Commit 4e1757bf authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets

Merge branch 'gitlab-shell' of dev.gitlabhq.com:gitlab/gitlabhq

parents 4bfb98dd d09d87e3
......@@ -32,9 +32,6 @@ gem 'gitlab_omniauth-ldap', '1.0.2', require: "omniauth-ldap"
# Dump db to yml file. Mostly used to migrate from sqlite to mysql
gem 'gitlab_yaml_db', '1.0.0', require: "yaml_db"
# Gitolite client (for work with gitolite-admin repo)
gem "gitolite", '1.1.0'
# Syntax highlighter
gem "pygments.rb", git: "https://github.com/gitlabhq/pygments.rb.git", branch: "master"
......
......@@ -107,7 +107,6 @@ GEM
coderay (>= 1.0.0)
erubis (>= 2.7.0)
binding_of_caller (0.6.8)
blankslate (3.1.2)
bootstrap-sass (2.2.1.1)
sass (~> 3.2)
builder (3.0.4)
......@@ -195,10 +194,6 @@ GEM
pyu-ruby-sasl (~> 0.0.3.1)
rubyntlm (~> 0.1.1)
gitlab_yaml_db (1.0.0)
gitolite (1.1.0)
gratr19 (~> 0.4.4.1)
grit (~> 2.5.0)
hashery (~> 1.5.0)
grape (0.2.2)
activesupport
hashie (~> 1.2)
......@@ -208,7 +203,6 @@ GEM
rack-accept
rack-mount
virtus
gratr19 (0.4.4.1)
growl (1.0.3)
guard (1.5.4)
listen (>= 0.4.2)
......@@ -227,8 +221,6 @@ GEM
activesupport (>= 3.1, < 4.1)
haml (~> 3.1)
railties (>= 3.1, < 4.1)
hashery (1.5.0)
blankslate
hashie (1.2.0)
hike (1.2.1)
http_parser.rb (0.5.3)
......@@ -497,7 +489,6 @@ DEPENDENCIES
gitlab_meta (= 4.0)
gitlab_omniauth-ldap (= 1.0.2)
gitlab_yaml_db (= 1.0.0)
gitolite (= 1.1.0)
grack!
grape (~> 0.2.1)
grit!
......
......@@ -10,11 +10,6 @@ class ApplicationController < ActionController::Base
helper_method :abilities, :can?
rescue_from Gitlab::Gitolite::AccessDenied do |exception|
log_exception(exception)
render "errors/gitolite", layout: "errors", status: 500
end
rescue_from Encoding::CompatibilityError do |exception|
log_exception(exception)
render "errors/encoding", layout: "errors", status: 500
......
......@@ -24,8 +24,8 @@ class Key < ActiveRecord::Base
before_save :set_identifier
validates :title, presence: true, length: { within: 0..255 }
validates :key, presence: true, length: { within: 0..5000 }, format: { :with => /ssh-.{3} / }
validate :unique_key, :fingerprintable_key
validates :key, presence: true, length: { within: 0..5000 }, format: { :with => /ssh-.{3} / }, uniqueness: true
validate :fingerprintable_key
delegate :name, :email, to: :user, prefix: true
......@@ -33,14 +33,6 @@ class Key < ActiveRecord::Base
self.key = self.key.strip unless self.key.blank?
end
def unique_key
query = Key.where(key: key)
query = query.where('(project_id IS NULL OR project_id = ?)', project_id) if project_id
if (query.count > 0)
errors.add :key, 'already exist.'
end
end
def fingerprintable_key
return true unless key # Don't test if there is no key.
# `ssh-keygen -lf /dev/stdin <<< "#{key}"` errors with: redirection unexpected
......@@ -65,7 +57,7 @@ class Key < ActiveRecord::Base
end
def is_deploy_key
true if project_id
!!project_id
end
# projects that has this key
......@@ -77,7 +69,7 @@ class Key < ActiveRecord::Base
end
end
def last_deploy?
Key.where(identifier: identifier).count == 0
def shell_id
"key-#{self.id}"
end
end
......@@ -27,7 +27,6 @@ class Namespace < ActiveRecord::Base
after_create :ensure_dir_exist
after_update :move_dir
after_commit :update_gitolite, on: :update, if: :require_update_gitolite
after_destroy :rm_dir
scope :root, where('type IS NULL')
......@@ -89,11 +88,6 @@ class Namespace < ActiveRecord::Base
end
end
def update_gitolite
@require_update_gitolite = false
projects.each(&:update_repository)
end
def rm_dir
dir_path = File.join(Gitlab.config.gitolite.repos_path, path)
FileUtils.rm_r( dir_path, force: true )
......
......@@ -262,8 +262,6 @@ class Project < ActiveRecord::Base
Gitlab::ProjectMover.new(self, old_dir, new_dir).execute
gitolite.move_repository(old_repo, self)
save!
end
rescue Gitlab::ProjectMover::ProjectMoveError => ex
......@@ -459,20 +457,6 @@ class Project < ActiveRecord::Base
namespace.try(:path) || ''
end
def update_repository
GitoliteWorker.perform_async(
:update_repository,
self.id
)
end
def destroy_repository
GitoliteWorker.perform_async(
:remove_repository,
self.path_with_namespace
)
end
def repo_exists?
