diff options
| -rw-r--r-- | CHANGELOG | 5 | ||||
| -rw-r--r-- | README.md | 4 | ||||
| -rw-r--r-- | VERSION | 2 | ||||
| -rwxr-xr-x | bin/gitlab-projects | 2 | ||||
| -rwxr-xr-x | bin/install | 13 | ||||
| -rwxr-xr-x | hooks/post-receive | 13 | ||||
| -rwxr-xr-x | hooks/update | 2 | ||||
| -rw-r--r-- | lib/gitlab_keys.rb | 2 | ||||
| -rw-r--r-- | lib/gitlab_net.rb | 10 | ||||
| -rw-r--r-- | lib/gitlab_projects.rb | 4 | ||||
| -rw-r--r-- | lib/gitlab_shell.rb | 2 | ||||
| -rw-r--r-- | lib/gitlab_update.rb | 36 | ||||
| -rw-r--r-- | spec/gitlab_keys_spec.rb | 4 | ||||
| -rwxr-xr-x | support/rewrite-hooks.sh | 15 | ||||
| -rwxr-xr-x | support/truncate_repositories.sh | 6 |
15 files changed, 80 insertions, 40 deletions
diff --git a/CHANGELOG b/CHANGELOG new file mode 100644 index 0000000..e6bdf3a --- /dev/null +++ b/CHANGELOG @@ -0,0 +1,5 @@ +v1.0.4 + - requires gitlab c9ca15e + - dont use post-receive file any more. Make all updates in update + - fixed issue with invalid GL_USER + - use GL_ID instead of GL_USER @@ -1,4 +1,4 @@ -### gitlab-shell: ssh access and repostiory management +### gitlab-shell: ssh access and repository management [](http://ci.gitlab.org/projects/4?ref=master) @@ -25,7 +25,7 @@ Remove repo Import repo - ./bin/gitlab-projects import-project https://github.com/randx/six.git + ./bin/gitlab-projects import-project randx/six.git https://github.com/randx/six.git ### Keys: @@ -1 +1 @@ -1.0.0 +1.0.4 diff --git a/bin/gitlab-projects b/bin/gitlab-projects index f34706f..3f7a102 100755 --- a/bin/gitlab-projects +++ b/bin/gitlab-projects @@ -11,6 +11,8 @@ require_relative '../lib/gitlab_init' # # /bin/gitlab-projects rm-project gitlab/gitlab-ci.git # +# /bin/gitlab-projects import-project randx/six.git https://github.com/randx/six.git +# require File.join(ROOT_PATH, 'lib', 'gitlab_projects') GitlabProjects.new.exec diff --git a/bin/install b/bin/install index f6b0974..6b23df8 100755 --- a/bin/install +++ b/bin/install @@ -6,12 +6,15 @@ require_relative '../lib/gitlab_init' # GitLab shell, invoked from ~/.ssh/authorized_keys # +config = GitlabConfig.new +key_dir = File.dirname("#{config.auth_file}") + commands = [ - "mkdir -p /home/git/repositories", - "mkdir -p /home/git/.ssh", - "touch /home/git/.ssh/authorized_keys", - "chmod -R ug+rwX,o-rwx /home/git/repositories/", - "find /home/git/repositories -type d -print0 | xargs -0 chmod g+s" + "mkdir -p #{config.repos_path}", + "mkdir -p #{key_dir}", + "touch #{config.auth_file}", + "chmod -R ug+rwX,o-rwx #{config.repos_path}", + "find #{config.repos_path} -type d -print0 | xargs -0 chmod g+s" ] commands.each do |cmd| diff --git a/hooks/post-receive b/hooks/post-receive index ebd9e1a..acb1e40 100755 --- a/hooks/post-receive +++ b/hooks/post-receive @@ -1,11 +1,6 @@ -#!/usr/bin/env bash +#!/usr/bin/env ruby -# This file was placed here by GitLab. It makes sure that your pushed commits -# will be processed properly. +# This file was placed here by GitLab. +# IT IS DEPRECATED NOW. +# All GitLab logic handled by update hook -while read oldrev newrev ref -do - # For every branch or tag that was pushed, create a Resque job in redis. - repo_path=`pwd` - env -i redis-cli rpush "resque:gitlab:queue:post_receive" "{\"class\":\"PostReceive\",\"args\":[\"$repo_path\",\"$oldrev\",\"$newrev\",\"$ref\",\"$GL_USER\"]}" > /dev/null 2>&1 -done diff --git a/hooks/update b/hooks/update index f483cc0..39ea196 100755 --- a/hooks/update +++ b/hooks/update @@ -4,7 +4,7 @@ # will be processed properly. refname = ARGV[0] -key_id = ENV['GL_USER'] +key_id = ENV['GL_ID'] repo_path = `pwd` require_relative '../lib/gitlab_update' diff --git a/lib/gitlab_keys.rb b/lib/gitlab_keys.rb index 9931e90..a7e5a40 100644 --- a/lib/gitlab_keys.rb +++ b/lib/gitlab_keys.rb @@ -28,7 +28,7 @@ class GitlabKeys end def rm_key - cmd = "sed -i '/#{@key_id}/d' #{auth_file}" + cmd = "sed -i '/shell #{@key_id}/d' #{auth_file}" system(cmd) end end diff --git a/lib/gitlab_net.rb b/lib/gitlab_net.rb index a7d32cd..cc2c5a6 100644 --- a/lib/gitlab_net.rb +++ b/lib/gitlab_net.rb @@ -6,7 +6,9 @@ require_relative 'gitlab_config' class GitlabNet def allowed?(cmd, repo, key, ref) project_name = repo.gsub("'", "") - project_name = project_name.gsub(/\.git$/, "") + project_name = project_name.gsub(/\.git\Z/, "") + project_name = project_name.gsub(/\A\//, "") + key_id = key.gsub("key-", "") url = "#{host}/allowed?key_id=#{key_id}&action=#{cmd}&ref=#{ref}&project=#{project_name}" @@ -33,6 +35,10 @@ class GitlabNet end def get(url) - Net::HTTP.get_response(URI.parse(url)) + url = URI.parse(url) + http = Net::HTTP.new(url.host, url.port) + http.use_ssl = (url.port == 443) + request = Net::HTTP::Get.new(url.request_uri) + http.start {|http| http.request(request) } end end diff --git a/lib/gitlab_projects.rb b/lib/gitlab_projects.rb index 4cd337a..b9eb36a 100644 --- a/lib/gitlab_projects.rb +++ b/lib/gitlab_projects.rb @@ -41,8 +41,8 @@ class GitlabProjects end def import_project - dir = @project_name.match(/[a-zA-Z\.\_\-]+\.git$/).to_s - cmd = "cd #{@repos_path} && git clone --bare #{@project_name} #{dir} && #{create_hooks_cmd}" + @source = ARGV.shift + cmd = "cd #{@repos_path} && git clone --bare #{@source} #{@project_name} && #{create_hooks_cmd}" system(cmd) end end diff --git a/lib/gitlab_shell.rb b/lib/gitlab_shell.rb index d821299..842714e 100644 --- a/lib/gitlab_shell.rb +++ b/lib/gitlab_shell.rb @@ -16,7 +16,7 @@ class GitlabShell parse_cmd if git_cmds.include?(@git_cmd) - ENV['GL_USER'] = @key_id + ENV['GL_ID'] = @key_id if validate_access process_cmd diff --git a/lib/gitlab_update.rb b/lib/gitlab_update.rb index cf3953e..156e385 100644 --- a/lib/gitlab_update.rb +++ b/lib/gitlab_update.rb @@ -3,21 +3,38 @@ require_relative 'gitlab_net' class GitlabUpdate def initialize(repo_path, key_id, refname) + @repo_path = repo_path.strip @repo_name = repo_path @repo_name.gsub!(GitlabConfig.new.repos_path.to_s, "") @repo_name.gsub!(/.git$/, "") @repo_name.gsub!(/^\//, "") @key_id = key_id - @refname = /refs\/heads\/([\w\.-]+)/.match(refname).to_a.last + @refname = refname + @branch_name = /refs\/heads\/([\w\.-]+)/.match(refname).to_a.last + + @oldrev = ARGV[1] + @newrev = ARGV[2] end def exec - if api.allowed?('git-receive-pack', @repo_name, @key_id, @refname) - exit 0 + # reset GL_ID env since we already + # get value from it + ENV['GL_ID'] = nil + + # If its push over ssh + # we need to check user persmission per branch first + if ssh? + if api.allowed?