1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
|
<!-- -*- markdown -*- -->
Looking after the dead
======================
Earlier we talked about how `destroy` allows the owner of a repository (or
someone with delegated access) to remove a repository from a Gitano server. At
the time we said this was a two-part process and `graveyard` is the other half
of the story.
When repositories are destroyed they are not removed from the filesystem.
Instead they go to live in a special directory called the graveyard, which is
separate from the repository root. Only the `graveyard` command can interact
with these destroyed repositories.
EXAMPLE Sometimes, even git servers die.
_.---,._,'
/' _.--.<
/' `'
/' _.---._____
\.' ___, .-'`
/' \\ .
/' `-. -|-
| |
| .-'~~~`-.
| .' `.
| | R I P |
jgs | | |
| | Gitorious |
\ \\| 2008-2016 |//
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
When a user owns a repository, they are permitted to destroy it, they will no
longer be able to see if in the output of the `ls` command and unless the
administrator of the Gitano instance has done some ACL trickery, they will not
be able to then look into the graveyard to see it.
SCENARIO graveyard
GIVEN a standard instance
AND testinstance using adminkey has patched gitano-admin with personal-repo-create.patch
AND testinstance, using adminkey, adds a new user alice, with a key called main
WHEN alice main runs create personal/alice/testrepo
AND alice main runs ls
THEN stdout contains personal/alice/testrepo
WHEN alice main runs destroy personal/alice/testrepo --force
AND alice main runs ls
THEN stdout does not contain personal/alice/testrepo
When a repository is deleted it is put in the graveyard.
By default normal users are not allowed to look at the graveyard...
WHEN alice main, expecting failure, runs graveyard list
THEN stderr contains CRIT: You may not perform site administration
...and only admin users may browse the graveyard and restore repositories.
WHEN testinstance adminkey runs graveyard list
THEN stdout contains personal.alice.testrepo.*\.destroyed
When a repository is restored it is owned by the original owner.
WHEN testinstance adminkey restores the latest deletion to personal/alice/testrepo
AND testinstance adminkey runs config personal/alice/testrepo show project.owner
THEN stdout contains project\.owner: alice
It is thus fully usable by the user who deleted it.
WHEN alice main runs ls
THEN stdout contains personal/alice/testrepo
WHEN alice main runs config personal/alice/testrepo show project.owner
THEN stdout contains project\.owner: alice
Disk space is finite, so when a repository is no longer wanted
then it has to be purged from the graveyard as well.
WHEN alice main runs destroy personal/alice/testrepo --force
WHEN testinstance adminkey purges the latest deletion
AND testinstance adminkey runs graveyard list
THEN stdout does not contain personal.alice.testrepo
FINALLY the instance is torn down
|