Commit 4bbda0b2 authored by Michael's avatar Michael

Merge pull request #1 from gitlabhq/master

Master Sync
parents 381f4cdb fc8bd8f7
v1.0.4
- requires gitlab c9ca15e
- dont use post-receive file any more. Make all updates in update
- fixed issue with invalid GL_USER
- use GL_ID instead of GL_USER
### gitlab-shell: ssh access and repostiory management ### gitlab-shell: ssh access and repository management
[![CI](http://ci.gitlab.org/projects/4/status?ref=master)](http://ci.gitlab.org/projects/4?ref=master) [![CI](http://ci.gitlab.org/projects/4/status?ref=master)](http://ci.gitlab.org/projects/4?ref=master)
...@@ -25,7 +25,7 @@ Remove repo ...@@ -25,7 +25,7 @@ Remove repo
Import repo Import repo
./bin/gitlab-projects import-project https://github.com/randx/six.git ./bin/gitlab-projects import-project randx/six.git https://github.com/randx/six.git
### Keys: ### Keys:
......
...@@ -11,6 +11,8 @@ require_relative '../lib/gitlab_init' ...@@ -11,6 +11,8 @@ require_relative '../lib/gitlab_init'
# #
# /bin/gitlab-projects rm-project gitlab/gitlab-ci.git # /bin/gitlab-projects rm-project gitlab/gitlab-ci.git
# #
# /bin/gitlab-projects import-project randx/six.git https://github.com/randx/six.git
#
require File.join(ROOT_PATH, 'lib', 'gitlab_projects') require File.join(ROOT_PATH, 'lib', 'gitlab_projects')
GitlabProjects.new.exec GitlabProjects.new.exec
......
...@@ -6,12 +6,15 @@ require_relative '../lib/gitlab_init' ...@@ -6,12 +6,15 @@ require_relative '../lib/gitlab_init'
# GitLab shell, invoked from ~/.ssh/authorized_keys # GitLab shell, invoked from ~/.ssh/authorized_keys
# #
config = GitlabConfig.new
key_dir = File.dirname("#{config.auth_file}")
commands = [ commands = [
"mkdir -p /home/git/repositories", "mkdir -p #{config.repos_path}",
"mkdir -p /home/git/.ssh", "mkdir -p #{key_dir}",
"touch /home/git/.ssh/authorized_keys", "touch #{config.auth_file}",
"chmod -R ug+rwX,o-rwx /home/git/repositories/", "chmod -R ug+rwX,o-rwx #{config.repos_path}",
"find /home/git/repositories -type d -print0 | xargs -0 chmod g+s" "find #{config.repos_path} -type d -print0 | xargs -0 chmod g+s"
] ]
commands.each do |cmd| commands.each do |cmd|
......
#!/usr/bin/env bash #!/usr/bin/env ruby
# This file was placed here by GitLab. It makes sure that your pushed commits # This file was placed here by GitLab.
# will be processed properly. # IT IS DEPRECATED NOW.
# All GitLab logic handled by update hook
while read oldrev newrev ref
do
# For every branch or tag that was pushed, create a Resque job in redis.
repo_path=`pwd`
env -i redis-cli rpush "resque:gitlab:queue:post_receive" "{\"class\":\"PostReceive\",\"args\":[\"$repo_path\",\"$oldrev\",\"$newrev\",\"$ref\",\"$GL_USER\"]}" > /dev/null 2>&1
done
...@@ -4,7 +4,7 @@ ...@@ -4,7 +4,7 @@
# will be processed properly. # will be processed properly.
refname = ARGV[0] refname = ARGV[0]
key_id = ENV['GL_USER'] key_id = ENV['GL_ID']
repo_path = `pwd` repo_path = `pwd`
require_relative '../lib/gitlab_update' require_relative '../lib/gitlab_update'
......