@repo_exists ||= (repository && repository.branches.present?)
rescue
......
......@@ -112,7 +112,6 @@ class ProjectTeam
source_team.each do |tm|
tm.save
end
target_project.update_repository
end
true
......
......@@ -18,13 +18,6 @@ class ProtectedBranch < ActiveRecord::Base
validates :name, presence: true
validates :project, presence: true
after_save :update_repository
after_destroy :update_repository
def update_repository
project.update_repository
end
def commit
project.repository.commit(self.name)
end
......
......@@ -25,9 +25,6 @@ class UsersProject < ActiveRecord::Base
attr_accessor :skip_git
after_save :update_repository, unless: :skip_git?
after_destroy :update_repository, unless: :skip_git?
validates :user, presence: true
validates :user_id, uniqueness: { scope: [:project_id], message: "already exists in project" }
validates :project_access, inclusion: { in: [GUEST, REPORTER, DEVELOPER, MASTER] }, presence: true
......@@ -84,11 +81,6 @@ class UsersProject < ActiveRecord::Base
end
end
GitoliteWorker.perform_async(
:update_repositories,
project_ids
)
true
rescue
false
......@@ -103,11 +95,6 @@ class UsersProject < ActiveRecord::Base
end
end
GitoliteWorker.perform_async(
:update_repositories,
project_ids
)
true
rescue
false
......@@ -136,10 +123,6 @@ class UsersProject < ActiveRecord::Base
end
end
def update_repository
project.update_repository
end
def project_access_human
Project.access_options.key(self.project_access)
end
......
......@@ -3,20 +3,17 @@ class KeyObserver < ActiveRecord::Observer
def after_save(key)
GitoliteWorker.perform_async(
:set_key,
key.identifier,
key.key,
key.projects.map(&:id)
:add_key,
key.shell_id,
key.key
)
end
def after_destroy(key)
return if key.is_deploy_key && !key.last_deploy?
GitoliteWorker.perform_async(
:remove_key,
key.identifier,
key.projects.map(&:id)
key.shell_id,
key.key,
)
end
end
class ProjectObserver < ActiveRecord::Observer
def after_create(project)
project.update_repository
GitoliteWorker.perform_async(
:add_repository,
project.path_with_namespace
)
log_info("#{project.owner.name} created a new project \"#{project.name_with_namespace}\"")
end
def after_update(project)
......@@ -8,14 +13,14 @@ class ProjectObserver < ActiveRecord::Observer
end
def after_destroy(project)
log_info("Project \"#{project.name}\" was removed")
GitoliteWorker.perform_async(
:remove_repository,
project.path_with_namespace
)
project.satellite.destroy
project.destroy_repository
end
def after_create project
log_info("#{project.owner.name} created a new project \"#{project.name_with_namespace}\"")
log_info("Project \"#{project.name}\" was removed")
end
protected
......
......@@ -27,11 +27,15 @@ class PostReceive
User.find_by_email(email) if email
elsif /^[A-Z0-9._%a-z\-]+@(?:[A-Z0-9a-z\-]+\.)+[A-Za-z]{2,4}$/.match(identifier)
User.find_by_email(identifier)
else
Key.find_by_identifier(identifier).try(:user)
elsif identifier =~ /key/
key_id = identifier.gsub("key-", "")
Key.find_by_id(key_id).try(:user)
end
return false unless user
unless user
Gitlab::GitLogger.error("POST-RECEIVE: Triggered hook for non-existing user \"#{identifier} \"")
return false
end
project.trigger_post_receive(oldrev, newrev, ref, user)
end
......
......@@ -96,7 +96,7 @@ omniauth:
# GitLab Satellites
satellites:
# Relative paths are relative to Rails.root (default: tmp/repo_satellites/)
path: /home/gitlab/gitlab-satellites/
path: /home/git/gitlab-satellites/
## Backup settings
backup:
......@@ -105,8 +105,6 @@ backup:
## Gitolite settings
gitolite:
admin_uri: git@localhost:gitolite-admin
# REPOS_PATH MUST NOT BE A SYMLINK!!!
repos_path: /home/git/repositories/
hooks_path: /home/git/.gitolite/hooks/
......
......@@ -51,7 +51,7 @@ Settings.gitlab['protocol'] ||= Settings.gitlab.https ? "https" : "http"
Settings.gitlab['email_from'] ||= "gitlab@#{Settings.gitlab.host}"
Settings.gitlab['support_email'] ||= Settings.gitlab.email_from
Settings.gitlab['url'] ||= Settings.send(:build_gitlab_url)
Settings.gitlab['user'] ||= 'gitlab'
Settings.gitlab['user'] ||= 'git'
Settings.gitlab['signup_enabled'] ||= false
Settings['gravatar'] ||= Settingslogic.new({})
......
