diff options
| author | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2013-02-07 08:26:39 +0000 |
|---|---|---|
| committer | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2013-02-07 08:26:39 +0000 |
| commit | 4e1757bfda0530238e3ab4208b47789e196d5602 (patch) | |
| tree | e63d4cf8b97ada54d4be1d99a02b68df7c04a099 /lib | |
| parent | 4bfb98ddc90bcc6076e2819619fec7607e74358b (diff) | |
| parent | d09d87e3b022f6b7cba0988c4377e44196e35939 (diff) | |
| download | gitlab-ce-4e1757bfda0530238e3ab4208b47789e196d5602.tar.gz | |
Merge branch 'gitlab-shell' of dev.gitlabhq.com:gitlab/gitlabhq
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/api.rb | 1 | ||||
| -rw-r--r-- | lib/api/internal.rb | 49 | ||||
| -rw-r--r-- | lib/gitlab/backend/gitolite.rb | 90 | ||||
| -rw-r--r-- | lib/gitlab/backend/gitolite_config.rb | 241 | ||||
| -rw-r--r-- | lib/gitlab/backend/shell.rb | 50 | ||||
| -rw-r--r-- | lib/gitlab/satellite/satellite.rb | 4 | ||||
| -rw-r--r-- | lib/gitolited.rb | 2 | ||||
| -rwxr-xr-x | lib/hooks/post-receive | 12 | ||||
| -rwxr-xr-x | lib/support/rewrite-hooks.sh | 32 | ||||
| -rwxr-xr-x | lib/support/truncate_repositories.sh | 11 | ||||
| -rw-r--r-- | lib/tasks/gitlab/enable_automerge.rake | 5 | ||||
| -rw-r--r-- | lib/tasks/gitlab/shell.rake | 32 |
12 files changed, 135 insertions, 394 deletions
diff --git a/lib/api.rb b/lib/api.rb index 81a5919f1d3..d9dce7c70cc 100644 --- a/lib/api.rb +++ b/lib/api.rb @@ -20,5 +20,6 @@ module Gitlab mount Session mount MergeRequests mount Notes + mount Internal end end diff --git a/lib/api/internal.rb b/lib/api/internal.rb new file mode 100644 index 00000000000..3e5e3a478ba --- /dev/null +++ b/lib/api/internal.rb @@ -0,0 +1,49 @@ +module Gitlab + # Internal access API + class Internal < Grape::API + namespace 'internal' do + # + # Check if ssh key has access to project code + # + get "/allowed" do + key = Key.find(params[:key_id]) + project = Project.find_with_namespace(params[:project]) + git_cmd = params[:action] + + if key.is_deploy_key + project == key.project && git_cmd == 'git-upload-pack' + else + user = key.user + action = case git_cmd + when 'git-upload-pack' + then :download_code + when 'git-receive-pack' + then + if project.protected_branch?(params[:ref]) + :push_code_to_protected_branches + else + :push_code + end + end + + user.can?(action, project) + end + end + + # + # Discover user by ssh key + # + get "/discover" do + key = Key.find(params[:key_id]) + present key.user, with: Entities::User + end + + get "/check" do + { + api_version: '3' + } + end + end + end +end + diff --git a/lib/gitlab/backend/gitolite.rb b/lib/gitlab/backend/gitolite.rb deleted file mode 100644 index cd9ac1554d6..00000000000 --- a/lib/gitlab/backend/gitolite.rb +++ /dev/null @@ -1,90 +0,0 @@ -require_relative 'gitolite_config' - -module Gitlab - class Gitolite - class AccessDenied < StandardError; end - - def config - Gitlab::GitoliteConfig.new - end - - # Update gitolite config with new key - # - # Ex. - # set_key("m_gitlab_com_12343", "sha-rsa ...", [2, 3, 6]) - # - def set_key(key_id, key_content, project_ids) - projects = Project.where(id: project_ids) - - config.apply do |config| - config.write_key(key_id, key_content) - config.update_projects(projects) - end - end - - # Remove ssh key from gitolite config - # - # Ex. - # remove_key("m_gitlab_com_12343", [2, 3, 6]) - # - def remove_key(key_id, project_ids) - projects = Project.where(id: project_ids) - - config.apply do |config| - config.rm_key(key_id) - config.update_projects(projects) - end - end - - # Update project config in gitolite by project id - # - # Ex. - # update_repository(23) - # - def update_repository(project_id) - project = Project.find(project_id) - config.update_project!(project) - end - - def move_repository(old_repo, project) - config.apply do |config| - config.clean_repo(old_repo) - config.update_project(project) - end - end - - # Remove repository from gitolite - # - # name - project path with namespace - # - # Ex. - # remove_repository("gitlab/gitlab-ci") - # - def remove_repository(name) - config.destroy_project!