jbox-gitolite 1.2.0 → 1.2.1

data/lib/gitolite/config/group.rb

@@ -1,9 +1,11 @@
 module Gitolite
   class Config
+
     # Represents a group inside the gitolite configuration.  The name and users
     # options are all encapsulated in this class.  All users are stored as
     # Strings!
     class Group
+
       attr_accessor :name, :users
 
       PREPEND_CHAR = '@'
@@ -15,37 +17,46 @@ module Gitolite
         @users = []
       end
 
+
       def empty!
         @users.clear
       end
 
+
       def add_user(user)
         return if has_user?(user)
         @users.push(user.to_s).sort!
       end
 
+
       def add_users(*users)
         fixed_users = users.flatten.map{ |u| u.to_s }
         @users.concat(fixed_users).sort!.uniq!
       end
 
+
       def rm_user(user)
         @users.delete(user.to_s)
       end
 
+
       def has_user?(user)
         @users.include? user.to_s
       end
 
+
       def size
         @users.length
       end
 
+
       def to_s
         members = @users.join(' ')
         name = "#{PREPEND_CHAR}#{@name}"
         "#{name.ljust(20)}= #{members}\n"
       end
+
     end
+
   end
 end

data/lib/gitolite/config/repo.rb

@@ -1,28 +1,32 @@
 module Gitolite
   class Config
-    #Represents a repo inside the gitolite configuration.  The name, permissions, and git config
-    #options are all encapsulated in this class
+
+    # Represents a repo inside the gitolite configuration.  The name, permissions, and git config
+    # options are all encapsulated in this class
     class Repo
+
       ALLOWED_PERMISSIONS = /-|C|R|RW\+?(?:C?D?|D?C?)M?/
 
       attr_accessor :permissions, :name, :config, :options, :owner, :description
 
       def initialize(name)
-        #Store the perm hash in a lambda since we have to create a new one on every deny rule
-        #The perm hash is stored as a 2D hash, with individual permissions being the first
-        #degree and individual refexes being the second degree.  Both Hashes must respect order
+        # Store the perm hash in a lambda since we have to create a new one on every deny rule
+        # The perm hash is stored as a 2D hash, with individual permissions being the first
+        # degree and individual refexes being the second degree.  Both Hashes must respect order
         @perm_hash_lambda = lambda { Hash.new {|k,v| k[v] = Hash.new{|k2, v2| k2[v2] = [] }} }
         @permissions = Array.new.push(@perm_hash_lambda.call)
 
         @name = name
-        @config = {} #git config
-        @options = {} #gitolite config
+        @config = {} # git config
+        @options = {} # gitolite config
       end
 
+
       def clean_permissions
         @permissions = Array.new.push(@perm_hash_lambda.call)
       end
 
+
       def add_permission(perm, refex = "", *users)
         if perm =~ ALLOWED_PERMISSIONS
           #Handle deny rules
@@ -37,22 +41,27 @@ module Gitolite
         end
       end
 
+
       def set_git_config(key, value)
         @config[key] = value
       end
 
+
       def unset_git_config(key)
         @config.delete(key)
       end
 
+
       def set_gitolite_option(key, value)
         @options[key] = value
       end
 
+
       def unset_gitolite_option(key)
         @options.delete(key)
       end
 
+
       def to_s
         repo = "repo    #{@name}\n"
 
@@ -75,6 +84,7 @@ module Gitolite
         repo
       end
 
+
       def gitweb_description
         if @description.nil?
           nil
@@ -85,10 +95,13 @@ module Gitolite
         end
       end
 
-      #Gets raised if a permission that isn't in the allowed
-      #list is passed in
+
+      # Gets raised if a permission that isn't in the allowed
+      # list is passed in
       class InvalidPermissionError < ArgumentError
       end
+
     end
+
   end
 end

data/lib/gitolite/dirty_proxy.rb

@@ -1,4 +1,5 @@
 module Gitolite
+
   # Very simple proxy object for checking if the proxied object was modified
   # since the last clean_up! method called. It works correctly only for objects
   # with proper hash method!
@@ -25,5 +26,7 @@ module Gitolite
     def clean_up!
       @clean_hash = @target.hash
     end
+
   end
+
 end

