Permalink
Commits on Oct 16, 2010
  1. update CHANGELOG

    committed Oct 16, 2010
Commits on Oct 8, 2010
  1. info leak prevention can be a little more friendly

    and acquire some German formality while you're about it ;-)
    committed Oct 7, 2010
Commits on Oct 7, 2010
  1. new method for passing usergroup info (warning: minor backward compat…

    … breakage)
    
    The old method of passing in usergroup info had some problems, which are
    now fixed.  It is also much easier to use now -- no more "wrapper"
    script, plus it should work identially whether you use sshd or httpd.
    
    See doc/big-config.mkd for details on the new method.
    
    ----
    
    Notes on problems with the old method:
    
    The old method for passing in usergroup info consisted of tacking them
    on as extra arguments to gl-auth-command, after the username.
    
    However, there are some problems with this method.
    
    Some actions in gitolite look for permissions for users other than the
    invoking user.  Determining permissions for gitweb and daemon is one.
    An admin asking for "info" on some other user, is another.
    
    However, the list of groups sent in via the command line
    pertains only to the invoking user, so these actions don't work
    correctly.  They may even pick up the wrong permissions.
    
    What it all boils down to is that we need group information for any user
    dynamically, instead of being passed a (static) list just for the
    invoking user.
    committed Oct 7, 2010
Commits on Oct 6, 2010
  1. (minor glitch in sudo adc)

    thanks to jeff for finding it...
    committed Oct 6, 2010
  2. "sudo" adc

    The sudo adc should make life easier for any admin wishing to run an adc
    as some other user.
    
    As a result, the rmrepo adc also goes back to its simple roots.  Now you
    just run it via the sudo adc if you (as gitolite admin) needs to rmrepo
    some user's repo.
    committed Oct 6, 2010
  3. gl-reflog adc: tighten permissions checks

      - dont do anything if he doesn't even have read access
      - move the GL_USER check to the right place!  (to when you actually
        will be doing something)
    
    That spurious check for GL_USER that we (re)moved would not only have
    shown an incomplete set of log lines, it would have made the wrong log
    line look like the "last" one.  (No real harm would result, of course,
    since the update-ref would blow up due to the actual SHA being something
    other than what it was expecting, but it would be confusing to the user)
    committed Oct 6, 2010
  4. tighten up argument handling in ADCs even more

    More and more people are using ADCs, which I originally wrote just for
    adventure-loving people ;-)
    committed Oct 6, 2010
Commits on Oct 5, 2010
Commits on Oct 4, 2010
  1. progit doc...

    thanks to tsgarp for making me think about adding this caution
    committed Oct 4, 2010
Commits on Oct 3, 2010
Commits on Oct 2, 2010
  1. tighten permissions on install

      - hardcode 0700 mode for GL_ADMINDIR tree (thanks to ma at
        ibitsense.com) for catching this
      - honor REPO_UMASK for GL_REPO_BASE_ABS creation
      - plus a minor doc update
    committed Oct 1, 2010
Commits on Sep 28, 2010
  1. (doc) who-uses-it

    committed Sep 28, 2010
  2. gitosis migr doc update to handle user@foo type keys

    thanks to frogonwheels for catching this...
    committed Sep 28, 2010
Commits on Sep 24, 2010
  1. added support for a post-repo-create hook (gl-post-init)

    ...some people want to run a special function after a repo is created
    committed Sep 24, 2010
  2. (minor) doc updates

    inspired by various denizens of #git and the internet at large
    committed Sep 20, 2010
Commits on Sep 23, 2010
  1. wildrepos doc badly needed update due to new features:

      - 79f0a5f ("(big one!) more than one wildcard may match a repo...")
        makes some of the dire warnings about this irrelevant
      - d1d2c3e and ad64f99 ("git config settings in wild repos: part 1" and
        "...part 2") makes this caveat also useless
    
    While we were about it, we added a quick intro and tried to make some
    other details a little clearer.
    committed Sep 23, 2010
Commits on Sep 9, 2010
  1. towel needed more clarity

    for people who don't get the continual reference to towels when talking
    about the "gl-dont-panic" program, all I can say is that your education
    is incomplete ;-)
    committed Sep 9, 2010
Commits on Sep 8, 2010
  1. (http) https tested

    committed Sep 8, 2010
Commits on Sep 6, 2010
  1. (http) first level error reporting now works

    I didn't know that remote-curl.c requires 200 OK even if you want to
    report an error.
    
    With Ilari's patch at [1] you'll get a more readable message but it is
    still good enough now.
    
    [1]: http://permalink.gmane.org/gmane.comp.version-control.git/155464
    committed Sep 6, 2010
Commits on Sep 5, 2010
  1. (http) gitolite without ssh? smart http support is here!

    As usual there's more documentation than code.
    
    Unlike usual, however, this isn't completely tested.  Please read the
    documentation for details of what works, what doesn't, what has been
    tested, what hasn't, and so on.
    committed Sep 5, 2010
  2. (http) gl-setup changes...

      - only admin name needed, not pubkey file
      - setup HOME from GITOLITE_HTTP_HOME
    committed Sep 5, 2010
  3. (http) issues of $HOME, startup (birth!), and death

      - deal with issues of HOME not being available...
      - "where_is_rc" finally has a purpose; see comment block before
        function
    committed Sep 5, 2010
  4. (http) auth: handle REQUEST_URI and friends

    TODO: if the verb doesn't actually contain "git-receive-pack", I am
    assuming it is some sort of read.  The list in services[] in
    http-backend.c does not seem to look like any other verb is a "write";
    need to check this with someone.
    
    For normal git commands:
      - PATH_INFO gives you the repo name
      - REQUEST_URI gives you the verb
      - we construct a fake SSH_ORIGINAL_COMMAND so the rest of the
        processing does not have to change
    
    For our special commands:
      - PATH_INFO is actually the verb
      - QUERY_STRING has the parameters
      - we again fake out the SSH_ORIGINAL_COMMAND
      - we print the extra HTTP headers in anticipation of the actual output
    
    Either way, we also fake out the SSH_CONNECTION so that the IP address
    can get logged ok
    
    And of course REMOTE_USER is now the incoming userid
    
    Finally, at the end, we exec GIT_HTTP_BACKEND instead of the normal one
    committed Sep 5, 2010
Commits on Sep 4, 2010
  1. refactored and lifted out the line parse part from inside parse_conf_…

    …file
    
    adapted from code by kpfleming@digium.com.  I basically cherry-picked
    the top commit on "pu-work" (30068d1) on his fork at github, and made
    some minor fixups to it
    committed Sep 4, 2010
Commits on Sep 3, 2010
  1. more doc revamp; some notes below

      - all anchors prefixed by AUTO_ now
      - some bad links fixed (maybe still a few I didn't catch)
      - misc wording changes/additions (support section to README,
        "technical skills" section to install doc, etc).
    committed Sep 2, 2010