Skip to content

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also .

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also .
...
  • 16 commits
  • 25 files changed
  • 0 commit comments
  • 4 contributors
Commits on Oct 10, 2012
@EugeneKay EugeneKay Fix spurious error in triggers/upstream
The initial fetch of a new repo which has 'upstream' read-only mirroring
configured will cause a spurious error concerning FETCH_HEAD not yet
existing. This silences the error.
896ada5
@sitaramc (minor) clarify that D only works on wild repos 3eefc06
Commits on Oct 27, 2012
@sitaramc (minor) bash -> sh changes in some non-core code
/bin/bash is muscle memory for me, although it appears that not too much
of the actual code is bash-specific, so it's reasonably easy to fix.
4eb8cd4
@sitaramc (test suite) stop using 'ls' to test for presence/absence of files/di…
…rectories

another of those "duh!  what was I thinking" moments, this specific one
being "why test that files/directories are created with the right user
and group IDs?  Shouldn't that be out of your control, as well as
totally unnecessary on a sane system?"
a802071
Commits on Oct 29, 2012
@tianon tianon fix for keysubdirs-as-groups sugar script to support "old style multi…
…-keys" for users
2aa129b
Commits on Oct 31, 2012
@sitaramc (minor fixups to some non-code parts) 70ad045
Commits on Nov 06, 2012
@sitaramc make sure gl-perms exists, even if it is empty...
I expect this to help if we optimise the rule generation by caching.
be61cd2
Commits on Nov 07, 2012
@sitaramc move %GL_REPO and %GL_CREATOR substitution into core
see usage example at the end of src/triggers/upstream
a509b20
Commits on Nov 08, 2012
@sitaramc some minor rearrangements of code...
why?  now that would be telling!
8a9564f
Commits on Nov 09, 2012
@sitaramc (minor) add quick and dirty timer code to Common.pm d491b53
Commits on Nov 10, 2012
@sitaramc help run some trigger programs in the background c03d107
Commits on Nov 13, 2012
gitolite tester gl-conf must be created even if the repo para has only config lines
(i.e., no access rules but only config lines)
16f2d9b
gitolite tester refex-expr: die when admin forgets to add the required line to the rc 57760d7
@sitaramc allow multi-line pubkeys; see code for doc 1f96180
Commits on Nov 14, 2012
@sitaramc Uggh; horrible inner loop screwing up all performance :-(
This might actually make the redis version unnecessary for most people!
And if it does, well shame on me for not instrumenting things at a more
granular level before going all "oh we need a cache!"

[In my defense, I blame redis for being such a sweet little tool that I
felt compelled to use it somehow!]

----

t/sequence failed because the test itself was in error; fixed.
d3d9396
@sitaramc v3.2 5f9789e
View
15 CHANGELOG
@@ -1,3 +1,18 @@
+2012-11-14 v3.2 major efficiency boost for large setups
+
+ optional support for multi-line pubkeys; see
+ src/triggers/post-compile/ssh-authkeys-split
+
+ bug fix for not creating gl-conf when repo para has only
+ config lines and no access rules
+
+ new 'bg' trigger command to put long jobs started from a
+ trigger into background
+
+ %GL_REPO and %GL_CREATOR now work for 'option's also
+
+ test suite now much more BSD friendly
+
2012-10-05 v3.1 (security) fix path traversal on wild repos
new %GL_CREATOR variable for git-config lines
View
18 README.txt
@@ -40,7 +40,7 @@ This file contains the following sections:
GIT-DAEMON
GITWEB
- CONTACT
+ CONTACT AND SUPPORT
LICENSE
------------------------------------------------------------------------
@@ -346,26 +346,22 @@ GITWEB
------------------------------------------------------------------------
-CONTACT
--------
-
- NOTE: Unless you have very good reasons, please use the mailing list below
- instead of mailing me personally. If you have to mail me, use the gmail
- address instead of my work address.