data/lib/gitolite/gitolite_admin.rb

@@ -1,5 +1,3 @@
-require File.join(File.dirname(__FILE__), "dirty_proxy")
-
 module Gitolite
   class GitoliteAdmin
 

data/lib/gitolite/ssh_key.rb

@@ -1,63 +1,73 @@
 module Gitolite
-  #Models an SSH key within gitolite
-  #provides support for multikeys
+
+  # Models an SSH key within gitolite
+  # provides support for multikeys
   #
-  #Types of multi keys:
-  #  bob.pub => username: bob
-  #  bob@desktop.pub => username: bob, location: desktop
-  #  bob@email.com.pub => username: bob@email.com
-  #  bob@email.com@desktop.pub => username: bob@email.com, location: desktop
+  # Types of multi keys:
+  #   bob.pub => username: bob
+  #   bob@desktop.pub => username: bob, location: desktop
+  #   bob@email.com.pub => username: bob@email.com
+  #   bob@email.com@desktop.pub => username: bob@email.com, location: desktop
 
   class SSHKey
+
     attr_accessor :owner, :location, :type, :blob, :email
 
-    def initialize(type, blob, email, owner = nil, location = "")
-      @type = type
-      @blob = blob
-      @email = email
+    class << self
 
-      @owner = owner || email
-      @location = location
-    end
+      def from_file(key)
+        raise "#{key} does not exist!" unless File.exists?(key)
 
-    def self.from_file(key)
-      raise "#{key} does not exist!" unless File.exists?(key)
+        # Get our owner and location
+        File.basename(key) =~ /^([\+\w\.-]+(?:@(?:[\w-]+\.)+\D{2,4})?)(?:@([\w-]+))?.pub$/i
+        owner    = $1
+        location = $2 || ""
 
-      #Get our owner and location
-      File.basename(key) =~ /^([\w\.-]+(?:@(?:[\w-]+\.)+\D{2,4})?)(?:@([\w-]+))?.pub$/i
-      owner = $1
-      location = $2 || ""
+        # Use string key constructor
+        self.from_string(File.read(key), owner, location)
+      end
 
-      # Use string key constructor
-      self.from_string(File.read(key), owner, location)
-    end
 
-    # Construct a SSHKey from a string
-    def self.from_string(key_string, owner, location = "")
-      if owner.nil?
-        raise ArgumentError, "owner was nil, you must specify an owner"
-      end
+      # Construct a SSHKey from a string
+      def from_string(key_string, owner, location = "")
+        if owner.nil?
+          raise ArgumentError, "owner was nil, you must specify an owner"
+        end
 
-      #Get parts of the key
-      type, blob, email = key_string.split
+        # Get parts of the key
+        type, blob, email = key_string.split
 
-      # We need at least a type or blob
-      if type.nil? || blob.nil?
-        raise ArgumentError, "'#{key_string}' is not a valid SSH key string"
-      end
+        # We need at least a type or blob
+        if type.nil? || blob.nil?
+          raise ArgumentError, "'#{key_string}' is not a valid SSH key string"
+        end
+
+        # If the key didn't have an email, just use the owner
+        if email.nil?
+          email = owner
+        end
 
-      #If the key didn't have an email, just use the owner
-      if email.nil?
-        email = owner
+        self.new(type, blob, email, owner, location)
       end
 
-      self.new(type, blob, email, owner, location)
     end
 
+
+    def initialize(type, blob, email, owner = nil, location = "")
+      @type = type
+      @blob = blob
+      @email = email
+
+      @owner = owner || email
+      @location = location
+    end
+
+
     def to_s
       [@type, @blob, @email].join(' ')
     end
 
+
     def to_file(path)
       key_file = File.join(path, self.filename)
       File.open(key_file, "w") do |f|
@@ -67,12 +77,14 @@ module Gitolite
       key_file
     end
 
+
     def filename
       file = @owner
       file += "@#{@location}" unless @location.empty?
       file += ".pub"
     end
 
+
     def ==(key)
       @type == key.type &&
       @blob == key.blob &&
@@ -81,8 +93,10 @@ module Gitolite
       @location == key.location
     end
 