(name) - end - - # Update projects configs in gitolite by project ids - # - # Ex. - # update_repositories([1, 4, 6]) - # - def update_repositories(project_ids) - projects = Project.where(id: project_ids) - - config.apply do |config| - config.update_projects(projects) - end - end - - def url_to_repo path - Gitlab.config.gitolite.ssh_path_prefix + "#{path}.git" - end - - def enable_automerge - config.admin_all_repo! - end - - alias_method :create_repository, :update_repository - end -end diff --git a/lib/gitlab/backend/gitolite_config.rb b/lib/gitlab/backend/gitolite_config.rb deleted file mode 100644 index 748f9d74390..00000000000 --- a/lib/gitlab/backend/gitolite_config.rb +++ /dev/null @@ -1,241 +0,0 @@ -require 'gitolite' -require 'timeout' -require 'fileutils' - -module Gitlab - class GitoliteConfig - include Gitlab::Popen - - class PullError < StandardError; end - class PushError < StandardError; end - class BrokenGitolite < StandardError; end - - attr_reader :config_tmp_dir, :tmp_dir, :ga_repo, :conf - - def initialize - @tmp_dir = Rails.root.join("tmp").to_s - @config_tmp_dir = File.join(@tmp_dir,"gitlabhq-gitolite-#{Time.now.to_i}") - end - - def ga_repo - @ga_repo ||= ::Gitolite::GitoliteAdmin.new( - File.join(config_tmp_dir,'gitolite'), - conf: Gitlab.config.gitolite.config_file - ) - end - - def apply - Timeout::timeout(30) do - File.open(File.join(tmp_dir, "gitlabhq-gitolite.lock"), "w+") do |f| - begin - # Set exclusive lock - # to prevent race condition - f.flock(File::LOCK_EX) - - # Pull gitolite-admin repo - # in tmp dir before do any changes - pull - - # Build ga_repo object and @conf - # to access gitolite-admin configuration - @conf = ga_repo.config - - # Do any changes - # in gitolite-admin - # config here - yield(self) - - # Save changes in - # gitolite-admin repo - # before push it - ga_repo.save - - # Push gitolite-admin repo - # to apply all changes - push - ensure - # Remove tmp dir - # removing the gitolite folder first is important to avoid - # NFS issues. - FileUtils.rm_rf(File.join(config_tmp_dir, 'gitolite')) - - # Remove parent tmp dir - FileUtils.rm_rf(config_tmp_dir) - - # Unlock so other task can access - # gitolite configuration - f.flock(File::LOCK_UN) - end - end - end - rescue PullError => ex - log("Pull error -> " + ex.message) - raise Gitolite::AccessDenied, ex.message - - rescue PushError => ex - log("Push error -> " + " " + ex.message) - raise Gitolite::AccessDenied, ex.message - - rescue BrokenGitolite => ex - log("Gitolite error -> " + " " + ex.message) - raise Gitolite::AccessDenied, ex.message - - rescue Exception => ex - log(ex.class.name + " " + ex.message) - raise Gitolite::AccessDenied.new("gitolite timeout") - end - - def log message - Gitlab::GitLogger.error(message) - end - - def path_to_repo(name) - File.join(Gitlab.config.gitolite.repos_path, "#{name}.git") - end - - def destroy_project(name) - full_path = path_to_repo(name) - FileUtils.rm_rf(full_path) if File.exists?(full_path) - conf.rm_repo(name) - end - - def clean_repo repo_name - conf.rm_repo(repo_name) - end - - def destroy_project!(project) - apply do |config| - config.destroy_project(project) - end - end - - def write_key(id, key) - File.open(File.join(config_tmp_dir, 'gitolite/keydir',"#{id}.pub"), 'w') do |f| - f.write(key.gsub(/\n/,'')) - end - end - - def rm_key(user) - key_path = File.join(config_tmp_dir, 'gitolite/keydir', "#{user}.pub") - ga_key = ::Gitolite::SSHKey.from_file(key_path) - ga_repo.rm_key(ga_key) - end - - # update or create - def update_project(project) - repo = update_project_config(project, conf) - conf.add_repo(repo, true) - end - - def update_project!( project) - apply do |config| - config.update_project(project) - end - end - - # Updates many projects and uses project.path_with_namespace as the repo path - # An order of magnitude faster than update_project - def update_projects(projects) - projects.each do |project| - repo = update_project_config(project, conf) - conf.add_repo(repo, true) - end - end - - def update_project_config(project, conf) - repo_name = project.path_with_namespace - - repo = if conf.has_repo?