Adding upstream version 3.6.12.upstream/3.6.12upstream

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

9 files changed, 527 insertions, 0 deletions

diff --git a/src/triggers/post-compile/create-with-reference b/src/triggers/post-compile/create-with-reference
new file mode 100755
index 0000000..f525082
--- /dev/null
+++ b/src/triggers/post-compile/create-with-reference
@@ -0,0 +1,39 @@
+#!/usr/bin/perl
+
+# Set alternates if option reference.repo is set
+# ----------------------------------------------------------------------
+
+use FindBin;
+
+use lib $ENV{GL_LIBDIR};
+use Gitolite::Rc;
+use Gitolite::Common;
+use Gitolite::Conf::Load;
+
+use strict;
+use warnings;
+
+my $RB = $rc{GL_REPO_BASE};
+
+if ( @ARGV and $ARGV[0] eq 'POST_CREATE' ) {
+    my $repo = $ARGV[1];
+    create_alternates($repo);
+
+    exit 0;
+}
+
+# not interested in any other triggers
+exit 0;
+
+sub create_alternates {
+    my $pr      = shift;
+
+    my $refrepos = git_config( $pr, "^gitolite-options\\.reference\\.repo.*" );
+    my %list = map { $_ => 1 } map { split } values %$refrepos;
+    my @alts = keys %list;
+    if ( @alts ) {
+        my $altlist = join "\n", map { "$RB/$_.git/objects" } @alts;
+        _print( "$RB/$pr.git/objects/info/alternates", "$altlist\n" );
+
+    }
+}
diff --git a/src/triggers/post-compile/ssh-authkeys b/src/triggers/post-compile/ssh-authkeys
new file mode 100755
index 0000000..cd59aec
--- /dev/null
+++ b/src/triggers/post-compile/ssh-authkeys
@@ -0,0 +1,142 @@
+#!/usr/bin/perl
+use strict;
+use warnings;
+
+use Getopt::Long;
+
+use lib $ENV{GL_LIBDIR};
+use Gitolite::Rc;
+use Gitolite::Common;
+
+$|++;
+
+# best called via 'gitolite trigger POST_COMPILE'; other modes at your own
+# risk, especially if the rc file specifies arguments for it.  (That is also
+# why it doesn't respond to "-h" like most gitolite commands do).
+
+# option procesing
+# ----------------------------------------------------------------------
+
+# currently has one option:
+#   -kfn, --key-file-name        adds the keyfilename as a second argument
+
+my $kfn = '';
+GetOptions( 'key-file-name|kfn' => \$kfn, );
+
+tsh_try("sestatus");
+my $selinux = ( tsh_text() =~ /enforcing/ );
+
+my $ab = $rc{GL_ADMIN_BASE};
+trace( 1, "'keydir' not found in '$ab'; exiting" ), exit if not -d "$ab/keydir";
+my $akdir        = "$ENV{HOME}/.ssh";
+my $akfile       = "$ENV{HOME}/.ssh/authorized_keys";
+my $glshell      = $rc{GL_BINDIR} . "/gitolite-shell";
+my $auth_options = auth_options();
+
+sanity();
+
+# ----------------------------------------------------------------------
+
+_chdir($ab);
+
+# old data
+my $old_ak = slurp($akfile);
+my @non_gl = grep { not /^# gito.*start/ .. /^# gito.*end/ } slurp($akfile);
+chomp(@non_gl);
+my %seen = map { $_ => 'a non-gitolite key' } ( fp(@non_gl) );
+
+# pubkey files
+chomp( my @pubkeys = `find keydir/ -type f -name "*.pub" | sort` );
+my @gl_keys = ();
+for my $f (@pubkeys) {
+    my $fp = fp($f);
+    if ( $seen{$fp} ) {
+        _warn "$f duplicates $seen{$fp}, sshd will ignore it";
+    } else {
+        $seen{$fp} = $f;
+    }
+    push @gl_keys, grep { /./ } optionise($f);
+}
+
+# dump it out
+my $out = join( "\n", @non_gl, "# gitolite start", @gl_keys, "# gitolite end" ) . "\n";
+
+my $ak = slurp($akfile);
+_die "'$akfile' changed between start and end of this program!" if $ak ne $old_ak;
+_print( $akfile, $out );
+
+_warn "you have no keys left; I hope you intended to do that!" unless @gl_keys;
+
+# ----------------------------------------------------------------------
+
+sub sanity {
+    _die "'$glshell' not found; this should NOT happen..."                if not -f $glshell;
+    _die "'$glshell' found but not readable; this should NOT happen..."   if not -r $glshell;
+    _die "'$glshell' found but not executable; this should NOT happen..." if not -x $glshell;
+
+    my $n = "    (this is normal on a brand new install)";
+    _warn "$akdir missing; creating a new one\n$n"  if not -d $akdir;
+    _warn "$akfile missing; creating a new one\n$n" if not -f $akfile;
+
+    _mkdir( $akdir, 0700 ) if not -d $akdir;
+    if ( not -f $akfile ) {
+        _print( $akfile, "" );
+        chmod 0600, $akfile;
+    }
+}
+
+sub auth_options {
+    my $auth_options = $rc{AUTH_OPTIONS};
+    $auth_options ||= "no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty";
+
+    return $auth_options;
+}
+
+sub fp {
+    # input: see below
+    # output: a (list of) FPs
+    my $in = shift || '';
+    if ( $in =~ /\.pub$/ ) {
+        # single pubkey file
+        _die "bad pubkey file '$in'" unless $in =~ $REPONAME_PATT;
+        return fp_file($in);
+    } elsif ( -f $in ) {
+        # an authkeys file
+        return map { fp_line($_) } grep { !/^#/ and /\S/ } slurp($in);
+    } else {
+        # one or more actual keys
+        return map { fp_line($_) } grep { !/^#/ and /\S/ } ( $in, @_ );
+    }
+}
+
+sub fp_file {
+    return $selinux++ if $selinux;    # return a unique "fingerprint" to prevent noise
+    my $f  = shift;
+    my ($fp, $output) = ssh_fingerprint_file($f);
+    _die "fingerprinting failed for '$f': $output" unless $fp;
+    return $fp;
+}
+
+sub fp_line {
+    my $line = shift;
+    my ($fp, $output) = ssh_fingerprint_line($line);
+    _die "fingerprinting failed for '$line': $output" unless $fp;
+    return $fp;
+}
+
+sub optionise {
+    my $f = shift;
+
+    my $user = $f;
+    $user =~ s(.*/)();                # foo/bar/baz.pub -> baz.pub
+    $user =~ s/(\@[^.]+)?\.pub$//;    # baz.pub, baz@home.pub -> baz
+
+    my @line = slurp($f);
+    if ( @line != 1 ) {
+        _warn "$f does not contain exactly 1 line; ignoring";
+        return '';
+    }
+    chomp(@line);
+    return "command=\"$glshell $user" . ( $kfn ? " $f" : "" ) . "\",$auth_options $line[0]";
+}
+
diff --git a/src/triggers/post-compile/ssh-authkeys-shell-users b/src/triggers/post-compile/ssh-authkeys-shell-users
new file mode 100755
index 0000000..2dd6643
--- /dev/null
+++ b/src/triggers/post-compile/ssh-authkeys-shell-users
@@ -0,0 +1,51 @@
+#!/usr/bin/perl
+use strict;
+use warnings;
+
+use lib $ENV{GL_LIBDIR};
+use Gitolite::Rc;
+use Gitolite::Common;
+
+$|++;
+
+my $akfile = "$ENV{HOME}/.ssh/authorized_keys";
+
+# ----------------------------------------------------------------------
+
+my $aktext = slurp($akfile);
+
+for my $su ( shell_users() ) {
+    $aktext =~ s(/gitolite-shell $su([" ].*?),no-pty )(/gitolite-shell -s $su$1 )g;
+}
+
+_print( $akfile, $aktext );
+
+# two methods to specify list of shell-capable users.  (1) list of usernames
+# as arguments to 'Shell' in rc file, (2) list of usernames in a plain text
+# file whose name is the first argument to 'Shell' in the rc file.  Or both!
+sub shell_users {
+    my ($sufile, @ret);
+
+    # backward compat for 3.6 and below.  This code will be removed in 3.7.
+    # Also, the variable is ignored if you end up using the new variant (i.e.,
+    # put a file name on the 'Shell' line itself).
+    $sufile = $rc{SHELL_USERS_LIST} if $rc{SHELL_USERS_LIST} and -r $rc{SHELL_USERS_LIST};
+
+    $sufile = shift @ARGV if @ARGV and -r $ARGV[0];
+
+    if ($sufile) {
+        @ret = grep { not /^#/ } slurp($sufile);
+        chomp(@ret);
+    }
+
+    for my $u (@ARGV) {
+        # arguments placed in the rc file appear before the trigger name
+        last if $u eq 'POST_COMPILE';
+
+        push @ret, $u;
+        # no sanity checking, since the rc file can only be created by someone
+        # who already has shell access
+    }
+    _die "'Shell': enabled but no usernames supplied" unless @ret;
+    return @ret;
+}
diff --git a/src/triggers/post-compile/ssh-authkeys-split b/src/triggers/post-compile/ssh-authkeys-split
new file mode 100755
index 0000000..031bd07
--- /dev/null
+++ b/src/triggers/post-compile/ssh-authkeys-split
@@ -0,0 +1,87 @@
+#!/bin/bash
+
+#   split multi-key files into separate keys like ssh-authkeys likes
+
+# WHY
+# ---
+#
+# Yeah I wonder that too, when it's so much more maintainable to keep the damn
+# keys as sitaram@home.pub and sitaram@work.pub or such.  But there's no
+# accounting for tastes, and some old fogies apparently want to put all of a
+# user's keys into a single ".pub" file.
+
+# WARNINGS AND CAVEATS
+# --------------------
+#
+# - assumes no "@" sign in basenames of any multi-key files (single line file
+#   may still have them)
+
+# - assumes you don't have a subdir in keydir called "__split_keys__"
+
+# SUPPORT
+# -------
+#
+# NONE.
+
+# USAGE
+# -----
+#
+# to enable, uncomment the 'ssh-authkeys-split' line in the ENABLE list in the
+# rc file.
+
+cd $GL_ADMIN_BASE/keydir
+
+rm -rf __split_keys__
+mkdir __split_keys__
+export SKD=$PWD/__split_keys__
+
+# if we're coming from a gitolite-admin push, delete all *.multi, and rename
+# all multi-line *.pub to *.multi
+if [ "$GL_REPO" = "gitolite-admin" ] || [ "$GL_BYPASS_ACCESS_CHECKS" = "1" ]
+then
+    find . -type f -name "*.multi" | while read k
+    do
+        rm -f "$k"
+    done
+    find . -type f -name "*.pub" | while read k
+    do
+        # is this a multi-key?
+        lines=`wc -l < $k`
+        case $lines in
+            (0|1) continue
+        esac
+
+        base=`basename $k .pub`
+        mv $k $base.multi
+    done
+fi
+
+# now process *.multi
+find . -type f -name "*.multi" | while read k
+do
+    # do we need to split?
+    lines=`wc -l < $k`
+    case $lines in
+        (0|1) continue
+    esac
+
+    base=`basename $k .multi`
+    # sanity check
+    echo $base | grep '@' >/dev/null && continue
+
+    # ok do it
+    seq=0
+    while read line
+    do
+        (( seq++ ))
+        [ -z "$line" ] && continue
+        f=$SKD/$base@$seq.pub
+        echo "$line" > $f
+        # similar sanity check as main ssh-authkeys script
+        if ! ssh-keygen -l -f $f >/dev/null
+        then
+            echo 1>&2 "ssh-authkeys-split: bad line $seq in keydir/$k"
+            rm -f $f
+        fi
+    done < $k
+done
diff --git a/src/triggers/post-compile/update-description-file b/src/triggers/post-compile/update-description-file
new file mode 100755
index 0000000..e5b7c6a
--- /dev/null
+++ b/src/triggers/post-compile/update-description-file
@@ -0,0 +1,16 @@
+#!/bin/sh
+
+# For normal (not "wild") repos, gitolite v3 sets 'gitweb.description' instead
+# of putting the text in the "description" file.  This is easier because it
+# just goes with the flow of setting config variables; nothing special needs
+# to be done for the description.
+
+# But this only works for gitweb, not for cgit.  Cgit users must uncomment the
+# 'cgit' line in the ENABLE list in the rc file (which has the effect of
+# adding this program to the POST_COMPILE trigger list).
+
+cd $GL_REPO_BASE
+gitolite list-phy-repos | gitolite git-config % gitweb.description | perl -I"$GL_LIBDIR" -MGitolite::Easy -lne '
+            my @F = split /\t/,$_,3;
+            textfile( file => "description", repo => $F[0], text => $F[2] );
+    '
diff --git a/src/triggers/post-compile/update-git-configs b/src/triggers/post-compile/update-git-configs
new file mode 100755
index 0000000..6eb2f46
--- /dev/null
+++ b/src/triggers/post-compile/update-git-configs
@@ -0,0 +1,61 @@
+#!/usr/bin/perl
+
+# update git-config entries in each repo
+# ----------------------------------------------------------------------
+
+use FindBin;
+
+use lib $ENV{GL_LIBDIR};
+use Gitolite::Rc;
+use Gitolite::Common;
+use Gitolite::Conf::Load;
+
+use strict;
+use warnings;
+
+my $RB = $rc{GL_REPO_BASE};
+_chdir($RB);
+
+# ----------------------------------------------------------------------
+# if called from POST_CREATE, we have only a single repo to worry about
+if ( @ARGV and $ARGV[0] eq 'POST_CREATE' ) {
+    my $repo = $ARGV[1];
+    fixup_config($repo);
+
+    exit 0;
+}
+
+# ----------------------------------------------------------------------
+# else it's all repos (i.e., called from POST_COMPILE)
+
+my $lpr = list_phy_repos();
+
+for my $pr (@$lpr) {
+    fixup_config($pr);
+}
+
+sub fixup_config {
+    my $pr      = shift;
+    my $creator = creator($pr);
+
+    my $gc = git_config( $pr, '.', 1 );
+    my $ac = `git config --file $RB/$pr.git/config -l`;
+    while ( my ( $key, $value ) = each( %{$gc} ) ) {
+        next if $key =~ /^gitolite-options\./;
+        $value =~ s/(@\w+)/expand_group($1)/ge if $rc{EXPAND_GROUPS_IN_CONFIG};
+        my $lkey = lc $key;
+        next if $ac =~ /^\Q$lkey\E=\Q$value\E$/m;
+        if ( $value ne "" ) {
+            system( "git", "config", "--file", "$RB/$pr.git/config", $key, $value );
+        } elsif ( $ac =~ /^\Q$lkey\E=/m ) {
+            system( "git", "config", "--file", "$RB/$pr.git/config", "--unset-all", $key );
+        }
+    }
+}
+
+sub expand_group {
+    my $g = shift;
+    my @m = @{ Gitolite::Conf::Load::list_members($1) };
+    return join(" ", @m) if @m;
+    return $g;
+}
diff --git a/src/triggers/post-compile/update-git-daemon-access-list b/src/triggers/post-compile/update-git-daemon-access-list
new file mode 100755
index 0000000..ade97a8
--- /dev/null
+++ b/src/triggers/post-compile/update-git-daemon-access-list
@@ -0,0 +1,40 @@
+#!/usr/bin/perl
+
+# update git-daemon-export-ok files in each repo
+# ----------------------------------------------------------------------
+
+use lib $ENV{GL_LIBDIR};
+use Gitolite::Rc;
+use Gitolite::Easy;
+use Gitolite::Common;
+
+use strict;
+use warnings;
+
+my $EO = "git-daemon-export-ok";
+my $RB = $rc{GL_REPO_BASE};
+
+my $cmd = "gitolite list-phy-repos";
+if ( @ARGV and $ARGV[0] eq 'POST_CREATE' ) {
+    # only one repo to do
+    $cmd = "echo $ARGV[1]";
+}
+
+for my $d (`$cmd | gitolite access % daemon R any`) {
+    my @F = split "\t", $d;
+    if ($F[2] =~ /DENIED/) {
+        unlink "$RB/$F[0].git/$EO";
+    } elsif (! -f "$RB/$F[0].git/$EO") {
+        textfile( file => $EO, repo => $F[0], text => "" );
+    }
+}
+
+# As a quick recap, the gitolite output looks somewhat like this:
+
+#   bar^Idaemon^IR any bar daemon DENIED by fallthru$
+#   foo^Idaemon^Irefs/.*$
+#   fubar^Idaemon^Irefs/.*$
+#   gitolite-admin^Idaemon^IR any gitolite-admin daemon DENIED by fallthru$
+#   testing^Idaemon^Irefs/.*$
+
+# where I've typed "^I" to denote a tab.
diff --git a/src/triggers/post-compile/update-gitweb-access-list b/src/triggers/post-compile/update-gitweb-access-list
new file mode 100755
index 0000000..4085d59
--- /dev/null
+++ b/src/triggers/post-compile/update-gitweb-access-list
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+# this is literally the simplest gitweb update possible.  You are free to add
+# whatever you want and contribute it back, as long as it is upward
+# compatible.
+
+# ----------------------------------------------------------------------
+# delete the 'description' file that 'git init' created if this is run from
+# the post-create trigger.  However, note that POST_CREATE is also called from
+# perms (since POST_CREATE doubles as eqvt of POST_COMPILE to propagate ad hoc
+# permissions changes for wild repos) and then you should not delete it.
+[ "$1" = "POST_CREATE" ] && [ "$4" != "perms" ] && rm -f $GL_REPO_BASE/$2.git/description 2>/dev/null
+
+plf=`gitolite query-rc GITWEB_PROJECTS_LIST`
+[ -z "$plf" ] && plf=$HOME/projects.list
+# since mktemp does not honor umask, we just use it to generate a temp
+# filename (note: 'mktemp -u' on some systems, this gets close enough)
+tmpfile=`mktemp $plf.tmp_XXXXXXXX`
+rm -f $tmpfile;
+
+if [ "$1" = "POST_CREATE" ] && [ -n "$2" ]
+then
+    # just one to be done
+    repo="$2"
+    grep -v "^$repo.git$" $plf > $tmpfile
+    if gitolite access -q $repo gitweb R any || gitolite git-config -q -r $repo gitweb\\.
+    then
+        echo "$repo.git" >> $tmpfile
+    fi
+else
+    # all of them
+    (
+        gitolite list-phy-repos | gitolite access % gitweb R any | grep -v DENIED
+        gitolite list-phy-repos | gitolite git-config -r % gitweb\\.
+    ) |
+        cut -f1 | sort -u | sed -e 's/$/.git/' > $tmpfile
+fi
+
+[ -f $plf ] && perl -e "chmod ( ( (stat('$plf'))[2] & 07777 ), '$tmpfile')"
+mv $tmpfile $plf
diff --git a/src/triggers/post-compile/update-gitweb-daemon-from-options b/src/triggers/post-compile/update-gitweb-daemon-from-options
new file mode 100755
index 0000000..1f5fd26
--- /dev/null
+++ b/src/triggers/post-compile/update-gitweb-daemon-from-options
@@ -0,0 +1,51 @@
+#!/bin/sh
+
+# TODO: look at the commit in which *this* line was added, and see the changes
+# to the other scripts.  We need to make those changes here also, but I'm too
+# lazy right now.  Plus I'm not even sure if anyone is using this!
+
+# Update git-daemon and gitweb access using 'option' lines instead of special
+# usernames.
+
+# To use:
+
+# * enable this combined updater in the rc file by removing the other two
+#   update-*-access-list entries and inserting this one instead.  (This would
+#   be in the POST_CREATE and POST_COMPILE lists).
+
+# * the add option lines in the conf file, like this:
+#
+#       repo foo @bar
+#           option daemon = 1
+#           option gitweb = 1
+
+# Note: don't forget that gitweb can also be enabled by actual config
+# variables (gitweb.owner, gitweb.description, gitweb.category)
+
+# This is useful for people who don't like '@all' to be literally *all* users,
+# including gitweb and daemon, and can't/won't use deny-rules properly.
+
+# first do the gitweb stuff
+
+plf=`gitolite query-rc GITWEB_PROJECTS_LIST`
+[ -z "$plf" ] && plf=$HOME/projects.list
+
+(
+    gitolite list-phy-repos | gitolite git-config % gitolite-options.gitweb
+    gitolite list-phy-repos | gitolite git-config -r % gitweb\\.
+) |
+    cut -f1 | sort -u | sed -e 's/$/.git/' > $plf
+
+# now deal with git-daemon
+
+EO=git-daemon-export-ok
+RB=`gitolite query-rc GL_REPO_BASE`
+export EO RB
+
+export tmp=$(mktemp -d)
+trap "rm -rf $tmp" 0
+
+gitolite list-phy-repos | sort | tee $tmp/all | gitolite git-config % gitolite-options.daemon | cut -f1 > $tmp/daemon
+
+comm -23 $tmp/all $tmp/daemon | perl -lne 'unlink "$ENV{RB}/$_.git/$ENV{EO}"'
+cat               $tmp/daemon | perl -I"$GL_LIBDIR" -MGitolite::Easy -lne 'textfile( file => $ENV{EO}, repo => $_, text => "");'