...@@ -28,7 +28,7 @@ class GitlabKeys ...@@ -28,7 +28,7 @@ class GitlabKeys
end end
def rm_key def rm_key
cmd = "sed -i '/#{@key_id}/d' #{auth_file}" cmd = "sed -i '/shell #{@key_id}/d' #{auth_file}"
system(cmd) system(cmd)
end end
end end
...@@ -6,7 +6,9 @@ require_relative 'gitlab_config' ...@@ -6,7 +6,9 @@ require_relative 'gitlab_config'
class GitlabNet class GitlabNet
def allowed?(cmd, repo, key, ref) def allowed?(cmd, repo, key, ref)
project_name = repo.gsub("'", "") project_name = repo.gsub("'", "")
project_name = project_name.gsub(/\.git$/, "") project_name = project_name.gsub(/\.git\Z/, "")
project_name = project_name.gsub(/\A\//, "")
key_id = key.gsub("key-", "") key_id = key.gsub("key-", "")
url = "#{host}/allowed?key_id=#{key_id}&action=#{cmd}&ref=#{ref}&project=#{project_name}" url = "#{host}/allowed?key_id=#{key_id}&action=#{cmd}&ref=#{ref}&project=#{project_name}"
...@@ -33,6 +35,10 @@ class GitlabNet ...@@ -33,6 +35,10 @@ class GitlabNet
end end
def get(url) def get(url)
Net::HTTP.get_response(URI.parse(url)) url = URI.parse(url)
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = (url.port == 443)
request = Net::HTTP::Get.new(url.request_uri)
http.start {|http| http.request(request) }
end end
end end
...@@ -41,8 +41,8 @@ class GitlabProjects ...@@ -41,8 +41,8 @@ class GitlabProjects
end end
def import_project def import_project
dir = @project_name.match(/[a-zA-Z\.\_\-]+\.git$/).to_s @source = ARGV.shift
cmd = "cd #{@repos_path} && git clone --bare #{@project_name} #{dir} && #{create_hooks_cmd}" cmd = "cd #{@repos_path} && git clone --bare #{@source} #{@project_name} && #{create_hooks_cmd}"
system(cmd) system(cmd)
end end
end end
...@@ -16,7 +16,7 @@ class GitlabShell ...@@ -16,7 +16,7 @@ class GitlabShell
parse_cmd parse_cmd
if git_cmds.include?(@git_cmd) if git_cmds.include?(@git_cmd)
ENV['GL_USER'] = @key_id ENV['GL_ID'] = @key_id
if validate_access if validate_access
process_cmd process_cmd
......
...@@ -3,21 +3,38 @@ require_relative 'gitlab_net' ...@@ -3,21 +3,38 @@ require_relative 'gitlab_net'
class GitlabUpdate class GitlabUpdate
def initialize(repo_path, key_id, refname) def initialize(repo_path, key_id, refname)
@repo_path = repo_path.strip
@repo_name = repo_path @repo_name = repo_path
@repo_name.gsub!(GitlabConfig.new.repos_path.to_s, "") @repo_name.gsub!(GitlabConfig.new.repos_path.to_s, "")
@repo_name.gsub!(/.git$/, "") @repo_name.gsub!(/.git$/, "")
@repo_name.gsub!(/^\//, "") @repo_name.gsub!(/^\//, "")
@key_id = key_id @key_id = key_id
@refname = /refs\/heads\/([\w\.-]+)/.match(refname).to_a.last @refname = refname
@branch_name = /refs\/heads\/([\w\.-]+)/.match(refname).to_a.last
@oldrev = ARGV[1]
@newrev = ARGV[2]
end end
def exec def exec
if api.allowed?('git-receive-pack', @repo_name, @key_id, @refname) # reset GL_ID env since we already
exit 0 # get value from it
ENV['GL_ID'] = nil
# If its push over ssh
# we need to check user persmission per branch first
if ssh?
if api.allowed?('git-receive-pack', @repo_name, @key_id, @branch_name)
update_redis
exit 0
else
puts "GitLab: You are not allowed to access #{@branch_name}! "
exit 1
end
else else
puts "GitLab: You are not allowed to access #{@refname}! " update_redis
exit 1 exit 0
end end
end end
...@@ -26,4 +43,13 @@ class GitlabUpdate ...@@ -26,4 +43,13 @@ class GitlabUpdate
def api def api
GitlabNet.new GitlabNet.new
end end
def ssh?
