diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/VREF/MERGE-CHECK | 4 | ||||
| -rwxr-xr-x | src/commands/access | 10 | ||||
| -rwxr-xr-x | src/commands/compile-template-data | 101 | ||||
| -rwxr-xr-x | src/commands/info | 16 | ||||
| -rwxr-xr-x | src/gitolite | 5 | ||||
| -rwxr-xr-x | src/gitolite-shell | 23 | ||||
| -rw-r--r-- | src/lib/Gitolite/Common.pm | 20 | ||||
| -rw-r--r-- | src/lib/Gitolite/Conf.pm | 10 | ||||
| -rw-r--r-- | src/lib/Gitolite/Conf/Load.pm | 9 | ||||
| -rw-r--r-- | src/lib/Gitolite/Conf/Store.pm | 18 | ||||
| -rw-r--r-- | src/lib/Gitolite/Conf/Sugar.pm | 1 | ||||
| -rw-r--r-- | src/lib/Gitolite/Hooks/Update.pm | 2 | ||||
| -rw-r--r-- | src/lib/Gitolite/Triggers/Mirroring.pm | 1 | ||||
| -rw-r--r-- | src/lib/Gitolite/Triggers/TProxy.pm | 1 | ||||
| -rwxr-xr-x | src/triggers/expand-deny-messages | 14 | ||||
| -rwxr-xr-x | src/triggers/post-compile/ssh-authkeys-split | 43 | ||||
| -rwxr-xr-x | src/triggers/post-compile/update-git-configs | 12 | ||||
| -rwxr-xr-x | src/triggers/post-compile/update-git-daemon-access-list | 17 | ||||
| -rwxr-xr-x | src/triggers/post-compile/update-gitweb-access-list | 29 | ||||
| -rwxr-xr-x | src/triggers/post-compile/update-gitweb-daemon-from-options | 11 | ||||
| -rwxr-xr-x | src/triggers/repo-specific-hooks | 28 | ||||
| -rwxr-xr-x | src/triggers/upstream | 8 |
22 files changed, 284 insertions, 99 deletions
diff --git a/src/VREF/MERGE-CHECK b/src/VREF/MERGE-CHECK index 07f0351..a70fe23 100644 --- a/src/VREF/MERGE-CHECK +++ b/src/VREF/MERGE-CHECK @@ -9,9 +9,9 @@ use warnings; # usage in conf/gitolite.conf goes like this: -# - VREF/MERGE_CHECK/master = @all +# - VREF/MERGE-CHECK/master = @all # # reject only if the merge commit is being pushed to the master branch -# - VREF/MERGE_CHECK = @all +# - VREF/MERGE-CHECK = @all # # reject merge commits to any branch my $ref = $ARGV[0]; diff --git a/src/commands/access b/src/commands/access index f02e533..7d4a5b9 100755 --- a/src/commands/access +++ b/src/commands/access @@ -51,7 +51,7 @@ $ref ||= 'any'; # fq the ref if needed $ref =~ s(^)(refs/heads/) if $ref and $ref ne 'any' and $ref !~ m(^(refs|VREF)/); _die "invalid perm" if not( $aa and $aa =~ /^(R|W|\+|C|D|M|\^C)$/ ); -_die "invalid ref name" if not( $ref and $ref =~ $REPONAME_PATT ); +_die "invalid ref name" if not( $ref and $ref =~ $REF_OR_FILENAME_PATT ); my $ret = ''; @@ -61,6 +61,9 @@ if ( $repo ne '%' and $user ne '%' ) { show($ret) if $s; + # adjust for fallthru in VREFs + $ret =~ s/DENIED by fallthru/allowed by fallthru/ if $ref =~ m(^VREF/); + if ( $ret =~ /DENIED/ ) { print "$ret\n" unless $q; exit 1; @@ -85,8 +88,9 @@ while (<>) { sub adjust_aa { my ($repo, $aa) = @_; - $aa = '+' if $aa eq 'C' and not option($repo, 'CREATE_IS_C'); + $aa = 'W' if $aa eq 'C' and not option($repo, 'CREATE_IS_C'); $aa = '+' if $aa eq 'D' and not option($repo, 'DELETE_IS_D'); + $aa = 'W' if $aa eq 'M' and not option($repo, 'MERGE_CHECK'); return $aa; } @@ -103,7 +107,7 @@ sub show { p => skipped due to perm (W, +, etc) not matching, D => explicitly denied, A => explicitly allowed, - F => denied due to fallthru (no rules matched) + F => fallthru; access denied for normal refs, allowed for VREFs "; diff --git a/src/commands/compile-template-data b/src/commands/compile-template-data new file mode 100755 index 0000000..e4ef86e --- /dev/null +++ b/src/commands/compile-template-data @@ -0,0 +1,101 @@ +#!