Commit graph

771 commits

Author SHA1 Message Date
Sitaram Chamarty cec94a3664 (minor) who-pushed adc falls afoul of egrep incompat between Linux distros!
It seems even within Linux, not all "egrep"s are equal.  So we fall back
to the one true standard :-)

[caught by Jeff from the KDE team]
2011-02-25 06:21:17 +05:30
Sitaram Chamarty bdef55eee9 (minor) bashism fixes, usability fix, for "able" adc 2011-02-25 06:21:13 +05:30
Sitaram Chamarty 9a49487d0a minor bug in data format fixup code
Earlier, it wasn't as critical for gl-setup to be run with the full
path; the BINDIR deduction used to happen in almost every program.  Now
it's a lot more important.

Apparently I never noticed that "/bin/bash -l gl-setup" does not set $0
to the correct, fq path.  Adding a "-c" does, however...

[thanks to Jeff from the KDE team for finding this]
2011-02-25 06:20:41 +05:30
Sitaram Chamarty bc5e995078 reach out and touch someone
This shaves 3 seconds off of KDE's config compile time :-)

Yes, I know wrap_print has that extra print statement, but otherwise it
was lying around not earning its keep so I gave it a little side job :-)
2011-02-22 13:28:02 +05:30
Sitaram Chamarty 02128ff48f (minor doc fixes) 2011-02-21 21:25:43 +05:30
Sitaram Chamarty dfdab0f3c8 allow gitolite_rc.mkd values to be overridden by ~/.gitolite.rc
you might wonder why these are different from all the other variables in
the rc file... it's just that I never thought people would want to
change these!
2011-02-15 15:10:29 +05:30
Sitaram Chamarty b97115f85b Merge branch 'master' into pu 2011-02-15 15:10:14 +05:30
Sitaram Chamarty 4ce00aef84 security fix for optional ADC (admin-defined command) feature
Thanks to Dylan Simon for catching it...
2011-02-15 14:58:42 +05:30
Sitaram Chamarty a33f0f8504 security fix for optional ADC (admin-defined command) feature
Thanks to Dylan Simon for catching it...
2011-02-13 08:15:01 +05:30
Sitaram Chamarty a10287a4cd update hook: bypass check needs to go into BEGIN block 2011-02-12 20:55:34 +05:30
Sitaram Chamarty 948f700c7a supercool new admin-defined command "git" (disabled by default)
This new adc allows you to run arbitrary git commands on the server.

It is disabled by default, and you have to READ ALL INSTRUCTIONS **AND**
SOURCE CODE BEFORE DEPLOYING.
2011-02-10 14:01:08 +05:30
Sitaram Chamarty 1c3d96e7cb (minor doc fix) how to change $REPO_BASE 2011-02-09 09:37:39 +05:30
Sitaram Chamarty 1c1ae6061d "git config foo.bar = 0" was not working; fixed
(because perl treats 0 as false and I'd not accounted for that)

thanks to idl0r for catching this
2011-02-06 07:14:25 +05:30
Sitaram Chamarty 9b212ed0ef (minor) doc the effect of openssh 5.6 more clearly 2011-02-06 06:24:40 +05:30
Sitaram Chamarty df157e72b5 <sigh> gitweb doc fixes
This patch is dedicated to the person who, when referred to [1] for
gitweb access help, assumed we're talking about a Unix userid called
"gitweb" and said it still doesn't work.  He looked at the description
examples and wasn't sure what to do with them.  Finally, he missed the
sentence "All gitolite does is:" in the document, and assumed *he* was
supposed to do what the next 3 bullets said (in this case, create the
"description" file manually).

He didn't once think of the gitolite.conf file as being the location for
these instructions, or that "give read access" means "R = ..." instead
of a Unix level "chmod ...".

Do things have to be spelled out so goddamn clearly?  Can't people think
for a few seconds and see if there is another way before giving up?

I blame the prevalence of Windows and GUI IDEs.  People can only
"click".  They can't "think" anymore...