@key_id =~ /\Akey\-\d+\Z/
end
def update_redis
command = "env -i redis-cli rpush 'resque:gitlab:queue:post_receive' '{\"class\":\"PostReceive\",\"args\":[\"#{@repo_path}\",\"#{@oldrev}\",\"#{@newrev}\",\"#{@refname}\",\"#{@key_id}\"]}' > /dev/null 2>&1"
system(command)
end
end end
...@@ -20,7 +20,7 @@ describe GitlabKeys do ...@@ -20,7 +20,7 @@ describe GitlabKeys do
end end
it "should receive valid cmd" do it "should receive valid cmd" do
valid_cmd = "echo 'command=\"#{ROOT_PATH}/bin/gitlab-shell key-741\",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa AAAAB3NzaDAxx2E' >> /home/git/.ssh/authorized_keys" valid_cmd = "echo 'command=\"#{ROOT_PATH}/bin/gitlab-shell key-741\",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa AAAAB3NzaDAxx2E' >> #{GitlabConfig.new.auth_file}"
@gl_keys.should_receive(:system).with(valid_cmd) @gl_keys.should_receive(:system).with(valid_cmd)
@gl_keys.send :add_key @gl_keys.send :add_key
end end
...@@ -33,7 +33,7 @@ describe GitlabKeys do ...@@ -33,7 +33,7 @@ describe GitlabKeys do
end end
it "should receive valid cmd" do it "should receive valid cmd" do
valid_cmd = "sed -i '/key-741/d' /home/git/.ssh/authorized_keys" valid_cmd = "sed -i '/shell key-741/d' #{GitlabConfig.new.auth_file}"
@gl_keys.should_receive(:system).with(valid_cmd) @gl_keys.should_receive(:system).with(valid_cmd)
@gl_keys.send :rm_key @gl_keys.send :rm_key
end end
......
#!/bin/bash #!/bin/bash
src="/home/git/repositories" home_dir="/home/git"
src="$home_dir/repositories"
for dir in `ls "$src/"` for dir in `ls "$src/"`
do do
...@@ -11,25 +12,25 @@ do ...@@ -11,25 +12,25 @@ do
continue continue
fi fi
if [[ "$dir" =~ ^.*.git$ ]] if [[ "$dir" =~ ^.*\.git$ ]]
then then
project_hook="$src/$dir/hooks/post-receive" project_hook="$src/$dir/hooks/post-receive"
gitolite_hook="/home/git/gitlab-shell/hooks/post-receive" gitolite_hook="$home_dir/gitlab-shell/hooks/post-receive"
ln -s -f $gitolite_hook $project_hook ln -s -f $gitolite_hook $project_hook
project_hook="$src/$dir/hooks/update" project_hook="$src/$dir/hooks/update"
gitolite_hook="/home/git/gitlab-shell/hooks/update" gitolite_hook="$home_dir/gitlab-shell/hooks/update"
ln -s -f $gitolite_hook $project_hook ln -s -f $gitolite_hook $project_hook
else else
for subdir in `ls "$src/$dir/"` for subdir in `ls "$src/$dir/"`
do do
if [ -d "$src/$dir/$subdir" ] && [[ "$subdir" =~ ^.*.git$ ]]; then if [ -d "$src/$dir/$subdir" ] && [[ "$subdir" =~ ^.*\.git$ ]]; then
project_hook="$src/$dir/$subdir/hooks/post-receive" project_hook="$src/$dir/$subdir/hooks/post-receive"
gitolite_hook="/home/git/gitlab-shell/hooks/post-receive" gitolite_hook="$home_dir/gitlab-shell/hooks/post-receive"
ln -s -f $gitolite_hook $project_hook ln -s -f $gitolite_hook $project_hook
project_hook="$src/$dir/$subdir/hooks/update" project_hook="$src/$dir/$subdir/hooks/update"
gitolite_hook="/home/git/gitlab-shell/hooks/update" gitolite_hook="$home_dir/gitlab-shell/hooks/update"
ln -s -f $gitolite_hook $project_hook ln -s -f $gitolite_hook $project_hook
fi fi
done done
......
#!/bin/bash #!/bin/bash
home_dir="/home/git"
echo "Danger!!! Data Loss" echo "Danger!!! Data Loss"
while true; do while true; do
read -p "Do you wish to all directories except gitolite-admin.git from /home/git/repositories/ (y/n) ?: " yn read -p "Do you wish to delete all directories (except gitolite-admin.git) from $home_dir/repositories/ (y/n) ?: " yn
case $yn in case $yn in
[Yy]* ) sh -c "find /home/git/repositories/. -maxdepth 1 -not -name 'gitolite-admin.git' -not -name '.' | xargs sudo rm -rf"; break;; [Yy]* ) sh -c "find $home_dir/repositories/. -maxdepth 1 -not -name 'gitolite-admin.git' -not -name '.' | xargs rm -rf"; break;;
[Nn]* ) exit;; [Nn]* ) exit;;
* ) echo "Please answer yes or no.";; * ) echo "Please answer yes or no.";;
esac esac
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment