From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1RFsth-0005oX-BG for garchives@archives.gentoo.org; Mon, 17 Oct 2011 19:30:54 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 3E04821C121; Mon, 17 Oct 2011 19:29:21 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id F1E4F21C11C for ; Mon, 17 Oct 2011 19:29:20 +0000 (UTC) Received: from pelican.gentoo.org (unknown [66.219.59.40]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 812E71B4036 for ; Mon, 17 Oct 2011 19:29:20 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by pelican.gentoo.org (Postfix) with ESMTP id EC4798004F for ; Mon, 17 Oct 2011 19:29:19 +0000 (UTC) From: "Christian Ruppert" To: gentoo-commits@lists.gentoo.org Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Christian Ruppert" Message-ID: <3cebef1b32770f128f6795c580cabbc9b1ceecc1.idl0r@gentoo> Subject: [gentoo-commits] proj/gitolite-gentoo:master commit in: / X-VCS-Repository: proj/gitolite-gentoo X-VCS-Committer: idl0r X-VCS-Committer-Name: Christian Ruppert X-VCS-Revision: 3cebef1b32770f128f6795c580cabbc9b1ceecc1 Date: Mon, 17 Oct 2011 19:29:19 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: quoted-printable X-Archives-Salt: X-Archives-Hash: 8789e09360f4a1a741db6135df775e12 commit: 3cebef1b32770f128f6795c580cabbc9b1ceecc1 Author: Christian Ruppert gentoo org> AuthorDate: Mon Oct 17 18:58:21 2011 +0000 Commit: Christian Ruppert gentoo org> CommitDate: Mon Oct 17 18:58:21 2011 +0000 URL: http://git.overlays.gentoo.org/gitweb/?p=3Dproj/gitolite-gent= oo.git;a=3Dcommit;h=3D3cebef1b Merge commit 'refs/top-bases/t/ssh-key-options' into t/ssh-key-options Conflicts: src/gitolite.pm README.mkd | 99 +++-- conf/example.gitolite.rc | 2 +- contrib/adc/README.mkd | 2 +- contrib/adc/gl-reflog | 2 +- contrib/adc/help | 19 + contrib/adc/hub.mkd | 2 +- contrib/adc/repo-deletion.mkd | 9 +- contrib/adc/set-head | 17 - contrib/adc/symbolic-ref | 33 ++ contrib/gitweb/gitweb.conf | 2 - contrib/mirrorconf-helper.sh | 182 +++++++ contrib/mirroring-complex-example.mkd | 344 ++++++++++++ contrib/real-users/gl-shell | 70 +++ contrib/real-users/gl-shell-setup | 105 ++++ contrib/real-users/password-access.mkd | 135 +++++ doc/1-INSTALL.mkd | 147 +++--- doc/2-admin.mkd | 225 ++++++--- doc/3-faq-tips-etc.mkd | 69 ++- doc/CHANGELOG | 29 + doc/admin-defined-commands.mkd | 88 ++-- doc/big-config.mkd | 11 +- doc/delegation.mkd | 172 ++++--- doc/developer-notes.mkd | 46 +-- doc/gitolite-and-ssh.mkd | 4 +- doc/gitolite.conf.mkd | 99 +++- doc/gitolite.rc.mkd | 10 +- doc/hook-propagation.mkd | 36 +- doc/install-transcript.mkd | 279 ---------- doc/mirroring.mkd | 898 +++++++++++++++++++++++--= ------ doc/packaging.mkd | 3 - doc/progit-article.mkd | 31 +- doc/report-output.mkd | 4 - doc/shell-games.mkd | 8 +- doc/ssh-troubleshooting.mkd | 101 ++--- hooks/common/post-receive.mirrorpush | 30 +- src/gitolite.pm | 96 +++- src/gitolite_rc.pm | 12 +- src/gl-auth-command | 20 +- src/gl-compile-conf | 119 +++-- src/gl-conf-convert | 163 ++++--- src/gl-dryrun | 118 ++++ src/gl-easy-install | 655 ---------------------- src/gl-install | 2 +- src/gl-mirror-push | 83 +++ src/gl-mirror-shell | 182 ++++++- src/gl-mirror-sync | 38 -- src/gl-setup-authkeys | 24 +- src/gl-system-install | 3 +- src/gl-tool | 135 +++-- src/sshkeys-lint | 18 +- t/out/t01-repo-groups.1 | 2 +- t/out/t01-repo-groups.1b | 2 +- t/out/t01-repo-groups.1bs | 2 +- t/out/t01-repo-groups.2 | 2 +- t/out/t02-user-groups.1 | 2 +- t/out/t02-user-groups.1b | 2 +- t/out/t02-user-groups.1bs | 2 +- t/out/t02-user-groups.2 | 2 +- t/out/t02-user-groups.2bs | 2 +- t/t05a-delegation | 2 +- t/t05b-delegation-wild | 2 +- t/t53-check-info-expand-output | 6 +- t/t55-repo-configs-wild-without-CREATOR | 42 ++- t/t56-repo-configs-wild-with-CREATOR | 5 +- t/t68-include | 12 +- 65 files changed, 3034 insertions(+), 2034 deletions(-) diff --cc src/gitolite.pm index 9a7b7ee,b10da00..f595adf --- a/src/gitolite.pm +++ b/src/gitolite.pm @@@ -963,35 -984,27 +990,37 @@@ sub setup_authkey # lint check 2 -- don't print right now; just collect the messa= ges push @not_in_config, "$user($pubkey)" if %$user_list_p and not = $user_list_p->{$user}; $user_list_p->{$user} =3D 'has pubkey' if %$user_list_p; - # apparently some pubkeys don't end in a newline... - my $pubkey_content; - { - local $/ =3D undef; - local @ARGV =3D ($pubkey); - $pubkey_content =3D <>; - } - $pubkey_content =3D~ s/\s*$/\n/; - # don't trust files with multiple lines (i.e., something after = a newline) - if ($pubkey_content =3D~ /\n./) - { - warn "WARNING: a pubkey file can only have one line (key); = ignoring $pubkey\n" . - " Perhaps you're using a key in a different fo= rmat (like putty/plink)?\n" . - " If so, please convert it to openssh format u= sing 'ssh-keygen -i'.\n" . - " If you want to add multiple public keys for = a single user, use\n" . - " \"user\@host.pub\" file names. See the \"on= e user, many keys\"\n" . - " section in doc/3-faq-tips-etc.mkd for detail= s.\n"; - next; + + # Parse the pubkey including all options etc... + # Use strict mode to abort on faulty files. + my $akf =3D Net::SSH::AuthorizedKeysFile->new( strict =3D> 1, )= ; + $akf->read($pubkey); + + foreach my $keyobj ($akf->keys()) { + # lint check 3 -- ignore faulty keys + if(!defined($keyobj)) { + print STDERR "Malformed key '$pubkey', skipping...\n"; + next; + } + + # Preserve only options specified in AUTH_OPTIONS_PRESERVE. + foreach my $option (keys(%{$keyobj->options})) { + if(!grep(/^\Q${option}\E$/, @AUTH_OPTIONS_PRESERVE)) { + delete($keyobj->options->{$option}); + } + } + + # Add our options as well. + foreach my $option (keys(%AUTH_OPTIONS)) { + $keyobj->option($option, $AUTH_OPTIONS{$option}); + } + + $keyobj->option("command", "$AUTH_COMMAND $user"); + + print $newkeys_fh $keyobj->as_string()."\n"; } + print $newkeys_fh "command=3D\"$AUTH_COMMAND $user\",$AUTH_OPTI= ONS "; + print $newkeys_fh $pubkey_content; } =20 # lint check 2 -- print less noisily