+
     def hash
       [@owner, @location, @type, @blob, @email].hash
     end
+
   end
 end

data/lib/gitolite/version.rb

@@ -1,3 +1,3 @@
 module Gitolite
-  VERSION = "1.2.0"
+  VERSION = "1.2.1"
 end

data/spec/config_spec.rb

@@ -1,9 +1,10 @@
-require 'gratr'
-require 'gitolite/config'
 require 'spec_helper'
 
 describe Gitolite::Config do
-  conf_dir = File.join(File.dirname(__FILE__),'configs')
+
+  conf_dir   = File.join(File.dirname(__FILE__), 'fixtures', 'configs')
+  output_dir = '/tmp'
+  # output_dir = File.join(File.dirname(File.dirname(__FILE__)), 'tmp')
 
   describe "#new" do
     it 'should read a simple configuration' do
@@ -15,7 +16,7 @@ describe Gitolite::Config do
     it 'should read a complex configuration' do
       c = Gitolite::Config.new(File.join(conf_dir, 'complicated.conf'))
       c.groups.length.should == 5
-      c.repos.length.should == 12
+      c.repos.length.should == 13
     end
 
     describe 'gitweb operations' do
@@ -327,17 +328,23 @@ describe Gitolite::Config do
   describe "#to_file" do
     it 'should create a file at the given path with the config\'s file name' do
       c = Gitolite::Config.init
-      file = c.to_file('/tmp')
-      File.file?(File.join('/tmp', c.filename)).should be true
+      file = c.to_file(output_dir)
+      File.file?(File.join(output_dir, c.filename)).should be true
       File.unlink(file)
     end
 
+    it 'should create a file at the given path with the config file passed' do
+      c = Gitolite::Config.new(File.join(conf_dir, 'complicated.conf'))
+      file = c.to_file(output_dir)
+      File.file?(File.join(output_dir, c.filename)).should be true
+    end
+
     it 'should create a file at the given path when a different filename is specified' do
       filename = "test.conf"
       c = Gitolite::Config.init
       c.filename = filename
-      file = c.to_file('/tmp')
-      File.file?(File.join('/tmp', filename)).should be true
+      file = c.to_file(output_dir)
+      File.file?(File.join(output_dir, filename)).should be true
       File.unlink(file)
     end
 
@@ -373,7 +380,7 @@ describe Gitolite::Config do
       c.add_group(g)
 
       # Write the config to a file
-      file = c.to_file('/tmp')
+      file = c.to_file(output_dir)
 
       # Read the conf and make sure our order is correct
       f = File.read(file)
@@ -411,7 +418,7 @@ describe Gitolite::Config do
       c.add_group(g)
 
       # Attempt to write the config file
-      lambda{ c.to_file('/tmp')}.should raise_error(Gitolite::Config::GroupDependencyError)
+      lambda{ c.to_file(output_dir)}.should raise_error(Gitolite::Config::GroupDependencyError)
     end
 
     it 'should resolve group dependencies even when there are disconnected portions of the graph' do
@@ -436,7 +443,7 @@ describe Gitolite::Config do
       c.add_group(g)
 
       # Write the config to a file
-      file = c.to_file('/tmp')
+      file = c.to_file(output_dir)
 
       # Read the conf and make sure our order is correct
       f = File.read(file)

data/spec/dirty_proxy_spec.rb

@@ -1,4 +1,3 @@
-require 'gitolite/dirty_proxy'
 require 'spec_helper'
 
 describe Gitolite::DirtyProxy do
@@ -7,9 +6,11 @@ describe Gitolite::DirtyProxy do
     Gitolite::DirtyProxy.new([]).should_not be_nil
   end
 
+
   let(:target) { ['foo', 'bar'] }
   let(:proxy) { Gitolite::DirtyProxy.new(target) }
 
+
   describe 'delegating to the target object' do
     it 'should act as instance of the target' do
       proxy.should be_instance_of target.class
@@ -24,6 +25,7 @@ describe Gitolite::DirtyProxy do
     end
   end
 
