Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

EXPERIMENTAL: git-annex support migrated

  • Loading branch information...
commit 4479bb4a83ed9e326d2e6b9494d5e65aa27d82a8 1 parent 293df79
Sitaram Chamarty authored August 07, 2012
80  src/commands/git-annex-shell
... ...
@@ -0,0 +1,80 @@
  1
+#!/usr/bin/perl
  2
+
  3
+use lib $ENV{GL_LIBDIR};
  4
+use Gitolite::Easy;
  5
+
  6
+# This command requires unrestricted arguments, so instead of adding it to the
  7
+# COMMANDS hash in the usual way, you need to add it like so:
  8
+#   'git-annex-shell' => 'ua',
  9
+# (i.e., the value for the key should be the string 'ua').
  10
+#
  11
+# This requires git-annex version 20111016 or newer. Older versions won't
  12
+# be secure.
  13
+
  14
+use strict;
  15
+use warnings;
  16
+
  17
+# ignore @ARGV and look at the original unmodified command
  18
+my $cmd = $ENV{SSH_ORIGINAL_COMMAND};
  19
+
  20
+# Expect commands like:
  21
+#   git-annex-shell 'configlist' '/~/repo'
  22
+#   git-annex-shell 'sendkey' '/~/repo' 'key'
  23
+# The parameters are always single quoted, and the repo path is always
  24
+# the second parameter.
  25
+# Further parameters are not validated here (see below).
  26
+die "bad git-annex-shell command: $cmd"
  27
+  unless $cmd =~ m#^(git-annex-shell '\w+' ')/\~/([0-9a-zA-Z][0-9a-zA-Z._\@/+-]*)('( .*|))$#;
  28
+my $start = $1;
  29
+my $repo  = $2;
  30
+my $end   = $3;
  31
+die "I dont like some of the characters in $repo\n" unless $repo =~ $REPONAME_PATT;
  32
+die "I dont like absolute paths in $cmd\n" if $repo =~ /^\//;
  33
+die "I dont like '..' paths in $cmd\n"     if $repo =~ /\.\./;
  34
+
  35
+# Modify $cmd, fixing up the path to the repo to include GL_REPO_BASE.
  36
+my $newcmd = "$start$rc{GL_REPO_BASE}/$repo$end";
  37
+
  38
+# Rather than keeping track of which git-annex-shell commands
  39
+# require write access and which are readonly, we tell it
  40
+# when readonly access is needed.
  41
+if ( can_write($repo) ) {
  42
+} elsif ( can_read($repo) ) {
  43
+    $ENV{GIT_ANNEX_SHELL_READONLY} = 1;
  44
+} else {
  45
+    die "$repo $ENV{GL_USER} DENIED\n";
  46
+}
  47
+# Further limit git-annex-shell to safe commands (avoid it passing
  48
+# unknown commands on to git-shell)
  49
+$ENV{GIT_ANNEX_SHELL_LIMITED} = 1;
  50
+
  51
+# Note that $newcmd does *not* get evaluated by the unix shell.
  52
+# Instead it is passed as a single parameter to git-annex-shell for
  53
+# it to parse and handle the command. This is why we do not need to
  54
+# fully validate $cmd above.
  55
+gl_log( $ENV{SSH_ORIGINAL_COMMAND} );
  56
+exec "git-annex-shell", "-c", $newcmd;
  57
+
  58
+__END__
  59
+
  60
+INSTRUCTIONS... (NEED TO BE VALIDATED BY SOMEONE WHO KNOWS GIT-ANNEX WELL).
  61
+
  62
+based on http://git-annex.branchable.com/tips/using_gitolite_with_git-annex/
  63
+ONLY VARIATIONS FROM THAT PAGE ARE WRITTEN HERE.
  64
+
  65
+requirements:
  66
+
  67
+  * gitolite v3.04+ (whatever version has src/commands/git-annex-shell,
  68
+    because I haven't tagged it yet).
  69
+  * git-annex as per that
  70
+
  71
+setup
  72
+
  73
+  * in COMMANDS hash in the rc file, add an entry like this:
  74
+        'git-annex-shell'   =>  'ua',
  75
+    (there is no GL_ADC_PATH and no "ua" subdirectory here, and nothing to
  76
+    "install"; the command already comes with gitolite)
  77
+
  78
+That should be it; everything else should be as in that page.
  79
+
  80
+Once this is tested I'll move it to 'master'.
3  src/gitolite-shell
@@ -152,10 +152,11 @@ sub parse_soc {
152 152
     # after this we should not return; caller expects us to handle it all here
153 153
     # and exit out
154 154
 
155  
-    _die "suspicious characters loitering about '$soc'" if $soc !~ $REMOTE_COMMAND_PATT;
156 155
 
157 156
     my @words = split ' ', $soc;
158 157
     if ( $rc{COMMANDS}{ $words[0] } ) {
  158
+        _die "suspicious characters loitering about '$soc'"
  159
+          if $rc{COMMANDS}{ $words[0] } ne 'ua' and $soc !~ $REMOTE_COMMAND_PATT;
159 160
         trace( 2, "gitolite command", $soc );
160 161
         _system( "gitolite", @words );
161 162
         exit 0;

0 notes on commit 4479bb4

Please sign in to comment.
Something went wrong with that request. Please try again.