/usr/bin/perl +use strict; +use warnings; + +# read template data to produce gl-perms and gl-repo-groups files in each +# $repo dir. Create the repo if needed, using the wild repos create logic +# (with a "creator" of "gitolite-admin"!), though they're not really wild +# repos. + +# see rule-templates.html in the gitolite documentation site. + +# pure text manipulation (and very little of that!), no git or gitolite +# functions, no access checks, no possibility of a performance drama (or at +# least not a *complex* performance drama) + +use lib $ENV{GL_LIBDIR}; +use Gitolite::Rc; +use Gitolite::Common; +use Gitolite::Conf::Load; +use Gitolite::Conf::Store; + +my $rb = $rc{GL_REPO_BASE}; + +@ARGV = `find $rc{GL_ADMIN_BASE}/conf -type f -name "*.conf" | sort`; chomp(@ARGV); +# we don't see the files in the exact same order that gitolite compile sees +# them, but we don't need to, for the data we are interested in (as long as +# you don't break up one repo's data across multiple files!) + +# XXX We also potentially see more; a conf file may be in the directory, but +# not pulled in via an 'include' or 'subconf', so it doesn't exist as far as +# 'gitolite compile' is concerned, but here we *do* pull it in. + +my $repos = ''; +my $perms = ''; +my $list = ''; # list of templates to apply +my $lip = ''; # line in progress +while (<>) { + chomp; + next unless /^=begin template-data$/ .. /^=end$/ and not /^=(begin|end)/; + + next unless /\S/; + next if /^\s*#/; + + s/\t/ /g; # all the same to us + + # handle continuation lines (backslash as last character) + if (/\\$/) { + s/\\$//; + $lip .= $_; + next; + } + $_ = $lip . $_; + $lip = ''; + + _warn("bad line: $_"), next if m([^ \w.\@/=-]); # silently ignore lines that have characters we don't need + if (/^\s*repo\s+(\S.*)=\s*(\S.*)$/) { + flush($repos, $list, $perms); + $repos = $1; + $perms = ''; + $list = $2; + + } elsif (/^\s*(\S+)\s*=\s*(\S.*)$/) { + $perms .= "$1 = $2\n"; + } else { + # probably a blank line or a comment line. If not, well *shrug* + } +} +flush($repos, $list, $perms); + +sub flush { + my ($r, $l, $p) = @_; + return unless $r and $l and $p; + $l =~ s/\s+/ /g; + + my @r = split ' ', $r; + while (@r) { + my $r1 = shift @r; + if ($r1 =~ m(^@)) { + my @g = @{ Gitolite::Conf::Load::list_members($r1) }; + _warn "undefined group '$r1'" unless @g; + unshift @r, @g; + next; + } + + flush_1($r1, $l, $p); + } +} +sub flush_1 { + my ($repo, $list, $perms) = @_; + + # beware of wild characters! + return unless $repo =~ $REPONAME_PATT; + + if (not -d "$rb/$repo.git") { + new_wild_repo( $repo, 'gitolite-admin', 'template-data' ); + } + + _print("$rb/$repo.git/gl-repo-groups", $list); + + _print("$rb/$repo.git/gl-perms", $perms); +} diff --git a/src/commands/info b/src/commands/info index 5079cfa..b88e288 100755 --- a/src/commands/info +++ b/src/commands/info @@ -12,12 +12,13 @@ use Gitolite::Conf::Load; =for args Usage: gitolite info [-lc] [-ld] [-json] [<repo name pattern>] -List all existing repos you can access, as well as repo name patterns you can -create repos from (if any). +List all existing repos you can access, as well as repo name patterns (see +"wild repos") you have any kind of access to. '-lc' lists creators as an additional field at the end. '-ld' lists description as an additional field at the end. '-json' produce JSON output instead of normal output + '-p' limits output to physical repos only (no wild repo regexes!) The optional pattern is an unanchored regex