diff options
| -rw-r--r-- | docs.mdwn | 1 | ||||
| -rw-r--r-- | docs/architecture.mdwn | 1 | ||||
| -rw-r--r-- | docs/architecture/needed_user_facing_infrastructure.mdwn | 2 | ||||
| -rw-r--r-- | libpiny/lib/Piny/Config.pm | 12 | ||||
| -rw-r--r-- | libpiny/lib/Piny/Repo.pm | 22 | ||||
| -rw-r--r-- | libpiny/lib/Piny/User.pm | 33 | ||||
| -rw-r--r-- | libpiny/share/ikiwiki.setup | 24 | ||||
| -rw-r--r-- | pinyadmin/Makefile | 1 | ||||
| l--------- | pinyadmin/bin/createuser | 1 | ||||
| -rw-r--r-- | pinyadmin/doc/newuser.latex | 6 | ||||
| -rwxr-xr-x | pinyadmin/sbin/newuser | 13 | ||||
| -rwxr-xr-x | pinyadmin/sbin/pinyconfig | 16 |
12 files changed, 104 insertions, 28 deletions
diff --git a/docs.mdwn b/docs.mdwn deleted file mode 100644 index 5a6f22b..0000000 --- a/docs.mdwn +++ /dev/null @@ -1 +0,0 @@ -[[!map pages="docs/* and ! docs/*/*"]] diff --git a/docs/architecture.mdwn b/docs/architecture.mdwn deleted file mode 100644 index 91e169c..0000000 --- a/docs/architecture.mdwn +++ /dev/null @@ -1 +0,0 @@ -[[!map pages="docs/architecture/* and ! docs/architecture/*/*"]] diff --git a/docs/architecture/needed_user_facing_infrastructure.mdwn b/docs/architecture/needed_user_facing_infrastructure.mdwn index 1e7284a..3e3171e 100644 --- a/docs/architecture/needed_user_facing_infrastructure.mdwn +++ b/docs/architecture/needed_user_facing_infrastructure.mdwn @@ -5,7 +5,7 @@ It'd be nice to maintain feature parity between command line access and web acce [[!table data=""" feature |command line |web -anonymous account creation |DONE: ssh createuser@piny.be |TODO: CGI frontend to adduser +anonymous account creation |DONE: ssh newuser@piny.be |TODO: CGI frontend to adduser password modification |DONE: /srv/rbin/passwd |TODO: Authen::PAM chauthtok CGI jblake: the pam interface was *really* not designed with http in mind though if you hard-code the interaction script it's not hard at all repo creation, deletion |DONE: /srv/rbin/newrepo, rmrepo, lsrepo |TODO: CGI frontend repo user management |DONE: /srv/rbin/addaccess, rmaccess, lsaccess |TODO: CGI frontend diff --git a/libpiny/lib/Piny/Config.pm b/libpiny/lib/Piny/Config.pm index 5cd99da..535df33 100644 --- a/libpiny/lib/Piny/Config.pm +++ b/libpiny/lib/Piny/Config.pm @@ -35,8 +35,8 @@ subtype 'PathDir' subtype 'HttpUrl' => as 'Str' - => where { $_ =~ /^http:\/\//i } - => message { 'Not a http:// URL.' } + => where { $_ =~ /^(http|https):\/\//i } + => message { 'Not a http:// or https:// URL.' } ; subtype 'HttpsUrl' @@ -107,6 +107,10 @@ sub _build__conf { }; + foreach my $key ( keys %$conf ) { + $conf->{$key} = "" unless defined $conf->{$key}; + }; + return $conf; }; @@ -204,6 +208,7 @@ sub tweakable { # The tweakables +# Repo-specific tweakables, in the repos' .git/config files. tweakable "piny_ikiwikidestdir" => "/srv/www/piny.be/", 'PathDir'; tweakable "piny_ikiwikisrcdir" => "/srv/ikiwiki/", 'PathDir'; tweakable "piny_ikiwikiurl" => "http://piny.be/", 'HttpUrl'; @@ -211,6 +216,9 @@ tweakable "piny_ikiwikisecureurl" => "https://secure.piny.be/", 'HttpsUrl' tweakable "piny_ikiwikisecurepath" => "/srv/www/secure.piny.be/", 'PathDir'; tweakable "receive_denynonfastforwards" => "true", 'GitBool'; +# User-specific tweakables, in the users' ~/.gitconfig files. +tweakable "user_email" => undef, 'Maybe[Str]'; + # Moose boilerplate __PACKAGE__->meta->make_immutable; diff --git a/libpiny/lib/Piny/Repo.pm b/libpiny/lib/Piny/Repo.pm index 17142ed..cfa73bd 100644 --- a/libpiny/lib/Piny/Repo.pm +++ b/libpiny/lib/Piny/Repo.pm @@ -203,6 +203,17 @@ sub has_access { sub rebuild { my ( $s ) = @_; + unless( getgrnam("git-" . $s->name ) ) { + system( "/usr/sbin/addgroup", "--quiet", "git-" . $s->name ) and die "Could not create repo group!"; + system( "/usr/sbin/adduser", "--quiet", $s->owner->name, "git-" . $s->name ) and die "Could not add you to the repo group!"; + system( "/usr/sbin/adduser", "--quiet", "ikiwiki-" . $s->name, "git-" . $s->name ) and print "...But that's probably okay.\n"; + }; + + unless( getpwnam("ikiwiki-" . $s->name ) ) { + system( "/usr/sbin/adduser", "--quiet", "--system", "--group", "--gecos", $s->name, "ikiwiki-" . $s->name ) and die "Could not create ikiwiki user!"; + system( "/usr/sbin/adduser", "--quiet", "ikiwiki-" . $s->name, "git-" . $s->name ) and die "Could not add ikiwiki user to the repo group!"; + }; + my $ikiuser = Piny::User::IkiWiki->new( "name" => "ikiwiki-" . $s->name ); foreach( "git-daemon-export-ok", "packed-refs" ) { @@ -210,7 +221,7 @@ sub rebuild { close( TOUCH ); }; - foreach( "info", "logs" ) { + foreach( "info", "logs", "branches" ) { (-e $s->path . "/" . $_) or mkdir( $s->path . "/" . $_ ) or die "Could not mkdir $_ for repo: $!"; }; @@ -226,7 +237,14 @@ sub rebuild { print SETUP $s->ikiwiki_setup; close( SETUP ) or die "Could not close new ikiwiki setup file: $!"; - system( "/bin/chown", "-R", $ikiuser->name . "." . $ikiuser->name, $s->ikiwiki_srcdir, $s->ikiwiki_destdir, $s->secure_path ) and die "Could not change ownership of ikiwiki directories!"; + unless( -d $s->ikiwiki_srcdir ) { + system( "/usr/bin/git", "clone", "--quiet", $s->path, $s->ikiwiki_srcdir ) and die "Could not clone repo to ikiwiki srcdir!"; + }; + + foreach( $ikiuser->name, $s->ikiwiki_srcdir, $s->ikiwiki_destdir, $s->secure_path ) { + unless( -d $_ ) { mkdir( $_ ) }; + system( "/bin/chown", "-R", $ikiuser->name . ".", $_ ) and die "Could not change ownership of ikiwiki directories!"; + }; open( WIKILIST, ">", "/etc/ikiwiki/wikilist.d/" . $s->name ) or die "Could not create wikilist.d file: $!"; print WIKILIST $ikiuser->name . " /etc/ikiwiki/piny/" . $s->name . ".setup\n"; diff --git a/libpiny/lib/Piny/User.pm b/libpiny/lib/Piny/User.pm index 6267ecb..780a698 100644 --- a/libpiny/lib/Piny/User.pm +++ b/libpiny/lib/Piny/User.pm @@ -10,6 +10,7 @@ use Moose; use Moose::Util::TypeConstraints; use MooseX::StrictConstructor; +use Piny::Config; use Piny::Email; use Piny::Group; @@ -49,6 +50,20 @@ has 'password_hash' => , init_arg => undef ); +has 'home' => + ( is => 'ro' + , isa => 'Path' + , lazy_build => 1 + , init_arg => undef + ); + +has 'config' => + ( is => 'ro' + , isa => 'Piny::Config' + , lazy_build => 1 + , init_arg => undef + ); + has 'email' => ( is => 'ro' , isa => 'Piny::Email' @@ -180,10 +195,26 @@ sub _build_password_hash { return $s->pwent( )->[1]; }; +sub _build_home { + my ( $s ) = @_; + + return $s->pwent( )->[7]; +}; + +sub _build_config { + my ( $s ) = @_; + + return Piny::Config->new( confpath => $s->home . "/.gitconfig" ); +}; + sub _build_email { my ( $s ) = @_; - return Piny::Email->new( address => $s->pwent( )->[6] ); + if ( not defined $s->config->user_email ) { + die "You must provide a user.email attribute in your .gitconfig!\nPlease run pinyconfig --user user.email your\@email.com"; + }; + + return Piny::Email->new( address => $s->config->user_email ); }; sub _build_groups { diff --git a/libpiny/share/ikiwiki.setup b/libpiny/share/ikiwiki.setup index e6619d4..1128143 100644 --- a/libpiny/share/ikiwiki.setup +++ b/libpiny/share/ikiwiki.setup @@ -6,14 +6,14 @@ # Remember to re-run ikiwiki --setup any time you edit this file. use IkiWiki::Setup::Standard { - # wikiname => "', # LATER MODIFIED BY LATER MODIFIED BY PINY - # adminemail => "', # LATER MODIFIED BY LATER MODIFIED BY PINY - # srcdir => "', # LATER MODIFIED BY PINY - # destdir => "', # LATER MODIFIED BY PINY - # url => "', # LATER MODIFIED BY PINY - # cgiurl => "', # LATER MODIFIED BY PINY - # historyurl => "', # LATER MODIFIED BY PINY - # diffurl => "', # LATER MODIFIED BY PINY + # wikiname => "', # OVERWRITTEN BY PINY + # adminemail => "', # OVERWRITTEN BY PINY + # srcdir => "', # OVERWRITTEN BY PINY + # destdir => "', # OVERWRITTEN BY PINY + # url => "', # OVERWRITTEN BY PINY + # cgiurl => "', # OVERWRITTEN BY PINY + # historyurl => "', # OVERWRITTEN BY PINY + # diffurl => "', # OVERWRITTEN BY PINY templatedir => "/srv/templates", # TODO: user-customizable templates underlaydir => "/usr/share/ikiwiki/basewiki", @@ -54,8 +54,9 @@ use IkiWiki::Setup::Standard { prefix_directives => 1, httpauth => 1, # To add plugins, list them here. - add_plugins => [qw{sidebar toc meta table tag graphviz httpauth img attachment rename remove map teximg version edittemplate rawhtml}], + add_plugins => [qw{autoindex sidebar toc meta table tag graphviz httpauth img attachment rename remove map teximg version edittemplate rawhtml}], disable_plugins => [qw{openid passwordauth}], + teximg_prefix => "\\documentclass{scrartcl} \\usepackage[version=3]{mhchem} \\usepackage{amsmath} @@ -69,6 +70,11 @@ use IkiWiki::Setup::Standard { # For use with the tag plugin, make all tags be located under a # base page. tagbase => "tag", + tag_autocreate => 1, + + # this uses transient.pm, which shows up in Ikiwiki in early 2011 + tag_autocreate_commit => 0, + autoindex_commit => 0, # For use with the search plugin if your estseek.cgi is located # somewhere else. diff --git a/pinyadmin/Makefile b/pinyadmin/Makefile index 64ac713..2f679e7 100644 --- a/pinyadmin/Makefile +++ b/pinyadmin/Makefile @@ -1,7 +1,6 @@ build: mkdir -p man for f in doc/*.latex; do latex2man $$f man/$$(basename $$f .latex).man; done - ln -s newuser.man man/createuser.man install: install -o root -g root -m 755 -d $(DESTDIR)/usr/bin $(DESTDIR)/usr/sbin diff --git a/pinyadmin/bin/createuser b/pinyadmin/bin/createuser deleted file mode 120000 index e9d7937..0000000 --- a/pinyadmin/bin/createuser +++ /dev/null @@ -1 +0,0 @@ -newuser
