Commit graph

60 commits

Author SHA1 Message Date
Sitaram Chamarty 6e7404fe8a clean up gl-system-install
- redo it in perl
  - make it flow easier, with all the cruft in subs

and overall, make it obvious that this program does for a manual install
what doc/packaging.mkd advices packagers to do.
2012-02-22 06:25:22 +05:30
Sitaram Chamarty e5c3b0e5dc (projects.list changes) allow escaping the names...
requires setting GITWEB_URI_ESCAPE in the rc file
2011-10-06 19:55:46 +05:30
Sitaram Chamarty 22bd3c8e72 (projects.list changes) collect gitweb-specific stuff in one place
also
  - new "WEB_INTERFACE" variable (defaults to 'gitweb')
  - setup_web_access (write a plain list of repos out)
  - add_del_web_access (add/delete a single repo from projects.list)
2011-10-06 19:32:09 +05:30
Sitaram Chamarty a07e0d6b5c tighten up ref/file names (warning: possible backward compat breakage)
The backward compat breakage is for people who already have all kinds of
arbitrary characters in filenames *and* use `NAME/` rules.  See the doc
change in this commit for details and mitigation.  See this link for
background:

    http://groups.google.com/group/gitolite/browse_thread/thread/8dc5242052b16d0f

Thanks to Dan Carpenter for the audit.
2011-10-01 15:19:50 +05:30
Sitaram Chamarty e970327cc1 rc: get rid of GL_GITCONFIG_WILD
was only for efficiency even when it was relevant, and now it's just in
the way, making useless noises.
2011-08-17 21:53:06 +05:30
Sitaram Chamarty 15db108e45 (new mirroring) helpers, hostname, detect use of older RC variables, delete mirror-sync 2011-08-12 22:51:44 +05:30
Dylan Simon 58064b8e20 Make limit on number of repos displayed by info with GL_BIG_CONFIG configurable
[doc added by Sitaram]
2011-03-30 20:27:12 +05:30
Sitaram Chamarty dab35f3565 fixup all docs to allow URLs pointing to gh-pages 2011-01-26 08:08:18 +05:30
Sitaram Chamarty 0360dc9f3f test smart http mode, update docs (including mob mode)
- allow a mob username to be defined; all unauthenticated access will
    look to gitolite like this user (if you setup apache also properly)

  - update doc with more details (some repeat stuff from `man
    git-http-backend` but it's probably worth having everything in one
    place
2011-01-17 22:04:10 +05:30
Sitaram Chamarty 692552d146 gitolite v2.0rc1 -- please see new developer-notes doc 2011-01-16 07:26:13 +05:30
Sitaram Chamarty 27081ad1c1 new rc var: GL_ALL_READ_ALL 2011-01-02 10:21:39 +05:30
Sitaram Chamarty e0f4bbaf16 (minor) more doc updates, really small ones 2010-12-31 20:17:36 +05:30
Sitaram Chamarty ffcbc52637 rc file stripped down, variables categorised, documentation lifted out
the old file was getting too unwieldy...
2010-12-31 19:03:48 +05:30
Sitaram Chamarty 0b6edbf7c2 (minor) fix doc refs missed when we renamed some doc files 2010-11-15 05:25:18 +05:30
Sitaram Chamarty 047790140a custom perm categories in setperms (WARNING: PLEASE READ FULL COMMIT MESSAGE)
THE COMPILED CONFIG FILE FORMAT CHANGES WITH THIS VERSION.  PLEASE DO
NOT MIX VERSIONS OR DOWNGRADE.  Upgrading using normal gitolite upgrade
means should be fine, though.

Originally, we only allowed "R" and "RW" as categories of users supplied
to the `setperms` command.  These map respectively to "READERS" and
"WRITERS" in the access rules.

Now:

  - we prefer READERS instead of R and WRITERS instead of RW
  - we allow the admin to define other categories as she wishes
    (example: MANAGERS, TESTERS, etc).  These do not have abbreviations,
    however, so they must be supplied in full.

PLEASE, *PLEASE*, read the section in doc/wildcard-repositories.mkd for
more info.  This is a VERY powerful feature and if you're not careful
you could mess up the ACLs nicely.

Backward compat note: you can continue to use the "R" and "RW"
categories when running the "setperms" command, and gitolite will
internally convert them to READERS and WRITERS categories.

----

implementation notes:

  - new RC var called GL_WILDREPOS_PERM_CATS that is a space-sep list of
    the allowed categories in a gl-perms file; defaults to "R RW" if not
    specified

  - wild_repo_rights no longer returns $c, $r, $wC, where $r = $user if
    "R $user", $r = '@all' if "R @all", and similarly with $w and "RW".

