Commit graph

288 commits

Author SHA1 Message Date
Sitaram Chamarty f35db87efc (minor) new mailing list 2012-07-10 20:59:36 +05:30
Sitaram Chamarty f545bc08f6 minor fixups 2012-07-03 08:06:59 +05:30
Sitaram Chamarty db2cf23379 logical expressions on refexes :-) 2012-06-29 22:19:06 +05:30
Sitaram Chamarty af437c3a7b v3.04 2012-06-27 07:10:09 +05:30
Sitaram Chamarty 49580fe4b3 doc split :(
Background

  * I needed to have the documentation under CC-BY-NC-SA (something
    happened to force me to choose)

  * Distros don't like the NC part.  They'd rather drop the
    documentation entirely instead

  * I don't like that; it bothers me that even a clueful guy won't be
    able to do a basic install with what comes in the package.

  * Meanwhile, I have always had the occasional "TL;DR" complaint about
    my docs

Taking all this into account, it seemed like the best way was:

  * Create a brand new README.txt that is crisp enough for someone to
    glance through and quickly get started.  At more then 300 lines, it
    covers enough ground that probably 60% of sites don't need more.

    Put this under the CC-BY-SA license, which is on the "good" list for
    Fedora (and also Debian, I am told).

  * Move the current documents to a new "gitolite-doc" repo that distros
    can simply ignore, but anyone who has trouble can go to.

    Make sure the online pages have the same content at the same URLs as
    they do now, getting it instead from this new repo.

    Link to the main URL in the new README.txt
2012-06-26 20:58:51 +05:30
Sitaram Chamarty 53f9a867df accumulated docfixes...
- non-core documentation reduced to be easier to maintain
  - much reduced progit section submitted to scott chacon, necessitating
    some changes to this copy
  - other minor stuff
  - the "idiot-proof setup" :)

(plus get rid of that silly "dot.pl"; it's not needed any more, if it
ever was!)
2012-06-25 12:17:00 +05:30
Sitaram Chamarty 53543ee3e6 partial-copy would not propagate deletes; fixed 2012-06-23 09:11:08 +05:30
Konstantin Gribov fb9829a698 Fixed url decoding in http gitolite command bypass.
Only '+' sign was unescaped in `http_simulate_ssh_connection()`.
When user translates `ssh git@host perms <repo> + <role> <user>` to
`curl https://host/git/perms?<repo>+%2b+<role>+<user>` nothing happens.
This commit fixes it modifying url unescaping.

committer notes: changed the regex per 'man URI::Escape'
2012-06-22 11:49:28 +05:30
Sitaram Chamarty 621815611c (duh!) report rc file syntax errors
the "duh!" is because I should have done this long ago...
2012-06-21 06:49:22 +05:30
Sitaram Chamarty a454111d32 repo-specific umask
manually smoke tested but should be fine
2012-06-21 05:31:15 +05:30
Frode Rystad 858f13cf31 Added information about install destinations supported by SELinux to troubleshooting guide 2012-06-20 08:59:42 +02:00
Sitaram Chamarty c9d5a13194 help command learns to deal with LOCAL_CODE 2012-06-19 21:00:53 +05:30
Sitaram Chamarty 7dcb857347 (accumulated docfixes) 2012-06-19 12:13:00 +05:30
Sitaram Chamarty 56d11deb55 (minor) one more 'internal' message bites the dust 2012-06-19 12:11:27 +05:30
Sitaram Chamarty a171053ab3 (minor) improve SNR of some error messages :) 2012-06-17 09:31:38 +05:30
Sitaram Chamarty bcef2be640 (minor) usage message oops in 'install -h' 2012-06-16 23:30:32 +05:30
Sitaram Chamarty fbd745958e PRE_ and POST_CREATE triggers get an extra argument...
...when invoked by single-repo operations like auto-creating a wild
repo, or running perms or fork.
2012-06-14 19:22:12 +05:30
Sitaram Chamarty 57f82ee044 new 'list-dangling-repos' command 2012-06-14 19:22:12 +05:30
Sitaram Chamarty 4373c5c74c GL_BINDIR2 becomes LOCAL_CODE, allows hook propagation also...
plus a bunch of doc changes
2012-06-14 19:22:12 +05:30
Sitaram Chamarty 3c0f177481 Allow user-specified programs to override system-installed ones
(manually tested)

  - new rc var: GL_BINDIR2; see doc update in this commit

  - added _which() function to search both $GL_BINDIR and $GL_BINDIR2
  - 'gitolite <command>', non-perl triggers, VREFs, and sugar, use this

  - unshifted $GL_BINDIR2/lib into @INC upfront in Rc.pm
  - perl triggers use this
2012-06-09 08:25:51 +05:30
Sitaram Chamarty cd37fe7c36 (test suite) changes in test suite due to upgrading to F17
- git version bumps up, causes minor change in t/merge-check.t
  - for some strange reason apache cannot see /tmp/gitolite-http-authuserfile
    (I thought private /tmp was only if you enabled selinux...)
2012-06-08 17:08:15 +05:30
Randal L. Schwartz 8e15d3a510 gitolite patch to enable keydir to be a symlink 2012-06-08 03:47:04 +05:30
milki 1f6a17c155 fix D perm reference 2012-06-06 12:21:46 -07:00
Sitaram Chamarty 5300809103 ACCESS_2 gets 2 more arguments, and gets called for each VREF 2012-06-06 20:33:59 +05:30
Sitaram Chamarty 10cd5b9abe 'upstream' trigger can now be used as a server command also
i.e., a client fetch will invoke the push, (subject to 'nice' setting),
but you can also force a fetch regardless of last fetch time by running
this command directly on the server:

    gitolite ../triggers/upstream fetch <reponame>

Also, use FETCH_HEAD instead of own sentinel file (idea courtesy Luke Lu)
2012-06-06 19:28:18 +05:30
Sitaram Chamarty 8b78dee18c 'upstream' -- script to maintain local copies of external repos
instructions and notes in the source
2012-06-05 22:23:23 +05:30
Sitaram Chamarty f59ad8cafc (accumulated docfixes) esp a large section on the INPUT trigger 2012-06-05 11:39:18 +05:30
Sitaram Chamarty 17c41ce63b new 'sudo' command 2012-06-03 14:20:27 +05:30
Sitaram Chamarty ad34cf2856 minor backward incompat breakage in 'gitolite query-rc'
'gitolite query-rc' now only queries one variable at a time.  That is,
you cannot do something like this:

    gitolite query-rc UMASK GL_ADMIN_BASE

to query both variables.  I think this is rarely used, plus it is easy
to work-around (just run two separate commands), so it was sacrificed
for the ability to do this:

    gitolite query-rc -q COMMANDS fork

which tells you whether $rc{COMMANDS}{fork} exists or not.
2012-06-03 13:00:38 +05:30
John Keeping 4abadc2b54 Grant shell access to all keys for shell users
If a user has multiple keys, ssh-authkeys-shell-users will only add the
"-s" flag to the first key it finds.  Change the substitution to apply
to all matching lines and hence grant shell access to all of the user's
keys.

Signed-off-by: John Keeping <john@keeping.me.uk>
2012-06-03 13:00:38 +05:30
Sitaram Chamarty db70595b87 fixup to pushing wild repos permissions...
- fix docs to explicitly state that mirroring wild repos is a bad idea
    if the authentication data is not the same on the peers.

  - an important check against a malicious peer was missed out.  If
    people heed the warning above this check is not really needed but it
    is good for completeness.

  - warning about redirected pushes removed, thanks to Ronald Ip having
    tested it and reported it working.
2012-06-03 07:44:08 +05:30
Sitaram Chamarty 78866f6f28 (experimental code) push wild repos across a master slave connection
It creates the repo on the remote side (getting the creator name from
the gl-creator file and sending it across), as well as sending gl-perms
on subsequent connections.

This has only been minimally tested.  E.g., complex setups or asymmetric
configs on master and slave, etc. have NOT been tested.

This has also not been tested with redirected pushes.
2012-06-01 17:28:14 +05:30
Sitaram Chamarty 42e0bac48c 'perms' command learns to create repo if needed 2012-06-01 16:01:36 +05:30
Sitaram Chamarty d9df70a04f allow getting config settings for non-existant repos also
It's reasonable to want to see config items (for example, mirror
settings) that *would* apply if the repo existed.
2012-06-01 16:01:36 +05:30
Sitaram Chamarty 7170ad9124 allow pubkey filename as extra argument to command in authkeys 2012-05-30 15:02:35 +05:30
Sitaram Chamarty a64401bd9a (doc) document the INPUT trigger 2012-05-30 15:02:35 +05:30
Sitaram Chamarty 21dbe53d39 fix minor bug in handling 'desc = "some description"'
repo foo
        desc = "foo"
        RW  =   u1
        ...etc...

The order of the clauses was parsing this like the old 'reponame = "some
description"' and end up creating a repo called 'desc'!

It would also, as a side-effect, change the repo so what you thought
were access rules for 'foo' would become access rules for 'desc'.
2012-05-29 20:55:53 +05:30
Sitaram Chamarty 06d3398fb0 lock binary files... (manually tested)
Remember that true locking is not possible in a DVCS; see
doc/locking.mkd for details and limitations of what is offered here.
2012-05-27 19:06:46 +05:30
Sitaram Chamarty d623388c9f (BSD compat) apparently 'wc -l' on BSD adds spaces in front
Larry was right.  It's probably easier to port a shell than a shell
script!
2012-05-27 05:58:43 +05:30
Sitaram Chamarty 8595303c82 migrated symbolic-ref command 2012-05-27 05:58:43 +05:30
Sitaram Chamarty 6f740908bb (collected docfixes) 2012-05-27 05:58:43 +05:30
Sitaram Chamarty 84d123e124 add 2 new sections to "special features"...
- using pubkeys obtained from elsewhere
  - updating hooks via the admin repo
2012-05-25 15:53:30 +05:30
Sitaram Chamarty 17841e8208 gitolite setup learns --hooks-only option 2012-05-25 12:54:06 +05:30
Sitaram Chamarty e1d9aee98b delete the 'description' file for new repos 2012-05-25 12:54:06 +05:30
Sitaram Chamarty 37e97d29fe the 3 shipped post-create programs should exit when called on a normal repo creation 2012-05-25 12:47:12 +05:30
Sitaram Chamarty 0f3a09ce60 PRE_ and POST_CREATE should work for normal repos also 2012-05-25 12:47:12 +05:30
Sitaram Chamarty 04367af3e8 Revert "simulate POST_CREATE for newly created "normal" repos"
This reverts commit bc3eb34211.
2012-05-25 12:47:12 +05:30
Mike Kelly 62a66662be Properly migrate [gitosis] section 2012-05-23 05:08:22 +05:30
Sitaram Chamarty 75387fd6cb v3.03 2012-05-23 04:34:07 +05:30
Sitaram Chamarty 5298a79cb5 MAJOR BUGFIX: disallow "hooks" directory in admin repo
Although this is not a "hole" that allows a normal user to bypass
controls, I still consider this a hole in the sense that I want to
separate "admin push" rights from "shell access on server" rights.

(I realise that most people don't make this distinction, but I do, and
for me and most sites I consult for it is important).

Thanks to drue on #gitolite who pointed it out excitedly, and apologies
for killing what he thought of as a feature!
2012-05-23 04:33:54 +05:30