that will limit the repos searched, in both cases. It might speed up things a little if you have more @@ -25,7 +26,7 @@ than a few thousand repos. =cut # these are globals -my ( $lc, $ld, $json, $patt ) = args(); +my ( $lc, $ld, $json, $p, $patt ) = args(); my %out; # holds info to be json'd $ENV{GL_USER} or _die "GL_USER not set"; @@ -35,8 +36,8 @@ if ($json) { print greeting(); } -print_patterns(); # repos he can create for himself -print_phy_repos(); # repos already created +print_patterns() unless $p; # repos he can create for himself +print_phy_repos(); # repos already created if ( $rc{SITE_INFO} ) { $json @@ -49,13 +50,14 @@ print JSON::to_json( \%out, { utf8 => 1, pretty => 1 } ) if $json; # ---------------------------------------------------------------------- sub args { - my ( $lc, $ld, $json, $patt ) = ( '', '', '', '' ); + my ( $lc, $ld, $json, $p, $patt ) = ( '', '', '', '' ); my $help = ''; GetOptions( 'lc' => \$lc, 'ld' => \$ld, 'json' => \$json, + 'p' => \$p, 'h' => \$help, ) or usage(); @@ -64,7 +66,7 @@ sub args { require JSON if $json; - return ( $lc, $ld, $json, $patt ); + return ( $lc, $ld, $json, $p, $patt ); } sub print_patterns { diff --git a/src/gitolite b/src/gitolite index 4a4cbf5..c11e047 100755 --- a/src/gitolite +++ b/src/gitolite @@ -71,6 +71,11 @@ if ( $command eq 'setup' ) { compile(@args); } elsif ( $command eq 'trigger' ) { + my $s = $args[0]; + _die "trigger section '$s' not found in rc" + unless $s eq 'POST_COMPILE' + or $s eq 'POST_CREATE' + or ( exists $rc{$s} and ref( $rc{$s} ) eq 'ARRAY' ); trigger(@args); } elsif ( my $c = _which( "commands/$command", 'x' ) ) { diff --git a/src/gitolite-shell b/src/gitolite-shell index d9ec01f..6c4c462 100755 --- a/src/gitolite-shell +++ b/src/gitolite-shell @@ -113,6 +113,13 @@ sub main { $ENV{GL_REPO} = $repo; my $aa = ( $verb =~ 'upload' ? 'R' : 'W' ); + # catch rare race when moving repos into gitolite control + _die "$aa any $repo $user DENIED by fallthru" . + "\n(or you mis-spelled the reponame)" + unless update_hook_present($repo); + # this error message is exactly the same as that from elsewhere in the + # code, for the usual reasons (avoid leaking information) + # set up env vars from options set for this repo env_options($repo); @@ -153,11 +160,19 @@ sub parse_soc { $soc ||= 'info'; my $git_commands = "git-upload-pack|git-receive-pack|git-upload-archive"; - if ( $soc =~ m(^($git_commands) '?/?(.*?)(?:\.git(\d)?)?'?$) ) { - my ( $verb, $repo, $trace_level ) = ( $1, $2, $3 ); - $ENV{D} = $trace_level if $trace_level; - _die "invalid repo name: '$repo'" if $repo !~ $REPONAME_PATT; + # simplify the regex; we'll handle all the reponame nuances later + if ( $soc =~ m(^($git_commands) '?/?(.*?)'?$) ) { + my ( $verb, $repo ) = ( $1, $2 ); trace( 2, "git command", $soc ); + + # clean up the repo name; first extract the trace level if supplied + # (and no, you can't have a trace level *and* a trailing slash). + $ENV{D} = $1 if $repo =~ s/\.git(\d)$//; + # and then the git-daemon-compatibility trailers + $repo =~ s(/$)(); + $repo =~ s(\.git$)(); + + _die "invalid repo name: '$repo'" if $repo !