Merge pull request #1 from gitlabhq/master

Master Sync

Merge pull request #1 from gitlabhq/master
Master Sync
4bbda0b2 · Michael · 381f4cdb · fc8bd8f7 · 4bbda0b2 · 4bbda0b2
Commit 4bbda0b2 authored Mar 10, 2013 by Michael
15 changed files
--- a/CHANGELOG
+++ b/CHANGELOG
+v1.0.4
+  - requires gitlab c9ca15e
+  - dont use post-receive file any more. Make all updates in update
+  - fixed issue with invalid GL_USER
+  - use GL_ID instead of GL_USER
--- a/README.md
+++ b/README.md
-### gitlab-shell: ssh access and repostiory management
+### gitlab-shell: ssh access and repository management

 [![CI](http://ci.gitlab.org/projects/4/status?ref=master)](http://ci.gitlab.org/projects/4?ref=master)

@@ -25,7 +25,7 @@ Remove repo

 Import repo 

-    ./bin/gitlab-projects import-project https://github.com/randx/six.git
+    ./bin/gitlab-projects import-project randx/six.git https://github.com/randx/six.git


 ### Keys: 

--- a/VERSION
+++ b/VERSION
-1.0.0
+1.0.4
--- a/bin/gitlab-projects
+++ b/bin/gitlab-projects
@@ -11,6 +11,8 @@ require_relative '../lib/gitlab_init'
 #
 #   /bin/gitlab-projects rm-project gitlab/gitlab-ci.git
 #
+#   /bin/gitlab-projects import-project randx/six.git https://github.com/randx/six.git
+#
 require File.join(ROOT_PATH, 'lib', 'gitlab_projects')
 GitlabProjects.new.exec


--- a/bin/install
+++ b/bin/install
@@ -6,12 +6,15 @@ require_relative '../lib/gitlab_init'
 # GitLab shell, invoked from ~/.ssh/authorized_keys
 #

+config = GitlabConfig.new
+key_dir = File.dirname("#{config.auth_file}")
+
 commands = [
-  "mkdir -p /home/git/repositories",
-  "mkdir -p /home/git/.ssh",
-  "touch /home/git/.ssh/authorized_keys",
-  "chmod -R ug+rwX,o-rwx /home/git/repositories/",
-  "find /home/git/repositories -type d -print0 | xargs -0 chmod g+s"
+  "mkdir -p #{config.repos_path}",
+  "mkdir -p #{key_dir}",
+  "touch #{config.auth_file}",
+  "chmod -R ug+rwX,o-rwx #{config.repos_path}",
+  "find #{config.repos_path} -type d -print0 | xargs -0 chmod g+s"
 ]

 commands.each do |cmd|

--- a/hooks/post-receive
+++ b/hooks/post-receive
-#!/usr/bin/env bash
+#!/usr/bin/env ruby

-# This file was placed here by GitLab. It makes sure that your pushed commits
-# will be processed properly.
+# This file was placed here by GitLab.
+# IT IS DEPRECATED NOW.
+# All GitLab logic handled by update hook

-while read oldrev newrev ref
-do
-  # For every branch or tag that was pushed, create a Resque job in redis.
-  repo_path=`pwd`
-  env -i redis-cli rpush "resque:gitlab:queue:post_receive" "{\"class\":\"PostReceive\",\"args\":[\"$repo_path\",\"$oldrev\",\"$newrev\",\"$ref\",\"$GL_USER\"]}" > /dev/null 2>&1
-done
--- a/hooks/update
+++ b/hooks/update
@@ -4,7 +4,7 @@
 # will be processed properly.

 refname = ARGV[0]
-key_id  = ENV['GL_USER']
+key_id  = ENV['GL_ID']
 repo_path = `pwd`

 require_relative '../lib/gitlab_update'