+
   describe 'dirty checking methods' do
     it 'should respond to clean_up!' do
       proxy.respond_to?(:clean_up!).should be_true
@@ -60,4 +62,5 @@ describe Gitolite::DirtyProxy do
       include_examples 'dirty? clean_up!'
     end
   end
+
 end

data/spec/fixtures/configs/complicated.conf

@@ -0,0 +1,311 @@
+# example conf file for gitolite
+
+# ----------------------------------------------------------------------------
+# overall syntax:
+#     - everything is space-separated; no commas, semicolons, etc (except in
+#       the description string for gitweb)
+#     - comments in the normal shell-ish style; no surprises there
+#     - there are NO continuation lines of any kind
+#     - user/repo names as simple as possible; they must start with an
+#       alphanumeric, but after that they can also contain ".", "_", "-".
+#         - usernames can optionally be followed by an "@" and a domainname
+#           containing at least one "." (this allows you to use an email
+#           address as someone's username)
+#         - reponames can contain "/" characters (this allows you to
+#           put your repos in a tree-structure for convenience)
+
+# objectives, over and above gitosis:
+#     - simpler syntax
+#     - easier gitweb/daemon control
+#     - specify who can push a branch/tag
+#     - specify who can rewind a branch/rewrite a tag
+
+# ----------------------------------------------------------------------------
+
+# GROUPS
+# ------
+
+# syntax:
+#   @groupname = [one or more names]
+
+# groups let you club (user or group) names together for convenience
+
+# * a group is like a #define in C except that it can *accumulate* values
+# * the config file is parsed in a single-pass, so later *additions* to a
+#   group name cannot affect earlier *uses* of it
+
+# The following examples should illustrate all this:
+
+                # you can have a group of people...
+@staff      =   sitaram some_dev another-dev
+
+                # ...or a group of repos
+@oss_repos  =   gitolite linux git perl rakudo entrans vkc
+
+                # ...or even a group of refexes
+@important  =   master$ QA_done refs/tags/v[0-9]
+                # (see later for what "refex"s are; I'm only mentioning it
+                # here to emphasise that you can group them too)
+
+                # even sliced and diced differently
+@admins     =   sitaram admin2
+                # notice that sitaram is in 2 groups (staff and admins)
+
+                # if you repeat a group name in another definition line, the
+                # new ones get added to the old ones (they accumulate)
+@staff      =   au.thor
+                # so now "@staff" expands to all 4 names
+
+                # groups can include other groups, and the included group will
+                # be expanded to whatever value it currently has
+@interns    =   indy james
+@staff      =   bob @interns
+                # "@staff" expands to 7 names now
+@interns    =   han
+                # "@interns" now has 3 names in it, but note that this does
+                # not change @staff
+
+# REPO AND BRANCH PERMISSIONS
+# ---------------------------
+
+# syntax:
+#   start line:
+#       repo [one or more repos and/or repo groups]
+#   followed by one or more permissions lines:
+#       (C|R|RW|RW+|RWC|RW+C|RWD|RW+D|RWCD|RW+CD) [zero or more refexes] = [one or more users]
+
+# there are 6 types of permissions: R, RW, and RW+ are simple (the "+" means
+# permission to "rewind" -- force push a non-fast forward to -- a branch).
+# The *standalone* C permission pertains to creating a REPO and is described
+# in doc/wildcard-repositories.mkd.  The C and D *suffixes* to the RW/RW+
+# permissions pertain to creating or deleting a BRANCH, and are described in
+# doc/3-faq-tips-etc.mkd, in the sections on "separating push and create
+# rights" and "separating delete and rewind rights" respectively.
+
+# how permissions are matched:
+#     - user, repo, and access (W or +) are known.  For that combination, if
+#       any of the refexes match the refname being updated, the push succeeds.
+#       If none of them match, it fails
+
+# what's a refex?  a regex to match against the ref being updated (get it?)
+# See next section for more on refexes
+
+# BASIC PERMISSIONS (repo level only; apply to all branches/tags in repo)
+
+                # most important rule of all -- specify who can make changes
+                # to *this* file take effect