# GIT over HTTP
require Rails.root.join("lib", "gitlab", "backend", "grack_auth")
# GITOLITE backend
require Rails.root.join("lib", "gitlab", "backend", "gitolite")
# GIT over SSH
require Rails.root.join("lib", "gitlab", "backend", "shell")
......@@ -2,7 +2,7 @@
# note that config/gitlab.yml web path should also be changed
# ENV['RAILS_RELATIVE_URL_ROOT'] = "/gitlab"
app_dir = "/home/gitlab/gitlab/"
app_dir = "/home/git/gitlab/"
worker_processes 2
working_directory app_dir
......
......@@ -90,87 +90,27 @@ Install the Bundler Gem:
# 3. System Users
Create a user for Git and Gitolite:
Create a `git` user for Gitlab:
sudo adduser \
--system \
--shell /bin/sh \
--gecos 'Git Version Control' \
--group \
--disabled-password \
--home /home/git \
git
sudo adduser --disabled-login --gecos 'GitLab' git
Create a user for GitLab:
# 4. GitLab shell
sudo adduser --disabled-login --gecos 'GitLab' gitlab
# Add it to the git group
sudo usermod -a -G git gitlab
# Generate the SSH key
sudo -u gitlab -H ssh-keygen -q -N '' -t rsa -f /home/gitlab/.ssh/id_rsa
# 4. Gitolite
Clone GitLab's fork of the Gitolite source code:
# login as git
sudo su git
# go to home directory
cd /home/git
sudo -u git -H git clone -b gl-v320 https://github.com/gitlabhq/gitolite.git /home/git/gitolite
Setup Gitolite with GitLab as its admin:
**Important Note:**
GitLab assumes *full and unshared* control over this Gitolite installation.
# Add Gitolite scripts to $PATH
sudo -u git -H mkdir /home/git/bin
sudo -u git -H sh -c 'printf "%b\n%b\n" "PATH=\$PATH:/home/git/bin" "export PATH" >> /home/git/.profile'
sudo -u git -H sh -c 'gitolite/install -ln /home/git/bin'
# Copy the gitlab user's (public) SSH key ...
sudo cp /home/gitlab/.ssh/id_rsa.pub /home/git/gitlab.pub
sudo chmod 0444 /home/git/gitlab.pub
# ... and use it as the admin key for the Gitolite setup
sudo -u git -H sh -c "PATH=/home/git/bin:$PATH; gitolite setup -pk /home/git/gitlab.pub"
Fix the directory permissions for the configuration directory:
# Make sure the Gitolite config dir is owned by git
sudo chmod 750 /home/git/.gitolite/
sudo chown -R git:git /home/git/.gitolite/
Fix the directory permissions for the repositories:
# clone gitlab shell
git clone https://dzaporozhets@dev.gitlab.org/gitlab/gitlab-shell.git
# Make sure the repositories dir is owned by git and it stays that way
sudo chmod -R ug+rwX,o-rwx /home/git/repositories/
sudo chown -R git:git /home/git/repositories/
find /home/git/repositories -type d -print0 | sudo xargs -0 chmod g+s
# setup
cd gitlab-shell
cp config.yml.example config.yml
./bin/install
## Add domains to list to the list of known hosts
sudo -u gitlab -H ssh git@localhost
sudo -u gitlab -H ssh git@YOUR_DOMAIN_NAME
sudo -u gitlab -H ssh git@YOUR_GITOLITE_DOMAIN_NAME
## Test if everything works so far
# Clone the admin repo so SSH adds localhost to known_hosts ...
# ... and to be sure your users have access to Gitolite
sudo -u gitlab -H git clone git@localhost:gitolite-admin.git /tmp/gitolite-admin
# If it succeeded without errors you can remove the cloned repo
sudo rm -rf /tmp/gitolite-admin
**Important Note:**
If you can't clone the `gitolite-admin` repository: **DO NOT PROCEED WITH INSTALLATION**!
Check the [Trouble Shooting Guide](https://github.com/gitlabhq/gitlab-public-wiki/wiki/Trouble-Shooting-Guide)
and make sure you have followed all of the above steps carefully.
# 5. Database
......@@ -179,46 +119,46 @@ To setup the MySQL/PostgreSQL database and dependencies please see [`doc/install
# 6. GitLab
# We'll install GitLab into home directory of the user "gitlab"
cd /home/gitlab
# We'll install GitLab into home directory of the user "git"
cd /home/git
## Clone the Source
# Clone GitLab repository
sudo -u gitlab -H git clone https://github.com/gitlabhq/gitlabhq.git gitlab
sudo -u git -H git clone https://github.com/gitlabhq/gitlabhq.git gitlab
# Go to gitlab dir
cd /home/gitlab/gitlab
cd /home/git/gitlab
# Checkout to stable release
sudo -u gitlab -H git checkout 4-1-stable
sudo -u git -H git checkout 5-0-stable
**Note:**
You can change `4-1-stable` to `master` if you want the *bleeding edge* version, but
You can change `5-0-stable` to `master` if you want the *bleeding edge* version, but
do so with caution!