\ No newline at end of file diff --git a/pinyadmin/doc/newuser.latex b/pinyadmin/doc/newuser.latex index 721d468..c9e4492 100644 --- a/pinyadmin/doc/newuser.latex +++ b/pinyadmin/doc/newuser.latex @@ -1,6 +1,6 @@ \usepackage{latex2man} -\begin{Name}{8piny}{newuser}{Piny Team}{Piny}{createuser} +\begin{Name}{8piny}{newuser}{Piny Team}{Piny}{newuser} \Prog{newuser} - add a piny user @@ -8,9 +8,7 @@ \Prog{newuser} -\Prog{createuser} - \section{Description} The \Prog{newuser} program is an interactive script which walks the user through the process of creating a new Piny account. -Normally it is set as the shell of a passwordless user such as "newuser" or "createuser", so that users can create accounts without any assistance from a sysadmin. +Normally it is set as the shell of a passwordless user such as "newuser", so that users can create accounts without any assistance from a sysadmin. diff --git a/pinyadmin/sbin/newuser b/pinyadmin/sbin/newuser index e38e791..ef61cd7 100755 --- a/pinyadmin/sbin/newuser +++ b/pinyadmin/sbin/newuser @@ -5,6 +5,8 @@ use warnings; use Email::Valid::Loose qw( ); +use Piny::User; + my ( $email, $username, $password ); # Configure the strictness of our email checks. @@ -147,6 +149,17 @@ if ( $ret ) { exit 1; }; +my $u = Piny::User->new( $username ); + +open( GITCONFIG, ">", $u->home . "/.gitconfig" ) or die "Could not open .gitconfig for new user: $!\n"; +print GITCONFIG <<END; +[user] + email = $email +END +close( GITCONFIG ); + +chown( $u->uid, $u->group->gid, $u->home . "/.gitconfig" ); + print "Your user has been created. Try logging in!\n"; exit 0; diff --git a/pinyadmin/sbin/pinyconfig b/pinyadmin/sbin/pinyconfig index f6752db..e78cf3c 100755 --- a/pinyadmin/sbin/pinyconfig +++ b/pinyadmin/sbin/pinyconfig @@ -8,30 +8,36 @@ use Piny; my ( $reponame, $attr, $value ) = @ARGV; if ( not defined $reponame or not defined $attr ) { - die "Usage: $0 reponame tweakable [value]\n"; + die "Usage: $0 reponame|--user tweakable [value]\n"; }; $attr = lc $attr; $attr =~ s/\./_/g; -my $repo = Piny::Repo->new( $reponame ); +my $config; + +if ( $reponame eq "--user" ) { + $config = Piny::Environment->instance->user->config; +} else { + $config = Piny::Repo->new( $reponame )->config; +}; if ( defined $value ) { undef $@; eval { - $repo->config->$attr( $value ); + $config->$attr( $value ); }; if ( $@ ) { print STDERR "$attr is not a legal tweakable, or $value is not a legal value for that tweakable.\n$@\n"; }; - if ( $value ne $repo->config->$attr ) { + if ( $value ne $config->$attr ) { print STDERR "Failed to set $attr (perhaps an override is in place)\n"; }; }; undef $@; eval { - print "$attr = " . $repo->config->$attr . "\n"; + print "$attr = " . $config->$attr . "\n"; }; if ( $@ ) { print STDERR "$attr is not a legal tweakable, or its current value is illegal.\n$@\n"; |