-
- Author: sitaramc@gmail.com, sitaram@atc.tcs.com
+CONTACT AND SUPPORT
+-------------------
- Mailing list for questions and general discussion:
+ Mailing list for support and general discussion:
gitolite@googlegroups.com
subscribe address: gitolite+subscribe@googlegroups.com
Mailing list for announcements and notices:
- gitolite-announce@googlegroups.com
subscribe address: gitolite-announce+subscribe@googlegroups.com
IRC: #git and #gitolite on freenode. Note that I live in India (UTC+0530
time zone).
+ Author: sitaramc@gmail.com, but please DO NOT use this for general support
+ questions. Subscribe to the list and ask there instead.
+
LICENSE
-------
View
5 src/VREF/COUNT
@@ -1,5 +1,4 @@
-#!/bin/bash
-# TODO: convert to perl!
+#!/bin/sh
# gitolite VREF to count number of changed/new files in a push
@@ -34,7 +33,7 @@ nf=
# $oldsha when you update an old feature branch from master and then push it
count=`git log --name-only $nf --format=%n $newtree --not --all | grep . | sort -u | perl -ne '}{print "$."'`
-[[ $count -gt $max ]] && {
+[ $count -gt $max ] && {
# count has been exceeded. If $9 was NO_SIGNOFF there's still a chance
# for redemption -- if the top commit has a proper signed-off by line
[ "$9" = "NO_SIGNOFF" ] && {
View
3 src/VREF/FILETYPE
@@ -1,5 +1,4 @@
-#!/bin/bash
-# TODO: convert to perl!
+#!/bin/sh
# gitolite VREF to find autogenerated files
View
2 src/VREF/VOTES
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
# gitolite VREF to count votes before allowing pushes to certain branches.
View
2 src/VREF/refex-expr
@@ -3,6 +3,8 @@ use strict;
use warnings;
my $rule = $ARGV[7];
+die "\n\nFATAL: GL_REFEX_EXPR_ doesn't exist\n(your admin probably forgot the rc file change needed for this to work)\n\n"
+ unless exists $ENV{"GL_REFEX_EXPR_" . $rule};
my $res = $ENV{"GL_REFEX_EXPR_" . $rule} || 0;
print "$ARGV[6] ($res)\n" if $res;
View
3 src/commands/D
@@ -18,7 +18,8 @@
# Usage: ssh git@host D <subcommand> <argument>
#
# The whimsically named "D" command deletes repos ("D" is a counterpart to the
-# "C" permission which lets you create repos!)
+# "C" permission which lets you create repos. Which also means that, just
+# like "C", it only works for wild repos).
#
# There are two kinds of deletions: 'rm' removes a repo completely, while
# 'trash' moves it to a trashcan which can be recovered later (upto a time
View
1 src/commands/fork
@@ -48,6 +48,7 @@ echo "$from forked to $to" >&2
cd $GL_REPO_BASE/$to.git
echo $GL_USER > gl-creator
+touch gl-perms
if gitolite query-rc -q DEFAULT_ROLE_PERMS
then
gitolite query-rc DEFAULT_ROLE_PERMS > gl-perms
View
17 src/lib/Gitolite/Common.pm
@@ -14,6 +14,8 @@ package Gitolite::Common;
gl_log
dd
+ t_start
+ t_lap
);
#>>>
use Exporter 'import';
@@ -70,6 +72,21 @@ sub dd {
dbg(@_);
}
+{
+ use Time::HiRes;
+ my %start_times;
+
+ sub t_start {
+ my $name = shift || 'default';
+ $start_times{$name} = [ Time::HiRes::gettimeofday() ];
+ }
+
+ sub t_lap {
+ my $name = shift || 'default';
+ return Time::HiRes::tv_interval( $start_times{$name} );
+ }
+}
+
sub _warn {
gl_log( 'warn', @_ );
if ( $ENV{D} and $ENV{D} >= 3 ) {
View
26 src/lib/Gitolite/Conf/Load.pm
@@ -32,6 +32,7 @@ our $data_version = '';