+repo    gitolite-admin
+        RW+                             =   @admins
+
+                # "@all" is a special, predefined, group name of all users
+                # (everyone who has a pubkey in keydir)
+repo    testing
+        RW+                             =   @all
+
+                # this repo is visible to staff but only sitaram can write to it
+repo    gitolite
+        R                               =   @staff
+        RW+                             =   sitaram
+
+                # you can split up access rules for a repo for convenience
+                # (notice that @oss_repos contains gitolite also)
+repo    @oss_repos
+        R                               =   @all
+
+                # set permissions to all repos.  *Please* do see
+                # doc/3-faq-tips-etc.mkd for notes on this feature
+repo    @all
+        RW+                             =   @admins
+
+# SPECIFYING AND USING A REFEX
+
+#     - refexes are specified in perl regex syntax
+#     - refexes are prefix-matched (they are internally anchored with "^"
+#       before being used), which means a refex like "refs/tags/v[0-9]"
+#       matches anything *starting with* that pattern.  There may be text
+#       after it (example: refs/tags/v4-r3/p7), and it will still match
+
+# ADVANCED PERMISSIONS USING REFEXES
+
+#     - if no refex appears, the rule applies to all refs in that repo
+#     - a refex is automatically prefixed by "refs/heads/" if it doesn't start
+#       with "refs/" (so tags have to be explicitly named as
+#       refs/tags/pattern)
+
+                # here's the example from
+                # Documentation/howto/update-hook-example.txt:
+
+                #       refs/heads/master junio
+                #       +refs/heads/pu          junio
+                #       refs/heads/cogito$      pasky
+                #       refs/heads/bw/.*        linus
+                #       refs/heads/tmp/.*       .*
+                #       refs/tags/v[0-9].*      junio
+
+                # and here're the equivalent gitolite refexes
+repo    git
+        RW                              =   bobzilla
+        RW      master                  =   junio
+        RW+     pu                      =   junio
+        RW      cogito$                 =   pasky
+        RW      bw/                     =   linus
+        RW      tmp/                    =   @all
+        RW      refs/tags/v[0-9]        =   junio
+
+# DENY/EXCLUDE RULES
+
+# ***IMPORTANT NOTES ABOUT "DENY" RULES***:
+
+# - deny rules do NOT affect read access.  They only apply to write access.
+#
+# - when using deny rules, the order of your rules starts to matter, where
+#   earlier it did not.  The first matching rule applies, where "matching" is
+#   defined as either permitting the operation you're attempting (`W` or `+`),
+#   which results in success, or a "deny" (`-`), which results in failure.
+#   (As before, a fallthrough also results in failure).
+
+# in the example above, you cannot easily say "anyone can write any tag,
+# except version tags can only be written by junio".  The following might look
+# like it works but it doesn't:
+
+    #   RW      refs/tags/v[0-9]        =   junio
+    #   RW      refs/tags/              =   junio linus pasky @others
+
+# if you use "deny" rules, however, you can do this (a "deny" rule just uses
+# "-" instead of "R" or "RW" or "RW+" in the permission field)
+
+        RW      refs/tags/v[0-9]        =   junio
+        -       refs/tags/v[0-9]        =   linus pasky @others
+        RW      refs/tags/              =   junio linus pasky @others
+
+# FILE/DIR NAME BASED RESTRICTIONS
+# --------------------------------
+
+# Here's a hopefully self-explanatory example.  Assume the project has the
+# following contents at the top level: a README, a "doc/" directory, and an
+# "src/" directory.
+
+repo foo
+        RW+                             =   lead_dev                # rule 1
+        RW                              =   dev1 dev2 dev3 dev4     # rule 2
+
+        RW  NAME/                       =   lead_dev                # rule 3
+        RW  NAME/doc/                   =   dev1 dev2               # rule 4
+        RW  NAME/src/                   =   dev1 dev2 dev3 dev4     # rule 5
+        option mirror.master            =   mars
+        option mirror.slaves            =   phobos deimos
+        option mirror.redirectOK        =   all
+
+
+repo foo2
+    RW+                     =   @all-devs
