From a6674104d95c50d6bd697c22087181289c64883b Mon Sep 17 00:00:00 2001 From: Joe Rayhawk Date: Wed, 11 May 2011 22:15:57 -0700 Subject: Make destroy_ikiwiki quieter --- libpiny/lib/Piny/Repo.pm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libpiny/lib/Piny/Repo.pm b/libpiny/lib/Piny/Repo.pm index f4dca6e..1f50957 100644 --- a/libpiny/lib/Piny/Repo.pm +++ b/libpiny/lib/Piny/Repo.pm @@ -355,8 +355,8 @@ sub destroy_ikiwiki { my $ikiuser = Piny::User::IkiWiki->new( "name" => "iki-" . $s->name ); - getpwnam( "iki-" . $s->shortname ) and system( "deluser", "--remove-home", "iki-" . $s->shortname ); - getgrnam( "iki-" . $s->shortname ) and system( "delgroup", "iki-" . $s->shortname ); + getpwnam( "iki-" . $s->shortname ) and system( "deluser", "--quiet", "--remove-home", "iki-" . $s->shortname ); + getgrnam( "iki-" . $s->shortname ) and system( "delgroup", "--quiet", "iki-" . $s->shortname ); }; -- cgit v1.2.3 From f4cb34f8a67c1a0db62633cf6547b3c08e68c976 Mon Sep 17 00:00:00 2001 From: Joe Rayhawk Date: Wed, 11 May 2011 22:17:04 -0700 Subject: switch piny_permission over to git-config-valid values --- libpiny/lib/Piny/Config.pm | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libpiny/lib/Piny/Config.pm b/libpiny/lib/Piny/Config.pm index 3c1ae3f..520e849 100644 --- a/libpiny/lib/Piny/Config.pm +++ b/libpiny/lib/Piny/Config.pm @@ -47,8 +47,8 @@ subtype 'HttpsUrl' subtype 'RepoPermission' => as 'Str' - => where { $_ eq "666" or $_ eq "664" or $_ eq "660" or $_ eq "640" } - => message { 'Must be one of 666, 664, 660, or 640.' } + => where { $_ eq "0666" or $_ eq "0664" or $_ eq "0660" or $_ eq "0640" } + => message { 'Must be one of 0666, 0664, 0660, or 0640.' } ; # Attributes @@ -245,7 +245,7 @@ tweakable "piny_ikiwikisrcdir" => "/srv/ikiwiki/", 'PathDir'; tweakable "piny_ikiwikiurl" => "http://piny.be/", 'HttpUrl'; tweakable "piny_ikiwikisecureurl" => "https://secure.piny.be/", 'HttpsUrl'; tweakable "piny_ikiwikisecurepath" => "/srv/www/secure.piny.be/", 'PathDir'; -tweakable "piny_permission" => '664', 'RepoPermission'; +tweakable "piny_permission" => '0664', 'RepoPermission'; tweakable "receive_denynonfastforwards" => "true", 'GitBool'; # User-specific tweakables, in the users' ~/.gitconfig files. -- cgit v1.2.3 From df72c02b16c0230cc7972141eb9aa96fd9244251 Mon Sep 17 00:00:00 2001 From: Joe Rayhawk Date: Wed, 11 May 2011 22:56:49 -0700 Subject: Making repopermissions even more git-friendly --- libpiny/lib/Piny/Config.pm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libpiny/lib/Piny/Config.pm b/libpiny/lib/Piny/Config.pm index 520e849..6a63168 100644 --- a/libpiny/lib/Piny/Config.pm +++ b/libpiny/lib/Piny/Config.pm @@ -47,8 +47,8 @@ subtype 'HttpsUrl' subtype 'RepoPermission' => as 'Str' - => where { $_ eq "0666" or $_ eq "0664" or $_ eq "0660" or $_ eq "0640" } - => message { 'Must be one of 0666, 0664, 0660, or 0640.' } + => where { $_ eq "0666" or $_ eq "0664" or $_ eq "0660" or $_ eq "0640" or $_ eq "group" or $_ eq "true" or $_ eq "all" or $_ eq "everybody" or $_ eq "world"} + => message { 'Must be one of 0666, 0664 (or all, everybody, world), 0660 (or true, group), or 0640.' } ; # Attributes -- cgit v1.2.3 From 0452db3d392040db271baf8e6d2da5d697097300 Mon Sep 17 00:00:00 2001 From: Joe Rayhawk Date: Wed, 11 May 2011 22:58:31 -0700 Subject: piny_permission -> core_sharedrepository --- libpiny/lib/Piny/Config.