our %repos;
our %one_repo;
our %groups;
+our %patterns;
our %configs;
our %one_config;
our %split_conf;
@@ -70,8 +71,12 @@ sub access {
_die "invalid user '$user'" if not( $user and $user =~ $USERNAME_PATT );
sanity($repo);
- my $deny_rules = option( $repo, 'deny-rules' );
+ my @rules;
+ my $deny_rules;
+
load($repo);
+ @rules = rules( $repo, $user );
+ $deny_rules = option( $repo, 'deny-rules' );
# sanity check the only piece the user can control
_die "invalid characters in ref or filename: '$ref'\n" unless $ref =~ $REF_OR_FILENAME_PATT;
@@ -89,7 +94,6 @@ sub access {
return "$aa $ref $repo $user DENIED by existence";
}
- my @rules = rules( $repo, $user );
trace( 2, scalar(@rules) . " rules found" );
for my $r (@rules) {
my $perm = $r->[1];
@@ -164,6 +168,14 @@ sub git_config {
}
}
+ my($k, $v);
+ my $creator = creator($repo);
+ while (($k, $v) = each %ret) {
+ $v =~ s/%GL_REPO/$repo/g;
+ $v =~ s/%GL_CREATOR/$creator/g if $creator;
+ $ret{$k} = $v;
+ }
+
trace( 3, map { ( "$_" => "-> $ret{$_}" ) } ( sort keys %ret ) );
return \%ret;
}
@@ -296,9 +308,11 @@ sub load_1 {
sub memberships {
trace( 3, @_ );
my ( $type, $base, $repo ) = @_;
+ $repo ||= '';
+ my @ret;
my $base2 = '';
- my @ret = ( $base, '@all' );
+ @ret = ( $base, '@all' );
if ( $type eq 'repo' ) {
# first, if a repo, say, pub/sitaram/project, has a gl-creator file
@@ -313,8 +327,10 @@ sub memberships {
}
}
- for my $i ( keys %groups ) {
- if ( $base eq $i or $base =~ /^$i$/ or $base2 and ( $base2 eq $i or $base2 =~ /^$i$/ ) ) {
+ push @ret, @{ $groups{$base} } if exists $groups{$base};
+ push @ret, @{ $groups{$base2} } if $base2 and exists $groups{$base2};
+ for my $i ( keys %{ $patterns{groups} } ) {
+ if ( $base =~ /^$i$/ or $base2 and ( $base2 =~ /^$i$/ ) ) {
push @ret, @{ $groups{$i} };
}
}
View
25 src/lib/Gitolite/Conf/Store.pm
@@ -191,7 +191,7 @@ sub new_wild_repo {
trigger( 'PRE_CREATE', $repo, $user, $aa );
new_repo($repo);
_print( "$repo.git/gl-creator", $user );
- _print( "$repo.git/gl-perms", "$rc{DEFAULT_ROLE_PERMS}\n" ) if $rc{DEFAULT_ROLE_PERMS};
+ _print( "$repo.git/gl-perms", ( $rc{DEFAULT_ROLE_PERMS} ? "$rc{DEFAULT_ROLE_PERMS}\n" : "" ) );
trigger( 'POST_CREATE', $repo, $user, $aa );
_chdir( $rc{GL_ADMIN_BASE} );
@@ -258,15 +258,18 @@ sub store_1 {
# warning: writes and *deletes* it from %repos and %configs
my ($repo) = shift;
trace( 3, $repo );
- return unless $repos{$repo} and -d "$repo.git";
+ return unless ( $repos{$repo} or $configs{$repo} ) and -d "$repo.git";
my ( %one_repo, %one_config );
open( my $compiled_fh, ">", "$repo.git/gl-conf" ) or return;
- $one_repo{$repo} = $repos{$repo};
- delete $repos{$repo};
- my $dumped_data = Data::Dumper->Dump( [ \%one_repo ], [qw(*one_repo)] );
+ my $dumped_data = '';
+ if ($repos{$repo}) {
+ $one_repo{$repo} = $repos{$repo};
+ delete $repos{$repo};
+ $dumped_data = Data::Dumper->Dump( [ \%one_repo ], [qw(*one_repo)] );
+ }
if ( $configs{$repo} ) {
$one_config{$repo} = $configs{$repo};
@@ -285,6 +288,8 @@ sub store_common {
my $cc = "conf/gitolite.conf-compiled.pm";
my $compiled_fh = _open( ">", "$cc.new" );
+ my %patterns = ();
+
my $data_version = glrc('current-data-version');
trace( 3, "data_version = $data_version" );