~ $REPONAME_PATT; return ( $verb, $repo ); } diff --git a/src/lib/Gitolite/Common.pm b/src/lib/Gitolite/Common.pm index 7a52f4b..3f47b37 100644 --- a/src/lib/Gitolite/Common.pm +++ b/src/lib/Gitolite/Common.pm @@ -19,6 +19,8 @@ package Gitolite::Common; ssh_fingerprint_file ssh_fingerprint_line + + update_hook_present ); #>>> use Exporter 'import'; @@ -235,14 +237,28 @@ sub cleanup_conf_line { chomp($repo); $repo =~ s/\.git$//; $repo =~ s(^\./)(); - push @phy_repos, $repo unless $repo =~ m(/$); - # tolerate bare repos within ~/repositories but silently ignore them + next if $repo =~ m(/$); + # tolerate non-bare repos within ~/repositories but silently ignore them + next unless update_hook_present($repo); + # ignore repos that don't yet have the update hook + push @phy_repos, $repo; } trace( 3, scalar(@phy_repos) . " physical repos found" ); return sort_u( \@phy_repos ); } } +sub update_hook_present { + my $repo = shift; + + return 1 unless -d "$ENV{GL_REPO_BASE}/$repo.git"; # non-existent repo is fine + + my $x = readlink("$ENV{GL_REPO_BASE}/$repo.git/hooks/update"); + return 1 if $x and $x eq "$ENV{GL_ADMIN_BASE}/hooks/common/update"; + + return 0; +} + # generate a timestamp sub gen_ts { my ( $s, $min, $h, $d, $m, $y ) = (localtime)[ 0 .. 5 ]; diff --git a/src/lib/Gitolite/Conf.pm b/src/lib/Gitolite/Conf.pm index ce7adca..97b6c32 100644 --- a/src/lib/Gitolite/Conf.pm +++ b/src/lib/Gitolite/Conf.pm @@ -47,9 +47,19 @@ sub compile { cache_control('start'); } + # remove entries from POST_CREATE which also exist in POST_COMPILE. This + # not only saves us having to implement an optimisation in *those* + # scripts, but more importantly, moves the optimisation one step up -- we + # don't even *call* those scripts now. + my %pco = map { $_ => 1 } @{ $rc{POST_COMPILE} }; + @{ $rc{POST_CREATE} } = grep { ! exists $pco{$_} } @{ $rc{POST_CREATE} }; + for my $repo ( @{ $rc{NEW_REPOS_CREATED} } ) { trigger( 'POST_CREATE', $repo ); } + + # process rule template data + _system("gitolite compile-template-data"); } sub parse { diff --git a/src/lib/Gitolite/Conf/Load.pm b/src/lib/Gitolite/Conf/Load.pm index 4f42cdc..e0e4e92 100644 --- a/src/lib/Gitolite/Conf/Load.pm +++ b/src/lib/Gitolite/Conf/Load.pm @@ -305,7 +305,7 @@ sub load_1 { } if ( -f "gl-conf" ) { - return if not $split_conf{$repo}; + return if not $split_conf{$repo} and not $rc{ALLOW_ORPHAN_GL_CONF}; my $cc = "./gl-conf"; _die "parse '$cc' failed: " . ( $@ or $! ) unless do $cc; @@ -384,6 +384,13 @@ sub memberships { push @ret, $i; } } + + # add in any group names explicitly given in (GIT_DIR)/gl-repo-groups + push @ret, + map { s/^\@?/\@/; $_ } + grep { ! /[^\w@-]/ } + split (' ', slurp("$ENV{GL_REPO_BASE}/$base.git/gl-repo-groups")) + if -f "$ENV{GL_REPO_BASE}/$base.git/gl-repo-groups"; } push @ret, @{ $groups{$base} } if exists $groups{$base}; diff --git a/src/lib/Gitolite/Conf/Store.pm b/src/lib/Gitolite/Conf/Store.pm index c7f9ab5..8757c89 100644 --- a/src/lib/Gitolite/Conf/Store.pm +++ b/src/lib/Gitolite/Conf/Store.pm @@ -188,10 +188,13 @@ sub new_repos { next unless $repo =~ $REPONAME_PATT; # skip repo patterns next if $repo =~ m(^\@|EXTCMD/); # skip groups and fake repos - # use gl-conf as a sentinel - hook_1($repo) if -d "$repo.git" and not -f "$repo.git/gl-conf"; + # use gl-conf as a sentinel; if it exists, all is well + next if -f "$repo.git/gl-conf"; - if ( not -d "$repo.git" ) { + if (-d "$repo.git") { + # directory exists but sentinel missing? Maybe a freshly imported repo? + hook_1($repo); + } else { push @{ $rc{NEW_REPOS_CREATED} }, $repo; trigger( 'PRE_CREATE', $repo ); new_repo($repo); @@ -239,9 +242,12 @@ sub store { # first write out the ones for the physical repos _chdir( $rc{GL_REPO_BASE} ); - my $phy_repos = list_phy_repos(1); - for