summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xlibpiny/debian/libpiny-perl.postinst4
-rw-r--r--libpiny/lib/Piny/Config.pm10
-rw-r--r--libpiny/lib/Piny/Repo.pm20
-rw-r--r--libpiny/lib/Piny/User.pm33
-rwxr-xr-xpinyadmin/sbin/newuser13
-rwxr-xr-xpinyadmin/sbin/pinyconfig16
-rw-r--r--pinyconfigs/etc/apache2/sites-available/piny4
-rwxr-xr-xpinyweb/cgi-bin/newuser.cgi56
8 files changed, 128 insertions, 28 deletions
diff --git a/libpiny/debian/libpiny-perl.postinst b/libpiny/debian/libpiny-perl.postinst
index 065289a..85cca0c 100755
--- a/libpiny/debian/libpiny-perl.postinst
+++ b/libpiny/debian/libpiny-perl.postinst
@@ -7,9 +7,11 @@ case "$1" in
configure)
if [ ! -f /etc/libpiny.key ]; then
- umask 0177
+ umask 0137
dd if=/dev/urandom of=/etc/libpiny.key bs=512 count=1
fi
+ chgrp shadow /etc/libpiny.key
+ chmod g+r /etc/libpiny.key # Updating an old umask
;;
diff --git a/libpiny/lib/Piny/Config.pm b/libpiny/lib/Piny/Config.pm
index 29a06d5..535df33 100644
--- a/libpiny/lib/Piny/Config.pm
+++ b/libpiny/lib/Piny/Config.pm
@@ -55,7 +55,7 @@ has 'confpath' =>
has '_conf' =>
( is => 'ro'
- , isa => 'HashRef[Maybe[Str]]'
+ , isa => 'HashRef[Str]'
, lazy_build => 1
, clearer => 'clear_conf'
, init_arg => undef
@@ -107,6 +107,10 @@ sub _build__conf {
};
+ foreach my $key ( keys %$conf ) {
+ $conf->{$key} = "" unless defined $conf->{$key};
+ };
+
return $conf;
};
@@ -204,6 +208,7 @@ sub tweakable {
# The tweakables
+# Repo-specific tweakables, in the repos' .git/config files.
tweakable "piny_ikiwikidestdir" => "/srv/www/piny.be/", 'PathDir';
tweakable "piny_ikiwikisrcdir" => "/srv/ikiwiki/", 'PathDir';
tweakable "piny_ikiwikiurl" => "http://piny.be/", 'HttpUrl';
@@ -211,6 +216,9 @@ tweakable "piny_ikiwikisecureurl" => "https://secure.piny.be/", 'HttpsUrl'
tweakable "piny_ikiwikisecurepath" => "/srv/www/secure.piny.be/", 'PathDir';
tweakable "receive_denynonfastforwards" => "true", 'GitBool';
+# User-specific tweakables, in the users' ~/.gitconfig files.
+tweakable "user_email" => undef, 'Maybe[Str]';
+
# Moose boilerplate
__PACKAGE__->meta->make_immutable;
diff --git a/libpiny/lib/Piny/Repo.pm b/libpiny/lib/Piny/Repo.pm
index 306b3a8..335843e 100644
--- a/libpiny/lib/Piny/Repo.pm
+++ b/libpiny/lib/Piny/Repo.pm
@@ -203,12 +203,15 @@ sub has_access {
sub rebuild {
my ( $s ) = @_;
- unless( getgrnam("git-" . $s->name ); ) {
- system( "/usr/sbin/addgroup", "--quiet", "git-$s->name" ) and die "Could not create repo group!";
+ unless( getgrnam("git-" . $s->name ) ) {
+ system( "/usr/sbin/addgroup", "--quiet", "git-" . $s->name ) and die "Could not create repo group!";
+ system( "/usr/sbin/adduser", "--quiet", $s->owner->name, "git-" . $s->name ) and die "Could not add you to the repo group!";
+ system( "/usr/sbin/adduser", "--quiet", "iki-" . $s->name, "git-" . $s->name ) and print "...But that's probably okay.\n";
};
- unless( getpwname("iki-" . $s->name ); ) {