print $compiled_fh Data::Dumper->Dump( [$data_version], [qw(*data_version)] );
@@ -298,7 +303,17 @@ sub store_common {
my %groups = %{ inside_out( \%groups ) };
$dumped_data = Data::Dumper->Dump( [ \%groups ], [qw(*groups)] );
print $compiled_fh $dumped_data;
+
+ # save patterns in %groups for faster handling of multiple repos, such
+ # as happens in the various POST_COMPILE scripts
+ for my $k (keys %groups) {
+ $patterns{groups}{$k} = 1 unless $k =~ $REPONAME_PATT;
+ }
}
+
+ $dumped_data = Data::Dumper->Dump( [ \%patterns ], [qw(*patterns)] ) if %patterns;
+ print $compiled_fh $dumped_data;
+
print $compiled_fh Data::Dumper->Dump( [ \%split_conf ], [qw(*split_conf)] ) if %split_conf;
close $compiled_fh or _die "close compiled-conf failed: $!\n";
View
4 src/lib/Gitolite/Rc.pm
@@ -58,7 +58,7 @@ $UNSAFE_PATT = qr([`~#\$\&()|;<>]);
# find the rc file and 'do' it
# ----------------------------------------------------------------------
-my $current_data_version = "3.0";
+my $current_data_version = "3.2";
my $rc = glrc('filename');
if (-r $rc and -s $rc) {
@@ -425,7 +425,7 @@ __DATA__
],
# comment out or uncomment as needed
- # these will run in sequence after a new wild repo is created
+ # these will run in sequence after a new repo is created
POST_CREATE =>
[
'post-compile/update-git-configs',
View
2 src/syntactic-sugar/keysubdirs-as-groups
@@ -20,7 +20,7 @@ sub groupnames {
my @out = ();
my %members = ();
for my $pk (`find ../keydir/ -name "*.pub"`) {
- next unless $pk =~ m(.*/([^/]+)/([^/]+)\.pub$);
+ next unless $pk =~ m(.*/([^/]+)/([^/]+?)(?:@[^./]+)?\.pub$);
next if $1 eq 'keydir';
$members{$1} .= " $2";
}
View
17 src/triggers/bg
@@ -0,0 +1,17 @@
+#!/bin/bash
+
+# quick and dirty program to background any of the triggers programs that are
+# taking too long. To use, just replace a line like
+# 'post-compile/update-gitweb-access-list',
+# with
+# 'bg post-compile/update-gitweb-access-list',
+
+# We dump output to a file in the log directory but please keep in mind this
+# is not a "log" so much as a redirection of the entire output.
+
+echo `date` $GL_TID "$0: $@" >> $GL_LOGFILE.bg
+
+path=${0%/*}
+script=$path/$1; shift
+
+( ( $script "$@" < /dev/null >> $GL_LOGFILE.bg 2>&1 & ) )
View
59 src/triggers/post-compile/ssh-authkeys-split
@@ -0,0 +1,59 @@
+#!/bin/bash
+
+# split multi-key files into separate keys like ssh-authkeys likes
+
+# WHY
+# ---
+#
+# Yeah I wonder that too, when it's so much more maintainable to keep the damn
+# keys as sitaram@home.pub and sitaram@work.pub or such. But there's no
+# accounting for tastes, and some old fogies apparently want to put all of a
+# user's keys into a single ".pub" file.
+
+# WARNINGS AND CAVEATS
+# --------------------
+#
+# - assumes no "@" sign in basenames of any multi-key files (single line file
+# may still have them)
+# - assumes you don't have a subdir in keydir called "__split_keys__"
+# - God help you if you try to throw in a putty key in there.
+
+# SUPPORT
+# -------
+#
+# NONE. Mainly because I **know** someone will throw in a putty key. I just
+# know it.
+
+# USAGE
+# -----
+#
+# add it to the POST_COMPILE trigger list in the rc file, but *before* the
+# ssh-authkeys program entry.