## Configure it
cd /home/gitlab/gitlab
cd /home/git/gitlab
# Copy the example GitLab config
sudo -u gitlab -H cp config/gitlab.yml.example config/gitlab.yml
sudo -u git -H cp config/gitlab.yml.example config/gitlab.yml
# Make sure to change "localhost" to the fully-qualified domain name of your
# host serving GitLab where necessary
sudo -u gitlab -H vim config/gitlab.yml
sudo -u git -H vim config/gitlab.yml
# Make sure GitLab can write to the log/ and tmp/ directories
sudo chown -R gitlab log/
sudo chown -R gitlab tmp/
sudo chown -R git log/
sudo chown -R git tmp/
sudo chmod -R u+rwX log/
sudo chmod -R u+rwX tmp/
# Make directory for satellites
sudo -u gitlab -H mkdir /home/gitlab/gitlab-satellites
sudo -u git -H mkdir /home/git/gitlab-satellites
# Copy the example Unicorn config
sudo -u gitlab -H cp config/unicorn.rb.example config/unicorn.rb
sudo -u git -H cp config/unicorn.rb.example config/unicorn.rb
**Important Note:**
Make sure to edit both files to match your setup.
......@@ -226,42 +166,29 @@ Make sure to edit both files to match your setup.
## Configure GitLab DB settings
# Mysql
sudo -u gitlab cp config/database.yml.mysql config/database.yml
sudo -u git cp config/database.yml.mysql config/database.yml
# PostgreSQL
sudo -u gitlab cp config/database.yml.postgresql config/database.yml
sudo -u git cp config/database.yml.postgresql config/database.yml
Make sure to update username/password in config/database.yml.
## Install Gems
cd /home/gitlab/gitlab
cd /home/git/gitlab
sudo gem install charlock_holmes --version '0.6.9'
# For MySQL (note, the option says "without")
sudo -u gitlab -H bundle install --deployment --without development test postgres
sudo -u git -H bundle install --deployment --without development test postgres
# Or for PostgreSQL
sudo -u gitlab -H bundle install --deployment --without development test mysql
## Configure Git
GitLab needs to be able to commit and push changes to Gitolite. In order to do
that Git requires a username and email. (We recommend using the same address
used for the `email.from` setting in `config/gitlab.yml`)
sudo -u gitlab -H git config --global user.name "GitLab"
sudo -u gitlab -H git config --global user.email "gitlab@localhost"
## Setup GitLab Hooks
sudo -u git -H bundle install --deployment --without development test mysql
sudo cp ./lib/hooks/post-receive /home/git/.gitolite/hooks/common/post-receive
sudo chown git:git /home/git/.gitolite/hooks/common/post-receive
## Initialise Database and Activate Advanced Features
sudo -u gitlab -H bundle exec rake gitlab:setup RAILS_ENV=production
sudo -u git -H bundle exec rake gitlab:setup RAILS_ENV=production
## Install Init Script
......@@ -280,11 +207,11 @@ Make GitLab start on boot:
Check if GitLab and its environment is configured correctly:
sudo -u gitlab -H bundle exec rake gitlab:env:info RAILS_ENV=production
sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production
To make sure you didn't miss anything run a more thorough check with:
sudo -u gitlab -H bundle exec rake gitlab:check RAILS_ENV=production
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production
If all items are green, then congratulations on successfully installing GitLab!
However there are still a few steps left.
......@@ -357,7 +284,7 @@ a different host, you can configure its connection string via the
If you are running SSH on a non-standard port, you must change the gitlab user'S SSH config.
# Add to /home/gitlab/.ssh/config
# Add to /home/git/.ssh/config
host localhost # Give your setup a name (here: override localhost)
user git # Your remote git user
port 2222 # Your port number
......
......@@ -3,37 +3,23 @@
This is the directory structure you will end up with following the instructions in the Installation Guide.
|-- home
| |-- gitlab
| |-- git
| |-- .ssh
| |-- gitlab
| |-- gitlab-satellites
| |-- git
| |-- .gitolite
| |-- .ssh
| |-- bin
| |-- gitolite
| |-- gitlab-shell
| |-- repositories
**/home/gitlab/.ssh**
Contains the Gitolite admin key GitLab uses to configure Gitolite.
**/home/git/.ssh**
**/home/gitlab/gitlab**
**/home/git/gitlab**
This is where GitLab lives.
**/home/gitlab/gitlab-satellites**
**/home/git/gitlab-satellites**
Contains a copy of all repositories with a working tree.
It's used for merge requests, editing files, etc.
**/home/git/.ssh**
Contains the SSH access configuration managed by Gitolite.
**/home/git/bin**
Contains Gitolite executables.
**/home/git/gitolite**
This is where Gitolite lives.
**/home/git/repositories**
Holds all your repositories in bare format.
This is the place Git uses when you pull/push to your projects.
......