[1]: http://sitaramc.github.com/gitolite/doc/2-admin.html#gwd
2011-02-04 09:57:49 +05:30
Sitaram Chamarty 86206641c8 warnings on non-root method were not scary enough
(plus some other minor ssh/install related doc enhancements)
2011-02-03 19:47:11 +05:30
Sitaram Chamarty a1cbcf2001 migrate doc neglected to mention that gitolite needs update hook)
(although it *is* documented in doc/2, I can see where a migrating user
may miss that)
2011-02-02 06:38:03 +05:30
Sitaram Chamarty 86852dabe9 (v2 status) mob branches tested (manually) 2011-01-29 17:28:03 +05:30
Sitaram Chamarty d2cef2d05e doc fixes related to conf and rc getting their own doc files 2011-01-29 17:07:57 +05:30
Sitaram Chamarty 81f39bd64c gitweb.conf updated to v2.0rc1
thanks to Jack Zielke for testing it for me
2011-01-29 17:05:31 +05:30
Sitaram Chamarty 6a5d564917 (minor) less important docs have "## title" now
this is so the make-gh-pages (not part of gitolite) script can boldface
the ones which have "# title"
2011-01-29 15:47:53 +05:30
Sitaram Chamarty 76ae0268fa post-update learns to be quieter
apparently people run it from cron, so this causes a silly one-line
email saying just "Already on master"

thanks to shruggar on #git for pointing out to me that it is quite safe
to use --quiet and will not lose any actual error messages :)
2011-01-29 06:16:13 +05:30
Sitaram Chamarty 1fce051ea1 add -prune to find commands
Apparently it makes a huge difference with some kinds of network drives
(guess which company's software ;-)

http://groups.google.com/group/gitolite/browse_thread/thread/66b888f11dc5a365
2011-01-28 04:55:04 +05:30
Sitaram Chamarty dab35f3565 fixup all docs to allow URLs pointing to gh-pages 2011-01-26 08:08:18 +05:30
Sitaram Chamarty 12f75cdc41 (minor doc fixes for next commit) 2011-01-26 08:08:18 +05:30
Sitaram Chamarty 6bcb5c162d gitolite.conf gets its own document now 2011-01-24 06:21:00 +05:30
Richard Bateman 00a926bf48 Added perms PDC to supplement setperms/getperms
- Also added pygitolite.py as a helper library for python PDC apps
2011-01-21 14:14:09 +05:30
Richard Bateman 108f8e96a2 Added PDC set-head for setting the HEAD ref on a remote branch that you have write access to 2011-01-21 14:14:09 +05:30
Sitaram Chamarty 2cbe807b34 (doc) clarify GIT_HTTP_EXPORT_ALL is not mandatory for mixed ssh+http setups 2011-01-20 07:14:19 +05:30
Sitaram Chamarty 0360dc9f3f test smart http mode, update docs (including mob mode)
- allow a mob username to be defined; all unauthenticated access will
    look to gitolite like this user (if you setup apache also properly)

  - update doc with more details (some repeat stuff from `man
    git-http-backend` but it's probably worth having everything in one
    place
2011-01-17 22:04:10 +05:30
Jan Koprowski c8b1d8cc5b Document handling non-openssh but ssh2-compatible public keys by gitolite. 2011-01-16 20:20:14 +05:30
Sitaram Chamarty 3c1633c659 (minor) gl-setup learns "-q"
suppresses popping an editor when run for the first time
2011-01-16 14:42:11 +05:30
Sitaram Chamarty 692552d146 gitolite v2.0rc1 -- please see new developer-notes doc 2011-01-16 07:26:13 +05:30
Sitaram Chamarty d022d90031 some tests added/expanded 2011-01-15 19:18:31 +05:30
Sitaram Chamarty 9b5793f2d1 v1.5.9 2011-01-15 19:02:34 +05:30
Sitaram Chamarty efa8e0ff16 new contrib/ldap with 3 useful scripts (thanks to Nokia MeeGo folks) 2011-01-13 13:24:01 +05:30
Sitaram Chamarty d8789a3af0 get rid of wasted parse in wild_repo_rights 2011-01-12 00:37:09 +05:30
Sitaram Chamarty c642d9660e (forgot some test output files from an earlier commit) 2011-01-05 19:13:07 +05:30
Sitaram Chamarty 5004369e17 minor doc fix re @all and deny rules
http://groups.google.com/group/gitolite/browse_thread/thread/aa5f87e826cef687
2011-01-05 18:25:12 +05:30
Sitaram Chamarty 10a30c961d (major change in big-config mode) split the compiled config file
Fedora's config has over 11,000 repositories and the compiled config
file is over 20 MB in size.  Although negligible on a server class
machine, on my laptop just parsing this file takes a good 2.5 seconds.

