def handle_args(self, parser, cfg, options, args): super(Main, self).handle_args(parser, cfg, options, args) os.umask(0022) log.info('Reading SSH public key...') pubkey = read_ssh_pubkey() user = ssh_extract_user(pubkey) if user is None: log.error('Cannot parse user from SSH public key.') sys.exit(1) log.info('Admin user is %r', user) log.info('Creating generated files directory...') generated = util.getGeneratedFilesDir(config=cfg) util.mkdir(generated) log.info('Creating repository structure...') repositories = util.getRepositoryDir(cfg) util.mkdir(repositories) #admin_repository = os.path.join(repositories, 'gitosis-admin.git') #init_admin_repository( # git_dir=admin_repository, # pubkey=pubkey, # user=user, # ) #log.info('Running post-update hook...') #util.mkdir(os.path.expanduser('~/.ssh'), 0700) #run_hook.post_update(cfg=cfg, git_dir=admin_repository) #log.info('Symlinking ~/.gitosis.conf to repository...') #symlink_config(git_dir=admin_repository) log.info('Done.')
def handle_args(self, parser, cfg, options, args): super(Main, self).handle_args(parser, cfg, options, args) os.umask(0022) log.info("Reading SSH public key...") pubkey = read_ssh_pubkey() user = ssh_extract_user(pubkey) if user is None: log.error("Cannot parse user from SSH public key.") sys.exit(1) log.info("Admin user is %r", user) log.info("Creating generated files directory...") generated = util.getGeneratedFilesDir(config=cfg) util.mkdir(generated) log.info("Creating repository structure...") repositories = util.getRepositoryDir(cfg) util.mkdir(repositories) admin_repository = os.path.join(repositories, "gitosis-admin.git") init_admin_repository(git_dir=admin_repository, pubkey=pubkey, user=user) log.info("Running post-update hook...") util.mkdir(os.path.expanduser("~/.ssh"), 0700) run_hook.post_update(cfg=cfg, git_dir=admin_repository) log.info("Symlinking ~/.gitosis.conf to repository...") symlink_config(git_dir=admin_repository) log.info("Done.")
def post_update(cfg, git_dir): export = os.path.join(git_dir, 'gitosis-export') try: shutil.rmtree(export) except OSError as e: if e.errno == errno.ENOENT: pass else: raise repository.export(git_dir=git_dir, path=export) os.rename( os.path.join(export, 'gitosis.conf'), os.path.join(export, '..', 'gitosis.conf'), ) # re-read config to get up-to-date settings cfg.read(os.path.join(export, '..', 'gitosis.conf')) gitweb.set_descriptions(config=cfg, ) generated = util.getGeneratedFilesDir(config=cfg) gitweb.generate_project_list( config=cfg, path=os.path.join(generated, 'projects.list'), ) gitdaemon.set_export_ok(config=cfg, ) authorized_keys = util.getSSHAuthorizedKeysPath(config=cfg) ssh.writeAuthorizedKeys( path=authorized_keys, keydir=os.path.join(export, 'keydir'), )
def handle_args(self, parser, cfg, options, args): super(Main, self).handle_args(parser, cfg, options, args) os.umask(0022) log.info('Reading SSH public key...') pubkey = read_ssh_pubkey() user = ssh_extract_user(pubkey) if user is None: log.error('Cannot parse user from SSH public key.') sys.exit(1) log.info('Admin user is %r', user) log.info('Creating generated files directory...') generated = util.getGeneratedFilesDir(config=cfg) util.mkdir(generated) log.info('Creating repository structure...') repositories = util.getRepositoryDir(cfg) util.mkdir(repositories) admin_repository = os.path.join(repositories, 'gitosis-admin') # CQDE change: removed .git extension. init_admin_repository( git_dir=admin_repository, pubkey=pubkey, user=user, ) log.info('Running post-update hook...') util.mkdir(os.path.expanduser('~/.ssh'), 0700) run_hook.post_update(cfg=cfg, git_dir=admin_repository) log.info('Symlinking ~/.gitosis.conf to repository...') symlink_config(git_dir=admin_repository) log.info('Done.')
def gitosis_sync(gitosis_conf, gitosis_keydir): from gitosis import ssh from gitosis import gitweb from gitosis import gitdaemon from gitosis import util import ConfigParser cfg = ConfigParser.RawConfigParser () cfg.read(gitosis_conf) util.RepositoryDir(cfg, ( gitdaemon.DaemonProp(), gitweb.GitwebProp(), gitweb.DescriptionProp(), gitweb.OwnerProp() )).travel() generated = util.getGeneratedFilesDir(config=cfg) gitweb.ProjectList( os.path.join(generated, 'projects.list') ).refresh() authorized_keys = util.getSSHAuthorizedKeysPath(config=cfg) ssh.writeAuthorizedKeys( path=authorized_keys, keydir=gitosis_keydir, )
def gitosis_sync(gitosis_conf, gitosis_keydir): from gitosis import ssh from gitosis import gitweb from gitosis import gitdaemon from gitosis import util import ConfigParser cfg = ConfigParser.RawConfigParser() cfg.read(gitosis_conf) util.RepositoryDir( cfg, (gitdaemon.DaemonProp(), gitweb.GitwebProp(), gitweb.DescriptionProp(), gitweb.OwnerProp())).travel() generated = util.getGeneratedFilesDir(config=cfg) gitweb.ProjectList(os.path.join(generated, 'projects.list')).refresh() authorized_keys = util.getSSHAuthorizedKeysPath(config=cfg) ssh.writeAuthorizedKeys( path=authorized_keys, keydir=gitosis_keydir, )
def serve( cfg, user, command, ): if '\n' in command: raise CommandMayNotContainNewlineError() try: verb, args = command.split(None, 1) except ValueError: # all known "git-foo" commands take one argument; improve # if/when needed raise UnknownCommandError() if verb == 'git': try: subverb, args = args.split(None, 1) except ValueError: # all known "git foo" commands take one argument; improve # if/when needed raise UnknownCommandError() verb = '%s %s' % (verb, subverb) if (verb not in COMMANDS_WRITE and verb not in COMMANDS_READONLY): raise UnknownCommandError() match = ALLOW_RE.match(args) if match is None: raise UnsafeArgumentsError() path = match.group('path') # write access is always sufficient newpath = access.haveAccess( config=cfg, user=user, mode='writable', path=path) if newpath is None: # didn't have write access; try once more with the popular # misspelling newpath = access.haveAccess( config=cfg, user=user, mode='writeable', path=path) if newpath is not None: log.warning( 'Repository %r config has typo "writeable", ' +'should be "writable"', path, ) if newpath is None: # didn't have write access newpath = access.haveAccess( config=cfg, user=user, mode='readonly', path=path) if newpath is None: raise ReadAccessDenied() if verb in COMMANDS_WRITE: # didn't have write access and tried to write raise WriteAccessDenied() (topdir, relpath) = newpath assert not relpath.endswith('.git'), \ 'git extension should have been stripped: %r' % relpath repopath = '%s.git' % relpath fullpath = os.path.join(topdir, repopath) if not os.path.exists(fullpath): # it doesn't exist on the filesystem, but the configuration # refers to it, we're serving a write request, and the user is # authorized to do that: create the repository on the fly # create leading directories p = topdir for segment in repopath.split(os.sep)[:-1]: p = os.path.join(p, segment) util.mkdir(p, 0750) repository.init(path=fullpath) gitweb.set_descriptions( config=cfg, ) generated = util.getGeneratedFilesDir(config=cfg) gitweb.generate_project_list( config=cfg, path=os.path.join(generated, 'projects.list'), ) gitdaemon.set_export_ok( config=cfg, ) # put the verb back together with the new path newcmd = "%(verb)s '%(path)s'" % dict( verb=verb, path=fullpath, ) return newcmd
def serve( cfg, user, command, ): if '\n' in command: raise CommandMayNotContainNewlineError() try: verb, args = command.split(None, 1) except ValueError: # all known "git-foo" commands take one argument; improve # if/when needed raise UnknownCommandError() if verb == 'git': try: subverb, args = args.split(None, 1) except ValueError: # all known "git foo" commands take one argument; improve # if/when needed raise UnknownCommandError() verb = '%s %s' % (verb, subverb) if (verb not in COMMANDS_WRITE and verb not in COMMANDS_READONLY): raise UnknownCommandError() match = ALLOW_RE.match(args) if match is None: raise UnsafeArgumentsError() path = match.group('path') # write access is always sufficient newpath = access.haveAccess( config=cfg, user=user, mode='writable', path=path) if