[gentoo-commits] proj/gitolite-gentoo:t/export-key-metadata commit in: /

["Christian Ruppert" <idl0r@gentoo.org>]

commit:     e24d0debc5565599c4eef70f6a3be602977d0f02
Author:     Christian Ruppert <idl0r <AT> gentoo <DOT> org>
AuthorDate: Tue Feb 15 16:35:55 2011 +0000
Commit:     Christian Ruppert <idl0r <AT> gentoo <DOT> org>
CommitDate: Tue Feb 15 16:35:55 2011 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/gitolite-gentoo.git;a=commit;h=e24d0deb

Merge commit 'refs/top-bases/t/export-key-metadata' into t/export-key-metadata

Conflicts:
	conf/example.gitolite.rc
	src/gl-auth-command


 conf/example.conf                                 |    3 -
 conf/example.gitolite.rc                          |  334 +++-----------------
 contrib/adc/get-rights-and-owner.in-perl          |   41 +++
 contrib/ldap/README.mkd                           |   18 ++
 contrib/ldap/ldap-query-example.pl                |   80 +++++
 contrib/ldap/ldap-query-example.sh                |   68 +++++
 contrib/ldap/passwd                               |  112 +++++++
 doc/CHANGELOG                                     |   22 ++
 doc/big-config.mkd                                |  229 ++++++++++----
 doc/delegation.mkd                                |    2 +-
 doc/gitolite.rc.mkd                               |  332 ++++++++++++++++++++
 doc/install-transcript.mkd                        |    2 +-
 doc/overkill.mkd                                  |    8 +-
 doc/progit-article.mkd                            |    2 +-
 doc/ssh-troubleshooting.mkd                       |    2 +-
 doc/who-uses-it.mkd                               |    5 +
 src/gitolite.pm                                   |  124 +++++----
 src/gl-auth-command                               |   14 +-
 src/gl-compile-conf                               |  164 +++++++----
 t/out/t01-repo-groups.1                           |    2 +-
 t/out/t01-repo-groups.1b                          |    2 +-
 t/out/{t01-repo-groups.1b => t01-repo-groups.1bs} |   33 ++-
 t/out/t01-repo-groups.2                           |   28 ++-
 t/out/t02-user-groups.1                           |    2 +-
 t/out/t02-user-groups.1b                          |    2 +-
 t/out/{t02-user-groups.1b => t02-user-groups.1bs} |   35 +--
 t/out/t02-user-groups.2                           |    2 +-
 t/out/{t02-user-groups.2 => t02-user-groups.2bs}  |   49 ++--
 t/t01-repo-groups                                 |    6 +-
 t/t02-user-groups                                 |    8 +-
 t/t59-repo-not-on-disk                            |   12 +-
 t/test-driver.sh                                  |    7 +
 32 files changed, 1198 insertions(+), 552 deletions(-)

diff --cc conf/example.gitolite.rc
index 211b7cb,9ee7840..6f57994
--- a/conf/example.gitolite.rc
+++ b/conf/example.gitolite.rc
@@@ -61,260 -14,65 +14,73 @@@ $GL_ADMINDIR=$ENV{HOME} . "/.gitolite"
  $GL_CONF="$GL_ADMINDIR/conf/gitolite.conf";
  $GL_KEYDIR="$GL_ADMINDIR/keydir";
  $GL_CONF_COMPILED="$GL_ADMINDIR/conf/gitolite.conf-compiled.pm";
+ # DO NOT CHANGE THE NEXT TWO LINES UNLESS YOU REALLY KNOW WHAT YOU'RE DOING.
+ # These variables are set automatically by the install method you choose.
+ # $GL_PACKAGE_CONF = "";
+ # $GL_PACKAGE_HOOKS = "";
  