+
+cd $GL_ADMIN_BASE/keydir
+
+rm -rf __split_keys__
+mkdir __split_keys__
+export SKD=$PWD/__split_keys__
+
+find . -type f -name "*.pub" | while read k
+do
+ # do we need to split?
+ lines=`wc -l < $k`
+ [ "$lines" = "1" ] && continue
+
+ # is it sane to split?
+ base=`basename $k .pub`
+ echo $base | grep '@' >/dev/null && continue
+
+ # ok do it
+ seq=1
+ while read line
+ do
+ echo "$line" > $SKD/$base@$seq.pub
+ (( seq++ ))
+ done < $k
+
+ # now delete the original file
+ rm $k
+done
View
2 src/triggers/post-compile/update-description-file
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
# For normal (not "wild") repos, gitolite v3 sets 'gitweb.description' instead
# of putting the text in the "description" file. This is easier because it
View
2 src/triggers/post-compile/update-git-configs
@@ -49,8 +49,6 @@ sub fixup_config {
while ( my ( $key, $value ) = each( %{$gc} ) ) {
next if $key =~ /^gitolite-options\./;
if ( $value ne "" ) {
- $value =~ s/%GL_REPO/$pr/g;
- $value =~ s/%GL_CREATOR/$creator/g if $creator;
system( "git", "config", "--file", "$RB/$pr.git/config", $key, $value );
} else {
system( "git", "config", "--file", "$RB/$pr.git/config", "--unset-all", $key );
View
30 src/triggers/upstream
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
# manage local, gitolite-controlled, copies of read-only upstream repos.
@@ -11,7 +11,7 @@ cd $GL_REPO_BASE/$repo.git || exit 1
[ "$1" != "fetch" ] && {
nice=$(gitolite git-config $repo gitolite-options.upstream.nice)
- [ -n "$nice" ] && find FETCH_HEAD -mmin -$nice | grep . >/dev/null && exit 0
+ [ -n "$nice" ] && find FETCH_HEAD -mmin -$nice 2>/dev/null | grep . >/dev/null && exit 0
}
git fetch -q "$url" '+refs/*:refs/*'
@@ -44,3 +44,29 @@ git fetch -q "$url" '+refs/*:refs/*'
# * if the upstream URL changes, just change the conf and push admin repo
# * the 'nice' setting is in minutes and is optional; it is the minimum
# elapsed time between 2 upstream fetches.
+
+# USAGE EXAMPLE:
+#
+# Let's say you want to keep a read-only local mirror of all your github repos
+# on your local gitolite installation. Assuming your github usernames are the
+# same as your local usernames, and you have updated GIT_CONFIG_KEYS in the rc
+# file to allow 'config' lines, you can do this:
+#
+# repo github/CREATOR/..*
+# C = @all
+# R = @all
+# option upstream.url = git://github.com/%GL_REPO.git
+# option upstream.nice = 120
+# config url.git://github.com/.insteadOf = git://github.com/github/
+#
+# Now you can make local, read-only, clones of all your github repos with
+#
+# git ls-remote gitolite:github/sitaramc/gitolite
+# git ls-remote gitolite:github/sitaramc/hap
+# (etc)
+#
+# and if milki were also a user on this gitolite instance, then
+#
+# git ls-remote gitolite:github/milki/xclip
+# git ls-remote gitolite:github/milki/ircblogger
+# (etc)
View
7 t/0-me-first.t
@@ -11,7 +11,7 @@ my $rb = `gitolite query-rc -n GL_REPO_BASE`;
# initial smoke tests
# ----------------------------------------------------------------------
-try "plan 73";
+try "plan 71";
# basic push admin repo
confreset;confadd '
@@ -33,12 +33,11 @@ try "
cd ..
