Commit graph

74 commits

Author SHA1 Message Date
Sitaram Chamarty e8270e9b72 update hook: 'sub check_ref' to prepare for rebel+
factor out the code to check $ref into a sub; will help rebel+, which
wants (horrors!) to restrict based on PATH names too!
2009-11-17 09:21:45 +05:30
Sitaram Chamarty c54d3eabbc all src: (please read full commit message): allow local admin-defined hooks
You can now add your own hooks into src/hooks/ and they get propagated
along with the update hook that is present there now.  Please read the
new section in the admin document, and make sure you understand the
security implications of accidentally fiddling with the "update" script.

This also prompted a major rename spree of all the files to be
consistent, etc.  Plus people said that the .sh and .pl suffixes should
be avoided (and I was feeling the same way).  I've also been
inconsistent with that "gl-" prefix, so I cleaned that up, and the 00-
and 99- were also funny animals.

Time to get all this cleaned up before we get 1.0 :)

So these are the changes, in case you're looking at just the commit
message and not the diffstat:

    src/pta-hook.sh -> src/ga-post-update-hook
    src/conf-convert.pl -> src/gl-conf-convert
    src/00-easy-install.sh -> src/gl-easy-install
    src/99-emergency-addkey.sh -> src/gl-emergency-addkey
    src/install.pl -> src/gl-install
    src/update-hook.pl -> src/hooks/update
2009-11-13 18:37:46 +05:30
Sitaram Chamarty 448c0d37ba compile: writing description file should be conditional 2009-11-12 20:45:49 +05:30
Sitaram Chamarty e81264d100 compile: added repo descriptions
example line in config file:

gitolite = "fast, secure, access control for git in a corporate environment"
2009-11-12 14:49:39 +05:30
Sitaram Chamarty 4d9c064a7a new program for emergency addkey; run without args for usage 2009-11-07 10:47:20 +05:30
Sitaram Chamarty c4069dd85f (please read full commit message) upgrade behaviour changed
**upgrades no longer touch the config or the keydir**

When you first install gitolite, the easy install script has to do two
*distinct* things:

  * install the software
  * create and seed the gitolite-admin repo with a minimum config file
    and the newly created pubkey

That's fine for an install, because nothing exists yet anyway.

Subsequent invocations of the script should only do the first task (so
that gitolite itself can be upgraded), and not attempt to fiddle with
the config file and pubkeys.

Unfortunately, until now I had not been separating these two activities
cleanly enough.  For instance, the commit message for 8e47e01 said:

    IMPORTANT: we assume that $admin_name remains the same in an upgrade
    -- that's how we detect it is an upgrade!  Change that name or his
    pubkey, and you're toast!

Ouch!

So now I decided to clean things up.  The "Usage" message tells you
clearly what to do for an upgrade.

Should have been like this from the beginning, but hey we got there
eventually :)

----

Code-wise, this is a major refactor of the easy install script.  It uses
an old forgotten trick to get forward refs for bash functions ;-) and in
the process cleans up the flow quite a bit.
2009-11-06 15:37:03 +05:30
Sitaram Chamarty 130478ed93 easy install: handle upgrades specially
- "it's an upgrade" is decided by presence of gitolite.conf (not a pubkey)
  - admin_name optional (and will be ignored if given) for upgrades

plus a lot of comments and some minor text changes
2009-11-06 12:36:40 +05:30
Sitaram Chamarty 31fd24a76c compile: death should be a little louder and clearer :) 2009-11-05 23:13:39 +05:30
Sitaram Chamarty 8aecaa2da2 doc/6: rename the file, change focus completely 2009-11-05 23:13:39 +05:30
Sitaram Chamarty 92d5062ad0 doc/src: major doc/help text revamp
also removed some dead code from compile (pre PTA days)
2009-10-31 00:21:37 +05:30
Sitaram Chamarty 5108aedd48 Merge branch 'gh-issue-2' into pu 2009-10-30 18:02:32 +05:30
Sitaram Chamarty 7907213316 easy install: clean up after yourself :) 2009-10-30 17:43:26 +05:30
Sitaram Chamarty 26b4992162 compile: (gh issue 2) apparently pubkeys don't always end in a newline
I've never encountered this but it's an easy fix
2009-10-30 10:39:05 +05:30
Sitaram Chamarty 648dce20ec auth: make ".git" at the end optional 2009-10-30 10:37:02 +05:30
Sitaram Chamarty 071ff4c210 easy install: cleaned up the closing credits; err I mean instructions :) 2009-10-30 10:37:02 +05:30
Sitaram Chamarty a19a7f01d7 auth, doc/3: print useful information when no command given 2009-10-28 21:46:57 +05:30
Sitaram Chamarty fd6fb9e9e1 easy install: save version info, print upgrading message 2009-10-28 21:46:57 +05:30
Sitaram Chamarty aef540c659 easy install: add "-q" option for experts; see usage message 2009-10-25 17:55:10 +05:30
Sitaram Chamarty 2f6ed42fcd install and compile: learnt a '-q' flag (not for manual use!)
...only for easy install to use in "quiet" mode
2009-10-25 17:48:13 +05:30
Sitaram Chamarty 78d02e1437 the rc file can now be in one of 2 places...
Packaging gitolite for debian requires the rc file to be in /etc/gitolite.
But non-root installs must still be supported, and they need it in $HOME.