('git-receive-pack', @repo_name, @key_id, @branch_name) + update_redis + exit 0 + else + puts "GitLab: You are not allowed to access #{@branch_name}! " + exit 1 + end else - puts "GitLab: You are not allowed to access #{@refname}! " - exit 1 + update_redis + exit 0 end end @@ -26,4 +43,13 @@ class GitlabUpdate def api GitlabNet.new end + + def ssh? + @key_id =~ /\Akey\-\d+\Z/ + end + + def update_redis + command = "env -i redis-cli rpush 'resque:gitlab:queue:post_receive' '{\"class\":\"PostReceive\",\"args\":[\"#{@repo_path}\",\"#{@oldrev}\",\"#{@newrev}\",\"#{@refname}\",\"#{@key_id}\"]}' > /dev/null 2>&1" + system(command) + end end diff --git a/spec/gitlab_keys_spec.rb b/spec/gitlab_keys_spec.rb index 1c557aa..0aeebbc 100644 --- a/spec/gitlab_keys_spec.rb +++ b/spec/gitlab_keys_spec.rb @@ -20,7 +20,7 @@ describe GitlabKeys do end it "should receive valid cmd" do - valid_cmd = "echo 'command=\"#{ROOT_PATH}/bin/gitlab-shell key-741\",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa AAAAB3NzaDAxx2E' >> /home/git/.ssh/authorized_keys" + valid_cmd = "echo 'command=\"#{ROOT_PATH}/bin/gitlab-shell key-741\",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa AAAAB3NzaDAxx2E' >> #{GitlabConfig.new.auth_file}" @gl_keys.should_receive(:system).with(valid_cmd) @gl_keys.send :add_key end @@ -33,7 +33,7 @@ describe GitlabKeys do end it "should receive valid cmd" do - valid_cmd = "sed -i '/key-741/d' /home/git/.ssh/authorized_keys" + valid_cmd = "sed -i '/shell key-741/d' #{GitlabConfig.new.auth_file}" @gl_keys.should_receive(:system).with(valid_cmd) @gl_keys.send :rm_key end diff --git a/support/rewrite-hooks.sh b/support/rewrite-hooks.sh index 4f8ec05..6de4dfc 100755 --- a/support/rewrite-hooks.sh +++ b/support/rewrite-hooks.sh @@ -1,6 +1,7 @@ #!/bin/bash -src="/home/git/repositories" +home_dir="/home/git" +src="$home_dir/repositories" for dir in `ls "$src/"` do @@ -11,25 +12,25 @@ do continue fi - if [[ "$dir" =~ ^.*.git$ ]] + if [[ "$dir" =~ ^.*\.git$ ]] then project_hook="$src/$dir/hooks/post-receive" - gitolite_hook="/home/git/gitlab-shell/hooks/post-receive" + gitolite_hook="$home_dir/gitlab-shell/hooks/post-receive" ln -s -f $gitolite_hook $project_hook project_hook="$src/$dir/hooks/update" - gitolite_hook="/home/git/gitlab-shell/hooks/update" + gitolite_hook="$home_dir/gitlab-shell/hooks/update" ln -s -f $gitolite_hook $project_hook else for subdir in `ls "$src/$dir/"` do - if [ -d "$src/$dir/$subdir" ] && [[ "$subdir" =~ ^.*.git$ ]]; then + if [ -d "$src/$dir/$subdir" ] && [[ "$subdir" =~ ^.*\.git$ ]]; then project_hook="$src/$dir/$subdir/hooks/post-receive" - gitolite_hook="/home/git/gitlab-shell/hooks/post-receive" + gitolite_hook="$home_dir/gitlab-shell/hooks/post-receive" ln -s -f $gitolite_hook $project_hook project_hook="$src/$dir/$subdir/hooks/update" - gitolite_hook="/home/git/gitlab-shell/hooks/update" + gitolite_hook="$home_dir/gitlab-shell/hooks/update" ln -s -f $gitolite_hook $project_hook fi done diff --git a/support/truncate_repositories.sh b/support/truncate_repositories.sh index 3b14e2e..66ff972 100755 --- a/support/truncate_repositories.sh +++ b/support/truncate_repositories.sh @@ -1,10 +1,12 @@ #!/bin/bash +home_dir="/home/git" + echo "Danger!!! Data Loss" while true; do - read -p "Do you wish to all directories except gitolite-admin.git from /home/git/repositories/ (y/n) ?: " yn + read -p "Do you wish to delete all directories (except gitolite-admin.git) from $home_dir/repositories/ (y/n) ?: " yn case $yn in - [Yy]* ) sh -c "find /home/git/repositories/. -maxdepth 1 -not -name 'gitolite-admin.git' -not -name '.' | xargs sudo rm -rf"; break;; + [Yy]* ) sh -c "find $home_dir/repositories/. -maxdepth 1 -not -name 'gitolite-admin.git' -not -name '.' | xargs rm -rf"; break;; [Nn]* ) exit;; * ) echo "Please answer yes or no.";; esac |