diff options
Diffstat (limited to 'src/triggers/post-compile')
-rwxr-xr-x | src/triggers/post-compile/ssh-authkeys-split | 43 | ||||
-rwxr-xr-x | src/triggers/post-compile/update-git-configs | 12 | ||||
-rwxr-xr-x | src/triggers/post-compile/update-git-daemon-access-list | 17 | ||||
-rwxr-xr-x | src/triggers/post-compile/update-gitweb-access-list | 29 | ||||
-rwxr-xr-x | src/triggers/post-compile/update-gitweb-daemon-from-options | 11 |
5 files changed, 61 insertions, 51 deletions
diff --git a/src/triggers/post-compile/ssh-authkeys-split b/src/triggers/post-compile/ssh-authkeys-split index b71f9eb..031bd07 100755 --- a/src/triggers/post-compile/ssh-authkeys-split +++ b/src/triggers/post-compile/ssh-authkeys-split @@ -18,13 +18,6 @@ # - assumes you don't have a subdir in keydir called "__split_keys__" -# - RUNNING "GITOLITE SETUP" WILL LOSE ALL THESE KEYS. So if you ever do -# that, you will then need to make a dummy push to the admin repo to add -# them back. If all your **admin** keys were in split keys, then you lost -# remote access. If that happens, log on to the server using "su - git" or -# such, then use the methods described in the "bypassing gitolite" section -# in "emergencies.html" instead of a remote push. - # SUPPORT # ------- # @@ -42,7 +35,29 @@ rm -rf __split_keys__ mkdir __split_keys__ export SKD=$PWD/__split_keys__ -find . -type f -name "*.pub" | while read k +# if we're coming from a gitolite-admin push, delete all *.multi, and rename +# all multi-line *.pub to *.multi +if [ "$GL_REPO" = "gitolite-admin" ] || [ "$GL_BYPASS_ACCESS_CHECKS" = "1" ] +then + find . -type f -name "*.multi" | while read k + do + rm -f "$k" + done + find . -type f -name "*.pub" | while read k + do + # is this a multi-key? + lines=`wc -l < $k` + case $lines in + (0|1) continue + esac + + base=`basename $k .pub` + mv $k $base.multi + done +fi + +# now process *.multi +find . -type f -name "*.multi" | while read k do # do we need to split? lines=`wc -l < $k` @@ -50,14 +65,16 @@ do (0|1) continue esac - # is it sane to split? - base=`basename $k .pub` + base=`basename $k .multi` + # sanity check echo $base | grep '@' >/dev/null && continue # ok do it - seq=1 + seq=0 while read line do + (( seq++ )) + [ -z "$line" ] && continue f=$SKD/$base@$seq.pub echo "$line" > $f # similar sanity check as main ssh-authkeys script @@ -66,9 +83,5 @@ do echo 1>&2 "ssh-authkeys-split: bad line $seq in keydir/$k" rm -f $f fi - (( seq++ )) done < $k - - # now delete the original file - rm $k done diff --git a/src/triggers/post-compile/update-git-configs b/src/triggers/post-compile/update-git-configs index bdb83ac..6eb2f46 100755 --- a/src/triggers/post-compile/update-git-configs +++ b/src/triggers/post-compile/update-git-configs @@ -17,13 +17,6 @@ my $RB = $rc{GL_REPO_BASE}; _chdir($RB); # ---------------------------------------------------------------------- -# skip if arg-0 is POST_CREATE and no arg-2 (user name) exists; this means -# it's been triggered by a *normal* (not "wild") repo creation, which in turn -# means a POST_COMPILE should be following so there's no need to waste time -# running this once for each new repo -exit 0 if @ARGV and $ARGV[0] eq 'POST_CREATE' and not $ARGV[2]; - -# ---------------------------------------------------------------------- # if called from POST_CREATE, we have only a single repo to worry about if ( @ARGV and $ARGV[0] eq 'POST_CREATE' ) { my $repo = $ARGV[1]; @@ -46,12 +39,15 @@ sub fixup_config { my $creator = creator($pr); my $gc = git_config( $pr, '.', 1 ); + my $ac = `git config --file $RB/$pr.git/config -l`; while ( my ( $key, $value ) = each( %{$gc} ) ) { next if $key =~ /^gitolite-options\./; $value =~ s/(@\w+)/expand_group($1)/ge if $rc{EXPAND_GROUPS_IN_CONFIG}; + my $lkey = lc $key; + next if $ac =~ /^\Q$lkey\E=\Q$value\E$/m; if ( $value ne "" ) { system( "git", "config", "--file", "$RB/$pr.git/config", $key, $value ); - } else { + } elsif ( $ac =~ /^\Q$lkey\E=/m ) { system( "git", "config", "--file", "$RB/$pr.git/config", "--unset-all", $key ); } } diff --git a/src/triggers/post-compile/update-git-daemon-access-list b/src/triggers/post-compile/update-git-daemon-access-list index 446b0da..ade97a8 100755 --- a/src/triggers/post-compile/update-git-daemon-access-list +++ b/src/triggers/post-compile/update-git-daemon-access-list @@ -11,21 +11,20 @@ use Gitolite::Common; use strict; use warnings; -# ---------------------------------------------------------------------- -# skip if arg-0 is POST_CREATE and no arg-2 (user name) exists; this means -# it's been triggered by a *normal* (not "wild") repo creation, which in turn -# means a POST_COMPILE should be following so there's no need to waste time -# running this once for each new repo -exit 0 if @ARGV and $ARGV[0] eq 'POST_CREATE' and not $ARGV[2]; - my $EO = "git-daemon-export-ok"; my $RB = $rc{GL_REPO_BASE}; -for my $d (`gitolite list-phy-repos | gitolite access % daemon R any`) { +my $cmd = "gitolite list-phy-repos"; +if ( @ARGV and $ARGV[0] eq 'POST_CREATE' ) { + # only one repo to do + $cmd = "echo $ARGV[1]"; +} + +for my $d (`$cmd | gitolite access % daemon R any`) { my @F = split "\t", $d; if ($F[2] =~ /DENIED/) { unlink "$RB/$F[0].git/$EO"; - } else { + } elsif (! -f "$RB/$F[0].git/$EO") { textfile( file => $EO, repo => $F[0], text => "" ); } } diff --git a/src/triggers/post-compile/update-gitweb-access-list b/src/triggers/post-compile/update-gitweb-access-list index 937226b..4085d59 100755 --- a/src/triggers/post-compile/update-gitweb-access-list +++ b/src/triggers/post-compile/update-gitweb-access-list @@ -11,13 +11,6 @@ # permissions changes for wild repos) and then you should not delete it. [ "$1" = "POST_CREATE" ] && [ "$4" != "perms" ] && rm -f $GL_REPO_BASE/$2.git/description 2>/dev/null -# ---------------------------------------------------------------------- -# skip if arg-1 is POST_CREATE and no arg-3 (user name) exists; this means -# it's been triggered by a *normal* (not "wild") repo creation, which in turn -# means a POST_COMPILE should be following so there's no need to waste time -# running this once for each new repo -[ "$1" = "POST_CREATE" ] && [ -z "$3" ] && exit 0; - plf=`gitolite query-rc GITWEB_PROJECTS_LIST` [ -z "$plf" ] && plf=$HOME/projects.list # since mktemp does not honor umask, we just use it to generate a temp @@ -25,11 +18,23 @@ plf=`gitolite query-rc GITWEB_PROJECTS_LIST` tmpfile=`mktemp $plf.tmp_XXXXXXXX` rm -f $tmpfile; -( - gitolite list-phy-repos | gitolite access % gitweb R any | grep -v DENIED - gitolite list-phy-repos | gitolite git-config -r % gitweb\\. -) | - cut -f1 | sort -u | sed -e 's/$/.git/' > $tmpfile +if [ "$1" = "POST_CREATE" ] && [ -n "$2" ] +then + # just one to be done + repo="$2" + grep -v "^$repo.git$" $plf > $tmpfile + if gitolite access -q $repo gitweb R any || gitolite git-config -q -r $repo gitweb\\. + then + echo "$repo.git" >> $tmpfile + fi +else + # all of them + ( + gitolite list-phy-repos | gitolite access % gitweb R any | grep -v DENIED + gitolite list-phy-repos | gitolite git-config -r % gitweb\\. + ) | + cut -f1 | sort -u | sed -e 's/$/.git/' > $tmpfile +fi [ -f $plf ] && perl -e "chmod ( ( (stat('$plf'))[2] & 07777 ), '$tmpfile')" mv $tmpfile $plf diff --git a/src/triggers/post-compile/update-gitweb-daemon-from-options b/src/triggers/post-compile/update-gitweb-daemon-from-options index 9b499b2..1f5fd26 100755 --- a/src/triggers/post-compile/update-gitweb-daemon-from-options +++ b/src/triggers/post-compile/update-gitweb-daemon-from-options @@ -1,5 +1,9 @@ #!/bin/sh +# TODO: look at the commit in which *this* line was added, and see the changes +# to the other scripts. We need to make those changes here also, but I'm too +# lazy right now. Plus I'm not even sure if anyone is using this! + # Update git-daemon and gitweb access using 'option' lines instead of special # usernames. @@ -21,13 +25,6 @@ # This is useful for people who don't like '@all' to be literally *all* users, # including gitweb and daemon, and can't/won't use deny-rules properly. -# ---------------------------------------------------------------------- -# skip if arg-1 is POST_CREATE and no arg-3 (user name) exists; this means -# it's been triggered by a *normal* (not "wild") repo creation, which in turn -# means a POST_COMPILE should be following so there's no need to waste time -# running this once for each new repo -[ "$1" = "POST_CREATE" ] && [ -z "$3" ] && exit 0; - # first do the gitweb stuff plf=`gitolite query-rc GITWEB_PROJECTS_LIST` |