Even if you use GL_ALL_READ_ALL (see a couple of commits before this
one) to remove the overhead for 'read's, that's still a pretty big
overhead for writes.  And GL_ALL_READ_ALL is not really a solution for
most people anyway.

With this commit, using GL_BIG_CONFIG adds another optimisation; see
doc/big-config.mkd for details (look for the word "split config" to find
the section that talks about it).

----

Implementation notes:

  - the check for GL_NO_CREATE_REPOS has moved *into* the loop (which it
    completely bypassed earlier) so that write_1_compiled_conf can be
    called on each item
2011-01-02 11:30:29 +05:30
Sitaram Chamarty 7fc1e9459f (data format change) fix misnamed 'repo_config' to 'git_configs'
this change includes a minor data format change.  This should be mostly
transparent for upgrades though.
2011-01-02 10:21:39 +05:30
Sitaram Chamarty 27081ad1c1 new rc var: GL_ALL_READ_ALL 2011-01-02 10:21:39 +05:30
Sitaram Chamarty e0f4bbaf16 (minor) more doc updates, really small ones 2010-12-31 20:17:36 +05:30
Sitaram Chamarty ffcbc52637 rc file stripped down, variables categorised, documentation lifted out
the old file was getting too unwieldy...
2010-12-31 19:03:48 +05:30
Sitaram Chamarty 3abb7ac1a8 (minor) usermod has a "-a" -- I didn't know!
(thanks to Michael Schueler)
2010-12-28 21:54:34 +05:30
Sitaram Chamarty e98bde322e allow gitolite to be used when the users already have real IDs
Fedora (for example) runs like this:

  * each user has his own userid and login
  * his/her ~/.ssh/authkeys file (containing only his/her key) has a
    "command=" clause invoking just "gl-auth-command"
  * trusted users have "gl-auth-command -s" meaning they can get a shell if
    they want to

As a result, there is no specific $HOME where you can look for
.gitolite.rc.  Hence this patch

----

Side note: in addition, Fedora may have one or more of the following
characteristics (writing them here for convenience; they're not directly
relevant to this patch):

  * actual git repos are under "git" (or some such), and include the chmod g+s
    (git init --shared) unix perms tricks for shared access

  * but since they're coming through gl-auth, branch-level acls are in effect

  * the gitolite config file is generated from some database and compiled (all
    via cron)

  * they keydir/ is empty; in fact they probably don't use the admin repo at
    all, AFAIK
2010-12-28 13:58:53 +05:30
Sitaram Chamarty 5b9bf700cc allow access checks from ADC or hook
For sample code see new file contrib/adc/get-rights-and-owner.in-perl.
Despite the name, you can use similar code in a hook also -- comments in
that file will tell you how.

implementation notes:

  - check_access now takes an optional last arg "dry_run", which is also
    passes through to check_ref
  - check_ref returns a "DENIED by ..." instead of die-ing if dry_run is
    passed in

  - as a side effect, cli_repo_rights is now just a stub calling
    check_access (we kept it hanging around for backward compat -- too
    much adc pain for too many people if we change it now)
2010-12-25 12:40:41 +05:30
Sitaram Chamarty f88b097db1 v1.5.8 2010-12-25 05:58:27 +05:30
Sitaram Chamarty 975a0d05b0 minor fix to mirror-shell...
needed if $REPO_BASE contains slashes.

(reported/code sent by Dylan Simon)
2010-12-25 05:58:26 +05:30
Sitaram Chamarty 45a696c419 fine tune "no pubkeys" warning
perm categories (like READERS and WRITERS, or whatever you put in your
$GL_WILDREPOS_PERM_CATS) are *supposed* to "have no pubkeys"; don't warn
about them
2010-12-25 05:58:26 +05:30