my $repo ( @{$phy_repos} ) { + # list of repos (union of keys of %repos plus %configs) + my %kr_kc; + @kr_kc{ keys %repos } = (); + @kr_kc{ keys %configs } = (); + for my $repo ( keys %kr_kc ) { store_1($repo); } @@ -284,7 +290,7 @@ sub store_1 { # warning: writes and *deletes* it from %repos and %configs my ($repo) = shift; trace( 3, $repo ); - return unless ( $repos{$repo} or $configs{$repo} ) and -d "$repo.git"; + return unless -d "$repo.git"; my ( %one_repo, %one_config ); diff --git a/src/lib/Gitolite/Conf/Sugar.pm b/src/lib/Gitolite/Conf/Sugar.pm index 68ad728..b054065 100644 --- a/src/lib/Gitolite/Conf/Sugar.pm +++ b/src/lib/Gitolite/Conf/Sugar.pm @@ -187,6 +187,7 @@ sub skip_block { for (@$lines) { my $skip = 0; $skip = 1 if /^= *begin testconf$/; + $skip = 1 if /^= *begin template-data$/; # add code for other types of blocks here as needed next if $skip .. /^= *end$/; diff --git a/src/lib/Gitolite/Hooks/Update.pm b/src/lib/Gitolite/Hooks/Update.pm index 32cd6e0..2bc43a8 100644 --- a/src/lib/Gitolite/Hooks/Update.pm +++ b/src/lib/Gitolite/Hooks/Update.pm @@ -17,6 +17,8 @@ use Gitolite::Conf::Load; use strict; use warnings; +$|++; + # ---------------------------------------------------------------------- sub update { diff --git a/src/lib/Gitolite/Triggers/Mirroring.pm b/src/lib/Gitolite/Triggers/Mirroring.pm index 860e6d0..c9dabce 100644 --- a/src/lib/Gitolite/Triggers/Mirroring.pm +++ b/src/lib/Gitolite/Triggers/Mirroring.pm @@ -7,7 +7,6 @@ use Gitolite::Conf::Load; use strict; use warnings; -my $git_commands = "git-upload-pack|git-receive-pack|git-upload-archive"; my $hn = $rc{HOSTNAME}; my ( $mode, $master, %slaves, %trusted_slaves ); diff --git a/src/lib/Gitolite/Triggers/TProxy.pm b/src/lib/Gitolite/Triggers/TProxy.pm index b2ab8df..a2820ec 100644 --- a/src/lib/Gitolite/Triggers/TProxy.pm +++ b/src/lib/Gitolite/Triggers/TProxy.pm @@ -58,7 +58,6 @@ use Gitolite::Conf::Load; use strict; use warnings; -my $git_commands = "git-upload-pack|git-receive-pack|git-upload-archive"; my $soc = $ENV{SSH_ORIGINAL_COMMAND}; # ---------------------------------------------------------------------- diff --git a/src/triggers/expand-deny-messages b/src/triggers/expand-deny-messages index a8b2289..107202c 100755 --- a/src/triggers/expand-deny-messages +++ b/src/triggers/expand-deny-messages @@ -2,6 +2,8 @@ use strict; use warnings; +$|++; + # program name: expand-deny-messages # DOCUMENTATION IS AT THE BOTTOM OF THIS FILE; PLEASE READ @@ -47,10 +49,14 @@ _info( "Operation", _op( $a12, $aa, $oldsha, $newsha ) ); if ( $ref =~ m((^VREF/[^/]+)) ) { my $vref = $1; - my $vref_text = slurp( _which( $vref, 'x' ) ); - my $etag = '(?:help|explain|explanation)'; - $vref_text =~ m(^\s*# $etag.start\n(.*)^\s*# $etag.end\n)sm - and print STDERR "Explanation for $vref:\n$1"; + if ($ref =~ s(^VREF/NAME/)()) { + print STDERR "You're apparently not allowed to push '$ref'"; + } else { + my $vref_text = slurp( _which( $vref, 'x' ) ); + my $etag = '(?:help|explain|explanation)'; + $vref_text =~ m(^\s*# $etag.start\n(.