--- a/lib/gitlab_keys.rb
+++ b/lib/gitlab_keys.rb
@@ -28,7 +28,7 @@ class GitlabKeys
  end

  def rm_key
-    cmd = "sed -i '/#{@key_id}/d' #{auth_file}"
+    cmd = "sed -i '/shell #{@key_id}/d' #{auth_file}"
    system(cmd)
  end
 end
--- a/lib/gitlab_net.rb
+++ b/lib/gitlab_net.rb
@@ -6,7 +6,9 @@ require_relative 'gitlab_config'
 class GitlabNet
  def allowed?(cmd, repo, key, ref)
    project_name = repo.gsub("'", "")
-    project_name = project_name.gsub(/\.git$/, "")
+    project_name = project_name.gsub(/\.git\Z/, "")
+    project_name = project_name.gsub(/\A\//, "")
+
    key_id = key.gsub("key-", "")

    url = "#{host}/allowed?key_id=#{key_id}&action=#{cmd}&ref=#{ref}&project=#{project_name}"
@@ -33,6 +35,10 @@ class GitlabNet
  end

  def get(url)
-    Net::HTTP.get_response(URI.parse(url))
+    url = URI.parse(url)
+    http = Net::HTTP.new(url.host, url.port)
+    http.use_ssl = (url.port == 443)
+    request = Net::HTTP::Get.new(url.request_uri)
+    http.start {|http| http.request(request) }
  end
 end
--- a/lib/gitlab_projects.rb
+++ b/lib/gitlab_projects.rb
@@ -41,8 +41,8 @@ class GitlabProjects
  end

  def import_project
-    dir = @project_name.match(/[a-zA-Z\.\_\-]+\.git$/).to_s
-    cmd = "cd #{@repos_path} && git clone --bare #{@project_name} #{dir} && #{create_hooks_cmd}"
+    @source = ARGV.shift
+    cmd = "cd #{@repos_path} && git clone --bare #{@source} #{@project_name} && #{create_hooks_cmd}"
    system(cmd)
  end
 end
--- a/lib/gitlab_shell.rb
+++ b/lib/gitlab_shell.rb
@@ -16,7 +16,7 @@ class GitlabShell
      parse_cmd

      if git_cmds.include?(@git_cmd)
-        ENV['GL_USER'] = @key_id
+        ENV['GL_ID'] = @key_id

        if validate_access
          process_cmd

--- a/lib/gitlab_update.rb
+++ b/lib/gitlab_update.rb
@@ -3,21 +3,38 @@ require_relative 'gitlab_net'

 class GitlabUpdate
  def initialize(repo_path, key_id, refname)
+    @repo_path = repo_path.strip
    @repo_name = repo_path
    @repo_name.gsub!(GitlabConfig.new.repos_path.to_s, "")
    @repo_name.gsub!(/.git$/, "")
    @repo_name.gsub!(/^\//, "")

    @key_id = key_id
-    @refname = /refs\/heads\/([\w\.-]+)/.match(refname).to_a.last
+    @refname = refname
+    @branch_name = /refs\/heads\/([\w\.-]+)/.match(refname).to_a.last
+
+    @oldrev  = ARGV[1]
+    @newrev  = ARGV[2]
  end

  def exec
-    if api.allowed?('git-receive-pack', @repo_name, @key_id, @refname)
-      exit 0
+    # reset GL_ID env since we already
+    # get value from it
+    ENV['GL_ID'] = nil
+
+    # If its push over ssh
+    # we need to check user persmission per branch first
+    if ssh?
+      if api.allowed?('git-receive-pack', @repo_name, @key_id, @branch_name)
+        update_redis
+        exit 0
+      else
+        puts "GitLab: You are not allowed to access #{@branch_name}! "
+        exit 1
+      end
    else
-      puts "GitLab: You are not allowed to access #{@refname}! "
-      exit 1
+      update_redis
+      exit 0
    end
  end