    Instead it returns $c and a new hash that effectively gives the same
    info, but expanded to include any other valid categories (listed in
    GL_WILDREPOS_PERM_CATS)

  - consequently, the arguments that parse_acl takes also change the
    same way

  - (side note: R and RW are quietly converted to READERS and WRITERS;
    however, new categories that you define yourself do not have
    abbreviations)

  - setperms validates perms to make sure only allowed categories are
    used; however even if someone changed them behind the scenes,
    wild_repo_rights will also check.  This is necessary in case the
    admin tightened up GL_WILDREPOS_PERM_CATS after someone had already
    setperms-d his repos.

  - as a bonus, we eliminate all the post-Dumper shenanigans, at least
    for READERS and WRITERS.  Those two now look, to the compile script,
    just like any other usernames.
2010-11-06 21:03:34 +05:30
Sitaram Chamarty 70359ce9ba (minor) doc fixes 2010-11-05 16:08:11 +05:30
Sitaram Chamarty db0485fa7e new method for passing usergroup info (warning: minor backward compat breakage)
The old method of passing in usergroup info had some problems, which are
now fixed.  It is also much easier to use now -- no more "wrapper"
script, plus it should work identially whether you use sshd or httpd.

See doc/big-config.mkd for details on the new method.

----

Notes on problems with the old method:

The old method for passing in usergroup info consisted of tacking them
on as extra arguments to gl-auth-command, after the username.

However, there are some problems with this method.

Some actions in gitolite look for permissions for users other than the
invoking user.  Determining permissions for gitweb and daemon is one.
An admin asking for "info" on some other user, is another.

However, the list of groups sent in via the command line
pertains only to the invoking user, so these actions don't work
correctly.  They may even pick up the wrong permissions.

What it all boils down to is that we need group information for any user
dynamically, instead of being passed a (static) list just for the
invoking user.
2010-10-07 20:20:39 +05:30
Sitaram Chamarty b851011ce5 new RC file variable $GL_SITE_INFO to show site-specific info 2010-10-04 14:33:30 +05:30
Sitaram Chamarty 6b9e75dfcb allow @all to also include gitweb and daemon
By default, @all does not include gitweb and daemon, but if that's what
you want, you can make it happen...  see GL_ALL_INCLUDES_SPECIAL
variable in conf/example.gitolite.rc
2010-08-24 21:38:46 +05:30
Sitaram Chamarty 3a8f32ac9b minor fixups to the "gitweb/daemon from setperms" code...
- fork was not printing a newline after the permissions
  - "add_del_line" to properly handle that damn projects.list file!
2010-08-20 23:09:11 +05:30
Sitaram Chamarty da210f21bd log elapsed time
I'm an idiot.  I say I won't do it, then I go and do it anyway.

Fortunately, in this case, the code and execution remain exactly the
same for people who do not set $GL_PERFLOGT in the rc file, so it's
tolerable.

<evil grin> People who want even more than this can contact Greg Lonnon
(see the mailing list archives at
http://groups.google.com/group/gitolite for an obfuscated but easy to
guess email address) ;-)
2010-08-17 22:35:16 +05:30
Sitaram Chamarty d1d2c3e054 git config settings in wild repos: part 1
- new GL_GITCONFIG_WILD to gate it
  - new sub to do all the hard work (refactored from a few lines in
    compile)
  - split the call from "compile" into two sets -- first for non-wild,
    then for wild

This ensures that after a "compile" (admin push) all git configs are
applied.

TODO: apply them when a new wild repo is created by a user, and then on
the "fork" (admin-defined command)
2010-08-11 22:38:15 +05:30
Sitaram Chamarty fda10c2805 mirroring support...
conf/example.gitolite.rc
  - "slave mode" flag to disable pushes and "list of slaves"

hooks/common/post-receive.mirrorpush
  - code to push to the mirror, creating the repo if needed

src/mirror-shell
  - shell for master pushing to a slave, because we don't actually want
    to go through gitolite itself, yet we have to take care of
    $REPO_BASE being wherever.  And of course we have to set
    GL_BYPASS_UPDATE_HOOK to 1 for the push to happen!

src/gl-mirror-sync
  - manually runnable program to sync from current server to another
2010-08-11 22:37:35 +05:30
Sitaram Chamarty 416d3398b3 (minor) update example RC file docs on GL_GITCONFIG_KEYS usage 2010-08-09 23:21:13 +05:30
Sitaram Chamarty 0d0e7e5d72 (really big config) 2 new rc variables
...to prevent auto-creation of repos from config, and to prevent
processing of ssh keys.  Also doc update
2010-07-23 20:21:52 +05:30
Jeff Mitchell 38403c354f Add GL_WILDREPOS_DEFPERMS
allows a default 'setperms' string to be set for new wildcard
repositories.