This means the rc file is no longer in a fixed place, which needs code to find
the rc file first.  See comments inside new file 'gitolite.pm' for details.

The rest of the changes are in the other programs, to replace the hard-coded
rc filename with a call to this new code.
2009-10-25 12:45:45 +05:30
Sitaram Chamarty 8eefc036e0 rc, pta-hook/doc: don't assume $HOME of 'git' user is /home/git
(Thanks to Jerome Arbez-Gindre)
2009-10-23 10:23:06 +05:30
Sitaram Chamarty 96fa0da946 allow a/b/c type repos to be created 2009-10-23 10:14:41 +05:30
Sitaram Chamarty a91d569291 ...because writing in crayon wasn't possible :)
[long story...!]
2009-10-21 19:19:00 +05:30
Sitaram Chamarty 8e47e0117a easy install: much more idempotent...
- example config file is now all comments (should have been that way anyway)
  - we detect if it is an upgrade and act accordingly (see below)

IMPORTANT: we assume that $admin_name remains the same in an upgrade -- that's
how we detect it is an upgrade!  Change that name or his pubkey, and you're
toast!
2009-10-14 13:40:49 +05:30
Sitaram Chamarty 2a63026954 easy install: emphasise advice re passphrases on the new key 2009-10-14 13:40:49 +05:30
Sitaram Chamarty b3cab456d5 easy-install: committed before testing? tsk tsk tsk! 2009-10-13 10:16:27 +05:30
Sitaram Chamarty 59e15e62a1 support git installed outside default $PATH
(also some minor fixes to doc/3)
2009-10-13 10:03:12 +05:30
Sitaram Chamarty 030b3f29ef easy install: minor improvement in detection of password-less auth 2009-10-13 10:03:12 +05:30
Sitaram Chamarty 55ccb8291b easy install: change ssh-agent detection
use ssh-add -l instead of $SSH_AGENT_PID to decide if agent is running
2009-10-13 10:03:12 +05:30
Sitaram Chamarty e0e9d38920 easy install: minor formatting stuff 2009-10-12 21:21:29 +05:30
Sitaram Chamarty fc36050972 easy install: one step toward idempotency... 2009-10-12 20:44:56 +05:30
Sitaram Chamarty 48e18e1d2d easy install: some minor fixes
- fix typo in introduction
  - detect if you're not running strictly as src/00-easy-install.sh
2009-10-12 10:37:51 +05:30
Sitaram Chamarty 0b81bfd6ec easy install: allow ports other than 22 for ssh to server 2009-10-11 14:19:00 +05:30
Sitaram Chamarty d78bbe8c3e lots of doc changes reflecting "push to admin" is default now :)
- added comments to easy install to help do it manually
  - README: some stuff moved to tips doc, brief summary of extras
    (over gitosis) added
  - INSTALL: major revamp, easy install and manual install,
    much shorter and much more readable!

plus other docs changed as needed, and updated the tips doc to roll in
some details from "update.mkd" in the "ml" branch
2009-10-11 14:19:00 +05:30
Sitaram Chamarty d0d9cbe3af easy install comment about clientside/serverside was wrong 2009-10-11 14:19:00 +05:30
Sitaram Chamarty ccd8372bb3 aa ha! easy install script!
src/00-easy-install.sh does *everything* needed, and it's mostly
self-documented
2009-10-11 14:19:00 +05:30
Sitaram Chamarty 9d2c9662a2 install: can't assume p-t-a is setup!
make installing the p-u hook conditional to avoid ugly error
2009-10-11 14:18:59 +05:30
Sitaram Chamarty f883fe7d71 compile: comments+efficiency
- add better comments on the 2 main hashes
  - work around an inefficiency caused by the exclude prep code needing
    a list instead of a hash at a certain place
2009-10-05 20:21:33 +05:30
Sitaram Chamarty 8096cc8e9c install.pl, pta hook, upgrade doc:
- install the post-update hook also
  - fix bashism in pta-hook