- # --------------------------------------
- 
- # if git on your server is on a standard path (that is
- #       ssh git@server git --version
- # works), leave this setting as is.  Otherwise, choose one of the
- # alternatives, or write your own
- 
- $GIT_PATH="";
- # $GIT_PATH="/opt/bin/";
- 
- # --------------------------------------
- 
- # ----------------------------------------------------------------------
- #                   BIG CONFIG SETTINGS
- 
- # Please read doc/big-config.mkd for details
+ # ------------------------------------------------------------------------------
+ # most often used/changed variables
+ # ------------------------------------------------------------------------------
+ $GL_WILDREPOS = 0;
+ $PROJECTS_LIST = $ENV{HOME} . "/projects.list";
+ $REPO_UMASK = 0077;
  
+ # ------------------------------------------------------------------------------
+ # variables with an efficiency impact
+ # ------------------------------------------------------------------------------
  $GL_BIG_CONFIG = 0;
  $GL_NO_DAEMON_NO_GITWEB = 0;
- $GL_NO_CREATE_REPOS = 0;
- $GL_NO_SETUP_AUTHKEYS = 0;
- 
- # ----------------------------------------------------------------------
- #                   SECURITY SENSITIVE SETTINGS
- #
- #       Settings below this point may have security implications.  That
- #       usually means that I have not thought hard enough about all the
- #       possible ways to crack security if these settings are enabled.
- 
- #       Please see details on each setting for specifics, if any.
- # ----------------------------------------------------------------------
- 
  
