Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Commits on Apr 22, 2010
  1. the most common problems an admin will see

    authored
    an admin who refuses to read messages that show up on the screen, that is ;-)
Commits on Apr 20, 2010
  1. Merge branch 'master' into pu

    authored
  2. (security) a different fix in place of 5fd9328

    authored
    SECURITY NOTE: if you deleted or renamed a pubkey file after 5fd9328
    went in (April 12th), please:
    
      - upgrade asap, then
      - go to your latest gitolite-admin clone and "git push -f"
    
    Otherwise this is not urgent.
    
    5fd9328 (and its minor successor 813a2a9) were about preventing the
    gitolite admin from sneaking in files to src/ and hooks/ into
    $GL_ADMINDIR.  It seemed easy enough to do this by converting the
    path-less checkout to a with-paths checkout, but this has caused a worse
    problem -- deleting a keydir/foo.pub now no longer has an effect; the
    file still hangs around in the work tree.
    
    Ouch!  (and thanks to teukka for noticing)
    
    We now do this check as a separate step, so the checkout can revert to
    being path-less.
Commits on Apr 19, 2010
  1. WARNING: WE NOW REFUSE TO RUN IF GIT ON THE SERVER IS < 1.6.2

    authored
    I just got tired of supporting old gits.  Sorry.  Had to happen sooner
    or later.
    
    I know you feel upset right now but later you'll thank me.
Commits on Apr 16, 2010
  1. make "expand" also print version, like "info" does

    authored
    (thanks to Ilari for catching this)
  2. @sschuberth

    Do not override the SSH port if standard port 22 is used

    sschuberth authored committed
    Always passing "-p 22" to ssh (or "-P 22" to scp) if no custom port is given on
    the command line causes trouble when not using a host name but an SSH session
    name (as defined in .ssh/config) which defines a non-standard port, because the
    port given on the command line overrides that port.
    
    Signed-off-by: Sebastian Schuberth <sschuberth@gmail.com>
Commits on Apr 15, 2010
  1. "D" must be combined with RW or RW+ (warning: minor backward compat b…

    authored
    …reakage)
    
    Having to specify "D" separately from RW or RW+ was cumbersome, and
    although I don't actually use this feature, I can see the point.
    
    One way to think of this is:
    
      - RW and RW+ were the only existing branch level rights
      - it doesnt make sense to have D rights without W (hence RW) rights
      - so we simply suffix a D to these if required.
    
    Thus you can have RW, RW+, RWD, RW+D.
    
    I hope the (hopefully few) of you who have started to use this feature
    will convert your configs when you next upgrade to "pu".
    
    I now regret pushing the previous syntax to master too quickly -- lots
    of people use master only, and on the next promotion of pu the syntax
    will change.  To reduce this exposure, this change will be promoted to
    master very soon.
Commits on Apr 14, 2010
  1. (minor) document what to do when you have *two* gits

    authored
    ...and the wrong one ends up runing
  2. (minor fixup)

    authored
  3. added gerrit comparision

    authored
Commits on Apr 13, 2010
  1. document the change in a982446

    authored
    (thanks to Eli for catching this!)
  2. changelog for v1.4

    authored
  3. allow user to define filenames that our hooks chain to

    authored
    (although the defaults are still update.secondary and
    post-update.secondary if you don't do anything)
Commits on Apr 12, 2010
  1. (ls-tree has --name-only now!)

    authored
    thanks to Teukka for pointing it out
  2. "accidental [mis]feature" -- yet another admin->shell hole blocked!

    authored
    This is a pretty big hole, really.  Only the fact that Eli called it an
    "accidental feature" helped catch it :)
    
    Notes on the code:
    
    An explicit list of paths -- maybe just "conf", "keydir", and "local" --
    would have been easier, but this isn't too bad, I think.
Commits on Apr 10, 2010
  1. document how to create multiple gitolite instances on one server...

    authored
    ...and provide a pointer from the delegations doc for people taking
    delegation too far ;-)
Commits on Apr 9, 2010
  1. bypass update hook if GL_BYPASS_UPDATE_HOOK is available in ENV

    authored
    people with shell access should be allowed to bypass the update hook, to
    allow them to clone locally and push.  You can now do this by setting an
    env var that the ssh "front door" will never set, like so:
    