......@@ -9,17 +9,12 @@ require 'spinach/capybara'
require 'sidekiq/testing/inline'
%w(gitolite_stub stubbed_repository valid_commit).each do |f|
%w(stubbed_repository valid_commit).each do |f|
require Rails.root.join('spec', 'support', f)
end
Dir["#{Rails.root}/features/steps/shared/*.rb"].each {|file| require file}
#
# Stub gitolite
#
include GitoliteStub
WebMock.allow_net_connect!
#
# JS driver
......@@ -49,6 +44,4 @@ Spinach.hooks.before_run do
RSpec::Mocks::setup self
include FactoryGirl::Syntax::Methods
stub_gitolite!
end
......@@ -20,5 +20,6 @@ module Gitlab
mount Session
mount MergeRequests
mount Notes
mount Internal
end
end
module Gitlab
# Internal access API
class Internal < Grape::API
namespace 'internal' do
#
# Check if ssh key has access to project code
#
get "/allowed" do
key = Key.find(params[:key_id])
project = Project.find_with_namespace(params[:project])
git_cmd = params[:action]
if key.is_deploy_key
project == key.project && git_cmd == 'git-upload-pack'
else
user = key.user
action = case git_cmd
when 'git-upload-pack'
then :download_code
when 'git-receive-pack'
then
if project.protected_branch?(params[:ref])
:push_code_to_protected_branches
else
:push_code
end
end
user.can?(action, project)
end
end
#
# Discover user by ssh key
#
get "/discover" do
key = Key.find(params[:key_id])
present key.user, with: Entities::User
end
get "/check" do
{
api_version: '3'
}
end
end
end
end
require_relative 'gitolite_config'
module Gitlab
class Gitolite
class AccessDenied < StandardError; end
def config
Gitlab::GitoliteConfig.new
end
# Update gitolite config with new key
#
# Ex.
# set_key("m_gitlab_com_12343", "sha-rsa ...", [2, 3, 6])
#
def set_key(key_id, key_content, project_ids)
projects = Project.where(id: project_ids)
config.apply do |config|
config.write_key(key_id, key_content)
config.update_projects(projects)
end
end
# Remove ssh key from gitolite config
#
# Ex.
# remove_key("m_gitlab_com_12343", [2, 3, 6])
#
def remove_key(key_id, project_ids)
projects = Project.where(id: project_ids)
config.apply do |config|
config.rm_key(key_id)
config.update_projects(projects)
end
end
# Update project config in gitolite by project id
#
# Ex.
# update_repository(23)
#
def update_repository(project_id)
project = Project.find(project_id)
config.update_project!(project)
end
def move_repository(old_repo, project)
config.apply do |config|
config.clean_repo(old_repo)
config.update_project(project)
end
end
# Remove repository from gitolite
#
# name - project path with namespace
#
# Ex.
# remove_repository("gitlab/gitlab-ci")
#
def remove_repository(name)
config.destroy_project!(name)
end
# Update projects configs in gitolite by project ids
#
# Ex.
# update_repositories([1, 4, 6])
#
def update_repositories(project_ids)
projects = Project.where(id: project_ids)
config.apply do |config|
config.update_projects(projects)
end
end
def url_to_repo path
Gitlab.config.gitolite.ssh_path_prefix + "#{path}.git"
end
def enable_automerge
config.admin_all_repo!
end
alias_method :create_repository, :update_repository
end
end
require 'gitolite'
require 'timeout'
require 'fileutils'
module Gitlab
class GitoliteConfig
include Gitlab::Popen
class PullError < StandardError; end
class PushError < StandardError; end
class BrokenGitolite < StandardError; end
attr_reader :config_tmp_dir, :tmp_dir, :ga_repo, :conf
def initialize
@tmp_dir = Rails.root.join("tmp").to_s
@config_tmp_dir = File.join(@tmp_dir,"gitlabhq-gitolite-#{Time.now.to_i}")
end
def ga_repo
@ga_repo ||= ::Gitolite::GitoliteAdmin.new(
File.join(config_tmp_dir,'gitolite'),
conf: Gitlab.config.gitolite.config_file
)
end
def apply
Timeout::timeout(30) do
File.open(File.join(tmp_dir, "gitlabhq-gitolite.lock"), "w+") do |f|
begin
# Set exclusive lock
# to prevent race condition
f.flock(File::LOCK_EX)
# Pull gitolite-admin repo
# in tmp dir before do any changes
pull
# Build ga_repo object and @conf
# to access gitolite-admin configuration
@conf = ga_repo.config
# Do any changes
# in gitolite-admin
# config here
yield(self)
