diff options
| author | Joe Rayhawk <jrayhawk@omgwallhack.org> | 2010-07-19 02:40:58 -0700 |
|---|---|---|
| committer | Joe Rayhawk <jrayhawk@omgwallhack.org> | 2010-07-19 02:40:58 -0700 |
| commit | d9b1e99b4179ca7cb10d3930573be1febb8f278e (patch) | |
| tree | c5b085fdf5b1581e9f6e0bbfafe8663095c8bbb5 /usr | |
| parent | d83ce669fa01331645a3729c4f77e0c39b9cf814 (diff) | |
| parent | 9ddb2e2aa1f9a0c387e1a33b438b0065e7ebe4f9 (diff) | |
| download | piny-code-d9b1e99b4179ca7cb10d3930573be1febb8f278e.tar.gz piny-code-d9b1e99b4179ca7cb10d3930573be1febb8f278e.zip | |
Merge branch 'master' of git+ssh://piny.be/srv/git/piny-code
Diffstat (limited to 'usr')
| -rw-r--r-- | usr/src/libpiny/debian/changelog | 6 | ||||
| -rw-r--r-- | usr/src/libpiny/lib/Piny/Repo.pm | 78 | ||||
| -rw-r--r-- | usr/src/pinyadmin/debian/control | 2 | ||||
| -rwxr-xr-x | usr/src/pinyadmin/sbin/rmrepo | 63 |
4 files changed, 87 insertions, 62 deletions
diff --git a/usr/src/libpiny/debian/changelog b/usr/src/libpiny/debian/changelog index fc1ae42..3dcd6c4 100644 --- a/usr/src/libpiny/debian/changelog +++ b/usr/src/libpiny/debian/changelog @@ -1,3 +1,9 @@ +libpiny-perl (0.11) unstable; urgency=low + + * Destroying dead repos. + + -- Julian Blake Kongslie <jblake@omgwallhack.org> Mon, 19 Jul 2010 02:30:01 -0700 + libpiny-perl (0.10) unstable; urgency=low * Support for the global /etc/piny.conf stuff. diff --git a/usr/src/libpiny/lib/Piny/Repo.pm b/usr/src/libpiny/lib/Piny/Repo.pm index 7cffd68..8b2045c 100644 --- a/usr/src/libpiny/lib/Piny/Repo.pm +++ b/usr/src/libpiny/lib/Piny/Repo.pm @@ -182,6 +182,64 @@ sub has_access { return $s->owner->uid == $user->uid || $user->has_group( $s->group ); }; +sub destroy { + my ( $s ) = @_; + + my $user = Piny::Environment->instance->user; + + unlink( "/etc/apache2/piny-enabled/" . $s->name ); + unlink( "/etc/apache2/piny-available/" . $s->name ); + + system( "/etc/init.d/apache2", "reload" ) and die "Could not reload apache config!"; + + unlink( "/etc/cgitrc.d/" . $s->name ); + + my $temp = File::Temp->new( ) or die "Could not create temporary file: $!"; + $temp->unlink_on_destroy( 0 ); + + my $dh = IO::Dir->new( "/etc/cgitrc.d" ) or die "Could not open cgitrc.d directory: $!"; + while ( defined ( my $entry = $dh->read ) ) { + next if ( $entry =~ /^\./ ); + open( FILE, "<", "/etc/cgitrc.d/" . $entry ) or die "Could not open cgitrc.d entry $entry: $!"; + print $temp <FILE>; + close( FILE ) or die "Could not close cgitrc.d entry $entry: $!"; + }; + + $temp->close or die "Could not close new cgitrc: $!"; + + chmod( 00644, $temp->filename ) or die "Could not fix mode of new cgitrc: $!"; + + rename( $temp->filename, "/etc/cgitrepos" ) or die "Could not rename over old cgitrc: $!"; + + unlink( "/etc/ikiwiki/wikilist.d/" . $s->name ); + + $temp = File::Temp->new( ) or die "Could not create temporary file: $!"; + $temp->unlink_on_destroy( 0 ); + + $dh = IO::Dir->new( "/etc/ikiwiki/wikilist.d" ) or die "Could not open wikilist.d directory: $!"; + while ( defined ( my $entry = $dh->read ) ) { + next if ( $entry =~ /^\./ ); + open( FILE, "<", "/etc/ikiwiki/wikilist.d/" . $entry ) or die "Could not open wikilist.d entry $entry: $!"; + print $temp <FILE>; + close( FILE ) or die "Could not close wikilist.d entry $entry: $!"; + }; + + $temp->close or die "Could not close new wikilist: $!"; + + chmod( 00644, $temp->filename ) or die "Could not fix mode of new wikilist: $!"; + + rename( $temp->filename, "/etc/ikiwiki/wikilist" ) or die "Could not rename over old wikilist: $!"; + + system( "rm", "-rf", $s->secure_path, $s->ikiwiki_destdir, $s->ikiwiki_srcdir, "/etc/ikiwiki/piny/" . $s->name . ".setup", $s->path ); + + my $ikiuser = Piny::User::IkiWiki->new( "name" => "ikiwiki-" . $s->name ); + + system( "deluser", "--remove-home", $ikiuser->name ); + system( "delgroup", $ikiuser->name ); + system( "delgroup", "git-" . $s->name ); + +}; + # Triggers sub _rename_repo { @@ -283,14 +341,6 @@ sub create { print SETUP $repo->ikiwiki_setup; close( SETUP ) or die "Could not close new ikiwiki setup file: $!"; - open( APACHE, ">", "/etc/apache2/piny-available/" . $repo->name ) or die "Could not open new apache config: $!"; - print APACHE $repo->apache_config; - close( APACHE ) or die "Could not close new apache config: $!"; - - symlink( "/etc/apache2/piny-available/" . $repo->name, "/etc/apache2/piny-enabled/" . $repo->name ) or die "Could not symlink apache config: $!"; - - system( "/etc/init.d/apache2", "reload" ) and die "Could not reload apache config!"; - system( "/usr/bin/git", "clone", "--quiet", $repo->path, $repo->ikiwiki_srcdir ) and die "Could not clone repo to ikiwiki srcdir!"; mkdir( $repo->ikiwiki_destdir ) or die "Could not create ikiwiki destdir: $!"; @@ -315,6 +365,8 @@ sub create { $temp->close or die "Could not close new wikilist: $!"; + chmod( 00644, $temp->filename ) or die "Could not fix mode of new wikilist: $!"; + rename( $temp->filename, "/etc/ikiwiki/wikilist" ) or die "Could not rename over old wikilist: $!"; open( CGITLIST, ">", "/etc/cgitrc.d/" . $repo->name ) or die "Could not create cgitrc.d file: $!"; @@ -334,10 +386,20 @@ sub create { $temp->close or die "Could not close new cgitrc: $!"; + chmod( 00644, $temp->filename ) or die "Could not fix mode of new cgitrc: $!"; + rename( $temp->filename, "/etc/cgitrepos" ) or die "Could not rename over old cgitrc: $!"; system( "/usr/bin/sudo", "-u", $ikiuser->name, "/usr/bin/ikiwiki", "--setup", "/etc/ikiwiki/piny/" . $repo->name . ".setup" ) and die "Could not do initial compile of ikiwiki!"; + open( APACHE, ">", "/etc/apache2/piny-available/" . $repo->name ) or die "Could not open new apache config: $!"; + print APACHE $repo->apache_config; + close( APACHE ) or die "Could not close new apache config: $!"; + + symlink( "/etc/apache2/piny-available/" . $repo->name, "/etc/apache2/piny-enabled/" . $repo->name ) or die "Could not symlink apache config: $!"; + + system( "/etc/init.d/apache2", "reload" ) and die "Could not reload apache config!"; + return $repo; }; diff --git a/usr/src/pinyadmin/debian/control b/usr/src/pinyadmin/debian/control index 950a6c9..ea2b073 100644 --- a/usr/src/pinyadmin/debian/control +++ b/usr/src/pinyadmin/debian/control @@ -7,7 +7,7 @@ Standards-version: 3.8.4 Package: pinyadmin Architecture: all -Depends: ${perl:Depends}, ${misc:Depends}, libpiny-perl (>= 0.9) +Depends: ${perl:Depends}, ${misc:Depends}, libpiny-perl (>= 0.11) Description: Administrative programs for piny The command-line programs for day-to-day administrative tasks in the Piny infrastructure. diff --git a/usr/src/pinyadmin/sbin/rmrepo b/usr/src/pinyadmin/sbin/rmrepo index 864830f..8b26feb 100755 --- a/usr/src/pinyadmin/sbin/rmrepo +++ b/usr/src/pinyadmin/sbin/rmrepo @@ -3,62 +3,19 @@ use strict; use warnings; -my( $reponame, $uid, $gitowner, $wikilisttempfile, $cgitrctempfile); +use Piny; -if ( ( ! scalar $ARGV[0] ) or ( scalar $ARGV[1] ) or ( $ARGV[0] !~ /^[a-z0-9][a-z0-9-]+$/ ) ) { - print( "Usage: rmrepo REPONAME\n" ); - exit( 1 ); -} else { - $reponame = $ARGV[0]; -}; - -open (PASSWD, '/etc/passwd'); -while(<PASSWD>) { - if( $_ =~ /^$ENV{SUDO_USER}:.+?:(.+?):/ ) { $uid = $1; }; # grabbing uid. -}; -close(PASSWD); - -unless( -d "/srv/git/$reponame.git" ) { - print( "/srv/git/$reponame.git doesn't exist!\n" ); - exit( 2 ); -}; - -$gitowner = (stat "/srv/git/$reponame.git")[4]; +my $env = Piny::Environment->new; -if( ( $gitowner != $uid ) and ( $gitowner != 65534 ) ) { - print( "$reponame is not owned by you!\n" ); - exit( 3 ); -}; - -# We have to be careful about how we delete things; we don't want have post-update or ikiwiki.cgi thrashing, and we REALLY don't want to leave remappable owner UIDs around, but we're also keying security on /srv/git/$reponame -system( "/bin/chown -R nobody.nogroup /srv/git/$reponame.git" ); - -unlink( "/etc/ikiwiki/wikilist.d/$reponame" ); -$wikilisttempfile = `/bin/mktemp`; -chomp ( $wikilisttempfile ); -chmod ( 0644, $wikilisttempfile ); -system( "/bin/cat /etc/ikiwiki/wikilist.d/* > $wikilisttempfile" ); -system( "/bin/mv $wikilisttempfile /etc/ikiwiki/wikilist" ); # This is marginally racy, but the consequences are probably ignorable. +foreach my $reponame ( @ARGV ) { -unlink( "/etc/cgitrc.d/$reponame" ); -$cgitrctempfile = `/bin/mktemp`; -chomp ( $cgitrctempfile ); -chmod ( 0644, $cgitrctempfile ); -system( "/bin/cat /etc/cgitrc.d/* > $cgitrctempfile" ); -system( "/bin/mv $cgitrctempfile /etc/cgitrepos" ); # This is marginally racy, but the consequences are probably ignorable. + my $repo = Piny::Repo->new( $reponame ); -system( "/bin/rm -r /srv/www/piny.be/$reponame" ); -system( "/bin/rm -r /srv/www/secure.piny.be/repos/$reponame" ); + if ( $repo->owner->uid != $env->user->uid ) { + print STDERR "You are not the owner of $reponame!\n"; + exit 1; + }; -unlink( "/etc/ikiwiki/piny/$reponame.setup" ); -system( "/bin/rm -r /srv/ikiwiki/$reponame" ); + $repo->destroy; -unlink( "/etc/apache2/piny-available/$reponame" ); -unlink( "/etc/apache2/piny-enabled/$reponame" ); -system( '/etc/init.d/apache2 reload | grep -v "Reloading web server config: apache2."' ); - -system( "/usr/sbin/delgroup --quiet git-$reponame" ); -system( "/usr/sbin/deluser --quiet --remove-home ikiwiki-$reponame" ); -system( "/usr/sbin/delgroup --quiet ikiwiki-$reponame" ); - -system( "/bin/rm -rf /srv/git/$reponame.git" ); +}; |