newpath is None: # didn't have write access; try once more with the popular # misspelling newpath = access.haveAccess( config=cfg, user=user, mode='writeable', path=path) if newpath is not None: log.warning( 'Repository %r config has typo "writeable", ' +'should be "writable"', path, ) if newpath is None: # didn't have write access newpath = access.haveAccess( config=cfg, user=user, mode='readonly', path=path) if newpath is None: raise ReadAccessDenied() if verb in COMMANDS_WRITE: # didn't have write access and tried to write raise WriteAccessDenied() (topdir, relpath) = newpath assert not relpath.endswith('.git'), \ 'git extension should have been stripped: %r' % relpath repopath = '%s.git' % relpath fullpath = os.path.join(topdir, repopath) if (not os.path.exists(fullpath) and verb in COMMANDS_WRITE): # it doesn't exist on the filesystem, but the configuration # refers to it, we're serving a write request, and the user is # authorized to do that: create the repository on the fly # create leading directories p = topdir for segment in repopath.split(os.sep)[:-1]: p = os.path.join(p, segment) util.mkdir(p, 0755) repository.init(path=fullpath) gitweb.set_descriptions( config=cfg, ) generated = util.getGeneratedFilesDir(config=cfg) gitweb.generate_project_list( config=cfg, path=os.path.join(generated, 'projects.list'), ) gitdaemon.set_export_ok( config=cfg, ) # put the verb back together with the new path newcmd = "%(verb)s '%(path)s'" % dict( verb=verb, path=fullpath, ) return newcmd
if e.errno == errno.ENOENT: pass else: raise repository.export(git_dir=git_dir, path=export) os.rename( os.path.join(export, 'gitosis.conf'), os.path.join(export, '..', 'gitosis.conf'), ) # re-read config to get up-to-date settings cfg.read(os.path.join(export, '..', 'gitosis.conf')) autoinit_repos(config=cfg) gitweb.set_descriptions( config=cfg, ) generated = util.getGeneratedFilesDir(config=cfg) gitweb.generate_project_list( config=cfg, path=os.path.join(generated, 'projects.list'), ) gitdaemon.set_export_ok( config=cfg, ) if htaccess.gen_htaccess_if_enabled(config=cfg): group.generate_group_list( config=cfg, path=os.path.join(generated, 'groups'), ) authorized_keys = util.getSSHAuthorizedKeysPath(config=cfg) ssh.writeAuthorizedKeys( path=authorized_keys,
except OSError, e: if e.errno == errno.ENOENT: pass else: raise repository.export(git_dir=git_dir, path=export) os.rename( os.path.join(export, 'gitosis.conf'), os.path.join(export, '..', 'gitosis.conf'), ) # re-read config to get up-to-date settings cfg.read(os.path.join(export, '..', 'gitosis.conf')) gitweb.set_descriptions( config=cfg, ) generated = util.getGeneratedFilesDir(config=cfg) gitweb.generate_project_list( config=cfg, path=os.path.join(generated, 'projects.list'), ) gitdaemon.set_export_ok( config=cfg, ) authorized_keys = util.getSSHAuthorizedKeysPath(config=cfg) ssh.writeAuthorizedKeys( path=authorized_keys, keydir=os.path.join(export, 'keydir'), ) class Main(app.App): def create_parser(self):
def serve( cfg, user, command, ): if '\n' in command: raise CommandMayNotContainNewlineError() try: verb, args = command.split(None, 1) except ValueError: # all known "git-foo" commands take one argument; improve # if/when needed raise UnknownCommandError() if verb == 'git': try: subverb, args = args.split(None, 1) except ValueError: # all known "git foo" commands take one argument; improve # if/when needed raise UnknownCommandError() verb = '%s %s' % (verb, subverb) elif verb == 'cvs': try: args, server = args.split(None, 1) except: raise UnknownCommandError() if server != 'server': raise UnknownCommandError() path = path_from_args(args) newpath = path_for_write(cfg=cfg, user=user, path=path) if newpath is None: raise WriteAccessDenied() (topdir, repopath) = construct_path(newpath) # Put the repository and base path in the environment repos_dir = util.getRepositoryDir(cfg) fullpath = os.path.join(repos_dir, repopath) os.environ['GIT_CVSSERVER_BASE_PATH'] = repos_dir os.environ['GIT_CVSSERVER_ROOTS'] = fullpath # Put the user's information in the environment try: section = 'user %s' % user name = cfg.get(section, 'name') email = cfg.get(section, 'email') except: log.error('Missing name or email for user "%s"' % user) raise