diff options
| author | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2013-02-07 08:26:39 +0000 |
|---|---|---|
| committer | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2013-02-07 08:26:39 +0000 |
| commit | 4e1757bfda0530238e3ab4208b47789e196d5602 (patch) | |
| tree | e63d4cf8b97ada54d4be1d99a02b68df7c04a099 | |
| parent | 4bfb98ddc90bcc6076e2819619fec7607e74358b (diff) | |
| parent | d09d87e3b022f6b7cba0988c4377e44196e35939 (diff) | |
| download | gitlab-ce-4e1757bfda0530238e3ab4208b47789e196d5602.tar.gz | |
Merge branch 'gitlab-shell' of dev.gitlabhq.com:gitlab/gitlabhq
42 files changed, 253 insertions, 719 deletions
@@ -32,9 +32,6 @@ gem 'gitlab_omniauth-ldap', '1.0.2', require: "omniauth-ldap" # Dump db to yml file. Mostly used to migrate from sqlite to mysql gem 'gitlab_yaml_db', '1.0.0', require: "yaml_db" -# Gitolite client (for work with gitolite-admin repo) -gem "gitolite", '1.1.0' - # Syntax highlighter gem "pygments.rb", git: "https://github.com/gitlabhq/pygments.rb.git", branch: "master" diff --git a/Gemfile.lock b/Gemfile.lock index 7bf31c95bab..d91dbf7e826 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -107,7 +107,6 @@ GEM coderay (>= 1.0.0) erubis (>= 2.7.0) binding_of_caller (0.6.8) - blankslate (3.1.2) bootstrap-sass (2.2.1.1) sass (~> 3.2) builder (3.0.4) @@ -195,10 +194,6 @@ GEM pyu-ruby-sasl (~> 0.0.3.1) rubyntlm (~> 0.1.1) gitlab_yaml_db (1.0.0) - gitolite (1.1.0) - gratr19 (~> 0.4.4.1) - grit (~> 2.5.0) - hashery (~> 1.5.0) grape (0.2.2) activesupport hashie (~> 1.2) @@ -208,7 +203,6 @@ GEM rack-accept rack-mount virtus - gratr19 (0.4.4.1) growl (1.0.3) guard (1.5.4) listen (>= 0.4.2) @@ -227,8 +221,6 @@ GEM activesupport (>= 3.1, < 4.1) haml (~> 3.1) railties (>= 3.1, < 4.1) - hashery (1.5.0) - blankslate hashie (1.2.0) hike (1.2.1) http_parser.rb (0.5.3) @@ -497,7 +489,6 @@ DEPENDENCIES gitlab_meta (= 4.0) gitlab_omniauth-ldap (= 1.0.2) gitlab_yaml_db (= 1.0.0) - gitolite (= 1.1.0) grack! grape (~> 0.2.1) grit! diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index ca2a5623f42..1f211bac9c2 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -10,11 +10,6 @@ class ApplicationController < ActionController::Base helper_method :abilities, :can? - rescue_from Gitlab::Gitolite::AccessDenied do |exception| - log_exception(exception) - render "errors/gitolite", layout: "errors", status: 500 - end - rescue_from Encoding::CompatibilityError do |exception| log_exception(exception) render "errors/encoding", layout: "errors", status: 500 diff --git a/app/models/key.rb b/app/models/key.rb index 2bf50f56565..895e8d6cb9c 100644 --- a/app/models/key.rb +++ b/app/models/key.rb @@ -24,8 +24,8 @@ class Key < ActiveRecord::Base before_save :set_identifier validates :title, presence: true, length: { within: 0..255 } - validates :key, presence: true, length: { within: 0..5000 }, format: { :with => /ssh-.{3} / } - validate :unique_key, :fingerprintable_key + validates :key, presence: true, length: { within: 0..5000 }, format: { :with => /ssh-.{3} / }, uniqueness: true + validate :fingerprintable_key delegate :name, :email, to: :user, prefix: true @@ -33,14 +33,6 @@ class Key < ActiveRecord::Base self.key = self.key.strip unless self.key.blank? end - def unique_key - query = Key.where(key: key) - query = query.where('(project_id IS NULL OR project_id = ?)', project_id) if project_id - if (query.count > 0) - errors.add :key, 'already exist.' - end - end - def fingerprintable_key return true unless key # Don't test if there is no key. # `ssh-keygen -lf /dev/stdin <<< "#{key}"` errors with: redirection unexpected @@ -65,7 +57,7 @@ class Key < ActiveRecord::Base end def is_deploy_key - true if project_id + !!project_id end # projects that has this key @@ -77,7 +69,7 @@ class Key < ActiveRecord::Base end end - def last_deploy? - Key.where(identifier: identifier).count == 0 + def shell_id + "key-#{self.id}" end end diff --git a/app/models/namespace.rb b/app/models/namespace.rb index ad04d0ef99b..f17d8f65183 100644 --- a/app/models/namespace.rb +++ b/app/models/namespace.rb @@ -27,7 +27,6 @@ class Namespace < ActiveRecord::Base after_create :ensure_dir_exist after_update :move_dir - after_commit :update_gitolite, on: :update, if: :require_update_gitolite after_destroy :rm_dir scope :root, where('type IS NULL') @@ -89,11 +88,6 @@ class Namespace < ActiveRecord::Base end end - def update_gitolite - @require_update_gitolite = false - projects.each(&:update_repository) - end - def rm_dir dir_path = File.join(Gitlab.config.gitolite.repos_path, path) FileUtils.rm_r( dir_path, force: true ) diff --git a/app/models/project.rb b/app/models/project.rb index 6a3d7ab15d2..e6be2d2ce84 100644 --- a/app/models/project.rb +++ b/app/models/project.rb @@ -262,8 +262,6 @@ class Project < ActiveRecord::Base Gitlab::ProjectMover.new(self, old_dir, new_dir).execute - gitolite.move_repository(old_repo, self) - save! end rescue Gitlab::ProjectMover::ProjectMoveError => ex @@ -459,20 +457,6 @@ class Project < ActiveRecord::Base namespace.try(:path) || '' end - def update_repository - GitoliteWorker.perform_async( - :update_repository, - self.id - ) - end - - def destroy_repository - GitoliteWorker.perform_async( - :remove_repository, - self.path_with_namespace - ) - end - def repo_exists? @repo_exists ||= (repository && repository.branches.present?) rescue diff --git a/app/models/project_team.rb b/app/models/project_team.rb index 2cc76974987..c2cf83c0ca8 100644 --- a/app/models/project_team.rb +++ b/app/models/project_team.rb @@ -112,7 +112,6 @@ class ProjectTeam source_team.each do |tm| tm.save end - target_project.update_repository end true diff --git a/app/models/protected_branch.rb b/app/models/protected_branch.rb index 2e7010ea9c9..57229d50759 100644 --- a/app/models/protected_branch.rb +++ b/app/models/protected_branch.rb @@ -18,13 +18,6 @@ class ProtectedBranch < ActiveRecord::Base validates :name, presence: true validates :project, presence: true - after_save :update_repository - after_destroy :update_repository - - def update_repository - project.update_repository - end - def commit project.repository.commit(self.name) end diff --git a/app/models/users_project.rb b/app/models/users_project.rb index 94edfd9eddf..dd8ceb9da70 100644 --- a/app/models/users_project.rb +++ b/app/models/users_project.rb @@ -25,9 +25,6 @@ class UsersProject < ActiveRecord::Base attr_accessor :skip_git - after_save :update_repository, unless: :skip_git? - after_destroy :update_repository, unless: :skip_git? - validates :user, presence: true validates :user_id, uniqueness: { scope: [:project_id], message: "already exists in project" } validates :project_access, inclusion: { in: [GUEST, REPORTER, DEVELOPER, MASTER] }, presence: true @@ -84,11 +81,6 @@ class UsersProject < ActiveRecord::Base end end - GitoliteWorker.perform_async( - :update_repositories, - project_ids - ) - true rescue false @@ -103,11 +95,6 @@ class UsersProject < ActiveRecord::Base end end - GitoliteWorker.perform_async( - :update_repositories, - project_ids - ) - true rescue false @@ -136,10 +123,6 @@ class UsersProject < ActiveRecord::Base end end - def update_repository - project.update_repository - end - def project_access_human Project.access_options.key(self.project_access) end diff --git a/app/observers/key_observer.rb b/app/observers/key_observer.rb index 44e78643d83..4146216d82f 100644 --- a/app/observers/key_observer.rb +++ b/app/observers/key_observer.rb @@ -3,20 +3,17 @@ class KeyObserver < ActiveRecord::Observer def after_save(key) GitoliteWorker.perform_async( - :set_key, - key.identifier, - key.key, - key.projects.map(&:id) + :add_key, + key.shell_id, + key.key ) end def after_destroy(key) - return if key.is_deploy_key && !key.last_deploy? - GitoliteWorker.perform_async( :remove_key, - key.identifier, - key.projects.map(&:id) + key.shell_id, + key.key, ) end end diff --git a/app/observers/project_observer.rb b/app/observers/project_observer.rb index ccdb146140b..cc2a0224b72 100644 --- a/app/observers/project_observer.rb +++ b/app/observers/project_observer.rb @@ -1,6 +1,11 @@ class ProjectObserver < ActiveRecord::Observer def after_create(project) - project.update_repository + GitoliteWorker.perform_async( + :add_repository, + project.path_with_namespace + ) + + log_info("#{project.owner.name} created a new project \"#{project.name_with_namespace}\"") end def after_update(project) @@ -8,14 +13,14 @@ class ProjectObserver < ActiveRecord::Observer end def after_destroy(project) - log_info("Project \"#{project.name}\" was removed") + GitoliteWorker.perform_async( + :remove_repository, + project.path_with_namespace + ) project.satellite.destroy - project.destroy_repository - end - def after_create project - log_info("#{project.owner.name} created a new project \"#{project.name_with_namespace}\"") + log_info("Project \"#{project.name}\" was removed") end protected diff --git a/app/workers/post_receive.rb b/app/workers/post_receive.rb index 6d31c08fefc..6e2d0e7aba2 100644 --- a/app/workers/post_receive.rb +++ b/app/workers/post_receive.rb @@ -27,11 +27,15 @@ class PostReceive User.find_by_email(email) if email elsif /^[A-Z0-9._%a-z\-]+@(?:[A-Z0-9a-z\-]+\.)+[A-Za-z]{2,4}$/.match(identifier) User.find_by_email(identifier) - else - Key.find_by_identifier(identifier).try(:user) + elsif identifier =~ /key/ + key_id = identifier.gsub("key-", "") + Key.find_by_id(key_id).try(:user) end - return false unless user + unless user + Gitlab::GitLogger.error("POST-RECEIVE: Triggered hook for non-existing user \"#{identifier} \"") + return false + end project.trigger_post_receive(oldrev, newrev, ref, user) end diff --git a/config/gitlab.yml.example b/config/gitlab.yml.example index 1a34d22417f..02118cbd950 100644 --- a/config/gitlab.yml.example +++ b/config/gitlab.yml.example @@ -96,7 +96,7 @@ omniauth: # GitLab Satellites satellites: # Relative paths are relative to Rails.root (default: tmp/repo_satellites/) - path: /home/gitlab/gitlab-satellites/ + path: /home/git/gitlab-satellites/ ## Backup settings backup: @@ -105,8 +105,6 @@ backup: ## Gitolite settings gitolite: - admin_uri: git@localhost:gitolite-admin - # REPOS_PATH MUST NOT BE A SYMLINK!!! repos_path: /home/git/repositories/ hooks_path: /home/git/.gitolite/hooks/ diff --git a/config/initializers/1_settings.rb b/config/initializers/1_settings.rb index a1afa5b22c4..c3179d78cc5 100644 --- a/config/initializers/1_settings.rb +++ b/config/initializers/1_settings.rb @@ -51,7 +51,7 @@ Settings.gitlab['protocol'] ||= Settings.gitlab.https ? "https" : "http" Settings.gitlab['email_from'] ||= "gitlab@#{Settings.gitlab.host}" Settings.gitlab['support_email'] ||= Settings.gitlab.email_from Settings.gitlab['url'] ||= Settings.send(:build_gitlab_url) -Settings.gitlab['user'] ||= 'gitlab' +Settings.gitlab['user'] ||= 'git' Settings.gitlab['signup_enabled'] ||= false Settings['gravatar'] ||= Settingslogic.new({}) diff --git a/config/initializers/5_backend.rb b/config/initializers/5_backend.rb index 85f747ac334..73436608c93 100644 --- a/config/initializers/5_backend.rb +++ b/config/initializers/5_backend.rb @@ -1,5 +1,5 @@ # GIT over HTTP require Rails.root.join("lib", "gitlab", "backend", "grack_auth") -# GITOLITE backend -require Rails.root.join("lib", "gitlab", "backend", "gitolite") +# GIT over SSH +require Rails.root.join("lib", "gitlab", "backend", "shell") diff --git a/config/unicorn.rb.example b/config/unicorn.rb.example index 4852cd65daa..29b7146c7df 100644 --- a/config/unicorn.rb.example +++ b/config/unicorn.rb.example @@ -2,7 +2,7 @@ # note that config/gitlab.yml web path should also be changed # ENV['RAILS_RELATIVE_URL_ROOT'] = "/gitlab" -app_dir = "/home/gitlab/gitlab/" +app_dir = "/home/git/gitlab/" worker_processes 2 working_directory app_dir diff --git a/doc/install/installation.md b/doc/install/installation.md index e42176370ba..4e9818bcb9e 100644 --- a/doc/install/installation.md +++ b/doc/install/installation.md @@ -90,87 +90,27 @@ Install the Bundler Gem: # 3. System Users -Create a user for Git and Gitolite: +Create a `git` user for Gitlab: - sudo adduser \ - --system \ - --shell /bin/sh \ - --gecos 'Git Version Control' \ - --group \ - --disabled-password \ - --home /home/git \ - git + sudo adduser --disabled-login --gecos 'GitLab' git -Create a user for GitLab: +# 4. GitLab shell - sudo adduser --disabled-login --gecos 'GitLab' gitlab - - # Add it to the git group - sudo usermod -a -G git gitlab - - # Generate the SSH key - sudo -u gitlab -H ssh-keygen -q -N '' -t rsa -f /home/gitlab/.ssh/id_rsa - - -# 4. Gitolite - -Clone GitLab's fork of the Gitolite source code: + # login as git + sudo su git + # go to home directory cd /home/git - sudo -u git -H git clone -b gl-v320 https://github.com/gitlabhq/gitolite.git /home/git/gitolite - -Setup Gitolite with GitLab as its admin: - -**Important Note:** -GitLab assumes *full and unshared* control over this Gitolite installation. - - # Add Gitolite scripts to $PATH - sudo -u git -H mkdir /home/git/bin - sudo -u git -H sh -c 'printf "%b\n%b\n" "PATH=\$PATH:/home/git/bin" "export PATH" >> /home/git/.profile' - sudo -u git -H sh -c 'gitolite/install -ln /home/git/bin' - - # Copy the gitlab user's (public) SSH key ... - sudo cp /home/gitlab/.ssh/id_rsa.pub /home/git/gitlab.pub - sudo chmod 0444 /home/git/gitlab.pub - - # ... and use it as the admin key for the Gitolite setup - sudo -u git -H sh -c "PATH=/home/git/bin:$PATH; gitolite setup -pk /home/git/gitlab.pub" - -Fix the directory permissions for the configuration directory: - - # Make sure the Gitolite config dir is owned by git - sudo chmod 750 /home/git/.gitolite/ - sudo chown -R git:git /home/git/.gitolite/ -Fix the directory permissions for the repositories: + # clone gitlab shell + git clone https://dzaporozhets@dev.gitlab.org/gitlab/gitlab-shell.git - # Make sure the repositories dir is owned by git and it stays that way - sudo chmod -R ug+rwX,o-rwx /home/git/repositories/ - sudo chown -R git:git /home/git/repositories/ - find /home/git/repositories -type d -print0 | sudo xargs -0 chmod g+s + # setup + cd gitlab-shell + cp config.yml.example config.yml + ./bin/install -## Add domains to list to the list of known hosts - - sudo -u gitlab -H ssh git@localhost - sudo -u gitlab -H ssh git@YOUR_DOMAIN_NAME - sudo -u gitlab -H ssh git@YOUR_GITOLITE_DOMAIN_NAME - - -## Test if everything works so far - - # Clone the admin repo so SSH adds localhost to known_hosts ... - # ... and to be sure your users have access to Gitolite - sudo -u gitlab -H git clone git@localhost:gitolite-admin.git /tmp/gitolite-admin - - # If it succeeded without errors you can remove the cloned repo - sudo rm -rf /tmp/gitolite-admin - -**Important Note:** -If you can't clone the `gitolite-admin` repository: **DO NOT PROCEED WITH INSTALLATION**! -Check the [Trouble Shooting Guide](https://github.com/gitlabhq/gitlab-public-wiki/wiki/Trouble-Shooting-Guide) -and make sure you have followed all of the above steps carefully. - # 5. Database @@ -179,46 +119,46 @@ To setup the MySQL/PostgreSQL database and dependencies please see [`doc/install # 6. GitLab - # We'll install GitLab into home directory of the user "gitlab" - cd /home/gitlab + # We'll install GitLab into home directory of the user "git" + cd /home/git ## Clone the Source # Clone GitLab repository - sudo -u gitlab -H git clone https://github.com/gitlabhq/gitlabhq.git gitlab + sudo -u git -H git clone https://github.com/gitlabhq/gitlabhq.git gitlab # Go to gitlab dir - cd /home/gitlab/gitlab + cd /home/git/gitlab # Checkout to stable release - sudo -u gitlab -H git checkout 4-1-stable + sudo -u git -H git checkout 5-0-stable **Note:** -You can change `4-1-stable` to `master` if you want the *bleeding edge* version, but +You can change `5-0-stable` to `master` if you want the *bleeding edge* version, but do so with caution! ## Configure it - cd /home/gitlab/gitlab + cd /home/git/gitlab # Copy the example GitLab config - sudo -u gitlab -H cp config/gitlab.yml.example config/gitlab.yml + sudo -u git -H cp config/gitlab.yml.example config/gitlab.yml # Make sure to change "localhost" to the fully-qualified domain name of your # host serving GitLab where necessary - sudo -u gitlab -H vim config/gitlab.yml + sudo -u git -H vim config/gitlab.yml # Make sure GitLab can write to the log/ and tmp/ directories - sudo chown -R gitlab log/ - sudo chown -R gitlab tmp/ + sudo chown -R git log/ + sudo chown -R git tmp/ sudo chmod -R u+rwX log/ sudo chmod -R u+rwX tmp/ # Make directory for satellites - sudo -u gitlab -H mkdir /home/gitlab/gitlab-satellites + sudo -u git -H mkdir /home/git/gitlab-satellites # Copy the example Unicorn config - sudo -u gitlab -H cp config/unicorn.rb.example config/unicorn.rb + sudo -u git -H cp config/unicorn.rb.example config/unicorn.rb **Important Note:** Make sure to edit both files to match your setup. @@ -226,42 +166,29 @@ Make sure to edit both files to match your setup. ## Configure GitLab DB settings # Mysql - sudo -u gitlab cp config/database.yml.mysql config/database.yml + sudo -u git cp config/database.yml.mysql config/database.yml # PostgreSQL - sudo -u gitlab cp config/database.yml.postgresql config/database.yml + sudo -u git cp config/database.yml.postgresql config/database.yml Make sure to update username/password in config/database.yml. ## Install Gems - cd /home/gitlab/gitlab + cd /home/git/gitlab sudo gem install charlock_holmes --version '0.6.9' # For MySQL (note, the option says "without") - sudo -u gitlab -H bundle install --deployment --without development test postgres + sudo -u git -H bundle install --deployment --without development test postgres # Or for PostgreSQL - sudo -u gitlab -H bundle install --deployment --without development test mysql - -## Configure Git - -GitLab needs to be able to commit and push changes to Gitolite. In order to do -that Git requires a username and email. (We recommend using the same address -used for the `email.from` setting in `config/gitlab.yml`) - - sudo -u gitlab -H git config --global user.name "GitLab" - sudo -u gitlab -H git config --global user.email "gitlab@localhost" - -## Setup GitLab Hooks + sudo -u git -H bundle install --deployment --without development test mysql - sudo cp ./lib/hooks/post-receive /home/git/.gitolite/hooks/common/post-receive - sudo chown git:git /home/git/.gitolite/hooks/common/post-receive ## Initialise Database and Activate Advanced Features - sudo -u gitlab -H bundle exec rake gitlab:setup RAILS_ENV=production + sudo -u git -H bundle exec rake gitlab:setup RAILS_ENV=production ## Install Init Script @@ -280,11 +207,11 @@ Make GitLab start on boot: Check if GitLab and its environment is configured correctly: - sudo -u gitlab -H bundle exec rake gitlab:env:info RAILS_ENV=production + sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production To make sure you didn't miss anything run a more thorough check with: - sudo -u gitlab -H bundle exec rake gitlab:check RAILS_ENV=production + sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production If all items are green, then congratulations on successfully installing GitLab! However there are still a few steps left. @@ -357,7 +284,7 @@ a different host, you can configure its connection string via the If you are running SSH on a non-standard port, you must change the gitlab user'S SSH config. - # Add to /home/gitlab/.ssh/config + # Add to /home/git/.ssh/config host localhost # Give your setup a name (here: override localhost) user git # Your remote git user port 2222 # Your port number diff --git a/doc/install/structure.md b/doc/install/structure.md index a67e12cc217..f580ea159a2 100644 --- a/doc/install/structure.md +++ b/doc/install/structure.md @@ -3,37 +3,23 @@ This is the directory structure you will end up with following the instructions in the Installation Guide. |-- home - | |-- gitlab + | |-- git | |-- .ssh | |-- gitlab | |-- gitlab-satellites - | |-- git - | |-- .gitolite - | |-- .ssh - | |-- bin - | |-- gitolite + | |-- gitlab-shell | |-- repositories -**/home/gitlab/.ssh** - Contains the Gitolite admin key GitLab uses to configure Gitolite. +**/home/git/.ssh** -**/home/gitlab/gitlab** +**/home/git/gitlab** This is where GitLab lives. -**/home/gitlab/gitlab-satellites** +**/home/git/gitlab-satellites** Contains a copy of all repositories with a working tree. It's used for merge requests, editing files, etc. -**/home/git/.ssh** - Contains the SSH access configuration managed by Gitolite. - -**/home/git/bin** - Contains Gitolite executables. - -**/home/git/gitolite** - This is where Gitolite lives. - **/home/git/repositories** Holds all your repositories in bare format. This is the place Git uses when you pull/push to your projects. diff --git a/features/support/env.rb b/features/support/env.rb index a08aa0de9f8..c19ca3088cb 100644 --- a/features/support/env.rb +++ b/features/support/env.rb @@ -9,17 +9,12 @@ require 'spinach/capybara' require 'sidekiq/testing/inline' -%w(gitolite_stub stubbed_repository valid_commit).each do |f| +%w(stubbed_repository valid_commit).each do |f| require Rails.root.join('spec', 'support', f) end Dir["#{Rails.root}/features/steps/shared/*.rb"].each {|file| require file} -# -# Stub gitolite -# -include GitoliteStub - WebMock.allow_net_connect! # # JS driver @@ -49,6 +44,4 @@ Spinach.hooks.before_run do RSpec::Mocks::setup self include FactoryGirl::Syntax::Methods - - stub_gitolite! end diff --git a/lib/api.rb b/lib/api.rb index 81a5919f1d3..d9dce7c70cc 100644 --- a/lib/api.rb +++ b/lib/api.rb @@ -20,5 +20,6 @@ module Gitlab mount Session mount MergeRequests mount Notes + mount Internal end end diff --git a/lib/api/internal.rb b/lib/api/internal.rb new file mode 100644 index 00000000000..3e5e3a478ba --- /dev/null +++ b/lib/api/internal.rb @@ -0,0 +1,49 @@ +module Gitlab + # Internal access API + class Internal < Grape::API + namespace 'internal' do + # + # Check if ssh key has access to project code + # + get "/allowed" do + key = Key.find(params[:key_id]) + project = Project.find_with_namespace(params[:project]) + git_cmd = params[:action] + + if key.is_deploy_key + project == key.project && git_cmd == 'git-upload-pack' + else + user = key.user + action = case git_cmd + when 'git-upload-pack' + then :download_code + when 'git-receive-pack' + then + if project.protected_branch?(params[:ref]) + :push_code_to_protected_branches + else + :push_code + end + end + + user.can?(action, project) + end + end + + # + # Discover user by ssh key + # + get "/discover" do + key = Key.find(params[:key_id]) + present key.user, with: Entities::User + end + + get "/check" do + { + api_version: '3' + } + end + end + end +end + diff --git a/lib/gitlab/backend/gitolite.rb b/lib/gitlab/backend/gitolite.rb deleted file mode 100644 index cd9ac1554d6..00000000000 --- a/lib/gitlab/backend/gitolite.rb +++ /dev/null @@ -1,90 +0,0 @@ -require_relative 'gitolite_config' - -module Gitlab - class Gitolite - class AccessDenied < StandardError; end - - def config - Gitlab::GitoliteConfig.new - end - - # Update gitolite config with new key - # - # Ex. - # set_key("m_gitlab_com_12343", "sha-rsa ...", [2, 3, 6]) - # - def set_key(key_id, key_content, project_ids) - projects = Project.where(id: project_ids) - - config.apply do |config| - config.write_key(key_id, key_content) - config.update_projects(projects) - end - end - - # Remove ssh key from gitolite config - # - # Ex. - # remove_key("m_gitlab_com_12343", [2, 3, 6]) - # - def remove_key(key_id, project_ids) - projects = Project.where(id: project_ids) - - config.apply do |config| - config.rm_key(key_id) - config.update_projects(projects) - end - end - - # Update project config in gitolite by project id - # - # Ex. - # update_repository(23) - # - def update_repository(project_id) - project = Project.find(project_id) - config.update_project!(project) - end - - def move_repository(old_repo, project) - config.apply do |config| - config.clean_repo(old_repo) - config.update_project(project) - end - end - - # Remove repository from gitolite - # - # name - project path with namespace - # - # Ex. - # remove_repository("gitlab/gitlab-ci") - # - def remove_repository(name) - config.destroy_project!(name) - end - - # Update projects configs in gitolite by project ids - # - # Ex. - # update_repositories([1, 4, 6]) - # - def update_repositories(project_ids) - projects = Project.where(id: project_ids) - - config.apply do |config| - config.update_projects(projects) - end - end - - def url_to_repo path - Gitlab.config.gitolite.ssh_path_prefix + "#{path}.git" - end - - def enable_automerge - config.admin_all_repo! - end - - alias_method :create_repository, :update_repository - end -end diff --git a/lib/gitlab/backend/gitolite_config.rb b/lib/gitlab/backend/gitolite_config.rb deleted file mode 100644 index 748f9d74390..00000000000 --- a/lib/gitlab/backend/gitolite_config.rb +++ /dev/null @@ -1,241 +0,0 @@ -require 'gitolite' -require 'timeout' -require 'fileutils' - -module Gitlab - class GitoliteConfig - include Gitlab::Popen - - class PullError < StandardError; end - class PushError < StandardError; end - class BrokenGitolite < StandardError; end - - attr_reader :config_tmp_dir, :tmp_dir, :ga_repo, :conf - - def initialize - @tmp_dir = Rails.root.join("tmp").to_s - @config_tmp_dir = File.join(@tmp_dir,"gitlabhq-gitolite-#{Time.now.to_i}") - end - - def ga_repo - @ga_repo ||= ::Gitolite::GitoliteAdmin.new( - File.join(config_tmp_dir,'gitolite'), - conf: Gitlab.config.gitolite.config_file - ) - end - - def apply - Timeout::timeout(30) do - File.open(File.join(tmp_dir, "gitlabhq-gitolite.lock"), "w+") do |f| - begin - # Set exclusive lock - # to prevent race condition - f.flock(File::LOCK_EX) - - # Pull gitolite-admin repo - # in tmp dir before do any changes - pull - - # Build ga_repo object and @conf - # to access gitolite-admin configuration - @conf = ga_repo.config - - # Do any changes - # in gitolite-admin - # config here - yield(self) - - # Save changes in - # gitolite-admin repo - # before push it - ga_repo.save - - # Push gitolite-admin repo - # to apply all changes - push - ensure - # Remove tmp dir - # removing the gitolite folder first is important to avoid - # NFS issues. - FileUtils.rm_rf(File.join(config_tmp_dir, 'gitolite')) - - # Remove parent tmp dir - FileUtils.rm_rf(config_tmp_dir) - - # Unlock so other task can access - # gitolite configuration - f.flock(File::LOCK_UN) - end - end - end - rescue PullError => ex - log("Pull error -> " + ex.message) - raise Gitolite::AccessDenied, ex.message - - rescue PushError => ex - log("Push error -> " + " " + ex.message) - raise Gitolite::AccessDenied, ex.message - - rescue BrokenGitolite => ex - log("Gitolite error -> " + " " + ex.message) - raise Gitolite::AccessDenied, ex.message - - rescue Exception => ex - log(ex.class.name + " " + ex.message) - raise Gitolite::AccessDenied.new("gitolite timeout") - end - - def log message - Gitlab::GitLogger.error(message) - end - - def path_to_repo(name) - File.join(Gitlab.config.gitolite.repos_path, "#{name}.git") - end - - def destroy_project(name) - full_path = path_to_repo(name) - FileUtils.rm_rf(full_path) if File.exists?(full_path) - conf.rm_repo(name) - end - - def clean_repo repo_name - conf.rm_repo(repo_name) - end - - def destroy_project!(project) - apply do |config| - config.destroy_project(project) - end - end - - def write_key(id, key) - File.open(File.join(config_tmp_dir, 'gitolite/keydir',"#{id}.pub"), 'w') do |f| - f.write(key.gsub(/\n/,'')) - end - end - - def rm_key(user) - key_path = File.join(config_tmp_dir, 'gitolite/keydir', "#{user}.pub") - ga_key = ::Gitolite::SSHKey.from_file(key_path) - ga_repo.rm_key(ga_key) - end - - # update or create - def update_project(project) - repo = update_project_config(project, conf) - conf.add_repo(repo, true) - end - - def update_project!( project) - apply do |config| - config.update_project(project) - end - end - - # Updates many projects and uses project.path_with_namespace as the repo path - # An order of magnitude faster than update_project - def update_projects(projects) - projects.each do |project| - repo = update_project_config(project, conf) - conf.add_repo(repo, true) - end - end - - def update_project_config(project, conf) - repo_name = project.path_with_namespace - - repo = if conf.has_repo?(repo_name) - conf.get_repo(repo_name) - else - ::Gitolite::Config::Repo.new(repo_name) - end - - name_readers = project.team.repository_readers - name_writers = project.team.repository_writers - name_masters = project.team.repository_masters - - pr_br = project.protected_branches.map(&:name).join("$ ") - - repo.clean_permissions - - # Deny access to protected branches for writers - unless name_writers.blank? || pr_br.blank? - repo.add_permission("-", pr_br.strip + "$ ", name_writers) - end - - # Add read permissions - repo.add_permission("R", "", name_readers) unless name_readers.blank? - - # Add write permissions - repo.add_permission("RW+", "", name_writers) unless name_writers.blank? - repo.add_permission("RW+", "", name_masters) unless name_masters.blank? - - # Add sharedRepository config - repo.set_git_config("core.sharedRepository", "0660") - - repo - end - - # Enable access to all repos for gitolite admin. - # We use it for accept merge request feature - def admin_all_repo - owner_name = Gitlab.config.gitolite.admin_key - - # @ALL repos premission for gitolite owner - repo_name = "@all" - repo = if conf.has_repo?(repo_name) - conf.get_repo(repo_name) - else - ::Gitolite::Config::Repo.new(repo_name) - end - - repo.add_permission("RW+", "", owner_name) - conf.add_repo(repo, true) - end - - def admin_all_repo! - apply { |config| config.admin_all_repo } - end - - private - - def pull - # Create config tmp dir like "RAILS_ROOT/tmp/gitlabhq-gitolite-132545" - Dir.mkdir config_tmp_dir - - # Clone gitolite-admin repo into tmp dir - popen("git clone #{Gitlab.config.gitolite.admin_uri} #{config_tmp_dir}/gitolite", tmp_dir) - - # Ensure file with config presents after cloning - unless File.exists?(File.join(config_tmp_dir, 'gitolite', 'conf', 'gitolite.conf')) - raise PullError, "unable to clone gitolite-admin repo" - end - end - - def push - output, status = popen('git add -A', tmp_conf_path) - raise "Git add failed." unless status.zero? - - # git commit returns 0 on success, and 1 if there is nothing to commit - output, status = popen('git commit -m "GitLab"', tmp_conf_path) - raise "Git add failed." unless [0,1].include?(status) - - output, status = popen('git push', tmp_conf_path) - - if output =~ /remote\: FATAL/ - raise BrokenGitolite, output - end - - if status.zero? || output =~ /Everything up\-to\-date/ - return true - else - raise PushError, "unable to push gitolite-admin repo" - end - end - - def tmp_conf_path - File.join(config_tmp_dir,'gitolite') - end - end -end diff --git a/lib/gitlab/backend/shell.rb b/lib/gitlab/backend/shell.rb new file mode 100644 index 00000000000..50ebfc5b07c --- /dev/null +++ b/lib/gitlab/backend/shell.rb @@ -0,0 +1,50 @@ +module Gitlab + class Shell + class AccessDenied < StandardError; end + + # Init new repository + # + # name - project path with namespace + # + # Ex. + # add_repository("gitlab/gitlab-ci") + # + def add_repository(name) + system("/home/git/gitlab-shell/bin/gitlab-projects add-project #{name}.git") + end + + # Remove repository from file system + # + # name - project path with namespace + # + # Ex. + # remove_repository("gitlab/gitlab-ci") + # + def remove_repository(name) + system("/home/git/gitlab-shell/bin/gitlab-projects rm-project #{name}.git") + end + + # Add new key to gitlab-shell + # + # Ex. + # add_key("key-42", "sha-rsa ...") + # + def add_key(key_id, key_content) + system("/home/git/gitlab-shell/bin/gitlab-keys add-key #{key_id} \"#{key_content}\"") + end + + # Remove ssh key from gitlab shell + # + # Ex. + # remove_key("key-342", "sha-rsa ...") + # + def remove_key(key_id, key_content) + system("/home/git/gitlab-shell/bin/gitlab-keys rm-key #{key_id} \"#{key_content}\"") + end + + + def url_to_repo path + Gitlab.config.gitolite.ssh_path_prefix + "#{path}.git" + end + end +end diff --git a/lib/gitlab/satellite/satellite.rb b/lib/gitlab/satellite/satellite.rb index 95273a6d208..e7f7a7673b5 100644 --- a/lib/gitlab/satellite/satellite.rb +++ b/lib/gitlab/satellite/satellite.rb @@ -30,10 +30,10 @@ module Gitlab end def create - output, status = popen("git clone #{project.url_to_repo} #{path}", + output, status = popen("git clone #{project.repository.path_to_repo} #{path}", Gitlab.config.satellites.path) - log("PID: #{project.id}: git clone #{project.url_to_repo} #{path}") + log("PID: #{project.id}: git clone #{project.repository.path_to_repo} #{path}") log("PID: #{project.id}: -> #{output}") if status.zero? diff --git a/lib/gitolited.rb b/lib/gitolited.rb index 68b9b625525..4911a473f05 100644 --- a/lib/gitolited.rb +++ b/lib/gitolited.rb @@ -6,6 +6,6 @@ # module Gitolited def gitolite - Gitlab::Gitolite.new + Gitlab::Shell.new end end diff --git a/lib/hooks/post-receive b/lib/hooks/post-receive deleted file mode 100755 index 6944d3e3f72..00000000000 --- a/lib/hooks/post-receive +++ /dev/null @@ -1,12 +0,0 @@ -#!/usr/bin/env bash - -# Version 4.1 -# This file was placed here by GitLab. It makes sure that your pushed commits -# will be processed properly. - -while read oldrev newrev ref -do - # For every branch or tag that was pushed, create a Resque job in redis. - repo_path=`pwd` - env -i redis-cli rpush "resque:gitlab:queue:post_receive" "{\"class\":\"PostReceive\",\"args\":[\"$repo_path\",\"$oldrev\",\"$newrev\",\"$ref\",\"$GL_USER\"]}" > /dev/null 2>&1 -done diff --git a/lib/support/rewrite-hooks.sh b/lib/support/rewrite-hooks.sh deleted file mode 100755 index b8fd36b9a1e..00000000000 --- a/lib/support/rewrite-hooks.sh +++ /dev/null @@ -1,32 +0,0 @@ -#!/bin/bash - -src="/home/git/repositories" - -for dir in `ls "$src/"` -do - if [ -d "$src/$dir" ]; then - - if [ "$dir" = "gitolite-admin.git" ] - then - continue - fi - - if [[ "$dir" =~ ^.*.git$ ]] - then - project_hook="$src/$dir/hooks/post-receive" - gitolite_hook="/home/git/.gitolite/hooks/common/post-receive" - - ln -s -f $gitolite_hook $project_hook - else - for subdir in `ls "$src/$dir/"` - do - if [ -d "$src/$dir/$subdir" ] && [[ "$subdir" =~ ^.*.git$ ]]; then - project_hook="$src/$dir/$subdir/hooks/post-receive" - gitolite_hook="/home/git/.gitolite/hooks/common/post-receive" - - ln -s -f $gitolite_hook $project_hook - fi - done - fi - fi -done diff --git a/lib/support/truncate_repositories.sh b/lib/support/truncate_repositories.sh deleted file mode 100755 index 3b14e2ee362..00000000000 --- a/lib/support/truncate_repositories.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash - -echo "Danger!!! Data Loss" -while true; do - read -p "Do you wish to all directories except gitolite-admin.git from /home/git/repositories/ (y/n) ?: " yn - case $yn in - [Yy]* ) sh -c "find /home/git/repositories/. -maxdepth 1 -not -name 'gitolite-admin.git' -not -name '.' | xargs sudo rm -rf"; break;; - [Nn]* ) exit;; - * ) echo "Please answer yes or no.";; - esac -done diff --git a/lib/tasks/gitlab/enable_automerge.rake b/lib/tasks/gitlab/enable_automerge.rake index e92da81021f..a89c6eaa5c4 100644 --- a/lib/tasks/gitlab/enable_automerge.rake +++ b/lib/tasks/gitlab/enable_automerge.rake @@ -3,11 +3,6 @@ namespace :gitlab do task :enable_automerge => :environment do warn_user_is_not_gitlab - puts "Updating repo permissions ..." - Gitlab::Gitolite.new.enable_automerge - puts "... #{"done".green}" - puts "" - print "Creating satellites for ..." unless Project.count > 0 puts "skipping, because you have no projects".magenta diff --git a/lib/tasks/gitlab/shell.rake b/lib/tasks/gitlab/shell.rake new file mode 100644 index 00000000000..25713482ed8 --- /dev/null +++ b/lib/tasks/gitlab/shell.rake @@ -0,0 +1,32 @@ +namespace :gitlab do + namespace :shell do + desc "GITLAB | Setup gitlab-shell" + task :setup => :environment do + setup + end + end + + def setup + warn_user_is_not_gitlab + + puts "This will rebuild an authorized_keys file." + puts "You will lose any data stored in /home/git/.ssh/authorized_keys." + ask_to_continue + puts "" + + system("echo '# Managed by gitlab-shell' > /home/git/.ssh/authorized_keys") + + Key.find_each(:batch_size => 1000) do |key| + if Gitlab::Shell.new.add_key(key.shell_id, key.key) + print '.' + else + print 'F' + end + end + + rescue Gitlab::TaskAbortedByUserError + puts "Quitting...".red + exit 1 + end +end + diff --git a/spec/lib/gitolite_config_spec.rb b/spec/lib/gitolite_config_spec.rb deleted file mode 100644 index c3ce0db569a..00000000000 --- a/spec/lib/gitolite_config_spec.rb +++ /dev/null @@ -1,16 +0,0 @@ -require 'spec_helper' - -describe Gitlab::GitoliteConfig do - let(:gitolite) { Gitlab::GitoliteConfig.new } - - it { should respond_to :write_key } - it { should respond_to :rm_key } - it { should respond_to :update_project } - it { should respond_to :update_project! } - it { should respond_to :update_projects } - it { should respond_to :destroy_project } - it { should respond_to :destroy_project! } - it { should respond_to :apply } - it { should respond_to :admin_all_repo } - it { should respond_to :admin_all_repo! } -end diff --git a/spec/lib/gitolite_spec.rb b/spec/lib/gitolite_spec.rb deleted file mode 100644 index 7ba4a633fb1..00000000000 --- a/spec/lib/gitolite_spec.rb +++ /dev/null @@ -1,26 +0,0 @@ -require 'spec_helper' - -describe Gitlab::Gitolite do - let(:project) { double('Project', id: 7, path: 'diaspora') } - let(:gitolite_config) { double('Gitlab::GitoliteConfig') } - let(:gitolite) { Gitlab::Gitolite.new } - - before do - gitolite.stub(config: gitolite_config) - Project.stub(find: project) - end - - it { should respond_to :set_key } - it { should respond_to :remove_key } - - it { should respond_to :update_repository } - it { should respond_to :create_repository } - it { should respond_to :remove_repository } - - it { gitolite.url_to_repo('diaspora').should == Gitlab.config.gitolite.ssh_path_prefix + "diaspora.git" } - - it "should call config update" do - gitolite_config.should_receive(:update_project!) - gitolite.update_repository(project.id) - end -end diff --git a/spec/lib/shell_spec.rb b/spec/lib/shell_spec.rb new file mode 100644 index 00000000000..1c546e59235 --- /dev/null +++ b/spec/lib/shell_spec.rb @@ -0,0 +1,17 @@ +require 'spec_helper' + +describe Gitlab::Shell do + let(:project) { double('Project', id: 7, path: 'diaspora') } + let(:gitolite) { Gitlab::Shell.new } + + before do + Project.stub(find: project) + end + + it { should respond_to :add_key } + it { should respond_to :remove_key } + it { should respond_to :add_repository } + it { should respond_to :remove_repository } + + it { gitolite.url_to_repo('diaspora').should == Gitlab.config.gitolite.ssh_path_prefix + "diaspora.git" } +end diff --git a/spec/models/key_spec.rb b/spec/models/key_spec.rb index 6d2310df5c0..94b952cf932 100644 --- a/spec/models/key_spec.rb +++ b/spec/models/key_spec.rb @@ -46,9 +46,9 @@ describe Key do key.should_not be_valid end - it "does accept the same key for another project" do + it "does not accept the same key for another project" do key = build(:key, project_id: 0) - key.should be_valid + key.should_not be_valid end end diff --git a/spec/models/project_spec.rb b/spec/models/project_spec.rb index 6e67ca8233d..3dccb482375 100644 --- a/spec/models/project_spec.rb +++ b/spec/models/project_spec.rb @@ -77,8 +77,6 @@ describe Project do it { should respond_to(:url_to_repo) } it { should respond_to(:repo_exists?) } it { should respond_to(:satellite) } - it { should respond_to(:update_repository) } - it { should respond_to(:destroy_repository) } it { should respond_to(:observe_push) } it { should respond_to(:update_merge_requests) } it { should respond_to(:execute_hooks) } diff --git a/spec/models/protected_branch_spec.rb b/spec/models/protected_branch_spec.rb index c4d2e2f49f5..6e830393e32 100644 --- a/spec/models/protected_branch_spec.rb +++ b/spec/models/protected_branch_spec.rb @@ -24,19 +24,4 @@ describe ProtectedBranch do it { should validate_presence_of(:project) } it { should validate_presence_of(:name) } end - - describe 'Callbacks' do - let(:branch) { build(:protected_branch) } - - it 'call update_repository after save' do - branch.should_receive(:update_repository) - branch.save - end - - it 'call update_repository after destroy' do - branch.save - branch.should_receive(:update_repository) - branch.destroy - end - end end diff --git a/spec/observers/key_observer_spec.rb b/spec/observers/key_observer_spec.rb index 11f975cc57d..0a886a57afd 100644 --- a/spec/observers/key_observer_spec.rb +++ b/spec/observers/key_observer_spec.rb @@ -3,7 +3,7 @@ require 'spec_helper' describe KeyObserver do before do @key = double('Key', - identifier: 'admin_654654', + shell_id: 'key-32', key: '== a vaild ssh key', projects: [], is_deploy_key: false @@ -14,14 +14,14 @@ describe KeyObserver do context :after_save do it do - GitoliteWorker.should_receive(:perform_async).with(:set_key, @key.identifier, @key.key, @key.projects.map(&:id)) + GitoliteWorker.should_receive(:perform_async).with(:add_key, @key.shell_id, @key.key) @observer.after_save(@key) end end context :after_destroy do it do - GitoliteWorker.should_receive(:perform_async).with(:remove_key, @key.identifier, @key.projects.map(&:id)) + GitoliteWorker.should_receive(:perform_async).with(:remove_key, @key.shell_id, @key.key) @observer.after_destroy(@key) end end diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index dbac3c54901..bb314e60eb7 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -24,7 +24,6 @@ RSpec.configure do |config| config.mock_with :rspec config.include LoginHelpers, type: :request - config.include GitoliteStub config.include FactoryGirl::Syntax::Methods config.include Devise::TestHelpers, type: :controller @@ -34,8 +33,6 @@ RSpec.configure do |config| config.use_transactional_fixtures = false config.before do - stub_gitolite! - # Use tmp dir for FS manipulations temp_repos_path = Rails.root.join('tmp', 'test-git-base-path') Gitlab.config.gitolite.stub(repos_path: temp_repos_path) diff --git a/spec/support/gitolite_stub.rb b/spec/support/gitolite_stub.rb deleted file mode 100644 index 574bb5a12a3..00000000000 --- a/spec/support/gitolite_stub.rb +++ /dev/null @@ -1,21 +0,0 @@ -module GitoliteStub - def stub_gitolite! - stub_gitlab_gitolite - stub_gitolite_admin - end - - def stub_gitolite_admin - gitolite_admin = double('Gitolite::GitoliteAdmin') - gitolite_admin.as_null_object - - Gitolite::GitoliteAdmin.stub(new: gitolite_admin) - end - - def stub_gitlab_gitolite - gitolite_config = double('Gitlab::GitoliteConfig') - gitolite_config.stub(apply: ->() { yield(self) }) - gitolite_config.as_null_object - - Gitlab::GitoliteConfig.stub(new: gitolite_config) - end -end diff --git a/spec/support/stubbed_repository.rb b/spec/support/stubbed_repository.rb index e092f8a4776..434cab6516e 100644 --- a/spec/support/stubbed_repository.rb +++ b/spec/support/stubbed_repository.rb @@ -1,5 +1,6 @@ require "repository" require "project" +require "shell" # Stubs out all Git repository access done by models so that specs can run # against fake repositories without Grit complaining that they don't exist. @@ -36,3 +37,23 @@ class GitLabTestRepo < Repository @repo ||= Grit::Repo.new(Rails.root.join('tmp', 'repositories', 'gitlabhq')) end end + +module Gitlab + class Shell + def add_repository name + true + end + + def remove_repository name + true + end + + def add_key id, key + true + end + + def remove_key id, key + true + end + end +end diff --git a/spec/workers/post_receive_spec.rb b/spec/workers/post_receive_spec.rb index f408c89afdd..f1a69b1b2e4 100644 --- a/spec/workers/post_receive_spec.rb +++ b/spec/workers/post_receive_spec.rb @@ -11,7 +11,7 @@ describe PostReceive do context "web hook" do let(:project) { create(:project) } let(:key) { create(:key, user: project.owner) } - let(:key_id) { key.identifier } + let(:key_id) { key.shell_id } it "fetches the correct project" do Project.should_receive(:find_with_namespace).with(project.path_with_namespace).and_return(project) @@ -19,7 +19,7 @@ describe PostReceive do end it "does not run if the author is not in the project" do - Key.stub(find_by_identifier: nil) + Key.stub(find_by_id: nil) project.should_not_receive(:observe_push) project.should_not_receive(:execute_hooks) |