(repo_name) - conf.get_repo(repo_name) - else - ::Gitolite::Config::Repo.new(repo_name) - end - - name_readers = project.team.repository_readers - name_writers = project.team.repository_writers - name_masters = project.team.repository_masters - - pr_br = project.protected_branches.map(&:name).join("$ ") - - repo.clean_permissions - - # Deny access to protected branches for writers - unless name_writers.blank? || pr_br.blank? - repo.add_permission("-", pr_br.strip + "$ ", name_writers) - end - - # Add read permissions - repo.add_permission("R", "", name_readers) unless name_readers.blank? - - # Add write permissions - repo.add_permission("RW+", "", name_writers) unless name_writers.blank? - repo.add_permission("RW+", "", name_masters) unless name_masters.blank? - - # Add sharedRepository config - repo.set_git_config("core.sharedRepository", "0660") - - repo - end - - # Enable access to all repos for gitolite admin. - # We use it for accept merge request feature - def admin_all_repo - owner_name = Gitlab.config.gitolite.admin_key - - # @ALL repos premission for gitolite owner - repo_name = "@all" - repo = if conf.has_repo?(repo_name) - conf.get_repo(repo_name) - else - ::Gitolite::Config::Repo.new(repo_name) - end - - repo.add_permission("RW+", "", owner_name) - conf.add_repo(repo, true) - end - - def admin_all_repo! - apply { |config| config.admin_all_repo } - end - - private - - def pull - # Create config tmp dir like "RAILS_ROOT/tmp/gitlabhq-gitolite-132545" - Dir.mkdir config_tmp_dir - - # Clone gitolite-admin repo into tmp dir - popen("git clone #{Gitlab.config.gitolite.admin_uri} #{config_tmp_dir}/gitolite", tmp_dir) - - # Ensure file with config presents after cloning - unless File.exists?(File.join(config_tmp_dir, 'gitolite', 'conf', 'gitolite.conf')) - raise PullError, "unable to clone gitolite-admin repo" - end - end - - def push - output, status = popen('git add -A', tmp_conf_path) - raise "Git add failed." unless status.zero? - - # git commit returns 0 on success, and 1 if there is nothing to commit - output, status = popen('git commit -m "GitLab"', tmp_conf_path) - raise "Git add failed." unless [0,1].include?(status) - - output, status = popen('git push', tmp_conf_path) - - if output =~ /remote\: FATAL/ - raise BrokenGitolite, output - end - - if status.zero? || output =~ /Everything up\-to\-date/ - return true - else - raise PushError, "unable to push gitolite-admin repo" - end - end - - def tmp_conf_path - File.join(config_tmp_dir,'gitolite') - end - end -end diff --git a/lib/gitlab/backend/shell.rb b/lib/gitlab/backend/shell.rb new file mode 100644 index 00000000000..50ebfc5b07c --- /dev/null +++ b/lib/gitlab/backend/shell.rb @@ -0,0 +1,50 @@ +module Gitlab + class Shell + class AccessDenied < StandardError; end + + # Init new repository + # + # name - project path with namespace + # + # Ex. + # add_repository("gitlab/gitlab-ci") + # + def add_repository(name) + system("/home/git/gitlab-shell/bin/gitlab-projects add-project #{name}.git") + end + + # Remove repository from file system + # + # name - project path with namespace + # + # Ex. + # remove_repository("gitlab/gitlab-ci") + # + def remove_repository(name) + system("/home/git/gitlab-shell/bin/gitlab-projects rm-project #{name}.git") + end + + # Add new key to gitlab-shell + # + # Ex. + # add_key("key-42", "sha-rsa ...") + # + def add_key(key_id, key_content) + system("/home/git/gitlab-shell/bin/gitlab-keys add-key #{key_id} \"#{key_content}\"") + end + + # Remove ssh key from gitlab shell + # + # Ex. + # remove_key("key-342", "sha-rsa ...") + # + def remove_key(key_id, key_content) + system("/home/git/gitlab-shell/bin/gitlab-keys rm-key #{key_id} \"#{key_content}\"") + end + + + def url_to_repo path + Gitlab.config.gitolite.ssh_path_prefix + "#{path}.git" + end + end +end diff --git a/lib/gitlab/satellite/satellite.rb b/lib/gitlab/satellite/satellite.rb index 95273a6d208..e7f7a7673b5 100644 --- a/lib/gitlab/satellite/satellite.rb +++ b/lib/gitlab/satellite/satellite.rb @@ -30,10 +30,10 @@ module Gitlab end def create - output, status = popen("git