750725a34 fix rsync adc to call check_access the correct way...
also a test fix
2011-10-17 22:10:18 +05:30
Sitaram Chamarty
85da5572b2 some nice ADC changes... (warning: minor backward compat breakage)
- support for ADCs with unchecked arguments
  - rsync, htpasswd, and svnserve gone from core; turned into ADCs

Backward compat breakage and fix: Please see documentation for details,
but if you're using gitolite to control rsync you will now need to setup
ADCs (admin defined commands), and install at least the new "rsync" ADC.

----

Thanks to Joey Hess (see commit prior to this) for forcing me to stop
being lazy and get this out of my long term todo list.
2011-10-17 18:42:57 +05:30
Joey Hess
955edcc5ec git-annex support via unrestricted ADC 2011-10-17 17:33:03 +05:30
Sitaram Chamarty
fd0e229054 some more bashisms fixed... 2011-10-16 17:32:30 +05:30
Sitaram Chamarty
36dfb85e1b Merge branch 'test-suite-revamp' into pu 2011-10-11 15:04:16 +05:30
Sitaram Chamarty
3c62fe8ad4 (test suite) added documentation for changes 2011-10-11 15:03:31 +05:30
Sitaram Chamarty
fdf424ea4f (test suite) dont put adc's in /tmp 2011-10-11 13:53:58 +05:30
Sitaram Chamarty
f48a0b9d73 (test suite) changes to test-driver for "all in one user" testing 2011-10-11 13:53:58 +05:30
Sitaram Chamarty
7729433c05 (test suite) remove hardcoded username 'gitolite-test' 2011-10-11 13:53:58 +05:30
Sitaram Chamarty
f77d0d2cf1 (test suite) t/install also serves as a quick way to "play install" gitolite
(t/install-gitolite has been renamed to t/install)
2011-10-11 13:53:57 +05:30
Sitaram Chamarty
09f57beea6 (next round of minor changes) 2011-10-10 14:21:38 +05:30
Sitaram Chamarty
5e3a051a95 "deny" rules for entire repo
- strictly speaking, this should be phrased: "deny" rules for the
    first level access check

  - requires a gitolite option to be set, like so:

        config gitolite-options.deny-repo = 1
2011-10-10 14:18:49 +05:30
Sitaram Chamarty
a1270ba778 allow defining and checking 'config gitolite-options.foo = bar' type keys 2011-10-07 19:27:28 +05:30
Sitaram Chamarty
77f0b2da0e the rarely-useful "@all users can access @all repos" thing... 2011-10-07 13:53:10 +05:30