*)^\s*# $etag.end\n)sm + and print STDERR "Explanation for $vref:\n$1"; + } } print STDERR "\n"; diff --git a/src/triggers/post-compile/ssh-authkeys-split b/src/triggers/post-compile/ssh-authkeys-split index b71f9eb..031bd07 100755 --- a/src/triggers/post-compile/ssh-authkeys-split +++ b/src/triggers/post-compile/ssh-authkeys-split @@ -18,13 +18,6 @@ # - assumes you don't have a subdir in keydir called "__split_keys__" -# - RUNNING "GITOLITE SETUP" WILL LOSE ALL THESE KEYS. So if you ever do -# that, you will then need to make a dummy push to the admin repo to add -# them back. If all your **admin** keys were in split keys, then you lost -# remote access. If that happens, log on to the server using "su - git" or -# such, then use the methods described in the "bypassing gitolite" section -# in "emergencies.html" instead of a remote push. - # SUPPORT # ------- # @@ -42,7 +35,29 @@ rm -rf __split_keys__ mkdir __split_keys__ export SKD=$PWD/__split_keys__ -find . -type f -name "*.pub" | while read k +# if we're coming from a gitolite-admin push, delete all *.multi, and rename +# all multi-line *.pub to *.multi +if [ "$GL_REPO" = "gitolite-admin" ] || [ "$GL_BYPASS_ACCESS_CHECKS" = "1" ] +then + find . -type f -name "*.multi" | while read k + do + rm -f "$k" + done + find . -type f -name "*.pub" | while read k + do + # is this a multi-key? + lines=`wc -l < $k` + case $lines in + (0|1) continue + esac + + base=`basename $k .pub` + mv $k $base.multi + done +fi + +# now process *.multi +find . -type f -name "*.multi" | while read k do # do we need to split? lines=`wc -l < $k` @@ -50,14 +65,16 @@ do (0|1) continue esac - # is it sane to split? - base=`basename $k .pub` + base=`basename $k .multi` + # sanity check echo $base | grep '@' >/dev/null && continue # ok do it - seq=1 + seq=0 while read line do + (( seq++ )) + [ -z "$line" ] && continue f=$SKD/$base@$seq.pub echo "$line" > $f # similar sanity check as main ssh-authkeys script @@ -66,9 +83,5 @@ do echo 1>&2 "ssh-authkeys-split: bad line $seq in keydir/$k" rm -f $f fi - (( seq++ )) done < $k - - # now delete the original file - rm $k done diff --git a/src/triggers/post-compile/update-git-configs b/src/triggers/post-compile/update-git-configs index bdb83ac..6eb2f46 100755 --- a/src/triggers/post-compile/update-git-configs +++ b/src/triggers/post-compile/update-git-configs @@ -17,13 +17,6 @@ my $RB = $rc{GL_REPO_BASE}; _chdir($RB); # ---------------------------------------------------------------------- -# skip if arg-0 is POST_CREATE and no arg-2 (user name) exists; this means -# it's been triggered by a *normal* (not "wild") repo creation, which in turn -# means a POST_COMPILE should be following so there's no need to waste time -# running this once for each new repo -exit 0 if @ARGV and $ARGV[0] eq 'POST_CREATE' and not $ARGV[2]; - -# ---------------------------------------------------------------------- # if called from POST_CREATE, we have only a single repo to worry about if ( @ARGV and $ARGV[0] eq 'POST_CREATE' ) { my $repo = $ARGV[1]; @@ -46,12 +39,15 @@ sub fixup_config { my $creator = creator($pr); my $gc = git_config( $pr, '.', 1 ); + my $ac = `git config --file $RB/$pr.git/config -l`; while ( my ( $key, $value ) = each( %{$gc} ) ) { next if $key =~ /^gitolite-options\./; $value =~ s/(@\w+)/expand_group($1)/ge if $rc{EXPAND_GROUPS_IN_CONFIG}; + my $lkey = lc $key; + next if $ac =~ /^\Q$lkey\E=\Q$value\E$/m; if ( $value ne "" ) { system( "git", "config", "--file", "$RB/$pr.git/config", $key, $value ); - } else { + } elsif ( $ac =~ /^\Q$lkey\E=/m ) { system( "git", "config", "--file", "$RB/$pr.git/config", "--unset-all", $key ); } } diff --git a/src/triggers/post-compile/update-git-daemon-access-list b/src/triggers/post-compile/update-git-daemon-access-list index 446b0da..ade97a8 100755 --- a/src/triggers/post-compile/update-git-daemon-access-list +++ b/src/triggers/post-compile/update-git-daemon-access-list @@ -11,21 +11,20 @@ use Gitolite::Common; use strict; use warnings; -# ---------------------------------------------------------------------- -# skip if arg-0 is POST_CREATE and no arg-2 (user name) exists; this means -# it's been triggered by a *normal* (not "wild") repo creation, which in turn -# means a POST_COMPILE should be following so there's no need to waste time -# running this once for each new repo -exit 0 if @ARGV and $ARGV[0] eq 'POST_CREATE' and not $ARGV[2]; - my $EO = "git-daemon-export-ok"; my $RB = $rc{GL_REPO_BASE}; -for my $d (`gitolite list-phy-repos | gitolite access % daemon R any`) { +my $cmd = "gitolite list-phy-repos"; +if ( @ARGV and $ARGV[0] eq 'POST_CREATE' ) { + # only one repo to do + $cmd = "echo $ARGV[1]"; +} + +for my $d (`$cmd | gitolite access % daemon R any`) { my @F = split "\t", $d; if ($F[2] =~ /DENIED/) { unlink "$RB/$F[0].git/$EO"; - } else { + } elsif (! -f "$RB/$F[0].git/$EO") { textfile( file => $EO, repo => $F[0], text => "" ); } } diff --git a/src/triggers/post-compile/update-gitweb-access-list b/src/triggers/post-compile/update-gitweb-access-list index 937226b..4085d59 100755 --- a/src/triggers/post-compile/update-gitweb-access-list +++ b/src/triggers/post-compile/update-gitweb-access-list @@ -11,13 +11,6 @@ # permissions changes for wild repos) and then you should not delete it. [ "$1" = "POST_CREATE" ] && [ "$4" != "perms" ] && rm -f $GL_REPO_BASE/$2.git/description 2>/dev/null -# ---------------------------------------------------------------------- -# skip if arg-1 is POST_CREATE and no arg-3 (user name) exists; this means -# it's been triggered by a *normal* (not "wild") repo creation, which in turn -# means a POST_COMPILE should be following so there's no need to waste time -# running this once for each new repo -[ "$1" = "POST_CREATE" ] && [ -z "$3" ] && exit 0; - plf=`gitolite query-rc GITWEB_PROJECTS_LIST` [ -z "$plf" ] && plf=$HOME/projects.list # since mktemp does not honor umask, we just use it to generate a temp @@ -25,11 +18,23 @@ plf=`gitolite query-rc GITWEB_PROJECTS_LIST` tmpfile=`mktemp $plf.tmp_XXXXXXXX` rm -f $tmpfile; -( - gitolite list-phy-repos | gitolite access % gitweb R any | grep -v DENIED - gitolite list-phy-repos | gitolite git-config -r % gitweb\\. -) | - cut -f1 | sort -u | sed -e 's/$/.git/' > $tmpfile +if [ "$1" = "POST_CREATE" ] && [ -n "$2" ] +then + # just one to be done + repo="$2" + grep -v "^$repo.git$" $plf > $tmpfile + if gitolite access -q $repo gitweb R any || gitolite git-config -q -r $repo gitweb\\. + then + echo "$repo.git" >> $tmpfile + fi +else + # all of them + ( + gitolite list-phy-repos | gitolite access % gitweb R any | grep -v DENIED + gitolite list-phy-repos | gitolite git-config -r % gitweb\\. + ) | + cut -f1 | sort -u | sed -e 's/$/.git/' > $tmpfile +fi [ -f $plf ] && perl -e "chmod ( ( (stat('$plf'))[2] & 07777 ), '$tmpfile')" mv $tmpfile $plf diff --git a/src/triggers/post-compile/update-gitweb-daemon-from-options b/src/triggers/post-compile/update-gitweb-daemon-from-options index 9b499b2..1f5fd26 100755 --- a/src/triggers/post-compile/update-gitweb-daemon-from-options +++ b/src/triggers/post-compile/update-gitweb-daemon-from-options @@ -1,5 +1,9 @@ #!