@@ -26,4 +43,13 @@ class GitlabUpdate
  def api
    GitlabNet.new
  end
+
+  def ssh?
+    @key_id =~ /\Akey\-\d+\Z/
+  end
+
+  def update_redis
+    command = "env -i redis-cli rpush 'resque:gitlab:queue:post_receive' '{\"class\":\"PostReceive\",\"args\":[\"#{@repo_path}\",\"#{@oldrev}\",\"#{@newrev}\",\"#{@refname}\",\"#{@key_id}\"]}' > /dev/null 2>&1"
+    system(command)
+  end
 end
--- a/spec/gitlab_keys_spec.rb
+++ b/spec/gitlab_keys_spec.rb
@@ -20,7 +20,7 @@ describe GitlabKeys do
    end

    it "should receive valid cmd" do
-      valid_cmd = "echo 'command=\"#{ROOT_PATH}/bin/gitlab-shell key-741\",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa AAAAB3NzaDAxx2E' >> /home/git/.ssh/authorized_keys"
+      valid_cmd = "echo 'command=\"#{ROOT_PATH}/bin/gitlab-shell key-741\",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa AAAAB3NzaDAxx2E' >> #{GitlabConfig.new.auth_file}"
      @gl_keys.should_receive(:system).with(valid_cmd)
      @gl_keys.send :add_key
    end
@@ -33,7 +33,7 @@ describe GitlabKeys do
    end

    it "should receive valid cmd" do
-      valid_cmd = "sed -i '/key-741/d' /home/git/.ssh/authorized_keys"
+      valid_cmd = "sed -i '/shell key-741/d' #{GitlabConfig.new.auth_file}"
      @gl_keys.should_receive(:system).with(valid_cmd)
      @gl_keys.send :rm_key
    end

--- a/support/rewrite-hooks.sh
+++ b/support/rewrite-hooks.sh
 #!/bin/bash

-src="/home/git/repositories"
+home_dir="/home/git"
+src="$home_dir/repositories"

 for dir in `ls "$src/"`
 do
@@ -11,25 +12,25 @@ do
      continue 
    fi

-    if [[ "$dir" =~ ^.*.git$ ]]
+    if [[ "$dir" =~ ^.*\.git$ ]]
    then
      project_hook="$src/$dir/hooks/post-receive"
-      gitolite_hook="/home/git/gitlab-shell/hooks/post-receive"
+      gitolite_hook="$home_dir/gitlab-shell/hooks/post-receive"
      ln -s -f $gitolite_hook $project_hook

      project_hook="$src/$dir/hooks/update"
-      gitolite_hook="/home/git/gitlab-shell/hooks/update"
+      gitolite_hook="$home_dir/gitlab-shell/hooks/update"
      ln -s -f $gitolite_hook $project_hook
    else
      for subdir in `ls "$src/$dir/"`
      do
-        if [ -d "$src/$dir/$subdir" ] && [[ "$subdir" =~ ^.*.git$ ]]; then
+        if [ -d "$src/$dir/$subdir" ] && [[ "$subdir" =~ ^.*\.git$ ]]; then
          project_hook="$src/$dir/$subdir/hooks/post-receive"
-          gitolite_hook="/home/git/gitlab-shell/hooks/post-receive"
+          gitolite_hook="$home_dir/gitlab-shell/hooks/post-receive"
          ln -s -f $gitolite_hook $project_hook

          project_hook="$src/$dir/$subdir/hooks/update"
-          gitolite_hook="/home/git/gitlab-shell/hooks/update"
+          gitolite_hook="$home_dir/gitlab-shell/hooks/update"
          ln -s -f $gitolite_hook $project_hook
        fi
      done

--- a/support/truncate_repositories.sh
+++ b/support/truncate_repositories.sh
 #!/bin/bash

+home_dir="/home/git"
+
 echo "Danger!!! Data Loss"
 while true; do
-  read -p "Do you wish to all directories except gitolite-admin.git from /home/git/repositories/ (y/n) ?:  " yn
+  read -p "Do you wish to delete all directories (except gitolite-admin.git) from $home_dir/repositories/ (y/n) ?:  " yn
  case $yn in
-    [Yy]* ) sh -c "find /home/git/repositories/. -maxdepth 1  -not -name 'gitolite-admin.git' -not -name '.' | xargs sudo rm -rf"; break;;
+    [Yy]* ) sh -c "find $home_dir/repositories/. -maxdepth 1  -not -name 'gitolite-admin.git' -not -name '.' | xargs rm -rf"; break;;
    [Nn]* ) exit;;
    * ) echo "Please answer yes or no.";;
  esac