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libpiny/lib/Piny/Config.pm b/libpiny/lib/Piny/Config.pm index 6a63168..7ee815a 100644 --- a/libpiny/lib/Piny/Config.pm +++ b/libpiny/lib/Piny/Config.pm @@ -245,7 +245,7 @@ tweakable "piny_ikiwikisrcdir" => "/srv/ikiwiki/", 'PathDir'; tweakable "piny_ikiwikiurl" => "http://piny.be/", 'HttpUrl'; tweakable "piny_ikiwikisecureurl" => "https://secure.piny.be/", 'HttpsUrl'; tweakable "piny_ikiwikisecurepath" => "/srv/www/secure.piny.be/", 'PathDir'; -tweakable "piny_permission" => '0664', 'RepoPermission'; +tweakable "core_sharedrepository" => '0664', 'RepoPermission'; tweakable "receive_denynonfastforwards" => "true", 'GitBool'; # User-specific tweakables, in the users' ~/.gitconfig files. -- cgit v1.2.3 From 98f8029ea194326327f69b47cb0b95c0af72564f Mon Sep 17 00:00:00 2001 From: Joe Rayhawk Date: Thu, 12 May 2011 18:09:32 -0700 Subject: Adding pinyconfig.cgi and rebuildrepo.cgi --- pinyweb/cgi-bin/auth/pinyconfig.cgi | 22 ++++++++++++++++++++++ pinyweb/cgi-bin/auth/rebuildrepo.cgi | 22 ++++++++++++++++++++++ 2 files changed, 44 insertions(+) create mode 100755 pinyweb/cgi-bin/auth/pinyconfig.cgi create mode 100755 pinyweb/cgi-bin/auth/rebuildrepo.cgi diff --git a/pinyweb/cgi-bin/auth/pinyconfig.cgi b/pinyweb/cgi-bin/auth/pinyconfig.cgi new file mode 100755 index 0000000..f852a56 --- /dev/null +++ b/pinyweb/cgi-bin/auth/pinyconfig.cgi @@ -0,0 +1,22 @@ +#!/usr/bin/perl +$| = 1; + +open(STDERR, ">&STDOUT"); + +use warnings; + +use CGI; + +use IPC::Open2; + +$q = CGI->new; + +print( "Content-type: text/plain\n\n"); + +if( $q->param('r') && $q->param('n') && $q->param('v') ) { + unless( system( '/usr/sbin/piny-suid', $ENV{'REMOTE_USER'}, 'pinyconfig', $q->param('r'), $q->param('n'), $q->param('v') ) == 0 ) { + die( 'pinyconfig was unsuccessful.' ); + }; +} else { + print 'Missing parameters.'; +}; diff --git a/pinyweb/cgi-bin/auth/rebuildrepo.cgi b/pinyweb/cgi-bin/auth/rebuildrepo.cgi new file mode 100755 index 0000000..0d23fbd --- /dev/null +++ b/pinyweb/cgi-bin/auth/rebuildrepo.cgi @@ -0,0 +1,22 @@ +#!/usr/bin/perl +$| = 1; + +open(STDERR, ">&STDOUT"); + +use warnings; + +use CGI; + +use IPC::Open2; + +$q = CGI->new; + +print( "Content-type: text/plain\n\n"); + +if( $q->param('r') ) { + unless ( system( '/usr/sbin/piny-suid', $ENV{'REMOTE_USER'}, 'rebuildrepo', $q->param('r') ) == 0 ) { + die( 'rebuildrepo was unsuccessful.' ); + }; +} else { + print 'Missing parameters.'; +}; -- cgit v1.2.3 From 336f98bc53c1ca862d696d18642ed552f425724e Mon Sep 17 00:00:00 2001 From: "jrayhawk+piny.be@omgwallhack.org" Date: Thu, 12 May 2011 20:04:07 -0700 Subject: Add lsaccess.cgi and lsrepo.cgi --- pinyweb/cgi-bin/auth/lsaccess.cgi | 24 ++++++++++++++++++++++++ pinyweb/cgi-bin/auth/lsrepo.cgi | 18 ++++++++++++++++++ 2 files changed, 42 insertions(+) create mode 100755 pinyweb/cgi-bin/auth/lsaccess.cgi create mode 100755 pinyweb/cgi-bin/auth/lsrepo.cgi diff --git a/pinyweb/cgi-bin/auth/lsaccess.cgi b/pinyweb/cgi-bin/auth/lsaccess.cgi new file mode 100755 index 0000000..f7c9a06 --- /dev/null +++ b/pinyweb/cgi-bin/auth/lsaccess.cgi @@ -0,0 +1,24 @@ +#!