diff -Nru gitolite3-3.6.4/CHANGELOG gitolite3-3.6.6/CHANGELOG --- gitolite3-3.6.4/CHANGELOG 2015-12-05 01:00:57.000000000 +0000 +++ gitolite3-3.6.6/CHANGELOG 2016-09-13 23:23:14.000000000 +0000 @@ -1,3 +1,32 @@ +2016-09-08 v3.6.6 simple but important fix for a future perl deprecation + (perl will be removing "." from @INC in 5.24) + + 'perms' now requires a '-c' to activate batch mode + (should not affect interactive use but check your scripts + perhaps?) + + gitolite setup now accepts a '-m' option to supply a + custom message (useful when it is used by a script) + +2016-02-20 v3.6.5 allow creator check to be bypassed during mirroring + + handle new style ssh fingerprinting correctly (thanks to + Robin Johnson) + + allow pre-auto-gc as a repo-specific hook + + optimise mirror pushes for heavily used repos + + create-with-reference trigger: on repo creation, setup + objects/info/alternates for a server side alternate object + store. + + 'mirror status all all' prints a list of repos that have + *some* error, which is arguably more useful for further + action/processing + + allow incrementally adding more repo-specific hooks + 2015-11-01 v3.6.4 a ref-create bug in wild repos was fixed some contrib code related to AD integration, and to diff -Nru gitolite3-3.6.4/contrib/commands/ukm gitolite3-3.6.6/contrib/commands/ukm --- gitolite3-3.6.4/contrib/commands/ukm 2015-12-05 01:00:57.000000000 +0000 +++ gitolite3-3.6.6/contrib/commands/ukm 2016-09-13 23:23:14.000000000 +0000 @@ -220,10 +220,10 @@ # compute the fingerprint from the full path of a pubkey file sub fingerprint { - my $fp = `ssh-keygen -l -f $_[0]`; - die "does not seem to be a valid pubkey\n" - unless $fp =~ /(([0-9a-f]+:)+[0-9a-f]+) /i; - return $1; + my ($fp, $output) = ssh_fingerprint_file(shift); + # Do not print the output of $output to an untrusted destination. + die "does not seem to be a valid pubkey\n" unless $fp; + return $fp; } diff -Nru gitolite3-3.6.4/debian/changelog gitolite3-3.6.6/debian/changelog --- gitolite3-3.6.4/debian/changelog 2016-11-02 16:53:06.000000000 +0000 +++ gitolite3-3.6.6/debian/changelog 2016-11-02 16:53:06.000000000 +0000 @@ -1,3 +1,17 @@ +gitolite3 (3.6.6-1) unstable; urgency=medium + + * New upstream release + * Bug fix: "uninstallable without . in @INC", explicitely look for + './foo'. (Closes: #837036). + + -- David Bremner Tue, 13 Sep 2016 20:31:39 -0300 + +gitolite3 (3.6.4-2) unstable; urgency=medium + + * depend on openssh-client (Closes: #834153). + + -- David Bremner Sun, 14 Aug 2016 14:09:11 +0900 + gitolite3 (3.6.4-1) unstable; urgency=medium * New upstream release diff -Nru gitolite3-3.6.4/debian/control gitolite3-3.6.6/debian/control --- gitolite3-3.6.4/debian/control 2016-11-02 16:53:06.000000000 +0000 +++ gitolite3-3.6.6/debian/control 2016-11-02 16:53:06.000000000 +0000 @@ -12,9 +12,14 @@ Package: gitolite3 Architecture: all -Depends: ${misc:Depends}, git (>= 1:1.7.0.4) | git-core (>= 1:1.6.2), perl (>= 5.6.0-16), - openssh-server | ssh-server, debconf (>= 0.5) | debconf-2.0, adduser, - libjson-perl +Depends: adduser, + debconf (>= 0.5) | debconf-2.0, + git (>= 1:1.7.0.4) | git-core (>= 1:1.6.2), + libjson-perl, + openssh-client, + openssh-server | ssh-server, + perl (>= 5.6.0-16), + ${misc:Depends} Suggests: git-daemon-sysvinit, gitweb Description: SSH-based gatekeeper for git repositories (version 3) Gitolite is an SSH-based gatekeeper providing access control for a server that diff -Nru gitolite3-3.6.4/ISSUE_TEMPLATE gitolite3-3.6.6/ISSUE_TEMPLATE --- gitolite3-3.6.4/ISSUE_TEMPLATE 1970-01-01 00:00:00.000000000 +0000 +++ gitolite3-3.6.6/ISSUE_TEMPLATE 2016-09-13 23:23:14.000000000 +0000 @@ -0,0 +1,24 @@ +Go to http://gitolite.com/gitolite/index.html#contact for information on +contacting me, the mailing list, and IRC channel. *Unless you are reporting +what you think is a security issue, I prefer you send to the mailing list, +not to me directly.* + +Please DO NOT send messages via github's "issues" system, linkedin +comments/discussion, stackoverflow questions, google+, and any other Web 3.0 +"coolness". (The issues system does have an email interface, but it is not a +substitute for email. I can't cc anyone else when I want to, for instance. +Well I can, but any response the original requester then makes using the +website will not get cc-d to the person I cc-d). + +Please send patches *via email*, not as github pull requests. Again, if you +think it's a security issue, send it directly to my gmail address, but +otherwise please send it to the mailing list, so others can see it and comment +on it. + +The preferred format is the files created by git-format-patch, as attachments. +However, if your repo has a public clone URL, you can make a new branch just +for this fix, and send the repo URL and branch name to the mailing list. + +(If you do send me a github pull request, I may take it if it's a trivial +patch, but otherwise I'll ask you to close the pull request, then read +this URL for how to send me the patch.) diff -Nru gitolite3-3.6.4/PULL_REQUEST_TEMPLATE gitolite3-3.6.6/PULL_REQUEST_TEMPLATE --- gitolite3-3.6.4/PULL_REQUEST_TEMPLATE 1970-01-01 00:00:00.000000000 +0000 +++ gitolite3-3.6.6/PULL_REQUEST_TEMPLATE 2016-09-13 23:23:14.000000000 +0000 @@ -0,0 +1,24 @@ +Go to http://gitolite.com/gitolite/index.html#contact for information on +contacting me, the mailing list, and IRC channel. *Unless you are reporting +what you think is a security issue, I prefer you send to the mailing list, +not to me directly.