WriteAccessDenied() os.environ['GIT_AUTHOR_NAME'] = name os.environ['GIT_AUTHOR_EMAIL'] = email return 'cvs server' if (verb not in COMMANDS_WRITE and verb not in COMMANDS_READONLY): raise UnknownCommandError() path = path_from_args(args) # write access is always sufficient newpath = path_for_write( cfg=cfg, user=user, path=path) if newpath is None: # didn't have write access newpath = access.haveAccess( config=cfg, user=user, mode='readonly', path=path) if newpath is None: raise ReadAccessDenied() if verb in COMMANDS_WRITE: # didn't have write access and tried to write raise WriteAccessDenied() (topdir, repopath) = construct_path(newpath) fullpath = os.path.join(topdir, repopath) if not os.path.exists(fullpath): # it doesn't exist on the filesystem, but the configuration # refers to it, we're serving a write request, and the user is # authorized to do that: create the repository on the fly auto_init_repo(cfg,topdir,repopath) gitweb.set_descriptions( config=cfg, ) generated = util.getGeneratedFilesDir(config=cfg) gitweb.generate_project_list( config=cfg, path=os.path.join(generated, 'projects.list'), ) gitdaemon.set_export_ok( config=cfg, ) htaccess.gen_htaccess_if_enabled( config=cfg, ) # put the verb back together with the new path newcmd = "%(verb)s '%(path)s'" % dict( verb=verb, path=fullpath, ) return newcmd
def serve(cfg, user, command): if "\n" in command: raise CommandMayNotContainNewlineError() try: verb, args = command.split(None, 1) except ValueError: # all known "git-foo" commands take one argument; improve # if/when needed raise UnknownCommandError() if verb == "git": try: subverb, args = args.split(None, 1) except ValueError: # all known "git foo" commands take one argument; improve # if/when needed raise UnknownCommandError() verb = "%s %s" % (verb, subverb) if verb not in COMMANDS_WRITE and verb not in COMMANDS_READONLY: raise UnknownCommandError() match = ALLOW_RE.match(args) if match is None: raise UnsafeArgumentsError() path = match.group("path") decode_id = cfg.get_gitosis("decodeID") if decode_id and util.parse_bool(decode_id): encoded_user = user user = util.decode_id(encoded_user) log.debug("decodeID = yes, decode '%s' as '%s'" % (encoded_user, user)) if not user: raise BadEncodedID() newpath = access.haveAccess(config=cfg, user=user, mode="RW+", path=path) if newpath == None: if verb in COMMANDS_WRITE: raise WriteAccessDenied() else: newpath = access.haveAccess(config=cfg, user=user, mode="R", path=path) if newpath == None: raise ReadAccessDenied() (repobase, reponame) = newpath assert not reponame.endswith(".git"), "git extension should have been stripped: %r" % reponame repopath = reponame + ".git" fullpath = os.path.join(repobase, repopath) if not os.path.exists(fullpath): # it doesn't exist on the filesystem, but the configuration # refers to it, we're serving a write request, and the user is # authorized to do that: create the repository on the fly # create leading directories p = repobase components = repopath.split(os.sep)[:-1] for c in components: # Check if c.endswith(".git"): raise BadRepositoryPath() for c in components: p = os.path.join(p, c) util.mkdir(p, 0750) props = (gitdaemon.DaemonProp(), gitweb.GitwebProp(), gitweb.DescriptionProp(), gitweb.OwnerProp()) ext_props = cfg.get_gitosis("extProps") or () if ext_props: try: ext_props_expanded = os.path.join(os.path.expanduser("~"), ext_props) dir_ = os.path.dirname(ext_props_expanded) file_ = os.path.basename(ext_props_expanded) mod_, ext_ = os.path.splitext(file_) assert mod_, "'%s': empty module name" % file_ assert ext_ == ".py", "the extname of '%s' is not '.py'" % file_ sys.path.append(dir_) mod_ = __import__(mod_) ext_props_ = mod_.get_props() except (AssertionError, ImportError) as e: log.warning("Invalid extProps value '%s': %s" % (ext_props, str(e))) ext_props = () except: log.warning("Bad module '%s': %s" % (ext_props, str(sys.exc_info()[1]))) ext_props = () else: ext_props = ext_props_ repository.init(path=fullpath) util.RepositoryDir(cfg, props + ext_props).visit_one(reponame) generated = util.getGeneratedFilesDir(config=cfg) gitweb.ProjectList(os.path.join(generated, "projects.list")).update() # put the verb back together with the new path newcmd = "%(verb)s '%(path)s'" % dict(verb=verb, path=fullpath) return newcmd