 +# Define which metadata variables shall be exported to the gitolite environment.
 +# Those variables can be used in hooks, e.g. for cia.vc
 +# A pubkey file might contain one or more of those variable.
 +# They can be defined by e.g:"# git-username: idl0r"
 +# Each '-' (dash) will be replaced by an '_' (underscore).
- @GL_METADATA = ( "git-username", "git-email", "git-realname", "git-realname-ascii", "cia-vc-username" );
- @GL_METADATA_REQUIRED = ( "git-username", "git-email", "git-realname" );
- 
- # --------------------------------------
- # ALLOW REPO ADMIN TO SET GITCONFIG KEYS
- #
- # Gitolite allows you to set git repo options using the "config" keyword; see
- # conf/example.conf for details and syntax.
- #
- # However, if you are in an installation where the repo admin does not (and
- # should not) have shell access to the server, then allowing him to set
- # arbitrary repo config options *may* be a security risk -- some config
- # settings may allow executing arbitrary commands.
- #
- # You have 3 choices.  By default $GL_GITCONFIG_KEYS is left empty, which
- # completely disables this feature (meaning you cannot set git configs from
- # the repo config).
- 
++#@GL_METADATA = ( "git-username", "git-email", "git-realname", "git-realname-ascii", "cia-vc-username" );
++#@GL_METADATA_REQUIRED = ( "git-username", "git-email", "git-realname" );
++
+ # ------------------------------------------------------------------------------
+ # VARIABLES WITH A SECURITY IMPACT.  READ DOC WELL BEFORE CHANGING THESE.
+ # http://github.com/sitaramc/gitolite/blob/pu/doc/gitolite.rc.mkd#_variables_with_a_security_impact
+ # ------------------------------------------------------------------------------
+ # $GL_ALL_READ_ALL = 0;
+ $GIT_PATH="";
  $GL_GITCONFIG_KEYS = "";
- 
- # The second choice is to give it a space separated list of settings you
- # consider safe.  (These are actually treated as a set of regular expression
- # patterns, and any one of them must match).  For example:
- # $GL_GITCONFIG_KEYS = "core\.logAllRefUpdates core\..*compression";
- # allows repo admins to set one of those 3 config keys (yes, that second
- # pattern matches two settings from "man git-config", if you look)
- #
- # The third choice (which you may have guessed already if you're familiar with
- # regular expressions) is to allow anything and everything:
- # $GL_GITCONFIG_KEYS = ".*";
- 
- # NOTE that due to some quoting and interpolation issues I have not been able
- # to look at, a literal "." needs to be specified in this string as \\.  (two
- # backslashes and a dot).  So this is how you'd allow any keys in the "foo"
- # category:
- #       $GL_GITCONFIG_KEYS = "foo\\..*";
- 
- # --------------------------------------
- # ALLOW GITCONFIG KEYS EVEN FOR WILD REPOS
- #
- # This is an efficiency issue more than a security issue, since this requires
- # trawling through all of $REPO_BASE looking for stuff :)
- 
  # $GL_GITCONFIG_WILD = 0;
- 
- # --------------------------------------
- # EXTERNAL COMMAND HELPER -- HTPASSWD
- 
- # security note: runs an external command (htpasswd) with specific arguments,
- # including a user-chosen "password".
- 
- # if you want to enable the "htpasswd" command, give this the absolute path to
- # whatever file apache (etc) expect to find the passwords in.
- 
+ $GL_NO_CREATE_REPOS = 0;
+ $GL_NO_SETUP_AUTHKEYS = 0;
+ # $GL_WILDREPOS_DEFPERMS = 'R @all';
  $HTPASSWD_FILE = "";
- 
- # Look in doc/3 ("easier to link gitweb authorisation with gitolite" section)
- # for more details on using this feature.
- 
- # --------------------------------------
- # EXTERNAL COMMAND HELPER -- RSYNC
- 
- # security note: runs an external command (rsync) with specific arguments, all
- # presumably filled in correctly by the client-side rsync.
- 
- # base path of all the files that are accessible via rsync.  Must be an
- # absolute path.  Leave it undefined or set to the empty string to disable the
- # rsync helper.
- 
  $RSYNC_BASE = "";
- 
- # $RSYNC_BASE = "/home/git/up-down";
- # $RSYNC_BASE = "/tmp/up-down";
- 
- # --------------------------------------
- # EXTERNAL COMMAND HELPER -- SVNSERVE
- 
- # security note: runs an external command (svnserve) with specific arguments,
- # as specified below. %u is substituted with the username.
- 
- # This setting allows launching svnserve when requested by the ssh client.
- # This allows using the same SSH setup (hostname/username/public key) for both
- # SVN and git access. Leave it undefined or set to the empty string to disable
- # svnserve access.
- 
  $SVNSERVE = "";
- # $SVNSERVE = "/usr/bin/svnserve -r /var/svn/ -t --tunnel-user=%u";
- 
- # --------------------------------------
- # ALLOW REPO CONFIG TO USE WILDCARDS
- 
- # security note: this used to in a separate "wildrepos" branch.  You can
- # create repositories based on wild cards, give "ownership" to the specific
- # user who created it, allow him/her to hand out R and RW permissions to other
- # users to collaborate, etc.  This is powerful stuff, and I've made it as
- # secure as I can, but it hasn't had the kind of rigorous line-by-line
- # analysis that the old "master" branch had.
- 
- # This has now been rolled into master, with all the functionality gated by
- # this variable.  Set this to 1 if you want to enable the wildrepos features.
- # Please see doc/wildcard-repositories.mkd for details.
- 
- $GL_WILDREPOS = 0;
- 
- # --------------------------------------
- # DEFAULT WILDCARD PERMISSIONS
- 
- # If set, this value will be used as the default user-level permission rule of
- # new wildcard repositories. The user can change this value with the setperms command
- # as desired after repository creation; it is only a default. Note that @all can be
- # used here but is special; no other groups can be used in user-level permissions.
- 
- # $GL_WILDREPOS_DEFPERMS = 'R @all';
- 
- # --------------------------------------
- # WILDREPOS PERMS CATEGORIES
- 
- # Originally, we only allowed "R" and "RW" in the setperms command.  Now we
- # allow the admin to define other categories as she wishes (example: MANAGERS,
- # TESTERS, etc).
- 
- # This variable is a space-sep list of the allowed categories.
- 
- # PLEASE, *PLEASE*, read the section in doc/wildcard-repositories.mkd for
- # caveats and warnings.  This is a VERY powerful feature and if you're not
- # careful you could mess up the ACLs nicely.
- 
- # this is the internal default if you don't set it (like if you didn't update
- # your ~/.gitolite.rc with new variables when you upgraded gitolite):
- $GL_WILDREPOS_PERM_CATS = "READERS WRITERS";
- 
- # you can use your own categories in addition to the standard ones; I suggest
- # you include READERS and WRITERS for backward compat though:
- # $GL_WILDREPOS_PERM_CATS = "READERS WRITERS MANAGERS";
- # $GL_WILDREPOS_PERM_CATS = "READERS WRITERS MANAGERS TESTERS";
- 
- # --------------------------------------
- # HOOK CHAINING
- 
- # by default, the update hook in every repo chains to "update.secondary".
- # Similarly, the post-update hook in the admin repo chains to
- # "post-update.secondary".  If you're fine with the defaults, there's no need
- # to do anything here.  However, if you want to use different names or paths,
- # change these variables
- 
  # $UPDATE_CHAINS_TO = "hooks/update.secondary";
  # $ADMIN_POST_UPDATE_CHAINS_TO = "hooks/post-update.secondary";
- 
- # --------------------------------------
- # ADMIN DEFINED COMMANDS
- 
- # WARNING: Use this feature only if (a) you really really know what you're
- # doing or (b) you really don't care too much about security.  Please read
- # doc/admin-defined-commands.mkd for details.
- 
  # $GL_ADC_PATH = "";
+ # $GL_GET_MEMBERSHIPS_PGM = "/usr/local/bin/expand-ldap-user-to-groups"
  