* + +Please DO NOT send messages via github's "issues" system, linkedin +comments/discussion, stackoverflow questions, google+, and any other Web 3.0 +"coolness". (The issues system does have an email interface, but it is not a +substitute for email. I can't cc anyone else when I want to, for instance. +Well I can, but any response the original requester then makes using the +website will not get cc-d to the person I cc-d). + +Please send patches *via email*, not as github pull requests. Again, if you +think it's a security issue, send it directly to my gmail address, but +otherwise please send it to the mailing list, so others can see it and comment +on it. + +The preferred format is the files created by git-format-patch, as attachments. +However, if your repo has a public clone URL, you can make a new branch just +for this fix, and send the repo URL and branch name to the mailing list. + +(If you do send me a github pull request, I may take it if it's a trivial +patch, but otherwise I'll ask you to close the pull request, then read +this URL for how to send me the patch.) diff -Nru gitolite3-3.6.4/README.markdown gitolite3-3.6.6/README.markdown --- gitolite3-3.6.4/README.markdown 2015-12-05 01:00:57.000000000 +0000 +++ gitolite3-3.6.6/README.markdown 2016-09-13 23:23:14.000000000 +0000 @@ -7,14 +7,14 @@ **This is a minimal README for gitolite**, so you can quickly get started with: -* installing gitolite on a fresh userid on a Unix(-like) machine +* installing gitolite on a fresh userid on a Unix(-like) machine, using ssh * learning enough to do some basic access control **For anything more, you need to look at the complete documentation, at: **. Please go there for what/why/how, concepts, background, troubleshooting, more details on what is covered here, advanced -features not covered here, migration from older gitolite, and many more -topics. +features not covered here, migration from older gitolite, running gitolite +over http (rather than ssh), and many more topics. diff -Nru gitolite3-3.6.4/src/commands/1plus1 gitolite3-3.6.6/src/commands/1plus1 --- gitolite3-3.6.4/src/commands/1plus1 1970-01-01 00:00:00.000000000 +0000 +++ gitolite3-3.6.6/src/commands/1plus1 2016-09-13 23:23:14.000000000 +0000 @@ -0,0 +1,41 @@ +#!/usr/bin/perl +use strict; +use warnings; + +# import LOCK_* +use Fcntl qw(:flock); + +my $lockbase = shift; # suggested: $GL_REPO_BASE/$GL_REPO.git/.gl-mirror-push-lock.$SLAVE_NAME +my @cmd_plus_args = @ARGV; # the actual 'gitolite mirror ...' command +@ARGV = (); + +# ---------------------------------------------------------------------- + +open( my $fhrun, ">", "$lockbase.run" ) or die "open '$lockbase.run' failed: $!"; +if ( flock( $fhrun, LOCK_EX | LOCK_NB ) ) { + # got run lock; you're good to go + + system(@cmd_plus_args); + + flock( $fhrun, LOCK_UN ); + exit 0; +} + +# "run" lock failed; someone is already running the command + +open( my $fhqueue, ">", "$lockbase.queue" ) or die "open '$lockbase.queue' failed: $!"; +if ( flock( $fhqueue, LOCK_EX | LOCK_NB ) ) { + # got queue lock, now block waiting for "run" lock + flock( $fhrun, LOCK_EX ); + # got run lock, so take yourself out of "queue" state, then run + flock( $fhqueue, LOCK_UN ); + + system(@cmd_plus_args); + + flock( $fhrun, LOCK_UN ); + exit 0; +} + +# "queue" lock also failed; someone is running AND someone is queued; we can go home +say STDERR "INFO: nothing to do/queue; '$lockbase' already running and 1 in queue"; +exit 0; diff -Nru gitolite3-3.6.4/src/commands/access gitolite3-3.6.6/src/commands/access --- gitolite3-3.6.4/src/commands/access 2015-12-05 01:00:57.000000000 +0000 +++ gitolite3-3.6.6/src/commands/access 2016-09-13 23:23:14.000000000 +0000 @@ -36,9 +36,12 @@ - '-s' shows the rules (conf file name, line number, and rule) that were considered and how they fared. + + - you can also test the ability to create wild repos if you set GL_USER to + the username and use ^C as the permission to check for. =cut -usage() if not @ARGV or $h; +usage() if not @ARGV >= 2 or $h; my ( $repo, $user, $aa, $ref ) = @ARGV; # default access is '+' @@ -54,7 +57,7 @@ if ( $repo ne '%' and $user ne '%' ) { # single repo, single user; no STDIN - $ret = access( $repo, $user, $aa, $ref ); + $ret = access( $repo, $user, adjust_aa($repo, $aa), $ref ); show($ret) if $s; @@ -76,10 +79,17 @@ my @in = split; my $r = $repo || shift @in; my $u = $user || shift @in; - $ret = access( $r, $u, $aa, $ref ); + $ret = access( $r, $u, adjust_aa($r, $aa), $ref ); print "$r\t$u\t$ret\n"; } +sub adjust_aa { + my ($repo, $aa) = @_; + $aa = '+' if $aa eq 'C' and not option($repo, 'CREATE_IS_C'); + $aa = '+' if $aa eq 'D' and not option($repo, 'DELETE_IS_D'); + return $aa; +} + sub show { my $ret = shift; die "repo already exists; ^C won't work\n" if $ret =~ /DENIED by existence/; diff -Nru gitolite3-3.6.4/src/commands/config gitolite3-3.6.6/src/commands/config --- gitolite3-3.6.4/src/commands/config 2015-12-05 01:00:57.000000000 +0000 +++ gitolite3-3.6.6/src/commands/config 2016-09-13 23:23:14.000000000 +0000 @@ -1,6 +1,13 @@ #!/usr/bin/perl use 5.10.0; +# ---- WARNING ---- + +# If your site makes a distinction between "right to push the admin repo" and +# "right to run arbitrary commands on the server" (i.e., if not all of your +# "admins" have shell access to the server), this is a security risk. If that +# is the case, DO NOT ENABLE THIS COMMAND. + # ---------------------------------------------------------------------- # gitolite command to allow "git config" on repos (with some restrictions) @@ -9,7 +16,7 @@ # setup: # 1. Enable the command by adding it to the COMMANDS section in the ENABLE -# list in the rc file. +# list in the rc file. (Have you read the warning above?) # # 2. Specify configs allowed to be changed by the user. This is a space # separated regex list. For example: diff -Nru gitolite3-3.6.4/src/commands/create gitolite3-3.6.6/src/commands/create --- gitolite3-3.6.4/src/commands/create 2015-12-05 01:00:57.000000000 +0000 +++ gitolite3-3.6.6/src/commands/create 2016-09-13 23:23:14.000000000 +0000 @@ -1,17 +1,29 @@ -#!