Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Commits on Jan 27, 2010
  1. easy install: two rc file update bugs fixed

    Sitaram Chamarty authored
    The "msysgit doesnt have 'comm'" commit (from 2 days ago), had 2 bugs:
    
      - (smaller) the "+++" which was part of the diff header was triggering
        a spurious rc file "new variables" warning, but there were no actual
        variables to update
      - (bigger) worse, the grep command, when there were no matches,
        coupled with the "set -e" to kill the program right there (ouch!)
Commits on Jan 25, 2010
  1. (rats! msysgit doesnt have 'comm'...)

    Sitaram Chamarty authored
  2. sshkeys-lint: new program

    Sitaram Chamarty authored
    run without arguments for usage
Commits on Jan 23, 2010
  1. compile: allow "#" in *simple* strings

    Sitaram Chamarty authored
    like: config notify.ircChannel = "#foo"
    
    (thanks, jhelwig)
Commits on Jan 17, 2010
  1. compile: disallow multiple pubkeys in one file

    Sitaram Chamarty authored Sitaram Chamarty committed
    The way pubkey files are handled by gitolite, this could be used by a
    repo admin to get shell access.  It's always been there as an
    undocumented emergency mechanism for an admin who lost his shell keys or
    overwrote them due to not understanding ssh well enough (and it has been
    so used at least once).
    
    But not any more...
    
    Like the @SHELL case, this reflects a shift away from treating people
    with repo admin rights as eqvt to people who have shell on the server,
    and systematically making the former lesser privileged than the latter.
    
    While in most cases (including my $DAYJOB) these two may be the same
    person, I am told that's not a valid assumption for others, and there've
    been requests to close this potential loophole.
Commits on Jan 14, 2010
  1. @SHELL is now $SHELL_USERS in the rc file (warning: backward compat b…

    Sitaram Chamarty authored Sitaram Chamarty committed
    …reakage)
    
    Stop conflating the privilege to push changes to the admin repo with the
    privilege to get a shell on the server.
    
    Please read doc/6 carefully before upgrading to this version.  Also
    please ensure that the gitolite key is *not* your only means to get a
    command line on the server
Commits on Jan 13, 2010
  1. update hook: anchor refex with ^ when matching refs

    Sitaram Chamarty authored
    Currently, a line like
    
        RW  foo =   user1
    
    allows user1 to push any ref that contains the string refs/heads/foo.
    This includes refs like
    
        refs/heads/foo
        refs/heads/foobar
        refs/heads/foo/bar
    
    which is fine; that is what is intended.  (You can always use foo$
    instead of foo if you want to prevent the latter two).
    
    Similarly,
    
        RW  refs/foo    =   user1
    
    allows
    
        refs/foo
        refs/foobar
        refs/foo/bar
    
    Now, I don't see this as a "security risk" but the fact is that this
    allows someone to clutter your repo with junk like
    
        refs/bar/refs/heads/foo
        refs/heads/bar/refs/heads/foo
    
    (or, with the second config line example,
    
        refs/bar/refs/foo
        refs/heads/bar/refs/foo
    )
    
    My personal advice is if you find someone doing that intentionally, you
    should probably take him out and shoot him [*], but since now *two*
    people have complained about this, here goes...
    
    ----
    
    [*]     you don't have to take him out if you don't want to
Commits on Jan 10, 2010
  1. @tmatilai

    compile: support "include" definition

    tmatilai authored Sitaram Chamarty committed
    Support config file including using:
    include "filename"
    
    If filename is not an absolute path, it is looked from the
    $GL_ADMINDIR/conf/ directory.
    
    For security reasons include is not allowed for fragments.
    
    Signed-off-by: Teemu Matilainen <teemu.matilainen@reaktor.fi>
  2. change delegation to NAME/ style (warning: backward compat breakage)

    Sitaram Chamarty authored
    This is a backward incompatible change.  If you are using delegation and
    you upgrade to this version, please do the following:
    
      * change your gitolite.conf file to use the new syntax (see
        doc/5-delegation.mkd in this commit)
    
      * for each branch "foo" in the gitolite-admin repo, do this:
    
            # (on "master" branch)
            git checkout foo -- conf/fragments/foo.conf
    
      * git add all those new fragments and commit to master
    
      * delete all the branches on your clone and the server
    
            # again, for each branch foo
            git branch -D foo
            git push origin :foo
Commits on Jan 9, 2010
  1. deprecation warning about old style PATH/ syntax

    Sitaram Chamarty authored
    (this commit will probably get reverted after a suitable period has
    elapsed and no one is likely to still be using the old syntax).
    
    Forgetting to change it to NAME/ after is a security issue -- you end up
    permitting stuff you don't want to!
    
    This commit allows the old syntax but prints a warning
  2. NAME-based restrictions

    Sitaram Chamarty authored
    Gitolite allows you to restrict changes by file/dir name.  The syntax
    for this used "PATH/" as a prefix to denote such file/dir patterns.
    This has now been changed to "NAME/" because PATH is potentially
    confusing.
    
    While this is technically a backward-incompatible change, the feature
    itself was hitherto undocumented, and only a few people were using it,
    so I guess it's not that bad...
    
    Also added documentation now.
Commits on Dec 30, 2009
  1. Revert "easy install: needs a minor fix to accommodate auto-vivificat…

    Sitaram Chamarty authored
    …ion"
    
    This reverts commit 6576e82.
    
    On oddball configs, where the shell key is reused as the gitolite key by
    smart( people|-alecks), the ls-remote stops the program dead, preventing
    the "git add" and "git commit" that seed the admin repo.
    
    This makes extra work in terms of fixing it after the fact; removing it
    makes the install go further, and all you need to do is (1) delete the
    first line from ~/.ssh/authorized_keys on the server and (2) back on the
    client do a "git clone gitolite:gitolite-admin".
    
    OK so it needs to be removed.  Explaining that was the easy part!  The
    hard part is explaining why removing it is harmless.
    
    Look at the commit tree around that commit, and see that the commit
    before that (b78a720) was partially reverted in e7e6085.  b78a720
    removed the new_repo call from compile, forcing it to happen only on
    auth, which forced this workaround for seeding the admin repo.
    
    Since e7e6085 reverted that part of b78a720, giving back new_repo
    functions to compile, this line of code wasn't doing any good.  QED and
    all that :)
Commits on Dec 24, 2009
  1. auth: regex goof on my part

    Sitaram Chamarty authored
    for those not yet able to upgrade (or until I merge this into the branch
    you care about), if you have a repo called, say "bk2git", just refer to
    it as "bk2git.git" in the clone command!
    
    [Thanks to Mark Frazer for finding this...]
Commits on Dec 23, 2009
  1. document @SHELL feature, allow "info" for all,

    Sitaram Chamarty authored
    ...but still distinguish shell folks with a small extra line telling
    them they have shell access
Commits on Dec 22, 2009
Commits on Dec 21, 2009
  1. @tmatilai

    compile: support "repo @all" definitions

    tmatilai authored Sitaram Chamarty committed
    "repo @all" can be used to set permissions or configurations for all
    already defined repos.  (A repository is defined if it has permission
    rules associated, empty "repo" stanza or "@group=..." line is not enough.)
    
    For example to allow a backup user to clone all repos:
    
      # All other configuration
      [...]
      repo @all
           R = backup
    
    Signed-off-by: Teemu Matilainen <teemu.matilainen@reaktor.fi>
Commits on Dec 19, 2009
  1. compile: gitolite key as good as shell key for users in @SHELL group

    Sitaram Chamarty authored
    done by inserting a "-s" into the authkey forced command.
    
    (They also lose the "no-pty" restriction, for good measure!)
  2. auth: (WDITOT?) allow special users to get a shell

    Sitaram Chamarty authored
    ".../gl-auth-command username" is the normal command that authkeys
    forces, and this prevents that key from being used to get a shell.
    
    We now allow the user to get a shell if the forced command has a "-s"
    before the "username", like ".../gl-auth-command -s sitaram".
    
    (Now that a plain "ssh gitolite" gets you a shell, there's a new "info"
    command that such privileged keys can use to get basic access info).
    
    Thanks to Jesse Keating for the idea!  I can't believe this never
    occurred to me before, but I guess I was so enamoured of my "innovation"
    in converting what used to be an error into some useful info I didn't
    think a bit more :/
Commits on Dec 18, 2009
  1. allow '+' as valid character in user/reponames

    Sitaram Chamarty authored
Commits on Dec 17, 2009
  1. auth: set umask when autoviv-ing repos

    Sitaram Chamarty authored
    Looks like I'd forgotten this when I did the autoviv code.  Repos
    created via gl-compile (when you add a new repo to the config file and
    push) worked fine, but repos created via gl-auth (when you autoviv a
    repo, wild or not) did not.
    
    This *should* be merged into wildrepos soon after testing; wildrepos
    will have a lot more autoviv-ing than master.
  2. auth/install/pu-hook: pass ADMINDIR and BINDIR via ENV

    Sitaram Chamarty authored
    The admin repo's post-update hook needs to know where $GL_ADMINDIR is,
    and we had a weird way of doing that which depended on gl-install
    actually munging the hook code.
    
    We also always assumed the binaries are in GL_ADMINDIR/src.
    
    We now use an env var to pass both these values.  This removes the weird
    dependency on gl-install that the post-update hook had, as well as make
    running other programs easier due to the new $GL_BINDIR env var.
Commits on Dec 9, 2009
  1. @tmatilai

    Add support for repo configurations

    tmatilai authored Sitaram Chamarty committed
    Git repository configurations can be set/unset by declaring "config"
    lines in "repo" stanzas in gitolite.conf. For example:
    
    repo gitolite
    	config hooks.mailinglist = gitolite-commits@example.tld
    	config hooks.emailprefix = "[gitolite] "
    	config foo.bar = ""
    	config foo.baz =
    
    The firs two set (override) the values. Double quotes must be used to
    preserve preceding spaces. Third one sets an empty value and the last
    removes all keys.
    
    Signed-off-by: Teemu Matilainen <teemu.matilainen@reaktor.fi>
Commits on Dec 8, 2009
  1. merge "allow full email addresses as usernames"

    Sitaram Chamarty authored
    Merge branch 'pu'
  2. compile: allow full email addresses as usernames

    Sitaram Chamarty authored
    we had usurped the email style syntax to separate multiple keys
    belonging to the same person, like sitaram@desktop.pub and
    sitaram@laptop.pub.  If you have so many users that you need the full
    email address to disambiguate some of them (or you want to do it for
    just plain convenience), you couldn't.
    
    This patch fixes that in a backward compatible way.  See
    doc/3-faq-tips-etc.mkd for details.
Commits on Dec 7, 2009
  1. @tmatilai

    Fix default configuration paths in documentation

    tmatilai authored Sitaram Chamarty committed
    Signed-off-by: Teemu Matilainen <teemu.matilainen@reaktor.fi>
Commits on Dec 5, 2009
  1. auth, compile, pm: good bit of refactoring

    Sitaram Chamarty authored
    all of this is prep for the upcoming, all-new, chrome-plated,
    "wildrepos" branch :)
    
      - many variables go to gitolite.pm now, and are "our"d into the other
        files as needed
      - new functions parse_acl, report_basic to replace inlined code
Commits on Dec 2, 2009
  1. easy install tail message was apparently too confusing

    Sitaram Chamarty authored
Commits on Dec 1, 2009
  1. compile: kill preceding space when killing comments

    Sitaram Chamarty authored
    consider:
    
        repo = "some desc" # some comment
    
    (and note that the regex for recognising a description expects that
    dblquote to be the *last* character on the line)
  2. compile: fix description and export-ok problem

    Sitaram Chamarty authored
        part of comment on b78a720:
        The only reason it's getting into master is because it looks cool!
    
    I hate it when something that looks cool doesn't work right :(
    
    creating a repo on gitolite-admin push is *needed* in order to get
    descriptions and export-ok files to work right
  3. update hook: allow multiple "refs" to be checked

    Sitaram Chamarty authored
  4. compile: allow PATH/foo and populate the hash correctly

    Sitaram Chamarty authored
  5. rebel edition -- cos when you need it, you need it bad :-)

    Sitaram Chamarty authored Sitaram Chamarty committed
    Summary: much as I did not want to use "excludes", I guess if we don't put the
    code in "master" it's OK to at least *write* (and test) the code!
    
    See the example config file for how to use it.
    
    See "design choices" section in the "faq, tips, etc" document for how it
    works.
Commits on Nov 27, 2009
  1. auth/compile: auto-vivify is default now, so:

    Sitaram Chamarty authored
    the "create a new repo" code moves from compile to auth.
    
    Only someone who has W access can create it, but he can do so even on a
    "R" operation (like clone or ls-remote).
    
    This is a pre-requisite for rebel's wildcard repos, where
    autovivification is the only way you can create arbitrary repos matching
    a pattern.
    
    The only reason it's getting into master is because it looks cool!
    
    ----
    
    OK that's a lie; the real reason is to keep the two branches as similar
    as possible, though they;ve diverged quite a bit since the "only
    one-line difference" days where "rebel" just meant "deny/exclude"
    rules!)
  2. compile, pm: factor out new repo creation

    Sitaram Chamarty authored
    ...also wrap_chdir, wrap_open, $ABRT, and $WARN
Something went wrong with that request. Please try again.