# Save changes in
# gitolite-admin repo
# before push it
ga_repo.save
# Push gitolite-admin repo
# to apply all changes
push
ensure
# Remove tmp dir
# removing the gitolite folder first is important to avoid
# NFS issues.
FileUtils.rm_rf(File.join(config_tmp_dir, 'gitolite'))
# Remove parent tmp dir
FileUtils.rm_rf(config_tmp_dir)
# Unlock so other task can access
# gitolite configuration
f.flock(File::LOCK_UN)
end
end
end
rescue PullError => ex
log("Pull error -> " + ex.message)
raise Gitolite::AccessDenied, ex.message
rescue PushError => ex
log("Push error -> " + " " + ex.message)
raise Gitolite::AccessDenied, ex.message
rescue BrokenGitolite => ex
log("Gitolite error -> " + " " + ex.message)
raise Gitolite::AccessDenied, ex.message
rescue Exception => ex
log(ex.class.name + " " + ex.message)
raise Gitolite::AccessDenied.new("gitolite timeout")
end
def log message
Gitlab::GitLogger.error(message)
end
def path_to_repo(name)
File.join(Gitlab.config.gitolite.repos_path, "#{name}.git")
end
def destroy_project(name)
full_path = path_to_repo(name)
FileUtils.rm_rf(full_path) if File.exists?(full_path)
conf.rm_repo(name)
end
def clean_repo repo_name
conf.rm_repo(repo_name)
end
def destroy_project!(project)
apply do |config|
config.destroy_project(project)
end
end
def write_key(id, key)
File.open(File.join(config_tmp_dir, 'gitolite/keydir',"#{id}.pub"), 'w') do |f|
f.write(key.gsub(/\n/,''))
end
end
def rm_key(user)
key_path = File.join(config_tmp_dir, 'gitolite/keydir', "#{user}.pub")
ga_key = ::Gitolite::SSHKey.from_file(key_path)
ga_repo.rm_key(ga_key)
end
# update or create
def update_project(project)
repo = update_project_config(project, conf)
conf.add_repo(repo, true)
end
def update_project!( project)
apply do |config|
config.update_project(project)
end
end
# Updates many projects and uses project.path_with_namespace as the repo path
# An order of magnitude faster than update_project
def update_projects(projects)
projects.each do |project|
repo = update_project_config(project, conf)
conf.add_repo(repo, true)
end
end
def update_project_config(project, conf)
repo_name = project.path_with_namespace
repo = if conf.has_repo?(repo_name)
conf.get_repo(repo_name)
else
::Gitolite::Config::Repo.new(repo_name)
end
name_readers = project.team.repository_readers
name_writers = project.team.repository_writers
name_masters = project.team.repository_masters
pr_br = project.protected_branches.map(&:name).join("$ ")
repo.clean_permissions
# Deny access to protected branches for writers
unless name_writers.blank? || pr_br.blank?
repo.add_permission("-", pr_br.strip + "$ ", name_writers)
end
# Add read permissions
repo.add_permission("R", "", name_readers) unless name_readers.blank?
# Add write permissions
repo.add_permission("RW+", "", name_writers) unless name_writers.blank?
repo.add_permission("RW+", "", name_masters) unless name_masters.blank?
# Add sharedRepository config
repo.set_git_config("core.sharedRepository", "0660")
repo
end
# Enable access to all repos for gitolite admin.
# We use it for accept merge request feature
def admin_all_repo
owner_name = Gitlab.config.gitolite.admin_key
# @ALL repos premission for gitolite owner
repo_name = "@all"
repo = if conf.has_repo?(repo_name)
conf.get_repo(repo_name)
else
::Gitolite::Config::Repo.new(repo_name)
end
repo.add_permission("RW+", "", owner_name)
conf.add_repo(repo, true)
end
def admin_all_repo!
apply { |config| config.admin_all_repo }
end
private
def pull
# Create config tmp dir like "RAILS_ROOT/tmp/gitlabhq-gitolite-132545"
Dir.mkdir config_tmp_dir
# Clone gitolite-admin repo into tmp dir
popen("git clone #{Gitlab.config.gitolite.admin_uri} #{config_tmp_dir}/gitolite", tmp_dir)
# Ensure file with config presents after cloning
unless File.exists?(File.join(config_tmp_dir, 'gitolite', 'conf', 'gitolite.conf'))
raise PullError, "unable to clone gitolite-admin repo"
end
end
def push
output, status = popen('git add -A', tmp_conf_path)
raise "Git add failed." unless status.zero?
# git commit returns 0 on success, and 1 if there is nothing to commit
output, status = popen('git commit -m "GitLab"', tmp_conf_path)
raise "Git add failed." unless [0,1].include?(status)
output, status = popen('git push', tmp_conf_path)
if output =~ /remote\: FATAL/
raise BrokenGitolite, output
end
if status.zero? || output =~ /Everything up\-to\-date/
return true
else
raise PushError, "unable to push gitolite-admin repo"
end
end
def tmp_conf_path
File.join(config_tmp_dir,'gitolite')
end
end
end
module Gitlab
class Shell
class AccessDenied < StandardError; end
# Init new repository
#
# name - project path with namespace
#
# Ex.
# add_repository("gitlab/gitlab-ci")
#
def add_repository(name)
system("/home/git/gitlab-shell/bin/gitlab-projects add-project #{name}.git")
end
# Remove repository from file system
#
# name - project path with namespace
#
# Ex.
# remove_repository("gitlab/gitlab-ci")
#
def remove_repository(name)
system("/home/git/gitlab-shell/bin/gitlab-projects rm-project #{name}.git")