        GL_BYPASS_UPDATE_HOOK=1 git push
    
    Note that this will NOT work for the gitolite-admin repo, because the
    post-update hook on that one requires a bit more.  If you really want to
    do that, try:
    
        GL_ADMINDIR=~/.gitolite GL_BINDIR=~/.gitolite/src GL_BYPASS_UPDATE_HOOK=1 git push
    
    (assuming default values in ~/.gitolite.rc)
  2. new server-side program "gl-tool", subcommand "shell-add"

    authored
    Previous implementations of "give shell access to some gitolite users"
    feature were crap.  There was no easy/elegant way to ensure that someone
    who had repo admin access would not manage to get himself shell access.
    
    Giving someone shell access requires that you should have shell access
    in the first place, so the simplest way is to enable it from the server
    side only.
    
    So now that we decided to do that, we may as well prepare for other,
    future, commands by starting a server-side utility program with
    sub-commands (the only current one being "shell-add")
  3. security: gitolite admin can get shell access by using screwy pubkey …

    authored
    …name
    
    example: keydir/sitaram@$(some-dangerous-command; echo hi).pub
    
    (still won't get the reward; that is only if a non-admin user gets
    privs!)
Commits on Mar 31, 2010
  1. allow 'D' for @all repos

    authored
    ...so that the new semantics can be made system-default if someone wants
    to do that
Commits on Mar 30, 2010
  1. compile/update: new "D" permission

    authored
    normally, RW+ means permission to rewind or delete.
    
    Now, if you use "D" permission anywhere in a repo config, that means
    "delete" and RW+ then means only "rewind", no delete.
Commits on Mar 29, 2010
  1. auth, gitolite.pm: do not leak info about repo existence

    authored
    All this is about a user trying to look if a repo exists or not, when he
    does not have any access to that repo.  Ideally, "repo does not exist"
    should be indistinguishable from "you dont have perms to that repo".
    
    (1) if $GL_WILDREPOS is not set, you either get a permissions error, or
        a "$repo not found in compiled config" death.  Fixed.
    
    (2) if $GL_WILDREPOS is set, you either get either a permissions error,
        or a "$repo has no matches" death.  Fixed.
    
    (3) The following combination leaks info about repo existence:
    
          - actual repo doesn't exist
          - spying user don't have C perms
          - repo patt doesn't contain CREATER
          - RW+ = CREATER is specified (as is normal)
    
        In such case, the "convenience copy" of the ACL that parse_acl
        makes, coupled with substituting CREATER for the invoking user means
        $repos{$actual_repo} has RW+ for the spying user.  This means the
        access denied doesn't happen, and control passes to git, which
        promptly expresses it unhappiness and angst over being given a repo
        that 'does not appear to be a git repository'
    
        This doesn't happen if all those conditions are not met:
    
          - if repo exists, CREATER is set to the real creater, so RW+ =
            CREATER does not gain spying user anything
          - if spying user has C perms it just gets created, because he has
            rights.  This is also info leak but we can't prevent it; tighten
            the config (maybe by including CREATER in repo pattern) if this
            is not wanted
          - if repo patt contains CREATER it will never match someone else's
            repo anyway!
Commits on Mar 28, 2010
  1. doc/4: added "how it actually works" section

    authored
    thanks to Ilari for helping fix a bug (see previous commit) and then
    prompting this documentation
Commits on Mar 27, 2010
  1. auth: do not implicitly assign RW access for creaters

    authored
    a configuration like this:
    
        repo CREATER/.*
            C       =   CREATER
            RW+     =   WRITERS
    
    was buggy; CREATER was implicitly part of WRITERS so he got RW
    permissions implicitly, so the push went through
Commits on Mar 26, 2010
  1. silly little PATH bug...

    authored
    what this means is that until now, everyone who used easy-install
    (without needing to set $GIT_PATH in the rc file) had a client-side PATH
    that was perfectly valid on the server side also!
  2. @all for repos is now much cleaner; a true @all...

    authored
      - no need to put it at the end of the config file now, yeaaay!
      - @all for @all is meaningless and not supported.  People asking will
        be told to get a life or use git-daemon.
      - NAME/ limits for @all repos is ignored for efficiency reasons.
Something went wrong with that request. Please try again.