- # --------------------------------------
- # SITE-SPECIFIC INFORMATION
- 
- # Some installations would like to give their users customised information
- # (like a link to their own websites, for example) so that each end user does
- # not have to grok all the gitolite documentation.
- 
- # If this variable is defined, the "info" command will print it at the end of
- # the listing.
+ # ------------------------------------------------------------------------------
+ # less used/changed variables
+ # ------------------------------------------------------------------------------
+ # $GL_ALL_INCLUDES_SPECIAL = 0;
+ # $GL_SLAVE_MODE = 0;
+ # $ENV{GL_SLAVES} = 'gitolite@server2 gitolite@server3';
+ # PLEASE USE SINGLE QUOTES ABOVE, NOT DOUBLE QUOTES
+ $GL_WILDREPOS_PERM_CATS = "READERS WRITERS";
  
- # $GL_SITE_INFO = "";
+ # ------------------------------------------------------------------------------
+ # rarely changed variables
+ # ------------------------------------------------------------------------------
+ $GL_LOGT="$GL_ADMINDIR/logs/gitolite-%y-%m.log";
+ # $GL_PERFLOGT="$GL_ADMINDIR/logs/perf-gitolite-%y-%m.log";
  # $GL_SITE_INFO = "XYZ.COM DEVELOPERS: PLEASE SEE http://xyz.com/gitolite/help first";
  
- # --------------------------------------
- # USERGROUP HANDLING
- 
- # Some sites would like to store group membership outside gitolite, because
- # they already have it in (usually) their LDAP server, and it doesn't make
- # sense to be forced to duplicate this information.
- 
- # Set the following variable to the name of a script that, given a username as
- # argument, will return a list of groups that she is a member of.
- 
- # $GL_GET_MEMBERSHIPS_PGM = "/usr/local/bin/expand-ldap-user-to-groups"
+ # ------------------------------------------------------------------------------
+ # variables that should NOT be changed after the install step completes
+ # ------------------------------------------------------------------------------
+ $REPO_BASE="repositories";
  