end
# Add new key to gitlab-shell
#
# Ex.
# add_key("key-42", "sha-rsa ...")
#
def add_key(key_id, key_content)
system("/home/git/gitlab-shell/bin/gitlab-keys add-key #{key_id} \"#{key_content}\"")
end
# Remove ssh key from gitlab shell
#
# Ex.
# remove_key("key-342", "sha-rsa ...")
#
def remove_key(key_id, key_content)
system("/home/git/gitlab-shell/bin/gitlab-keys rm-key #{key_id} \"#{key_content}\"")
end
def url_to_repo path
Gitlab.config.gitolite.ssh_path_prefix + "#{path}.git"
end
end
end
......@@ -30,10 +30,10 @@ module Gitlab
end
def create
output, status = popen("git clone #{project.url_to_repo} #{path}",
output, status = popen("git clone #{project.repository.path_to_repo} #{path}",
Gitlab.config.satellites.path)
log("PID: #{project.id}: git clone #{project.url_to_repo} #{path}")
log("PID: #{project.id}: git clone #{project.repository.path_to_repo} #{path}")
log("PID: #{project.id}: -> #{output}")
if status.zero?
......
......@@ -6,6 +6,6 @@
#
module Gitolited
def gitolite
Gitlab::Gitolite.new
Gitlab::Shell.new
end
end
#!/usr/bin/env bash
# Version 4.1
# This file was placed here by GitLab. It makes sure that your pushed commits
# will be processed properly.
while read oldrev newrev ref
do
# For every branch or tag that was pushed, create a Resque job in redis.
repo_path=`pwd`
env -i redis-cli rpush "resque:gitlab:queue:post_receive" "{\"class\":\"PostReceive\",\"args\":[\"$repo_path\",\"$oldrev\",\"$newrev\",\"$ref\",\"$GL_USER\"]}" > /dev/null 2>&1
done
#!/bin/bash
src="/home/git/repositories"
for dir in `ls "$src/"`
do
if [ -d "$src/$dir" ]; then
if [ "$dir" = "gitolite-admin.git" ]
then
continue
fi
if [[ "$dir" =~ ^.*.git$ ]]
then
project_hook="$src/$dir/hooks/post-receive"
gitolite_hook="/home/git/.gitolite/hooks/common/post-receive"
ln -s -f $gitolite_hook $project_hook
else
for subdir in `ls "$src/$dir/"`
do
if [ -d "$src/$dir/$subdir" ] && [[ "$subdir" =~ ^.*.git$ ]]; then
project_hook="$src/$dir/$subdir/hooks/post-receive"
gitolite_hook="/home/git/.gitolite/hooks/common/post-receive"
ln -s -f $gitolite_hook $project_hook
fi
done
fi
fi
done
#!/bin/bash
echo "Danger!!! Data Loss"
while true; do
read -p "Do you wish to all directories except gitolite-admin.git from /home/git/repositories/ (y/n) ?: " yn
case $yn in
[Yy]* ) sh -c "find /home/git/repositories/. -maxdepth 1 -not -name 'gitolite-admin.git' -not -name '.' | xargs sudo rm -rf"; break;;
[Nn]* ) exit;;
* ) echo "Please answer yes or no.";;
esac
done
......@@ -3,11 +3,6 @@ namespace :gitlab do
task :enable_automerge => :environment do
warn_user_is_not_gitlab
puts "Updating repo permissions ..."
Gitlab::Gitolite.new.enable_automerge
puts "... #{"done".green}"
puts ""
print "Creating satellites for ..."
unless Project.count > 0
puts "skipping, because you have no projects".magenta
......
namespace :gitlab do
namespace :shell do
desc "GITLAB | Setup gitlab-shell"
task :setup => :environment do
setup
end
end
def setup
warn_user_is_not_gitlab
puts "This will rebuild an authorized_keys file."
puts "You will lose any data stored in /home/git/.ssh/authorized_keys."
ask_to_continue
puts ""
system("echo '# Managed by gitlab-shell' > /home/git/.ssh/authorized_keys")
Key.find_each(:batch_size => 1000) do |key|
if Gitlab::Shell.new.add_key(key.shell_id, key.key)
print '.'
else
print 'F'
end
end
rescue Gitlab::TaskAbortedByUserError
puts "Quitting...".red
exit 1
end
end
require 'spec_helper'
describe Gitlab::GitoliteConfig do
let(:gitolite) { Gitlab::GitoliteConfig.new }
it { should respond_to :write_key }
it { should respond_to :rm_key }
it { should respond_to :update_project }
it { should respond_to :update_project! }
it { should respond_to :update_projects }
it { should respond_to :destroy_project }
it { should respond_to :destroy_project! }
it { should respond_to :apply }
it { should respond_to :admin_all_repo }
it { should respond_to :admin_all_repo! }
end
require 'spec_helper'
describe Gitlab::Gitolite do
describe Gitlab::Shell do
let(:project) { double('Project', id: 7, path: 'diaspora') }
let(:gitolite_config) { double('Gitlab::GitoliteConfig') }
let(:gitolite) { Gitlab::Gitolite.new }
let(:gitolite) { Gitlab::Shell.new }
before do
gitolite.stub(config: gitolite_config)
Project.stub(find: project)
end
it { should respond_to :set_key }
it { should respond_to :add_key }
it { should respond_to :remove_key }
it { should respond_to :update_repository }
it { should respond_to :create_repository }
it { should respond_to :add_repository }
it { should respond_to :remove_repository }
it { gitolite.url_to_repo('diaspora').should == Gitlab.config.gitolite.ssh_path_prefix + "diaspora.git" }
it "should call config update" do
gitolite_config.should_receive(:update_project!)