- system( "/usr/sbin/adduser", "--quiet", "--system", "--group", "--gecos", $s->name, "iki-$s->name" ) and die "Could not create ikiwiki user!";
+ unless( getpwnam("iki-" . $s->name ) ) {
+ system( "/usr/sbin/adduser", "--quiet", "--system", "--group", "--gecos", $s->name, "iki-" . $s->name ) and die "Could not create ikiwiki user!";
+ system( "/usr/sbin/adduser", "--quiet", "iki-" . $s->name, "git-" . $s->name ) and die "Could not add ikiwiki user to the repo group!";
};
my $ikiuser = Piny::User::IkiWiki->new( "name" => "iki-" . $s->name );
@@ -234,7 +237,14 @@ sub rebuild {
print SETUP $s->ikiwiki_setup;
close( SETUP ) or die "Could not close new ikiwiki setup file: $!";
- system( "/bin/chown", "-R", $ikiuser->name . "." . $ikiuser->name, $s->ikiwiki_srcdir, $s->ikiwiki_destdir, $s->secure_path ) and die "Could not change ownership of ikiwiki directories!";
+ unless( -d $s->ikiwiki_srcdir ) {
+ system( "/usr/bin/git", "clone", "--quiet", $s->path, $s->ikiwiki_srcdir ) and die "Could not clone repo to ikiwiki srcdir!";
+ };
+
+ foreach( $ikiuser->name, $s->ikiwiki_srcdir, $s->ikiwiki_destdir, $s->secure_path ) {
+ unless( -d $_ ) { mkdir( $_ ) };
+ system( "/bin/chown", "-R", $ikiuser->name . ".", $_ ) and die "Could not change ownership of ikiwiki directories!";
+ };
open( WIKILIST, ">", "/etc/ikiwiki/wikilist.d/" . $s->name ) or die "Could not create wikilist.d file: $!";
print WIKILIST $ikiuser->name . " /etc/ikiwiki/piny/" . $s->name . ".setup\n";
diff --git a/libpiny/lib/Piny/User.pm b/libpiny/lib/Piny/User.pm
index baae258..f742f87 100644
--- a/libpiny/lib/Piny/User.pm
+++ b/libpiny/lib/Piny/User.pm
@@ -10,6 +10,7 @@ use Moose;
use Moose::Util::TypeConstraints;
use MooseX::StrictConstructor;
+use Piny::Config;
use Piny::Email;
use Piny::Group;
@@ -49,6 +50,20 @@ has 'password_hash' =>
, init_arg => undef
);
+has 'home' =>
+ ( is => 'ro'
+ , isa => 'Path'
+ , lazy_build => 1
+ , init_arg => undef
+ );
+
+has 'config' =>
+ ( is => 'ro'
+ , isa => 'Piny::Config'
+ , lazy_build => 1
+ , init_arg => undef
+ );
+
has 'email' =>
( is => 'ro'
, isa => 'Piny::Email'
@@ -180,10 +195,26 @@ sub _build_password_hash {
return $s->pwent( )->[1];
};
+sub _build_home {
+ my ( $s ) = @_;
+
+ return $s->pwent( )->[7];
+};
+
+sub _build_config {
+ my ( $s ) = @_;
+
+ return Piny::Config->new( confpath => $s->home . "/.gitconfig" );
+};
+
sub _build_email {
my ( $s ) = @_;
- return Piny::Email->new( address => $s->pwent( )->[6] );
+ if ( not defined $s->config->user_email ) {
+ die "You must provide a user.email attribute in your .gitconfig!\nPlease run pinyconfig --user user.email your\@email.com";
+ };
+
+ return Piny::Email->new( address => $s->config->user_email );
};
sub _build_groups {
diff --git a/pinyadmin/sbin/newuser b/pinyadmin/sbin/newuser
index c463aa9..7b864b7 100755
--- a/pinyadmin/sbin/newuser
+++ b/pinyadmin/sbin/newuser
@@ -5,6 +5,8 @@ use warnings;
use Email::Valid::Loose qw( );
+use Piny::User;
+
my ( $email, $username, $password );