- # --------------------------------------
+ # ------------------------------------------------------------------------------
  # per perl rules, this should be the last line in such a file:
  1;
  
diff --cc src/gitolite.pm
index 7a36858,64bab29..83bf535
--- a/src/gitolite.pm
+++ b/src/gitolite.pm
@@@ -43,12 -43,17 +43,17 @@@ our $REPOPATT_PATT=qr(^\@?[0-9a-zA-Z[][
  our $ADC_CMD_ARGS_PATT=qr(^[0-9a-zA-Z._\@/+:-]*$);
  
  # these come from the RC file
 -our ($REPO_UMASK, $GL_WILDREPOS, $GL_PACKAGE_CONF, $GL_PACKAGE_HOOKS, $REPO_BASE, $GL_CONF_COMPILED, $GL_BIG_CONFIG, $GL_PERFLOGT, $PROJECTS_LIST, $GL_ALL_INCLUDES_SPECIAL, $GL_SITE_INFO, $GL_GET_MEMBERSHIPS_PGM, $GL_WILDREPOS_PERM_CATS, $GL_KEYDIR, @GL_METADATA);
 +our ($REPO_UMASK, $GL_WILDREPOS, $GL_PACKAGE_CONF, $GL_PACKAGE_HOOKS, $REPO_BASE, $GL_CONF_COMPILED, $GL_BIG_CONFIG, $GL_PERFLOGT, $PROJECTS_LIST, $GL_ALL_INCLUDES_SPECIAL, $GL_SITE_INFO, $GL_GET_MEMBERSHIPS_PGM, $GL_WILDREPOS_PERM_CATS, $GL_KEYDIR, @GL_METADATA, @GL_METADATA_REQUIRED);
  our %repos;
  our %groups;
- our %repo_config;
+ our %git_configs;
+ our %split_conf;;
  our $data_version;
- our $current_data_version = '1.6';
+ our $current_data_version = '1.7';
+ 
+ # the following are read in from individual repo's gl-conf files, if present
+ our %one_repo;
+ our %one_git_config;
  
  # ----------------------------------------------------------------------------
  #       convenience subs
diff --cc src/gl-auth-command
index dffdb62,1af4232..9bfca63
--- a/src/gl-auth-command
+++ b/src/gl-auth-command
@@@ -32,7 -32,7 +32,7 @@@ use warnings
  # ----------------------------------------------------------------------------
  
  # these are set by the "rc" file
- our ($GL_LOGT, $GL_CONF_COMPILED, $REPO_BASE, $GIT_PATH, $REPO_UMASK, $GL_ADMINDIR, $RSYNC_BASE, $HTPASSWD_FILE, $GL_WILDREPOS, $GL_WILDREPOS_DEFPERMS, $GL_ADC_PATH, $SVNSERVE, $PROJECTS_LIST, $GL_SLAVE_MODE, $GL_PERFLOGT, @GL_METADATA);
 -our ($GL_LOGT, $GL_CONF_COMPILED, $REPO_BASE, $GIT_PATH, $REPO_UMASK, $GL_ADMINDIR, $RSYNC_BASE, $HTPASSWD_FILE, $GL_WILDREPOS, $GL_WILDREPOS_DEFPERMS, $GL_ADC_PATH, $SVNSERVE, $PROJECTS_LIST, $GL_SLAVE_MODE, $GL_PERFLOGT, $GL_ALL_READ_ALL);
++our ($GL_LOGT, $GL_CONF_COMPILED, $REPO_BASE, $GIT_PATH, $REPO_UMASK, $GL_ADMINDIR, $RSYNC_BASE, $HTPASSWD_FILE, $GL_WILDREPOS, $GL_WILDREPOS_DEFPERMS, $GL_ADC_PATH, $SVNSERVE, $PROJECTS_LIST, $GL_SLAVE_MODE, $GL_PERFLOGT, $GL_ALL_READ_ALL, @GL_METADATA);
  # and these are set by gitolite.pm
  our ($R_COMMANDS, $W_COMMANDS, $REPONAME_PATT, $REPOPATT_PATT, $ADC_CMD_ARGS_PATT);
  our %repos;