Also, since delegation works best with PTA, reflect that in the upgrade doc
2009-10-05 16:55:14 +05:30
Sitaram Chamarty 3c960aa5e1 pta hook: avoid spurious error messages on old fragments 2009-10-04 15:51:32 +05:30
Sitaram Chamarty 616d8a5f7d compile: (large changes) parse delegated fragments if any
[Note: this is a fairly involved commit, compared to most of the others.
    See doc/5-delegation.mkd for a user-level feature description.]

    parse delegated config fragments (found as conf/fragments/*.conf).  Any
    repos being referenced within a fragment config *must* belong to the
    "@group" with the same name as the fragment.

    That is, a fragment called conf/fragments/abc.conf can only refer to repos
    that are members of the "@abc" repo group.  It cannot specify access
    control for any other repos.  If it does, those settings are ignored, and
    a warning message is produced.

    since the delegated config must have the flexibility of (re-)defining
    group names for internal convenience, and since all such definitions go
    into the same "groups" hash, it is quite easy for conf/fragments/abc.conf
    to write in its own (re-)definition of "@abc"!  That would be a neat
    little security hole :)

    The way to close it is to consider only members of the "@abc" groupset
    defined in the main ("master") config file for this purpose.
2009-10-04 10:22:57 +05:30
Sitaram Chamarty 2f2af033f5 pta-hook.sh: collect delegated config fragments
collect the delegated config fragments from correspondingly named branches of
the gitolite-admin repo, and put them all in conf/fragments/

also deprecate changes to conf and keydir locations from now on
2009-10-04 10:10:40 +05:30
Sitaram Chamarty 5bb0850c5c p-t-a: make the post-update hook a separate file...
...and just refer to it in the doc.  This hook will acquire more code soon,
when we do delegations :)
2009-10-04 10:10:39 +05:30
Sitaram Chamarty 34a6f89c26 compile: make the parse a function instead of inline
Again, prep for delegation, when we'll be reading fragments of config rules
from various files and tacking them onto the %repos hash.

note: this patch best viewed with "git diff -w", clicking "Ignore space
change" in gitk, or eqvt :-)
2009-10-04 10:10:39 +05:30
Sitaram Chamarty 3267c3f4be compile: change %groups from hash of lists to hash of hashes
This makes it easier to test if a repo is a member of a group, which is
required for the delegation feature coming up
2009-10-04 10:10:39 +05:30
Sitaram Chamarty c15c75749b compile: special-case 'gitweb' and 'daemon' from the linting
not a big deal since there's a very simple and obvious workaround -- create a
new keypair, throw away the private key, and use the pubkey
2009-10-03 10:55:30 +05:30
Sitaram Chamarty 1b9969f3d6 auth: better message, remove unsightly perl warning on bad command 2009-09-27 23:52:04 +05:30
Sitaram Chamarty c66e1ad732 compile: pubkey related linting added
- warn about files in keydir/ that dont end with ".pub"
  - warn about pubkey files for which the user is not mentioned in config
  - warn more sternly about the opposite (user in config, no pubkey!)

update hook: add reponame to message on deny
auth: minor typo
2009-09-27 09:51:00 +05:30
Sitaram Chamarty 70d26d810b compile, all docs/confs: specify gitweb/daemon access + bonus
bonus: documented the "bits and pieces" thing properly; should have done this
long ago, but it came to the forefront now thanks to this item
2009-09-25 13:50:59 +05:30
Sitaram Chamarty 978046acb9 compile/update hook: COMPILED FILE CHANGE -- PLEASE READ BELOW
Summary:
    DONT forget to run src/gl-compile-conf as the last step in the upgrade

Details:

The compiled file format has changed quite a bit, to make it easier for the
rebel edition coming up :-)

compile:
  - we don't split RW/RW+ into individual perms anymore
  - we store the info required for the first level check separately now:
    (repo, R/W, user)
  - the order for second level check is now:
    repo, user, [{ref=>perms}...] (list of hashes)

update hook logic: the first refex that:
  - matches the incoming ref, AND
  - contains the perm you're trying to use,
causes the match loop to exit with success.  Fallthrough is failure
2009-09-21 19:36:39 +05:30