gitolite.update_repository(project.id)
end
end
......@@ -46,9 +46,9 @@ describe Key do
key.should_not be_valid
end
it "does accept the same key for another project" do
it "does not accept the same key for another project" do
key = build(:key, project_id: 0)
key.should be_valid
key.should_not be_valid
end
end
......
......@@ -77,8 +77,6 @@ describe Project do
it { should respond_to(:url_to_repo) }
it { should respond_to(:repo_exists?) }
it { should respond_to(:satellite) }
it { should respond_to(:update_repository) }
it { should respond_to(:destroy_repository) }
it { should respond_to(:observe_push) }
it { should respond_to(:update_merge_requests) }
it { should respond_to(:execute_hooks) }
......
......@@ -24,19 +24,4 @@ describe ProtectedBranch do
it { should validate_presence_of(:project) }
it { should validate_presence_of(:name) }
end
describe 'Callbacks' do
let(:branch) { build(:protected_branch) }
it 'call update_repository after save' do
branch.should_receive(:update_repository)
branch.save
end
it 'call update_repository after destroy' do
branch.save
branch.should_receive(:update_repository)
branch.destroy
end
end
end
......@@ -3,7 +3,7 @@ require 'spec_helper'
describe KeyObserver do
before do
@key = double('Key',
identifier: 'admin_654654',
shell_id: 'key-32',
key: '== a vaild ssh key',
projects: [],
is_deploy_key: false
......@@ -14,14 +14,14 @@ describe KeyObserver do
context :after_save do
it do
GitoliteWorker.should_receive(:perform_async).with(:set_key, @key.identifier, @key.key, @key.projects.map(&:id))
GitoliteWorker.should_receive(:perform_async).with(:add_key, @key.shell_id, @key.key)
@observer.after_save(@key)
end
end
context :after_destroy do
it do
GitoliteWorker.should_receive(:perform_async).with(:remove_key, @key.identifier, @key.projects.map(&:id))
GitoliteWorker.should_receive(:perform_async).with(:remove_key, @key.shell_id, @key.key)
@observer.after_destroy(@key)
end
end
......
......@@ -24,7 +24,6 @@ RSpec.configure do |config|
config.mock_with :rspec
config.include LoginHelpers, type: :request
config.include GitoliteStub
config.include FactoryGirl::Syntax::Methods
config.include Devise::TestHelpers, type: :controller
......@@ -34,8 +33,6 @@ RSpec.configure do |config|
config.use_transactional_fixtures = false
config.before do
stub_gitolite!
# Use tmp dir for FS manipulations
temp_repos_path = Rails.root.join('tmp', 'test-git-base-path')
Gitlab.config.gitolite.stub(repos_path: temp_repos_path)
......
module GitoliteStub
def stub_gitolite!
stub_gitlab_gitolite
stub_gitolite_admin
end
def stub_gitolite_admin
gitolite_admin = double('Gitolite::GitoliteAdmin')
gitolite_admin.as_null_object
Gitolite::GitoliteAdmin.stub(new: gitolite_admin)
end
def stub_gitlab_gitolite
gitolite_config = double('Gitlab::GitoliteConfig')
gitolite_config.stub(apply: ->() { yield(self) })
gitolite_config.as_null_object
Gitlab::GitoliteConfig.stub(new: gitolite_config)
end
end
require "repository"
require "project"
require "shell"
# Stubs out all Git repository access done by models so that specs can run
# against fake repositories without Grit complaining that they don't exist.
......@@ -36,3 +37,23 @@ class GitLabTestRepo < Repository
@repo ||= Grit::Repo.new(Rails.root.join('tmp', 'repositories', 'gitlabhq'))
end
end
module Gitlab
class Shell
def add_repository name
true
end
def remove_repository name
true
end
def add_key id, key
true
end
def remove_key id, key
true
end
end
end
......@@ -11,7 +11,7 @@ describe PostReceive do
context "web hook" do
let(:project) { create(:project) }
let(:key) { create(:key, user: project.owner) }
let(:key_id) { key.identifier }
let(:key_id) { key.shell_id }
it "fetches the correct project" do
Project.should_receive(:find_with_namespace).with(project.path_with_namespace).and_return(project)
......@@ -19,7 +19,7 @@ describe PostReceive do
end
it "does not run if the author is not in the project" do
Key.stub(find_by_identifier: nil)
Key.stub(find_by_id: nil)
project.should_not_receive(:observe_push)
project.should_not_receive(:execute_hooks)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment