diff --git a/SOURCES/compile-1 b/SOURCES/compile-1 new file mode 100644 index 0000000..a5b5356 --- /dev/null +++ b/SOURCES/compile-1 @@ -0,0 +1,139 @@ +#!/usr/bin/perl -s +use strict; +use warnings; + +# DESCRIPTION: + +# This program is meant to re-compile the access rules (and 'config' or +# 'option' lines) of exactly ONE actual repo (i.e., not a repo group or a +# repo pattern). + +# MOTIVATION: + +# Fedora has a huge number of repos, as well as lot of churn in permissions. +# The combination of having a large conf *and* frequent compiles were not +# working out, hence this solution. Not sure if any others have such a +# situation, so it's a standalone program, separate from "core" gitolite, +# shipped in "contrib" instead of "src". + +# SETUP: + +# It expects to run as a gitolite sub-command, which means you will need to +# copy it from contrib to src/commands, or the equivalent location inside +# LOCAL_CODE; see non-core.html in the docs for details. + +# INVOCATION: + +# It takes one argument: the name of a file that contains the new ruleset +# you want to use. (This cannot be STDIN or "-" or something). + +# example: +# +# gitolite compile-1 + +# WARNING: + +# If the main gitolite.conf changes significantly (specifically, if the +# number of effective rules in it increase quite a bit), you may have to run +# this command on ALL repos to update their individual gl-conf files. +# +# (TBD: explain this in more concrete terms) + +# ---------------------------------------------------------------------- +# THERE IS NO ERROR CHECKING ON THE WARNING ABOVE, NOR ON THE ASSUMPTIONS AND +# REQUIREMENTS BELOW. PLEASE USE CAREFULLY! +# ---------------------------------------------------------------------- + +# ASSUMPTIONS/REQUIREMENTS: + +# The file given must contain exactly one 'repo' line, with exactly one repo +# name, followed by the rules, configs, and options for that repo in the +# normal gitolite.conf syntax. + +# The file must not have any group definitions, though it may use group +# definitions already setup in the main gitolite.conf file. + +# Rules for this repo need not be already defined in the main gitolite.conf. +# If they are, they will cease to have any effect once you run this command +# - only the rules you supply in the file passed to this command will apply, +# and they will be considered to be placed at the end of gitolite.conf. + +# If the repo does not exist, it must be first created using: +# +# GL_USER=admin gitolite create +# +# where is the gitolite-style name (i.e., "foo", not "foo.git" or +# "~/repositories/foo" or "~/repositories/foo.git") +# +# This, of course, requires the main gitolite.conf to have the following +# lines at the top: +# +# repo [A-Za-z].* +# C = admin + +# Any change to the main gitolite.conf is followed by a full 'gitolite +# compile'; i.e., ~/.gitolite/conf/gitolite.conf-compiled.pm, the main +# "compiled" conf file, is consistent with the latest gitolite.conf. + +use 5.10.0; +use Data::Dumper; + +use lib $ENV{GL_LIBDIR}; +use Gitolite::Rc; +use Gitolite::Common; +use Gitolite::Conf; +use Gitolite::Conf::Store; +use Gitolite::Conf::Sugar; + +my ($cf, $repo) = args(); # conffile from @ARGV, repo from first line of conffile +my $startseq = getseq(); # get the starting sequence number by looking in the (common) compiled conf file +parse_and_store($cf, $repo); # parse the ruleset and write out just the gl-conf file + # (this is the only part that uses core gitolite functions) +update_seq($repo, $startseq); # update gl-conf with adjusted sequence numbers + +exit 0; + +# ---------------------------------------------------------------------- + +sub args { + my $cf = shift @ARGV or _die "need conffile"; + $cf = $ENV{PWD} . "/" . $cf unless $cf =~ m(^/); + + my $t = slurp($cf); + _die "bad conf file" unless $t =~ /^\s*repo\s+(\S+)\s*$/m; + my $repo = $1; + + return ($cf, $repo); +} + +sub getseq { + my @main_cc = slurp "$rc{GL_ADMIN_BASE}/conf/gitolite.conf-compiled.pm"; + my $max = 0; + for (@main_cc) { + $max = $1 if m/^ +(\d+),$/ and $max < $1; + } + + return $max; +} + +sub parse_and_store { + my ($cf, $repo) = @_; + + parse(sugar($cf)); + _chdir( $rc{GL_REPO_BASE} ); + Gitolite::Conf::Store::store_1($repo); +} + +sub update_seq { + my ($repo, $startseq) = @_; + + _chdir("$rc{GL_REPO_BASE}/$repo.git"); + my $text = slurp("gl-conf"); + + $startseq+=1000; + # just for safety, in case someone adds a few rules to the main conf later, but neglects to update repo confs + + $text =~ s/^( +)(\d+),$/"$1" . ($2+$startseq) . ","/gme; + + _print("gl-conf", $text); +} diff --git a/SOURCES/gitolite3-README-fedora b/SOURCES/gitolite3-README-fedora new file mode 100644 index 0000000..f209cf2 --- /dev/null +++ b/SOURCES/gitolite3-README-fedora @@ -0,0 +1,69 @@ +Setting up +---------- + +Setting up gitolite after rpm-install can be done as follows. + +On the server: + +0) copy your admin user's ssh public key to /tmp/foo.pub + (change foo to your username) + +1) run "su - gitolite3" to get a login shell on the gitolite user + +2) run "cp /tmp/foo.pub ." (change foo to your username) + +3) run "gitolite setup -pk ~/foo.pub" + +4) all done, exit the gitolite3 user shelll (CTRL+D). + +On whatever machine your key came from (maybe your +workstation or another account on the same server): + +5) run "git clone gitolite3@:gitolite-admin" to + start adding users and repos. + +To upgrade from a pre 3.0 release, read: + +https://github.com/sitaramc/gitolite/blob/master/doc/g2incompat.mkd +https://github.com/sitaramc/gitolite/blob/master/doc/g2migr.mkd +https://github.com/sitaramc/gitolite/blob/master/doc/g2migr-example.mkd +https://github.com/sitaramc/gitolite/blob/master/doc/install.mkd + +Your setup might be more complex than mine was and thus require more care +and customization, backup everything before you start! + +The process I followed on my installation was as follows: + +1. su - gitolite +2. git clone repositories/gitolite-admin.git +3. su to root +4. yum remove gitolite : this will preserve your old .ssh/authorized keys. +5. su - gitolite +6. mv .gitolite.rc .gitolite.rc-old +7. rm -rf repositories/gitolite-admin.git +8. Checked documentation to make sure I didn't need to preset the new .rc. +I didn't, I have a very simple configuration. +9. su to root +10. yum install gitolite3 +11. su - gitolite3 +12. gitolite setup -a admin +13. cd to your gitolite admin +14. gitolite push -f + +At this point, everything worked as expected. + +Quick Notes for admin operations +-------------------------------- + +To administer gitolite, make changes to the config file +(conf/gitolite.conf) and/or the pubkeys (in subdirectory +'keydir') in any gitolite-admin clone, then git add, git commit, and git +push. + +ADDING REPOS: Do NOT add repos manually on the server. Edit +the config file to give *some* user access to the repo. +When you push, an empty repo will be created on the server. + +ADDING USERS: copy their pubkey as keydir/.pub, +add it, commit and push. + diff --git a/SPECS/gitolite3.spec b/SPECS/gitolite3.spec new file mode 100644 index 0000000..b27891e --- /dev/null +++ b/SPECS/gitolite3.spec @@ -0,0 +1,261 @@ +%global perl_vendorlib %(eval $(perl -V:vendorlib); echo $vendorlib) +%global gitolite_homedir /var/lib/%{name} +Name: gitolite3 +Epoch: 1 +Version: 3.6.12 +Release: 1%{?dist} +Summary: Highly flexible server for git directory version tracker +License: GPLv2 and CC-BY-SA +URL: http://github.com/sitaramc/gitolite +Source0: https://github.com/sitaramc/gitolite/archive/v%{version}.tar.gz +Source1: gitolite3-README-fedora +# Upstream: https://github.com/sitaramc/gitolite/commit/c656af01b73a5cc4f80512 +Source2: compile-1 +BuildArch: noarch +Provides: perl(%{name}) = %{version}-%{release} +Requires: git +Requires: openssh-clients +Requires: perl(:MODULE_COMPAT_%(eval $(%{__perl} -V:version); echo $version)) +Requires(pre): shadow-utils +Requires: subversion + + +%description +Gitolite allows a server to host many git repositories and provide access +to many developers, without having to give them real userids on the server. +The essential magic in doing this is ssh's pubkey access and the authorized +keys file, and the inspiration was an older program called gitosis. +Gitolite can restrict who can read from (clone/fetch) or write to (push) a +repository. It can also restrict who can push to what branch or tag, which +is very important in a corporate environment. Gitolite can be installed +without requiring root permissions, and with no additional software than git +itself and perl. It also has several other neat features described below and +elsewhere in the doc/ directory. + + +%prep +%setup -qn gitolite-%{version} +cp %{SOURCE1} . + + +%build +#This page intentionally left blank. + + +%install +rm -rf $RPM_BUILD_ROOT +# Directory structure +install -d $RPM_BUILD_ROOT%{gitolite_homedir} +install -d $RPM_BUILD_ROOT%{gitolite_homedir}/.ssh +install -d $RPM_BUILD_ROOT%{_bindir} +install -d $RPM_BUILD_ROOT%{perl_vendorlib} +install -d $RPM_BUILD_ROOT%{_datadir}/%{name} +# Code +cp -pr src/lib/Gitolite $RPM_BUILD_ROOT%{perl_vendorlib} +echo "%{version}-%{release}" >src/VERSION +cp -a src/* $RPM_BUILD_ROOT%{_datadir}/%{name} +cp %{SOURCE2} $RPM_BUILD_ROOT%{_datadir}/%{name}/commands/ +ln -s %{_datadir}/%{name}/gitolite $RPM_BUILD_ROOT%{_bindir}/gitolite +# empty authorized_keys file +touch $RPM_BUILD_ROOT%{gitolite_homedir}/.ssh/authorized_keys + + +%pre +# Add "gitolite" user per https://fedoraproject.org/wiki/Packaging:UsersAndGroups +getent group %{name} >/dev/null || groupadd -r %{name} +getent passwd %{name} >/dev/null || \ +useradd -r -g %{name} -d %{gitolite_homedir} -s /bin/sh \ + -c "git repository hosting" %{name} +exit 0 + + +%files +%{_bindir}/* +%{perl_vendorlib}/* +%{_datadir}/%{name} +# make homedir non world readable +%attr(750,%{name},%{name}) %dir %{gitolite_homedir} +%attr(750,%{name},%{name}) %dir %{gitolite_homedir}/.ssh +%config(noreplace) %attr(640,%{name},%{name}) %{gitolite_homedir}/.ssh/authorized_keys +%doc gitolite3-README-fedora COPYING README.markdown CHANGELOG + + +%changelog +* Tue Aug 04 2020 Gwyn Ciesla - 1:3.6.12-1 +- 3.6.12 + +* Mon Jul 27 2020 Fedora Release Engineering - 1:3.6.11-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Fri Jun 26 2020 Jitka Plesnikova - 1:3.6.11-7 +- Perl 5.32 re-rebuild of bootstrapped packages + +* Mon Jun 22 2020 Jitka Plesnikova - 1:3.6.11-6 +- Perl 5.32 rebuild + +* Tue Jan 28 2020 Fedora Release Engineering - 1:3.6.11-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Thu Jul 25 2019 Fedora Release Engineering - 1:3.6.11-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Thu May 30 2019 Jitka Plesnikova - 1:3.6.11-3 +- Perl 5.30 rebuild + +* Thu Jan 31 2019 Fedora Release Engineering - 1:3.6.11-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Tue Jan 08 2019 Gwyn Ciesla - 1:3.6.11-1 +- 3.6.11. + +* Thu Oct 04 2018 Gwyn Ciesla - 1:3.6.10-1 +- 3.6.10. + +* Tue Sep 11 2018 Gwyn Ciesla - 1:3.6.9-1 +- Latest upstream. + +* Tue Jul 17 2018 Gwyn Ciesla - 1:3.6.8-1 +- Latest upstream. + +* Fri Jul 13 2018 Fedora Release Engineering - 1:3.6.7-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Wed Jun 27 2018 Jitka Plesnikova - 1:3.6.7-6 +- Perl 5.28 rebuild + +* Tue