/bin/sh +#!/usr/bin/perl +use strict; +use warnings; -# Usage: ssh git@host create -# -# Create wild repo. - -die() { echo "$@" >&2; exit 1; } -usage() { perl -lne 'print substr($_, 2) if /^# Usage/../^$/' < $0; exit 1; } -[ -z "$1" ] && usage -[ -z "$2" ] || usage -[ "$1" = "-h" ] && usage -[ -z "$GL_USER" ] && die GL_USER not set - -# ---------------------------------------------------------------------- -perms=$(gitolite git-config -r $1 gitolite-options.default.roles | sort | cut -f3 | - perl -pe 's/(\s)CREATOR(\s|$)/$1$ENV{GL_USER}$1/') -echo "$perms" | $GL_BINDIR/commands/perms -c "$@" +use lib $ENV{GL_LIBDIR}; +use Gitolite::Rc; +use Gitolite::Common; +use Gitolite::Conf::Load; +use Gitolite::Conf::Store; + +=for usage +create -- create a wild repo. + +Usage: + ssh git@host create +=cut + +usage() if @ARGV != 1 or $ARGV[0] eq '-h'; + +$ENV{GL_USER} or _die "GL_USER not set"; + +my $repo = shift; +_die "invalid repo '$repo'" unless $repo =~ $REPONAME_PATT; + +my $ret = access( $repo, $ENV{GL_USER}, '^C', 'any' ); +_die "repo already exists or you are not authorised to create it" if $ret =~ /DENIED/; + +new_wild_repo( $repo, $ENV{GL_USER}, 'create' ); +gl_log( 'create', $repo, $ENV{GL_USER}, 'create' ); diff -Nru gitolite3-3.6.4/src/commands/mirror gitolite3-3.6.6/src/commands/mirror --- gitolite3-3.6.4/src/commands/mirror 2015-12-05 01:00:57.000000000 +0000 +++ gitolite3-3.6.6/src/commands/mirror 2016-09-13 23:23:14.000000000 +0000 @@ -16,7 +16,11 @@ =for usage Usage 1: gitolite mirror push + gitolite mirror status + gitolite mirror status all + gitolite mirror status all all Usage 2: ssh git@master-server mirror push + ssh git@master-server mirror status Forces a push of one repo to one slave. @@ -29,11 +33,10 @@ master server, but it checks that the slave is in one of the slaves options before doing the push. -MIRROR STATUS: To find the status of the last mirror push to any slave, run -the same command except with 'status' instead of 'push'. With usage 1, you -can use the special name "all" to get the status of all slaves for the given -repo. (Admins wishing to find the status of all slaves for ALL repos will -have to script it using the output of "gitolite list-phy-repos".) +MIRROR STATUS: The usage examples above show what can be done. The 'status +all ' usage checks the status of all the slaves defined for the given +repo. The 'status all all' usage is special, in that it only prints a list of +repos that have *some* error, instead of dumping all the error info itself. SERVER LIST: 'gitolite mirror list master ' and 'gitolite mirror list slaves ' will show you the name of the master server, and list @@ -90,6 +93,20 @@ exit $errors; } elsif ($cmd eq 'status') { + if (not exists $ENV{GL_USER} and $repo eq 'all') { + # this means 'gitolite mirror status all all'; in this case we only + # return a list of repos that *have* status files (indicating some + # problem). It's upto you what you do with that list. This is not + # allowed to be run remotely; far too wide ranging, sorry. + _chdir( $rc{GL_REPO_BASE} ); + my $phy_repos = list_phy_repos(1); + for my $repo ( @{$phy_repos} ) { + my @x = glob("$rc{GL_REPO_BASE}/$repo.git/gl-slave-*.status"); + print "$repo\n" if @x; + } + exit 0; + } + valid_slave( $host, $repo ) if exists $ENV{GL_USER}; # will die if host not in slaves for repo @@ -97,7 +114,7 @@ _chdir("$repo.git"); $host = '*' if $host eq 'all'; - map { print_status($_) } sort glob("gl-slave-$host.status"); + map { print_status($repo, $_) } sort glob("gl-slave-$host.status"); } else { # strictly speaking, we could allow some of the possible commands remotely # also, at least for admins. However, these commands are mainly intended @@ -137,11 +154,12 @@ } sub print_status { + my $repo = shift; my $file = shift; return unless -f $file; my $slave = $1 if $file =~ /^gl-slave-(.+)\.status$/; print "----------\n"; - print "WARNING: previous mirror push to host '$slave' failed, status is:\n"; + print "WARNING: previous mirror push of repo '$repo' to host '$slave' failed, status is:\n"; print slurp($file); print "----------\n"; } diff -Nru gitolite3-3.6.4/src/commands/perms gitolite3-3.6.6/src/commands/perms --- gitolite3-3.6.4/src/commands/perms 2015-12-05 01:00:57.000000000 +0000 +++ gitolite3-3.6.6/src/commands/perms 2016-09-13 23:23:14.000000000 +0000 @@ -26,23 +26,24 @@ ssh git@host perms my/repo + WRITERS bob ---- -There is also a batch mode useful for scripting and bulk loading. Do not -combine this with the +/- mode above. This mode also accepts an optional "-c" -flag to create the repo if it does not already exist (assuming $GL_USER has -permissions to create it). - -Examples: - cat copy-of-backed-up-gl-perms | ssh git@host perms - cat copy-of-backed-up-gl-perms | ssh git@host perms -c +There is also a batch mode useful for scripting and bulk loading; see the +source code of the perms command for details. =cut -usage() if not @ARGV or $ARGV[0] eq '-h'; +# BATCH MODE: DO NOT combine this with the +/- mode above. This mode also +# creates the repo if it does not already exist (assuming $GL_USER has +# permissions to create it). +# +# Example: +# cat copy-of-backed-up-gl-perms | ssh git@host perms -c + +usage() if not @ARGV or $ARGV[0] eq '-h' or @ARGV < 2; $ENV{GL_USER} or _die "GL_USER not set"; my $generic_error = "repo does not exist, or you are not authorised"; -if ( @ARGV >= 2 and $ARGV[1] eq '-l' ) { +if ( $ARGV[1] eq '-l' ) { getperms($ARGV[0]); # doesn't return } @@ -53,8 +54,10 @@ _die "invalid repo '$repo'" unless $repo =~ $REPONAME_PATT; if ( not -d "$rc{GL_REPO_BASE}/$repo.git" ) { - my $ret = Gitolite::Conf::Load::access( $repo, $ENV{GL_USER}, '^C', 'any' ); - _die $generic_error if $ret =~ /DENIED/; + unless ($ENV{GL_BYPASS_CREATOR_CHECK}) { + my $ret = Gitolite::Conf::Load::access( $repo, $ENV{GL_USER}, '^C', 'any' ); + _die $generic_error if $ret =~ /DENIED/; + } require Gitolite::Conf::Store; Gitolite::Conf::Store->import; diff -Nru gitolite3-3.6.4/src/commands/sshkeys-lint gitolite3-3.6.6/src/commands/sshkeys-lint --- gitolite3-3.6.4/src/commands/sshkeys-lint 2015-12-05 01:00:57.000000000 +0000 +++ gitolite3-3.6.6/src/commands/sshkeys-lint 2016-09-13 23:23:14.000000000 +0000 @@ -4,6 +4,8 @@ # complete rewrite of the sshkeys-lint program. Usage has changed, see # usage() function or run without arguments. +use lib $ENV{GL_LIBDIR}; +use Gitolite::Common; use Getopt::Long; my $admin = 0; @@ -19,13 +21,6 @@ my $warnings = 0; my $KEYTYPE_REGEX = qr/\b(?:ssh-(?:rsa|dss|ed25519)|ecdsa-sha2-nistp(?:256|384|521))\b/; -sub dbg { - use Data::Dumper; - for my $i (@_) { - print STDERR "DBG: " . Dumper($i); - } -} - sub msg { my $warning = shift; return if $quiet and not $warning; @@ -142,35 +137,24 @@ sub fprint { local $_ = shift; - my ( $fh, $tempfn, $in ); + my ($fp, $output); if ( /$KEYTYPE_REGEX/ ) { - # an actual key was passed. Since ssh-keygen requires an actual file, - # make a temp file to take the data and pass on to ssh-keygen - s/^.* ($KEYTYPE_REGEX)/$1/; - use File::Temp qw(tempfile); - ( $fh, $tempfn ) = tempfile(); - $in = $tempfn; - print $fh $_; - close $fh; + # an actual key was passed. ssh-keygen CAN correctly handle options on + # the front of the key, so don't bother to strip them at all. + ($fp, $output) = ssh_fingerprint_line($_); } else { # a filename was passed - $in = $_; + ($fp, $output) = ssh_fingerprint_file($_); + # include the line of input as well, as it won't always be included by the ssh-keygen command + warn "Bad line: $_\n" unless $fp; } - # dbg("in = $in"); - -f $in or die "file not found: $in\n"; - open( $fh, "ssh-keygen -l -f $in |" ) or die "could not fork: $!\n"; - my $fp = <$fh>; - # dbg("fp = $fp"); - close $fh; - unlink $tempfn if $tempfn; - warn "$fp\n" unless $fp =~ /([0-9a-f][0-9a-f](:[0-9a-f][0-9a-f])+)/ or $fp =~ m(SHA256:([A-Za-z0-9+/]+)); - - return $1; + # sshkeys-lint should only be run by a trusted admin, so we can give the output here. + warn "$output\n" unless $fp; + return $fp; } # ------------------------------------------------------------------------ -sub usage { - print < +usage: ssh git@host who-pushed [--tip] Determine who pushed the given commit. The first few hex digits of the SHA should suffice. If the '--tip' option is supplied, it'll only look for the diff -Nru gitolite3-3.6.4/src/lib/Gitolite/Common.pm gitolite3-3.6.6/src/lib/Gitolite/Common.pm --- gitolite3-3.6.4/src/lib/Gitolite/Common.pm 2015-12-05 01:00:57.000000000 +0000 +++ gitolite3-3.6.6/src/lib/Gitolite/Common.pm 2016-09-13 23:23:14.000000000 +0000 @@ -16,10 +16,14 @@ dd t_start t_lap + + ssh_fingerprint_file + ssh_fingerprint_line ); #>>> use Exporter 'import'; use File::Path qw(mkpath); +use File::Temp qw(tempfile); use Carp qw(carp cluck croak confess); use strict; @@ -231,7 +235,8 @@ chomp($repo); $repo =~ s/\.git$//; $repo =~ s(^\./)(); - push @phy_repos, $repo; + push @phy_repos, $repo unless $repo =~ m(/$); + # tolerate bare repos within ~/repositories but silently ignore them } trace( 3, scalar(@phy_repos) . " physical repos found" ); return sort_u( \@phy_repos ); @@ -333,6 +338,44 @@ } # ---------------------------------------------------------------------- +# Get the SSH fingerprint of a file +# If the fingerprint cannot be parsed, it will be undef +# In a scalar context, returns the fingerprint +# In a list context, returns (fingerprint, output) where output +# is the raw output of the ssh-keygen command +sub ssh_fingerprint_file { + my $in = shift; + -f $in or die "file not found: $in\n"; + my $fh; + open( $fh, "ssh-keygen -l -f $in |" ) or die "could not fork: $!\n"; + my $output = <$fh>; + chomp $output; + # dbg("fp = $fp"); + close $fh; + # Return a valid fingerprint or undef + my $fp = undef; + if($output =~ /((?:MD5:)?(?:[0-9a-f]{2}:){15}[0-9a-f]{2})/i or + $output =~ m{((?:RIPEMD|SHA)\d+:[A-ZA-z0-9+/=]+)}i) { + $fp = $1; + } + return wantarray ? ($fp, $output) : $fp; +} + +# Get the SSH fingerprint of a line of text +# If the fingerprint cannot be parsed, it will be undef +# In a scalar context, returns the fingerprint +# In a list context, returns (fingerprint, output) where output +# is the raw output of the ssh-keygen command +sub ssh_fingerprint_line { + my ( $fh, $fn ) = tempfile(); + print $fh shift() . "\n"; + close $fh; + my ($fp,$output) = ssh_fingerprint_file($fn); + unlink $fn; + return wantarray ? ($fp,$output) : $fp; +} + +# ---------------------------------------------------------------------- # bare-minimum subset of 'Tsh' (see github.com/sitaramc/tsh) { diff -Nru gitolite3-3.6.4/src/lib/Gitolite/Conf/Load.pm gitolite3-3.6.6/src/lib/Gitolite/Conf/Load.pm --- gitolite3-3.6.4/src/lib/Gitolite/Conf/Load.pm 2015-12-05 01:00:57.000000000 +0000 +++ gitolite3-3.6.6/src/lib/Gitolite/Conf/Load.pm 2016-09-13 23:23:14.000000000 +0000 @@ -252,6 +252,7 @@ _die "'$repo' ends with a '/'" if $repo =~ m(/$); _die "'$repo' contains '..'" if $repo =~ $REPONAME_PATT and $repo =~ m(\.\.); _die "'$repo' contains '.git/'" if $repo =~ $REPONAME_PATT and $repo =~ m(\.git/); + _die "'$repo' ends with '.git'" if $repo =~ m(\.git$); } sub repo_missing { @@ -275,7 +276,7 @@ return; } - my $cc = "conf/gitolite.conf-compiled.pm"; + my $cc = "./conf/gitolite.conf-compiled.pm"; _die "parse '$cc' failed: " . ( $! or $@ ) unless do $cc; diff -Nru gitolite3-3.6.4/src/lib/Gitolite/Hooks/PostUpdate.pm gitolite3-3.6.6/src/lib/Gitolite/Hooks/PostUpdate.pm --- gitolite3-3.6.4/src/lib/Gitolite/Hooks/PostUpdate.pm 2015-12-05 01:00:57.000000000 +0000 +++ gitolite3-3.6.6/src/lib/Gitolite/Hooks/PostUpdate.pm 2016-09-13 23:23:14.000000000 +0000 @@ -20,6 +20,7 @@ sub post_update { trace( 3, 'post-up', @ARGV ); + exit 0 unless grep( m(^refs/heads/master$), @ARGV ); # this is the *real* post_update hook for gitolite tsh_try("git ls-tree --name-only master"); diff -Nru gitolite3-3.6.4/src/lib/Gitolite/Rc.pm gitolite3-3.6.6/src/lib/Gitolite/Rc.pm --- gitolite3-3.6.4/src/lib/Gitolite/Rc.pm 2015-12-05 01:00:57.000000000 +0000 +++ gitolite3-3.6.6/src/lib/Gitolite/Rc.pm 2016-09-13 23:23:14.000000000 +0000 @@ -464,6 +464,8 @@ git-config POST_COMPILE post-compile/update-git-configs git-config POST_CREATE post-compile/update-git-configs + create-with-reference POST_CREATE post-compile/create-with-reference + gitweb POST_CREATE post-compile/update-gitweb-access-list gitweb POST_COMPILE post-compile/update-gitweb-access-list diff -Nru gitolite3-3.6.4/src/lib/Gitolite/Setup.pm gitolite3-3.6.6/src/lib/Gitolite/Setup.pm --- gitolite3-3.6.4/src/lib/Gitolite/Setup.pm 2015-12-05 01:00:57.000000000 +0000 +++ gitolite3-3.6.6/src/lib/Gitolite/Setup.pm 2016-09-13 23:23:14.000000000 +0000 @@ -12,6 +12,7 @@ -a, --admin admin name -pk, --pubkey pubkey file name -ho, --hooks-only skip other steps and just propagate hooks + -m, --message set setup commit message First run: either the pubkey or the admin name is *required*, depending on whether you're using ssh mode or http mode. @@ -30,6 +31,9 @@ - '-a' is ignored + - '-m' can be used to replace default commit message "gitolite setup $argv" + with a custom message (e.g. "Setting up your repository mgmt"). + =cut # ---------------------------------------------------------------------- @@ -50,11 +54,11 @@ # ---------------------------------------------------------------------- sub setup { - my ( $admin, $pubkey, $h_only, $argv ) = args(); + my ( $admin, $pubkey, $h_only, $message ) = args(); unless ($h_only) { setup_glrc(); - setup_gladmin( $admin, $pubkey, $argv ); + setup_gladmin( $admin, $pubkey, $message ); _system("gitolite compile"); _system("gitolite trigger POST_COMPILE"); @@ -66,16 +70,18 @@ # ---------------------------------------------------------------------- sub args { - my $admin = ''; - my $pubkey = ''; - my $h_only = 0; - my $help = 0; - my $argv = join( " ", @ARGV ); + my $admin = ''; + my $pubkey = ''; + my $message = ''; + my $h_only = 0; + my $help = 0; + my $argv = join( " ", @ARGV ); require Getopt::Long; Getopt::Long::GetOptions( 'admin|a=s' => \$admin, 'pubkey|pk=s' => \$pubkey, + 'message|m=s' => \$message, 'hooks-only|ho' => \$h_only, 'help|h' => \$help, ) or usage(); @@ -97,7 +103,7 @@ } - return ( $admin || '', $pubkey || '', $h_only || 0, $argv ); + return ( $admin || '', $pubkey || '', $h_only || 0, $message || "gitolite setup $argv"); } sub setup_glrc { @@ -105,7 +111,7 @@ } sub setup_gladmin { - my ( $admin, $pubkey, $argv ) = @_; + my ( $admin, $pubkey, $message ) = @_; _die "'-pk' or '-a' required; see 'gitolite setup -h' for more" if not $admin and not -f "$rc{GL_ADMIN_BASE}/conf/gitolite.conf"; @@ -154,7 +160,7 @@ tsh_try("git config --get user.email") or tsh_run( "git config user.email $ENV{USER}\@" . `hostname` ); tsh_try("git config --get user.name") or tsh_run( "git config user.name '$ENV{USER} on '" . `hostname` ); tsh_try("git diff --cached --quiet") - or tsh_try("git commit -am 'gitolite setup $argv'") + or tsh_try("git commit -am '$message'") or _die "setup failed to commit to the admin repo"; delete $ENV{GIT_WORK_TREE}; } diff -Nru gitolite3-3.6.4/src/lib/Gitolite/Test/Tsh.pm gitolite3-3.6.6/src/lib/Gitolite/Test/Tsh.pm --- gitolite3-3.6.4/src/lib/Gitolite/Test/Tsh.pm 2015-12-05 01:00:57.000000000 +0000 +++ gitolite3-3.6.6/src/lib/Gitolite/Test/Tsh.pm 2016-09-13 23:23:14.000000000 +0000 @@ -238,7 +238,9 @@ local $_ = shift @lines; chomp; $_ = trim_ws($_); + no warnings; $line++; + use warnings; # this also sets $testname next if is_comment_or_empty($_); diff -Nru gitolite3-3.6.4/src/lib/Gitolite/Triggers/Mirroring.pm gitolite3-3.6.6/src/lib/Gitolite/Triggers/Mirroring.pm --- gitolite3-3.6.4/src/lib/Gitolite/Triggers/Mirroring.pm 2015-12-05 01:00:57.000000000 +0000 +++ gitolite3-3.6.6/src/lib/Gitolite/Triggers/Mirroring.pm 2016-09-13 23:23:14.000000000 +0000 @@ -36,8 +36,10 @@ _die "$hn: '$repo' is native" if $mode eq 'master'; _die "$hn: '$sender' is not the master for '$repo'" if $master ne $sender; + $ENV{GL_BYPASS_CREATOR_CHECK} = option($repo, "bypass-creator-check"); # this expects valid perms content on STDIN _system("gitolite perms -c $repo"); + delete $ENV{GL_BYPASS_CREATOR_CHECK}; # we're done. Yes, really... exit 0; @@ -233,9 +235,11 @@ my $u = $ENV{GL_USER}; delete $ENV{GL_USER}; # why? see src/commands/mirror + my $lb = "$ENV{GL_REPO_BASE}/$repo.git/.gl-mirror-lock"; for my $s ( sort keys %slaves ) { - system("gitolite mirror push $s $repo /dev/null 2>&1 &") if $slaves{$s} eq 'async'; - system("gitolite mirror push $s $repo /dev/null 2>&1") if $slaves{$s} eq 'sync'; + trace( 1, "push_to_slaves: skipping self" ), next if $s eq $hn; + system("gitolite 1plus1 $lb.$s gitolite mirror push $s $repo /dev/null 2>&1 &") if $slaves{$s} eq 'async'; + system("gitolite 1plus1 $lb.$s gitolite mirror push $s $repo /dev/null 2>&1") if $slaves{$s} eq 'sync'; _warn "manual mirror push pending for '$s'" if $slaves{$s} eq 'nosync'; } diff -Nru gitolite3-3.6.4/src/lib/Gitolite/Triggers/TProxy.pm gitolite3-3.6.6/src/lib/Gitolite/Triggers/TProxy.pm --- gitolite3-3.6.4/src/lib/Gitolite/Triggers/TProxy.pm 2015-12-05 01:00:57.000000000 +0000 +++ gitolite3-3.6.6/src/lib/Gitolite/Triggers/TProxy.pm 2016-09-13 23:23:14.000000000 +0000 @@ -95,3 +95,5 @@ # redirect to upstream exec( "ssh", $rc{TPROXY_FORWARDS_TO}, "TPROXY_FOR=$user", "SOC=$ENV{SSH_ORIGINAL_COMMAND}" ); } + +1; diff -Nru gitolite3-3.6.4/src/triggers/post-compile/create-with-reference gitolite3-3.6.6/src/triggers/post-compile/create-with-reference --- gitolite3-3.6.4/src/triggers/post-compile/create-with-reference 1970-01-01 00:00:00.000000000 +0000 +++ gitolite3-3.6.6/src/triggers/post-compile/create-with-reference 2016-09-13 23:23:14.000000000 +0000 @@ -0,0 +1,39 @@ +#!/usr/bin/perl + +# Set alternates if option reference.repo is set +# ---------------------------------------------------------------------- + +use FindBin; + +use lib $ENV{GL_LIBDIR}; +use Gitolite::Rc; +use Gitolite::Common; +use Gitolite::Conf::Load; + +use strict; +use warnings; + +my $RB = $rc{GL_REPO_BASE}; + +if ( @ARGV and $ARGV[0] eq 'POST_CREATE' ) { + my $repo = $ARGV[1]; + create_alternates($repo); + + exit 0; +} + +# not interested in any other triggers +exit 0; + +sub create_alternates { + my $pr = shift; + + my $refrepos = git_config( $pr, "^gitolite-options\\.reference\\.repo.*" ); + my %list = map { $_ => 1 } map { split } values %$refrepos; + my @alts = keys %list; + if ( @alts ) { + my $altlist = join "\n", map { "$RB/$_.git/objects" } @alts; + _print( "$RB/$pr.git/objects/info/alternates", "$altlist\n" ); + + } +} diff -Nru gitolite3-3.6.4/src/triggers/post-compile/ssh-authkeys gitolite3-3.6.6/src/triggers/post-compile/ssh-authkeys --- gitolite3-3.6.4/src/triggers/post-compile/ssh-authkeys 2015-12-05 01:00:57.000000000 +0000 +++ gitolite3-3.6.6/src/triggers/post-compile/ssh-authkeys 2016-09-13 23:23:14.000000000 +0000 @@ -2,7 +2,6 @@ use strict; use warnings; -use File::Temp qw(tempfile); use Getopt::Long; use lib $ENV{GL_LIBDIR}; @@ -25,7 +24,7 @@ GetOptions( 'key-file-name|kfn' => \$kfn, ); tsh_try("sestatus"); -my $selinux = ( tsh_text() =~ /enabled/ ); +my $selinux = ( tsh_text() =~ /enforcing/ ); my $ab = $rc{GL_ADMIN_BASE}; trace( 1, "'keydir' not found in '$ab'; exiting" ), exit if not -d "$ab/keydir"; @@ -113,19 +112,15 @@ sub fp_file { return $selinux++ if $selinux; # return a unique "fingerprint" to prevent noise my $f = shift; - my $fp = `ssh-keygen -l -f '$f'`; - chomp($fp); - _die "fingerprinting failed for '$f'" unless $fp =~ /([0-9a-f][0-9a-f](:[0-9a-f][0-9a-f])+)/ or $fp =~ m(SHA256:([A-ZA-z0-9+/]+)); - $fp = $1; + my ($fp, $output) = ssh_fingerprint_file($f); + _die "fingerprinting failed for '$f': $output" unless $fp; return $fp; } sub fp_line { - my ( $fh, $fn ) = tempfile(); - print $fh shift() . "\n"; - close $fh; - my $fp = fp_file($fn); - unlink $fn; + my $line = shift; + my ($fp, $output) = ssh_fingerprint_line($line); + _die "fingerprinting failed for '$line': $output" unless $fp; return $fp; } diff -Nru gitolite3-3.6.4/src/triggers/post-compile/ssh-authkeys-split gitolite3-3.6.6/src/triggers/post-compile/ssh-authkeys-split --- gitolite3-3.6.4/src/triggers/post-compile/ssh-authkeys-split 2015-12-05 01:00:57.000000000 +0000 +++ gitolite3-3.6.6/src/triggers/post-compile/ssh-authkeys-split 2016-09-13 23:23:14.000000000 +0000 @@ -18,8 +18,6 @@ # - assumes you don't have a subdir in keydir called "__split_keys__" -# - God help you if you try to throw in a putty key in there. - # - RUNNING "GITOLITE SETUP" WILL LOSE ALL THESE KEYS. So if you ever do # that, you will then need to make a dummy push to the admin repo to add # them back. If all your **admin** keys were in split keys, then you lost @@ -30,8 +28,7 @@ # SUPPORT # ------- # -# NONE. Mainly because I **know** someone will throw in a putty key. I just -# know it. +# NONE. # USAGE # ----- @@ -49,7 +46,9 @@ do # do we need to split? lines=`wc -l < $k` - [ "$lines" = "1" ] && continue + case $lines in + (0|1) continue + esac # is it sane to split? base=`basename $k .pub` @@ -59,7 +58,14 @@ seq=1 while read line do - echo "$line" > $SKD/$base@$seq.pub + f=$SKD/$base@$seq.pub + echo "$line" > $f + # similar sanity check as main ssh-authkeys script + if ! ssh-keygen -l -f $f + then + echo 1>&2 "ssh-authkeys-split: bad line $seq in keydir/$k" + rm -f $f + fi (( seq++ )) done < $k diff -Nru gitolite3-3.6.4/src/triggers/repo-specific-hooks gitolite3-3.6.6/src/triggers/repo-specific-hooks --- gitolite3-3.6.4/src/triggers/repo-specific-hooks 2015-12-05 01:00:57.000000000 +0000 +++ gitolite3-3.6.6/src/triggers/repo-specific-hooks 2016-09-13 23:23:14.000000000 +0000 @@ -24,53 +24,64 @@ chmod 0755, $driver; } +my %repo_hooks; while (<>) { chomp; my ( $repo, $hook, $codes ) = split /\t/, $_; $codes ||= ''; - # we don't allow fiddling with the admin repo - if ( $repo eq 'gitolite-admin' ) { - _warn "repo-specific-hooks: ignoring attempts to set hooks for the admin repo"; - next; - } - # get the hook name $hook =~ s/^gitolite-options\.hook\.//; + $hook =~ s/\..*//; - unless ( $hook =~ /^(pre-receive|post-receive|post-update)$/ ) { + my @codes = split /\s+/, $codes; + next unless @codes; + + # this is a special case + if ( $repo eq 'gitolite-admin' and $hook eq 'post-update' ) { + _warn "repo-specific-hooks: ignoring attempts to set post-update hook for the admin repo"; + next; + } + + unless ( $hook =~ /^(pre-receive|post-receive|post-update|pre-auto-gc)$/ ) { _warn "repo-specific-hooks: '$hook' is not allowed, ignoring"; - _warn " (only pre-receive, post-receive, and post-update are allowed)"; + _warn " (only pre-receive, post-receive, post-update, and pre-auto-gc are allowed)"; next; } - my @codes = split /\s+/, $codes; + push @{ $repo_hooks{$repo}{$hook} }, @codes if @codes; +} - my $dst = "$repo.git/hooks/$hook"; - unlink( glob("$dst.*") ); +for my $repo (keys %repo_hooks) { + for my $hook (keys %{ $repo_hooks{$repo} }) { + my @codes = @{ $repo_hooks{$repo}{$hook} }; + + my $dst = "$repo.git/hooks/$hook"; + unlink( glob("$dst.*") ); + + my $counter = "h00"; + foreach my $code (@codes) { + if ( $code =~ m(^/|\.\.) ) { + _warn "repo-specific-hooks: double dot or leading slash not allowed in '$code'"; + next; + } + + my $src = $rc{LOCAL_CODE} . "/hooks/repo-specific/$code"; + my $dst = "$repo.git/hooks/$hook.$counter-$code"; + unless ( -x $src ) { + _warn "repo-specific-hooks: '$src' doesn't exist or is not executable"; + next; + } + unlink $dst; + symlink $src, $dst or _warn "could not symlink '$src' to '$dst'"; + $counter++; - my $counter = "h00"; - foreach my $code (@codes) { - if ( $code =~ m(^/|\.\.) ) { - _warn "repo-specific-hooks: double dot or leading slash not allowed in '$code'"; - next; + # no sanity checks for multiple overwrites of the same hook } - my $src = $rc{LOCAL_CODE} . "/hooks/repo-specific/$code"; - my $dst = "$repo.git/hooks/$hook.$counter-$code"; - unless ( -x $src ) { - _warn "repo-specific-hooks: '$src' doesn't exist or is not executable"; - next; - } unlink $dst; - symlink $src, $dst or _warn "could not symlink '$src' to '$dst'"; - $counter++; - - # no sanity checks for multiple overwrites of the same hook + symlink $driver, $dst or die "could not symlink '$driver' to '$dst'"; } - - unlink $dst; - symlink $driver, $dst or die "could not symlink '$driver' to '$dst'"; } __DATA__ diff -Nru gitolite3-3.6.4/src/triggers/set-default-roles gitolite3-3.6.6/src/triggers/set-default-roles --- gitolite3-3.6.4/src/triggers/set-default-roles 2015-12-05 01:00:57.000000000 +0000 +++ gitolite3-3.6.6/src/triggers/set-default-roles 2016-09-13 23:23:14.000000000 +0000 @@ -6,7 +6,7 @@ # skip if arg-1 is POST_CREATE and no arg-3 (user name) exists (i.e., it's not # a wild repo) [ "$1" = "POST_CREATE" ] && [ -z "$3" ] && exit 0; -[ "$4" = "R" ] || [ "$4" = "W" ] || [ "$4" = "perms-c" ] || [ "$4" = "fork" ] || exit 0 +[ "$4" = "R" ] || [ "$4" = "W" ] || [ "$4" = "perms-c" ] || [ "$4" = "create" ] || [ "$4" = "fork" ] || exit 0 die() { echo "$@" >&2; exit 1; } diff -Nru gitolite3-3.6.4/t/access.t gitolite3-3.6.6/t/access.t --- gitolite3-3.6.4/t/access.t 2015-12-05 01:00:57.000000000 +0000 +++ gitolite3-3.6.6/t/access.t 2016-09-13 23:23:14.000000000 +0000 @@ -9,7 +9,7 @@ # test 'gitolite access' # ---------------------------------------------------------------------- -try "plan 208"; +try "plan 216"; confreset;confadd ' @admins = admin dev1 @@ -162,6 +162,12 @@ repo @all R = gitweb + + repo c0 + RW+ = @all + repo c1 + RWC = u1 + RW+ = @all '; try "ADMIN_PUSH set4; !/FATAL/" or die text(); @@ -184,4 +190,13 @@ gitolite access foo u3 R; ok gitolite access foo u4 R; !ok gitolite access foo gitweb R; ok + + gitolite access c0 u1 +; ok + gitolite access c0 u1 C; ok + gitolite access c0 u2 +; ok + gitolite access c0 u2 C; ok + gitolite access c1 u1 +; ok + gitolite access c1 u1 C; ok + gitolite access c1 u2 +; ok + gitolite access c1 u2 C; !ok "; diff -Nru gitolite3-3.6.4/t/perm-default-roles.t gitolite3-3.6.6/t/perm-default-roles.t --- gitolite3-3.6.4/t/perm-default-roles.t 2015-12-05 01:00:57.000000000 +0000 +++ gitolite3-3.6.6/t/perm-default-roles.t 2016-09-13 23:23:14.000000000 +0000 @@ -139,7 +139,7 @@ # add perms to an old repo try " -echo WRITERS \@h1 | glt perms u1 foo/u1/u1r1 +echo WRITERS \@h1 | glt perms u1 -c foo/u1/u1r1 "; try "cd $rb; find . -name gl-perms"; diff -Nru gitolite3-3.6.4/t/perm-roles.t gitolite3-3.6.6/t/perm-roles.t --- gitolite3-3.6.4/t/perm-roles.t 2015-12-05 01:00:57.000000000 +0000 +++ gitolite3-3.6.6/t/perm-roles.t 2016-09-13 23:23:14.000000000 +0000 @@ -63,7 +63,7 @@ POK; /\\[new tag\\] t1 -> t1/ # add u2 to WRITERS -echo WRITERS \@g2 | glt perms u1 foo/u1/u1r1 +echo WRITERS \@g2 | glt perms u1 -c foo/u1/u1r1 glt perms u1 foo/u1/u1r1 -l /WRITERS \@g2/ @@ -95,7 +95,7 @@ reject # change u2 to READERS -echo READERS u2 | glt perms u1 foo/u1/u1r1 +echo READERS u2 | glt perms u1 -c foo/u1/u1r1 glt perms u1 foo/u1/u1r1 -l /READERS u2/ @@ -108,7 +108,7 @@ /W any foo/u1/u1r1 u2 DENIED by fallthru/ # add invalid category MANAGERS - /usr/bin/printf 'READERS u6\\nMANAGERS u2\\n' | glt perms u1 foo/u1/u1r1 + /usr/bin/printf 'READERS u6\\nMANAGERS u2\\n' | glt perms u1 -c foo/u1/u1r1 !ok /Invalid role 'MANAGERS'/ "; @@ -120,7 +120,7 @@ try " ENV G3T_RC=$ENV{HOME}/g3trc gitolite compile; ok or die compile failed - /usr/bin/printf 'READERS u6\\nMANAGERS u2\\n' | glt perms u1 foo/u1/u1r1 + /usr/bin/printf 'READERS u6\\nMANAGERS u2\\n' | glt perms u1 -c foo/u1/u1r1 ok; !