glt clone u1 file://aa u1aa; ok; /Cloning into 'u1aa'.../
/warning: You appear to have cloned an empty repository/
- ls -ald --time-style=long-iso u1aa;
- ok; /drwxr-xr-x 3 $ENV{USER} $ENV{USER} \\d+ 201.-..-.. ..:.. u1aa/
+ [ -d u1aa ]; ok
# basic clone deny
glt clone u4 file://aa u4aa; !ok; /R any aa u4 DENIED by fallthru/
- ls -ald u4aa; !ok; /ls: cannot access u4aa: No such file or directory/
+ [ -d u4aa ]; !ok
# basic push
cd u1aa; ok
View
4 t/basic.t
@@ -10,7 +10,7 @@ use Gitolite::Test;
# ----------------------------------------------------------------------
try "
- plan 218
+ plan 217
CHECK_SETUP
# subtest 1
@@ -77,7 +77,7 @@ try "
/fatal: The remote end hung up unexpectedly/
CLONE u2 t1; ok; gsh
/warning: You appear to have cloned an empty repository./
- ls -al t1; ok; /$ENV{USER}.*$ENV{USER}.*\.git/
+ [ -d t1/.git ]; ok
cd t1; ok;
# push
View
3 t/fork.t
@@ -61,7 +61,8 @@ try "
my $t;
try "cd $rb; find . -name gl-perms"; $t = md5sum(sort (lines())); cmp $t,
-'59b3a74b4d33c7631f08e75e7b60c7ce ./foo/u1/u1a2.git/gl-perms
+'d41d8cd98f00b204e9800998ecf8427e ./foo/u1/u1a.git/gl-perms
+59b3a74b4d33c7631f08e75e7b60c7ce ./foo/u1/u1a2.git/gl-perms
59b3a74b4d33c7631f08e75e7b60c7ce ./foo/u1/u1e.git/gl-perms
';
View
6 t/merge-check.t
@@ -9,7 +9,7 @@ use Gitolite::Test;
# merge check -- the M flag
# ----------------------------------------------------------------------
-try "plan 57";
+try "plan 55";
confreset;confadd '
repo foo
@@ -25,15 +25,15 @@ try "ADMIN_PUSH set1; !/FATAL/" or die text();
try "
cd ..
- ls -al foo; !ok; /cannot access foo: No such file or directory/
+ [ -d foo ]; !ok
glt clone u1 file:///foo
ok; /Cloning into/
/You appear to have cloned an empty/
";
try "
cd foo; ok
- ls -Al; ok; /\.git/
+ [ -d .git ]; ok
test-commit aa; ok; /1 file changed, 1 insertion/
tag start; ok
glt push u1 origin master
View
2 t/sequence.t
@@ -55,7 +55,7 @@ try "
confreset;confadd '
@staff = u1 u2 u3
- @gfoo = foo/CREATOR/.+
+ @gfoo = foo/CREATOR/..*
repo @gfoo
C = u1
RW+ = CREATOR
View
6 t/vrefs-1.t
@@ -9,7 +9,7 @@ use Gitolite::Test;
# VREFs - part 1
# ----------------------------------------------------------------------
-try "plan 90";
+try "plan 88";
put "conf/gitolite.conf", "
repo gitolite-admin
@@ -32,11 +32,11 @@ put "conf/gitolite.conf", "
try "
ADMIN_PUSH vr1a
cd ..
- ls -al foo; !ok; /cannot access foo: No such file or directory/
+ [ -d foo ]; !ok
CLONE u1 foo; ok; /Cloning into/
/You appear to have cloned an empty/
cd foo; ok
- ls -Al; ok; /\.git/
+ [ -d .git ]; ok
# VREF not called for u1
tc a1 a2 a3 a4 a5; ok; /aaf9e8e/
View
6 t/vrefs-2.t
@@ -9,7 +9,7 @@ use Gitolite::Test;
# VREFs - part 2
# ----------------------------------------------------------------------
-try "plan 74";
+try "plan 72";
put "../gitolite-admin/conf/gitolite.conf", "
\@gfoo = foo
@@ -32,11 +32,11 @@ try "
ADMIN_PUSH vr2a
cd ..
# setup
- ls -al foo; !ok; /cannot access foo: No such file or directory/
+ [ -d foo ]; !ok
CLONE u1 foo; ok; /Cloning into/
/You appear to have cloned an empty/
cd foo; ok
- ls -Al; ok; /\.git/
+ [ -d .git ]; ok
# u1 push 15 new files
tc a b c d e f g h i j k l m n o

No commit comments for this range

Something went wrong with that request. Please try again.