/bin/sh +# TODO: look at the commit in which *this* line was added, and see the changes +# to the other scripts. We need to make those changes here also, but I'm too +# lazy right now. Plus I'm not even sure if anyone is using this! + # Update git-daemon and gitweb access using 'option' lines instead of special # usernames. @@ -21,13 +25,6 @@ # This is useful for people who don't like '@all' to be literally *all* users, # including gitweb and daemon, and can't/won't use deny-rules properly. -# ---------------------------------------------------------------------- -# skip if arg-1 is POST_CREATE and no arg-3 (user name) exists; this means -# it's been triggered by a *normal* (not "wild") repo creation, which in turn -# means a POST_COMPILE should be following so there's no need to waste time -# running this once for each new repo -[ "$1" = "POST_CREATE" ] && [ -z "$3" ] && exit 0; - # first do the gitweb stuff plf=`gitolite query-rc GITWEB_PROJECTS_LIST` diff --git a/src/triggers/repo-specific-hooks b/src/triggers/repo-specific-hooks index bba7a58..7c16f2f 100755 --- a/src/triggers/repo-specific-hooks +++ b/src/triggers/repo-specific-hooks @@ -41,21 +41,23 @@ while (<>) { $hook =~ s/\..*//; my @codes = split /\s+/, $codes; - next unless @codes; - # this is a special case - if ( $repo eq 'gitolite-admin' and $hook eq 'post-update' ) { - _warn "repo-specific-hooks: ignoring attempts to set post-update hook for the admin repo"; - next; - } + # check for disallowed hook types only if @codes is non-empty + if (@codes) { + # this is a special case + if ( $repo eq 'gitolite-admin' and $hook eq 'post-update' ) { + _warn "repo-specific-hooks: ignoring attempts to set post-update hook for the admin repo"; + next; + } - unless ( $hook =~ /^(pre-receive|post-receive|post-update|pre-auto-gc)$/ ) { - _warn "repo-specific-hooks: '$hook' is not allowed, ignoring"; - _warn " (only pre-receive, post-receive, post-update, and pre-auto-gc are allowed)"; - next; + unless ( $hook =~ /^(pre-receive|post-receive|post-update|pre-auto-gc)$/ ) { + _warn "repo-specific-hooks: '$hook' is not allowed, ignoring"; + _warn " (only pre-receive, post-receive, post-update, and pre-auto-gc are allowed)"; + next; + } } - push @{ $repo_hooks{$repo}{$hook} }, @codes if @codes; + push @{ $repo_hooks{$repo}{$hook} }, @codes; } for my $repo (keys %repo_hooks) { @@ -111,8 +113,8 @@ for h in $0.*; do [ -x $h ] || continue if [ $type = args ] then - $h $@ + $h $@ || { [ $0 = hooks/pre-receive ] && exit 1; } else - echo "$stdin" | $h + echo "$stdin" | $h || { [ $0 = hooks/pre-receive ] && exit 1; } fi done diff --git a/src/triggers/upstream b/src/triggers/upstream index c64e2f2..611e11e 100755 --- a/src/triggers/upstream +++ b/src/triggers/upstream @@ -32,7 +32,7 @@ git fetch -q "$url" '+refs/*:refs/*' # R = @all # RW+ my-company/ = @developers # -# option upstream.url = git://git.kernel.org/pub/scm/git/git.git +# option upstream.url = https://git.kernel.org/pub/scm/git/git.git # option upstream.nice = 120 # # * to force a fetch on the server shell (or via cron), run this command: @@ -55,9 +55,9 @@ git fetch -q "$url" '+refs/*:refs/*' # repo github/CREATOR/..* # C = @all # R = @all -# option upstream.url = git://github.com/%GL_REPO.git -# option upstream.nice = 120 -# config url.git://github.com/.insteadOf = git://github.com/github/ +# option upstream.url = https://github.com/%GL_REPO.git +# option upstream.nice = 120 +# config url.https://github.com/.insteadOf = https://github.com/github/ # # Now you can make local, read-only, clones of all your github repos with # |