/Invalid role 'MANAGERS'/ glt perms u1 foo/u1/u1r1 -l "; @@ -156,7 +156,7 @@ POK; /\\[new tag\\] t3 -> t3/ # add invalid category TESTERS -echo TESTERS u2 | glt perms u1 foo/u1/u1r1 +echo TESTERS u2 | glt perms u1 -c foo/u1/u1r1 !ok /Invalid role 'TESTERS'/ "; @@ -167,7 +167,7 @@ try " gitolite compile; ok or die compile failed # add u2 to now valid TESTERS -echo TESTERS u2 | glt perms u1 foo/u1/u1r1 +echo TESTERS u2 | glt perms u1 -c foo/u1/u1r1 !/Invalid role 'TESTERS'/ glt perms u1 foo/u1/u1r1 -l "; diff -Nru gitolite3-3.6.4/t/perms-groups.t gitolite3-3.6.6/t/perms-groups.t --- gitolite3-3.6.4/t/perms-groups.t 2015-12-05 01:00:57.000000000 +0000 +++ gitolite3-3.6.6/t/perms-groups.t 2016-09-13 23:23:14.000000000 +0000 @@ -41,7 +41,7 @@ !/R W *\tbar/u1/try1\tu1/ # \@leads can RW try1 - echo WRITERS \@leads | glt perms u1 bar/u1/try1; ok + echo WRITERS \@leads | glt perms u1 -c bar/u1/try1; ok glt info u1 -lc /R W *\tbar/u1/try1\tu1/ glt info u2 -lc @@ -50,7 +50,7 @@ !/R W *\tbar/u1/try1\tu1/ # \@devs can R try1 - echo READERS \@devs | glt perms u1 bar/u1/try1; ok + echo READERS \@devs | glt perms u1 -c bar/u1/try1; ok glt perms u1 bar/u1/try1 -l /READERS \@devs/ !/WRITERS \@leads/ @@ -67,7 +67,7 @@ /R *\tbar/u1/try1\tu1/ # combo of previous 2 - /usr/bin/printf 'READERS \@devs\\nWRITERS \@leads\\n' | glt perms u1 bar/u1/try1; ok + /usr/bin/printf 'READERS \@devs\\nWRITERS \@leads\\n' | glt perms u1 -c bar/u1/try1; ok glt perms u1 bar/u1/try1 -l /READERS \@devs/ /WRITERS \@leads/ diff -Nru gitolite3-3.6.4/t/reference.t gitolite3-3.6.6/t/reference.t --- gitolite3-3.6.4/t/reference.t 1970-01-01 00:00:00.000000000 +0000 +++ gitolite3-3.6.6/t/reference.t 2016-09-13 23:23:14.000000000 +0000 @@ -0,0 +1,48 @@ +#!/usr/bin/perl +use strict; +use warnings; + +# this is hardcoded; change it if needed +use lib "src/lib"; +use Gitolite::Test; +my $h = $ENV{HOME}; + +# fork command +# ---------------------------------------------------------------------- + +try "plan 16"; + +my $rb = `gitolite query-rc -n GL_REPO_BASE`; + +try "sed -ie 's%.Mirroring.,%\"Mirroring\",\\n\"create-with-reference\",%' ~/.gitolite.rc"; + +confreset;confadd ' + + repo source + RW+ = u1 u2 + + repo fork + RW+ = u1 u2 + option reference.repo = source + + repo multifork + RW+ = u1 u2 + option reference.repo-1 = source + option reference.repo-2 = fork +'; + +try "ADMIN_PUSH set1; !/FATAL/" or die text(); + +try " # Verify files + # source doesn't have alternates + ls $rb/source.git/objects/info/alternates; !ok + + # fork has source as an alternate + ls $rb/fork.git/objects/info/alternates; ok + cat $rb/fork.git/objects/info/alternates; ok; /$rb/source.git/objects/ + + # multifork has multiple alternates + ls $rb/multifork.git/objects/info/alternates; ok + cat $rb/multifork.git/objects/info/alternates; ok; /$rb/source.git/objects/ + /$rb/fork.git/objects/ +"; diff -Nru gitolite3-3.6.4/t/repo-specific-hooks.t gitolite3-3.6.6/t/repo-specific-hooks.t --- gitolite3-3.6.4/t/repo-specific-hooks.t 2015-12-05 01:00:57.000000000 +0000 +++ gitolite3-3.6.6/t/repo-specific-hooks.t 2016-09-13 23:23:14.000000000 +0000 @@ -9,7 +9,7 @@ # test script for partial copy feature # ---------------------------------------------------------------------- -try "plan 117"; +try "plan 128"; my $h = $ENV{HOME}; my $rb = `gitolite query-rc -n GL_REPO_BASE`; @@ -47,6 +47,9 @@ repo baz RW+ = @all + + repo frob + RW+ = @all '; try "ADMIN_PUSH repo-specific-hooks-0; !/FATAL/" or die text(); @@ -55,6 +58,7 @@ /Init.*empty.*foo\\.git/ /Init.*empty.*bar\\.git/ /Init.*empty.*baz\\.git/ + /Init.*empty.*frob\\.git/ "; my $failing_hook = "#!/bin/sh @@ -65,11 +69,13 @@ put "$rb/foo.git/hooks/post-recieve", $failing_hook; put "$rb/bar.git/hooks/pre-recieve", $failing_hook; put "$rb/baz.git/hooks/post-update", $failing_hook; +put "$rb/frob.git/hooks/post-update", $failing_hook; try "# Verify hooks ls -l $rb/foo.git/hooks/*; ok; !/post-receive -. .*local/hooks/multi-hook-driver/ ls -l $rb/bar.git/hooks/*; ok; !/pre-receive -. .*local/hooks/multi-hook-driver/ ls -l $rb/baz.git/hooks/*; ok; !/post-update -. .*local/hooks/multi-hook-driver/ + ls -l $rb/frob.git/hooks/*; ok; !/post-update -. .*local/hooks/multi-hook-driver/ "; confreset;confadd ' @@ -85,6 +91,14 @@ RW+ = @all option hook.post-receive = first option hook.post-update = first second + + repo frob + RW+ = @all + option hook.post-receive.b = first + option hook.post-receive.a = second + + repo gitolite-admin + option hook.post-receive = second '; @@ -101,6 +115,13 @@ /post-update.h00-first/ /post-update.h01-second/ /post-update -. .*local/hooks/multi-hook-driver/ + ls -l $rb/frob.git/hooks/*; ok; /post-receive.h00-second/ + /post-receive.h01-first/ + /post-receive -. .*local/hooks/multi-hook-driver/ + ls -l $rb/gitolite-admin.git/hooks/* + ok; /post-receive.h/ + /post-receive -. .*local/hooks/multi-hook-driver/ + !/post-update -. .*local/hooks/multi-hook-driver/ "; try " diff -Nru gitolite3-3.6.4/t/sequence.t gitolite3-3.6.6/t/sequence.t --- gitolite3-3.6.4/t/sequence.t 2015-12-05 01:00:57.000000000 +0000 +++ gitolite3-3.6.6/t/sequence.t 2016-09-13 23:23:14.000000000 +0000 @@ -33,7 +33,7 @@ glt push u1 origin master /To file:///foo/u1/bar/ /\\[new branch\\] master -> master/ - echo WRITERS u2 | glt perms u1 foo/u1/bar + echo WRITERS u2 | glt perms u1 -c foo/u1/bar glt perms u1 foo/u1/bar -l /WRITERS u2/ # expand @@ -77,7 +77,7 @@ glt push u1 origin master /To file:///foo/u1/bar/ /\\[new branch\\] master -> master/ - echo WRITERS u2 | glt perms u1 foo/u1/bar + echo WRITERS u2 | glt perms u1 -c foo/u1/bar glt perms u1 foo/u1/bar -l /WRITERS u2/ # expand