# Configure the strictness of our email checks.
@@ -147,6 +149,17 @@ if ( $ret ) {
exit 1;
};
+my $u = Piny::User->new( $username );
+
+open( GITCONFIG, ">", $u->home . "/.gitconfig" ) or die "Could not open .gitconfig for new user: $!\n";
+print GITCONFIG <<END;
+[user]
+ email = $email
+END
+close( GITCONFIG );
+
+chown( $u->uid, (getgrnam("users"))[2] , $u->home . "/.gitconfig" );
+
print "Your user has been created. Try logging in!\n";
exit 0;
diff --git a/pinyadmin/sbin/pinyconfig b/pinyadmin/sbin/pinyconfig
index f6752db..e78cf3c 100755
--- a/pinyadmin/sbin/pinyconfig
+++ b/pinyadmin/sbin/pinyconfig
@@ -8,30 +8,36 @@ use Piny;
my ( $reponame, $attr, $value ) = @ARGV;
if ( not defined $reponame or not defined $attr ) {
- die "Usage: $0 reponame tweakable [value]\n";
+ die "Usage: $0 reponame|--user tweakable [value]\n";
};
$attr = lc $attr;
$attr =~ s/\./_/g;
-my $repo = Piny::Repo->new( $reponame );
+my $config;
+
+if ( $reponame eq "--user" ) {
+ $config = Piny::Environment->instance->user->config;
+} else {
+ $config = Piny::Repo->new( $reponame )->config;
+};
if ( defined $value ) {
undef $@;
eval {
- $repo->config->$attr( $value );
+ $config->$attr( $value );
};
if ( $@ ) {
print STDERR "$attr is not a legal tweakable, or $value is not a legal value for that tweakable.\n$@\n";
};
- if ( $value ne $repo->config->$attr ) {
+ if ( $value ne $config->$attr ) {
print STDERR "Failed to set $attr (perhaps an override is in place)\n";
};
};
undef $@;
eval {
- print "$attr = " . $repo->config->$attr . "\n";
+ print "$attr = " . $config->$attr . "\n";
};
if ( $@ ) {
print STDERR "$attr is not a legal tweakable, or its current value is illegal.\n$@\n";
diff --git a/pinyconfigs/etc/apache2/sites-available/piny b/pinyconfigs/etc/apache2/sites-available/piny
index a8e69d3..691c238 100644
--- a/pinyconfigs/etc/apache2/sites-available/piny
+++ b/pinyconfigs/etc/apache2/sites-available/piny
@@ -10,7 +10,7 @@
Alias /js /usr/share/javascript
- RedirectMatch 301 ^/$ http://piny.be/piny-web/
+ RedirectMatch 301 ^/$ http://piny.be/piny-hosting/
</VirtualHost>
<VirtualHost *:80>
@@ -29,7 +29,7 @@
Alias /js /usr/share/javascript
- RedirectMatch 301 ^/$ http://piny.be/piny-web/
+ RedirectMatch 301 ^/$ http://piny.be/piny-hosting/
SSLEngine On
SSLCertificateFile /etc/ssl/private/secure.piny.be.pem
diff --git a/pinyweb/cgi-bin/newuser.cgi b/pinyweb/cgi-bin/newuser.cgi
index 90c2d59..4f1263b 100755
--- a/pinyweb/cgi-bin/newuser.cgi
+++ b/pinyweb/cgi-bin/newuser.cgi
@@ -9,23 +9,53 @@ use CGI;
use IPC::Open2;
+use Piny::Auth;
+
$q = CGI->new;
print( "Content-type: text/plain\n\n" );
-if( $q->param('n') && $q->param('a') && $q->param('p') ) {
- unless( open2( OUT, IN, '/usr/bin/sudo', '/usr/sbin/newuser', '--batch', $q->param('a'), $q->param('n') ) ) {
- print 'could not execute newrepo';
- die;
- };
- # make things flushier
- select((select(IN), $| = 1)[0]);
- select((select(OUT), $| = 1)[0]);
- print( IN $q->param('p') . "\n" );
- close( IN );
- while( <OUT> ) {
- print;
+if( $q->param("n") && $q->param("a") && $q->param("p") ) {
+
+ my $auth = Piny::Auth->new( );
+
+ my $code = $auth->hash( { "n" => $q->param( "n" ), "a" => $q->param( "a" ), "p" => $q->param( "p" ) } );
+
+ if ( $q->param("h") && $q->param("h") eq $code ) {
+ unless( open2( OUT, IN, "/usr/bin/sudo", "/usr/sbin/newuser", "--batch", $q->param("a"), $q->param("n") ) ) {
+ print "could not execute newrepo";
+ die;
+ };
+ # make things flushier
+ select((select(IN), $| = 1)[0]);
+ select((select(OUT), $| = 1)[0]);
+ print( IN $q->param("p") . "\n" );
+ close( IN );
+ while( <OUT> ) {
+ print;
+ };
+ } else { # No hash, they need one sent to their address
+ print( "Dispatching email to " . $q->param("a") . "...\n" );
+ unless( open( MAIL, "|/usr/lib/sendmail -t" ) ) {
+ print "could not execute sendmail";
+ die;
+ };
+ print( MAIL "To: " . $q->param("a") . "\n" );
+ print( MAIL "Subject: Verifying account " . $q->param("n") . "\n" );
+ print( MAIL "Content-Type: text/plain; charset=us-ascii\n\n" );
+ print( MAIL "http" );
+ if( $ENV{"HTTPS"} eq "on" ) {
+ print( MAIL "s" );
+ };
+ print( MAIL "://" . $ENV{"SERVER_NAME"} . $ENV{"SCRIPT_NAME"} . "?" );
+ print( MAIL "h=" . $code );
+ print( MAIL "&n=" . $q->param("n") );
+ print( MAIL "&a=" . $q->param("a") );
+ print( MAIL "&p=" . $q->param("p") );
+ print( MAIL "\n");
+ close( MAIL );
+ print( "Done!" );
};
} else {
- print 'Missing parameters.';
+ print( "Missing parameters." );
};