+    -   VREF/COUNT/5        =   @junior-devs
+    -   VREF/NAME/Makefile  =   @junior-devs
+
+# Notes
+
+# - the "NAME/" is part of the syntax; think of it as a keyword if you like.
+#   The rest of it is treated as a refex to match against each file being
+#   touched (see "SPECIFYING AND USING A REFEX" above for details)
+
+# - file/dir NAME-based restrictions are *in addition* to normal (branch-name
+#   based) restrictions; they are not a *replacement* for them.  This is why
+#   rule #2 (or something like it, maybe with a more specific branch-name) is
+#   needed; without it, dev1/2/3/4 cannot push any branches.
+
+# - if a repo has *any* NAME/ rules, then NAME-based restrictions are checked
+#   for *all* users.  This is why rule 3 is needed, even though we don't
+#   actually have any NAME-based restrictions on lead_dev.  Notice the pattern
+#   on rule 3.
+
+# - *each* file touched by the commits being pushed is checked against those
+#   rules.  So, lead_dev can push changes to any files, dev1/2 can push
+#   changes to files in "doc/" and "src/" (but not the top level README), and
+#   dev3/4 can only push changes to files in "src/".
+
+# GITWEB AND DAEMON STUFF
+# -----------------------
+
+# No specific syntax for gitweb and daemon access; just make the repo readable
+# ("R" access) to the special users "gitweb" and "daemon"
+
+                # make "@oss_repos" (all 7 of them!) accessible via git daemon
+repo    @oss_repos
+        R                               =   daemon
+
+                # make the two *large* repos accessible via gitweb
+repo    linux perl
+        R                               =   gitweb
+
+# REPO OWNER/DESCRIPTION LINE FOR GITWEB
+
+# syntax, one of:
+#   reponame = "some description string in double quotes"
+#   reponame "owner name" = "some description string in double quotes"
+
+# note: setting a description also gives gitweb access; you do not have to
+# give gitweb access as described above if you're specifying a description
+
+gitolite "Sitaram Chamarty" = "fast, secure, access control for git in a corporate environment"
+foo = "Foo is a nice test repo"
+foobar "Bob Zilla" = "Foobar is top secret"
+bar = "A nice place to get drinks"
+
+# REPO SPECIFIC GITCONFIG
+# -----------------------
+
+# update 2010-02-06; this won't work unless the rc file has the right
+# settings; please see comments around the variable $GL_GITCONFIG_KEYS in
+# conf/example.gitolite.rc for details and security information.
+
+# (Thanks to teemu dot matilainen at iki dot fi)
+
+# this should be specified within a "repo" stanza
+
+# syntax:
+#   config sectionname.keyname = [optional value_string]
+
+# example usage: if you placed a hook in hooks/common that requires
+# configuration information that is specific to each repo, you could do this:
+
+repo gitolite
+    config hooks.mailinglist = gitolite-commits@example.tld
+    config hooks.emailprefix = "[gitolite] "
+    config foo.bar = ""
+    config foo.baz =
+
+# This does either a plain "git config section.key value" (for the first 3
+# examples above) or "git config --unset-all section.key" (for the last
+# example).  Other forms (--add, the value_regex, etc) are not supported.
+
+# INCLUDE SOME OTHER FILE
+# -----------------------
+
+    include     "foo.conf"
+    subconf     "bar.conf"
+
+# this includes the contents of $GL_ADMINDIR/conf/foo.conf here
+
+# Notes:
+# - the include statement is not allowed inside delegated fragments for
+#   security reasons.
+# - you can also use an absolute path if you like, although in the interests
+#   of cloning the admin-repo sanely you should avoid doing this!
+
+# EXTERNAL COMMAND HELPERS -- RSYNC
+# ---------------------------------
+
+# If $RSYNC_BASE is non-empty, the following config entries come into play
+# (otherwise they are ignored):
+
+# a "fake" git repository to collect rsync rules.  Gitolite does not
+# auto-create any repo whose name starts with EXTCMD/
+repo    EXTCMD/rsync
+# grant permissions to files/dirs within the $RSYNC_BASE tree.  A leading
+# NAME/ is required as a prefix; the actual path starts after that.  Matching
+# follows the same rules as given in "FILE/DIR NAME BASED RESTRICTIONS" above
+        RW  NAME/                       =   sitaram
+        RW  NAME/foo/                   =   user1
+        R   NAME/bar/                   =   user2
+# just to remind you that these are perl regexes, not shell globs
+        RW  NAME/baz/.*/*.c             =   user3