Apr 24 2018 Pierre-Yves Chibon - 1:3.6.7-5 +- Back upstream patch making gitolite respect the ALLOW_ORPHAN_GL_CONF + configuration variabe +- Include the compile-1 command upstream brought in Fedora in: + https://github.com/sitaramc/gitolite/commit/afb8afa14a892895dc48664c6526351cb + +* Wed Feb 07 2018 Fedora Release Engineering - 1:3.6.7-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Wed Aug 23 2017 Pierre-Yves Chibon - 1:3.6.7-3 +- Backport upstream patch for dist-git + Upstream: https://github.com/sitaramc/gitolite/commit/41b7885b77cfe992ad3c96d0b021ece51ce1b3e3 + +* Wed Jul 26 2017 Fedora Release Engineering - 1:3.6.7-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Mon Jul 03 2017 Gwyn Ciesla - 1:3.6.7-1 +- Latest upstream. + +* Sun Jun 04 2017 Jitka Plesnikova - 1:3.6.6-3 +- Perl 5.26 rebuild + +* Fri Feb 10 2017 Fedora Release Engineering - 1:3.6.6-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Fri Sep 09 2016 Jon Ciesla - 1:3.6.6-1 +- Latest upstream. + +* Sun May 15 2016 Jitka Plesnikova - 1:3.6.5-3 +- Perl 5.24 rebuild + +* Mon Feb 22 2016 Jon Ciesla - 1:3.6.5-1 +- Latest upstream. + +* Wed Feb 03 2016 Fedora Release Engineering - 1:3.6.4-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Tue Nov 03 2015 Jon Ciesla - 1:3.6.4-1 +- Latest upstream. + +* Thu Oct 8 2015 François Cami - 1:3.6.3-4 +- Fix instructions in README.fedora: +- gitolite user => gitolite3 user +- switch setup from -a to -pk (ssh keys) + +* Wed Jun 17 2015 Fedora Release Engineering - 1:3.6.3-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Wed Jun 03 2015 Jitka Plesnikova - 1:3.6.3-2 +- Perl 5.22 rebuild + +* Sun Apr 26 2015 Jon Ciesla - 1:3.6.3-1 +- Latest upstream. + +* Mon Nov 10 2014 Jon Ciesla - 1:3.6.2-1 +- Latest upstream. + +* Tue Aug 26 2014 Jitka Plesnikova - 1:3.6.1-2 +- Perl 5.20 rebuild + +* Mon Jun 23 2014 Jon Ciesla - 1:3.6.1-1 +- Latest upstream. + +* Sat Jun 07 2014 Fedora Release Engineering - 1:3.6-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Mon May 12 2014 Jon Ciesla - 1:3.6-1 +- Latest upstream. + +* Wed Oct 23 2013 Jon Ciesla - 1:3.5.3.1-1 +- Latest upstream. + +* Wed Oct 16 2013 Jon Ciesla - 1:3.5.3-1 +- Latest upstream. + +* Sat Aug 03 2013 Fedora Release Engineering - 1:3.5.2-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Wed Jul 17 2013 Petr Pisar - 1:3.5.2-2 +- Perl 5.18 rebuild + +* Wed Jul 10 2013 Jon Ciesla - 1:3.5.2-1 +- Latest upstream. + +* Thu Mar 28 2013 Jon Ciesla - 1:3.5.1-1 +- Latest upstream. + +* Mon Mar 25 2013 Jon Ciesla - 1:3.5-1 +- Latest upstream. + +* Tue Mar 05 2013 Jon Ciesla - 1:3.4-1 +- Latest upstream. + +* Wed Feb 13 2013 Fedora Release Engineering - 1:3.3-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Thu Jan 03 2013 Jon Ciesla - 1:3.3-1 +- Latest upstream. + +* Mon Nov 19 2012 Jon Ciesla - 1:3.2-1 +- Latest upstream. + +* Wed Oct 10 2012 Jon Ciesla - 1:3.1-1 +- 3.1, rewuiring Epoch bump. + +* Tue Oct 09 2012 Jon Ciesla - 3.04-4 +- Patch for directory traversal bug. + +* Thu Jul 19 2012 Fedora Release Engineering - 3.04-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Thu Jun 28 2012 Petr Pisar - 3.04-2 +- Perl 5.16 rebuild + +* Wed Jun 27 2012 Jon Ciesla - 3.04-1 +- Latest upstream, docs now includable. + +* Thu Jun 07 2012 Petr Pisar - 3.03-3 +- Perl 5.16 rebuild + +* Thu Jun 07 2012 Petr Pisar - 3.03-2 +- Perl 5.16 rebuild + +* Wed May 23 2012 Jon Ciesla - 3.03-1 +- Latest upstream. + +* Mon May 21 2012 Jon Ciesla - 3.02-1 +- Latest upstream. + +* Tue May 15 2012 Jon Ciesla - 3.01-2 +- Added license file, fixed duplicate files, dropped defattr. +- Dropped clean and buildroot. +- Added script to generate tarball in comments. + +* Thu May 03 2012 Jon Ciesla - 3.01-1 +- Initial packaging based on gitolite 2.3-2.