clone #{project.url_to_repo} #{path}", + output, status = popen("git clone #{project.repository.path_to_repo} #{path}", Gitlab.config.satellites.path) - log("PID: #{project.id}: git clone #{project.url_to_repo} #{path}") + log("PID: #{project.id}: git clone #{project.repository.path_to_repo} #{path}") log("PID: #{project.id}: -> #{output}") if status.zero? diff --git a/lib/gitolited.rb b/lib/gitolited.rb index 68b9b625525..4911a473f05 100644 --- a/lib/gitolited.rb +++ b/lib/gitolited.rb @@ -6,6 +6,6 @@ # module Gitolited def gitolite - Gitlab::Gitolite.new + Gitlab::Shell.new end end diff --git a/lib/hooks/post-receive b/lib/hooks/post-receive deleted file mode 100755 index 6944d3e3f72..00000000000 --- a/lib/hooks/post-receive +++ /dev/null @@ -1,12 +0,0 @@ -#!/usr/bin/env bash - -# Version 4.1 -# This file was placed here by GitLab. It makes sure that your pushed commits -# will be processed properly. - -while read oldrev newrev ref -do - # For every branch or tag that was pushed, create a Resque job in redis. - repo_path=`pwd` - env -i redis-cli rpush "resque:gitlab:queue:post_receive" "{\"class\":\"PostReceive\",\"args\":[\"$repo_path\",\"$oldrev\",\"$newrev\",\"$ref\",\"$GL_USER\"]}" > /dev/null 2>&1 -done diff --git a/lib/support/rewrite-hooks.sh b/lib/support/rewrite-hooks.sh deleted file mode 100755 index b8fd36b9a1e..00000000000 --- a/lib/support/rewrite-hooks.sh +++ /dev/null @@ -1,32 +0,0 @@ -#!/bin/bash - -src="/home/git/repositories" - -for dir in `ls "$src/"` -do - if [ -d "$src/$dir" ]; then - - if [ "$dir" = "gitolite-admin.git" ] - then - continue - fi - - if [[ "$dir" =~ ^.*.git$ ]] - then - project_hook="$src/$dir/hooks/post-receive" - gitolite_hook="/home/git/.gitolite/hooks/common/post-receive" - - ln -s -f $gitolite_hook $project_hook - else - for subdir in `ls "$src/$dir/"` - do - if [ -d "$src/$dir/$subdir" ] && [[ "$subdir" =~ ^.*.git$ ]]; then - project_hook="$src/$dir/$subdir/hooks/post-receive" - gitolite_hook="/home/git/.gitolite/hooks/common/post-receive" - - ln -s -f $gitolite_hook $project_hook - fi - done - fi - fi -done diff --git a/lib/support/truncate_repositories.sh b/lib/support/truncate_repositories.sh deleted file mode 100755 index 3b14e2ee362..00000000000 --- a/lib/support/truncate_repositories.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash - -echo "Danger!!! Data Loss" -while true; do - read -p "Do you wish to all directories except gitolite-admin.git from /home/git/repositories/ (y/n) ?: " yn - case $yn in - [Yy]* ) sh -c "find /home/git/repositories/. -maxdepth 1 -not -name 'gitolite-admin.git' -not -name '.' | xargs sudo rm -rf"; break;; - [Nn]* ) exit;; - * ) echo "Please answer yes or no.";; - esac -done diff --git a/lib/tasks/gitlab/enable_automerge.rake b/lib/tasks/gitlab/enable_automerge.rake index e92da81021f..a89c6eaa5c4 100644 --- a/lib/tasks/gitlab/enable_automerge.rake +++ b/lib/tasks/gitlab/enable_automerge.rake @@ -3,11 +3,6 @@ namespace :gitlab do task :enable_automerge => :environment do warn_user_is_not_gitlab - puts "Updating repo permissions ..." - Gitlab::Gitolite.new.enable_automerge - puts "... #{"done".green}" - puts "" - print "Creating satellites for ..." unless Project.count > 0 puts "skipping, because you have no projects".magenta diff --git a/lib/tasks/gitlab/shell.rake b/lib/tasks/gitlab/shell.rake new file mode 100644 index 00000000000..25713482ed8 --- /dev/null +++ b/lib/tasks/gitlab/shell.rake @@ -0,0 +1,32 @@ +namespace :gitlab do + namespace :shell do + desc "GITLAB | Setup gitlab-shell" + task :setup => :environment do + setup + end + end + + def setup + warn_user_is_not_gitlab + + puts "This will rebuild an authorized_keys file." + puts "You will lose any data stored in /home/git/.ssh/authorized_keys." + ask_to_continue + puts "" + + system("echo '# Managed by gitlab-shell' > /home/git/.ssh/authorized_keys") + + Key.find_each(:batch_size => 1000) do |key| + if Gitlab::Shell.new.add_key(key.shell_id, key.key) + print '.' + else + print 'F' + end + end + + rescue Gitlab::TaskAbortedByUserError + puts "Quitting...".red + exit 1 + end +end + |