Also, fix a bug in the fork script where a failure in the git command
would still cause the rest of the script to attempt to run.
2010-06-22 17:20:23 +05:30
Sitaram Chamarty be3d00079a Revert "allow setperms to override config file permissions"
This reverts commit 9612e3a4cc, since it
is no longer needed as of the rule sequencing changes we just made.

Conflicts:

	src/gl-compile-conf
2010-05-18 16:40:15 +05:30
Sitaram Chamarty 35750c1abe (big-config) update doc and rc, allow skipping gitweb/daemon
skipping gitweb/daemon has an enormous impact on speed of an admin-push!
2010-05-16 12:51:03 +05:30
Sitaram Chamarty cf0e568c89 (big-config) the new "big-config" for large setups
If you have many thousands of repos and users, neatly organised into
groups, etc., the normal gitolite fails.  (It actually runs out of
memory very fast while doing the "compile" when you push the config, due
to the number of combinations of repo/user being stored in the hash!)

This commit series will stop doing that if you set $GL_BIG_CONFIG = 1 in
the rc file.

Some notes:

  - deny rules will still work but somewhat differently -- now they must
    be placed all together in one place to work like before.  Ask me for
    details if you need to know before I get done with the docs

  - I've tested most of the important features, but not every single
    nuance

  - the update hook may be a tad less efficient now; we can try and
    tweak it later if needed but it shouldn't really hurt anything
    significantly even now

  - docs have not been written yet
2010-05-14 20:43:13 +05:30
Sitaram Chamarty 9612e3a4cc allow setperms to override config file permissions 2010-05-14 11:32:35 +05:30
Sitaram Chamarty 3d9f230b41 Merge branch 'master' into pu (svnserve contrib code)
Conflicts:
	src/gl-auth-command
2010-05-10 08:12:09 +05:30
Vladimir Panteleev cf9bb98e87 tweaked and documented svnserve support 2010-05-10 07:01:50 +05:30
Sitaram Chamarty ffccd0a4d3 gl-system-install -- system-wide install program
(as if we didn't already have enough programs with the word "install" in
their names!)

Anyway, this does what an RPM or a DEB would do -- basically implement
the instructions in Appendix C of doc/0.

You can use this to do a system-wide install if your distro isn't as
smart, forward-looking, and uptodate as Fedora ;-)

Clone the repo somewhere, cd to it, and run, for example:

    sudo src/gl-system-install /usr/local/bin /var/gitolite/conf /var/gitolite/hooks

or something like that.  See doc/0 for details.  Run without arguments
for help.
2010-04-29 19:25:39 +05:30
Sitaram Chamarty 567e70ba40 (adc) admin-defined commands
This commit series allows an admin to designate a set of commands that
users can run.  For example, he can allow users to delete a repo that
they have created:

    ssh git@server rmrepo foo/me/bar

or fork (to use github's terminology) a repo they have "R" access to,
into a new one they have "C" access to:

    ssh git@server fork foo/someone-else/bar foo/me/bar

Please see documentation for details

----

(this commit)

  - (rc) new variable $GL_ADC_PATH; without this none of this is enabled
  - (pm) new helper routine "cli_repo_rights" to get rights/ownership
    from outside
  - (auth) call $GL_ADC_PATH/$cmd if it exists
2010-04-25 13:21:16 +05:30
Sitaram Chamarty 344fb0a2b7 allow user to define filenames that our hooks chain to
(although the defaults are still update.secondary and
post-update.secondary if you don't do anything)
2010-04-13 18:26:34 +05:30
Sitaram Chamarty 246165537d new server-side program "gl-tool", subcommand "shell-add"
Previous implementations of "give shell access to some gitolite users"
feature were crap.  There was no easy/elegant way to ensure that someone
who had repo admin access would not manage to get himself shell access.

Giving someone shell access requires that you should have shell access
in the first place, so the simplest way is to enable it from the server
side only.

So now that we decided to do that, we may as well prepare for other,
future, commands by starting a server-side utility program with
sub-commands (the only current one being "shell-add")
2010-04-09 21:05:17 +05:30
Sitaram Chamarty 2456cc17c8 personal branches: de-emphasise old-style, document new-style
There are some disadvantages to the old-style personal branch scheme.
It only allows one specific pattern (of refname) to be used, forces that
pattern to be applicable to *all* repos in the entire config, and
requires editing the rc file (on the server) to be edited to achieve
this.

In other words, it's a very blunt instrument...

The new style depends on using lines like this within a specific repo
config:

        RW+ personal/USER/      =   @userlist

The important thing is that the "branch" name should contain `/USER/`
(including the slashes).  Access is still determined by the right hand
side of course.

This gives you the following advantages:

  - allow it only for repos that need it
  - allow different patterns to be used for different repos
  - allow *multiple* patterns; just add more than one such line
  - allow the pattern to have suffixes (eg: foo/USER/bar)
2010-03-16 18:27:26 +05:30
Eli Barzilay 4cf18d8339 make Emacs use perl mode 2010-02-27 12:31:44 +05:30
Sitaram Chamarty a6b7928bc1 example RC: GL_GITCONFIG_KEYS was not showing up in easy install diff 2010-02-08 06:02:36 +05:30
Sitaram Chamarty a472bf30df compile: tighten up the 'git config' feature
Gitolite allows you to set git repo options using the "config" keyword;
see conf/example.conf for details and syntax.

However, if you are in an installation where the repo admin does not
(and should not) have shell access to the server, then allowing him to
set arbitrary repo config options *may* be a security risk -- some
config settings may allow executing arbitrary commands.

This patch fixes it, introducing a new RC variable to control the
behaviour.  See conf/example.gitolite.rc for details
2010-02-07 13:23:07 +05:30
Sitaram Chamarty 388f4d873d (IMPORTANT; read this in full) no more "wildrepos"
The wildrepos branch has been merged into master, and deleted.  It will no
longer exist as a separate branch.  Instead, a new variable
called $GL_WILDREPOS has been added which acts as a switch; when
off (which is the default), many wildrepos features are disabled.
(the "C" permissions, and the getperms (etc.) commands mainly).

Important: if you are using wildrepos, please set "$GL_WILDREPOS = 1;" in
the RC file when you upgrade to this version (or just before you do the
upgrade).
2010-02-07 13:22:43 +05:30
Sitaram Chamarty 67c10a34fe auth: new subcommand "htpasswd"
great idea by Robin Smidsrød: since users are already capable of
authenticating themselves to gitolite via ssh keys, use that to let them
set or change their own HTTP passwords (ie, run the "htpasswd" command
with the correct parameters on behalf of the "git" user on the server)

code, rc para, and documentation.  In fact everything except... ahem...
testing ;-)

and while we're about it, we also reorganised the way these helper
commands (including the venerable "info" are called)
2010-02-04 11:55:24 +05:30
Sitaram Chamarty 98a4c79dce (read this in full) access control for non-git commands running over ssh
This is actually a pretty big deal, and I am seriously starting wonder
if calling this "gito*lite*" is justified anymore.

Anyway, in for a penny, in for a pound...

This patch implements a generic way to allow access control for external
commands, as long as they are invoked via ssh and present a server-side
command that contains enough information to make an access control
decision.

The first (and only, so far) such command implemented is rsync.

Please read the changes in this commit (at least the ones in conf/ and
doc/) carefully.
2010-02-01 11:49:21 +05:30
Sitaram Chamarty ecfd20e793 @SHELL is now $SHELL_USERS in the rc file (warning: backward compat breakage)
Stop conflating the privilege to push changes to the admin repo with the
privilege to get a shell on the server.

Please read doc/6 carefully before upgrading to this version.  Also
please ensure that the gitolite key is *not* your only means to get a
command line on the server
2010-01-14 19:35:46 +05:30
Sitaram Chamarty 92d5062ad0 doc/src: major doc/help text revamp
also removed some dead code from compile (pre PTA days)
2009-10-31 00:21:37 +05:30
Sitaram Chamarty 8eefc036e0 rc, pta-hook/doc: don't assume $HOME of 'git' user is /home/git
(Thanks to Jerome Arbez-Gindre)
2009-10-23 10:23:06 +05:30
Sitaram Chamarty b3cab456d5 easy-install: committed before testing? tsk tsk tsk! 2009-10-13 10:16:27 +05:30
Sitaram Chamarty 59e15e62a1 support git installed outside default $PATH
(also some minor fixes to doc/3)
2009-10-13 10:03:12 +05:30
Sitaram Chamarty d78bbe8c3e lots of doc changes reflecting "push to admin" is default now :)
- added comments to easy install to help do it manually
  - README: some stuff moved to tips doc, brief summary of extras
    (over gitosis) added
  - INSTALL: major revamp, easy install and manual install,
    much shorter and much more readable!

plus other docs changed as needed, and updated the tips doc to roll in
some details from "update.mkd" in the "ml" branch
2009-10-11 14:19:00 +05:30
Sitaram Chamarty 2f2af033f5 pta-hook.sh: collect delegated config fragments
collect the delegated config fragments from correspondingly named branches of
the gitolite-admin repo, and put them all in conf/fragments/

also deprecate changes to conf and keydir locations from now on
2009-10-04 10:10:40 +05:30