/usr/bin/perl +$| = 1; + +open(STDERR, ">&STDOUT"); + +use warnings; + +use CGI; + +use IPC::Open2; + +$q = CGI->new; + +print( "Content-type: text/plain\n\n"); + +if( $q->param('r') ) { + unless ( system( '/usr/sbin/piny-suid', $ENV{'REMOTE_USER'}, 'lsaccess', $q->param('r') ) == 0 ) { + die( 'lsaccess was unsuccessful.' ); + }; +} else { + unless ( system( '/usr/sbin/piny-suid', $ENV{'REMOTE_USER'}, 'lsaccess' ) == 0 ) { + die( 'lsaccess was unsuccessful.' ); + }; +}; diff --git a/pinyweb/cgi-bin/auth/lsrepo.cgi b/pinyweb/cgi-bin/auth/lsrepo.cgi new file mode 100755 index 0000000..599eb80 --- /dev/null +++ b/pinyweb/cgi-bin/auth/lsrepo.cgi @@ -0,0 +1,18 @@ +#!/usr/bin/perl +$| = 1; + +open(STDERR, ">&STDOUT"); + +use warnings; + +use CGI; + +use IPC::Open2; + +$q = CGI->new; + +print( "Content-type: text/plain\n\n"); + +unless ( system( '/usr/sbin/piny-suid', $ENV{'REMOTE_USER'}, 'lsrepo' ) == 0 ) { + die( 'lsrepo was unsuccessful.' ); +}; -- cgit v1.2.3 From 7ffed596511dab81353b8af3096e17d104278679 Mon Sep 17 00:00:00 2001 From: Joe Rayhawk Date: Thu, 12 May 2011 21:24:13 -0700 Subject: pinyconfig.cgi: enabling variable listing --- pinyweb/cgi-bin/auth/pinyconfig.cgi | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/pinyweb/cgi-bin/auth/pinyconfig.cgi b/pinyweb/cgi-bin/auth/pinyconfig.cgi index f852a56..af7cebd 100755 --- a/pinyweb/cgi-bin/auth/pinyconfig.cgi +++ b/pinyweb/cgi-bin/auth/pinyconfig.cgi @@ -17,6 +17,10 @@ if( $q->param('r') && $q->param('n') && $q->param('v') ) { unless( system( '/usr/sbin/piny-suid', $ENV{'REMOTE_USER'}, 'pinyconfig', $q->param('r'), $q->param('n'), $q->param('v') ) == 0 ) { die( 'pinyconfig was unsuccessful.' ); }; +} elsif( $q->param('r') ) { + unless( system( '/usr/sbin/piny-suid', $ENV{'REMOTE_USER'}, 'pinyconfig', $q->param('r') ) == 0 ) { + die( 'pinyconfig was unsuccessful.' ); + }; } else { print 'Missing parameters.'; }; -- cgit v1.2.3 From bde32987fd3b9ccb1c830bb290fa4008b3a8c84c Mon Sep 17 00:00:00 2001 From: Joe Rayhawk Date: Thu, 12 May 2011 21:35:22 -0700 Subject: pinyweb: making '0' an acceptable variable value --- pinyweb/cgi-bin/auth/addaccess.cgi | 2 +- pinyweb/cgi-bin/auth/lsaccess.cgi | 2 +- pinyweb/cgi-bin/auth/newrepo.cgi | 2 +- pinyweb/cgi-bin/auth/pinyconfig.cgi | 4 ++-- pinyweb/cgi-bin/auth/rebuildrepo.cgi | 2 +- pinyweb/cgi-bin/auth/rmaccess.cgi | 2 +- pinyweb/cgi-bin/auth/rmrepo.cgi | 2 +- 7 files changed, 8 insertions(+), 8 deletions(-) diff --git a/pinyweb/cgi-bin/auth/addaccess.cgi b/pinyweb/cgi-bin/auth/addaccess.cgi index fca9574..f86c19e 100755 --- a/pinyweb/cgi-bin/auth/addaccess.cgi +++ b/pinyweb/cgi-bin/auth/addaccess.cgi @@ -13,7 +13,7 @@ $q = CGI->new; print( "Content-type: text/plain\n\n"); -if( $q->param('r') && $q->param('n') ) { +if( defined( $q->param('r') ) && defined( $q->param('n') ) ) { unless( system( '/usr/sbin/piny-suid', $ENV{'REMOTE_USER'}, 'addaccess', $q->param('r'), $q->param('n') ) == 0 ) { die( 'Addaccess was unsuccessful.' ); }; diff --git a/pinyweb/cgi-bin/auth/lsaccess.cgi b/pinyweb/cgi-bin/auth/lsaccess.cgi index f7c9a06..354ba32 100755 --- a/pinyweb/cgi-bin/auth/lsaccess.cgi +++ b/pinyweb/cgi-bin/auth/lsaccess.cgi @@ -13,7 +13,7 @@ $q = CGI->new; print( "Content-type: text/plain\n\n"); -if( $q->param('r') ) { +if( defined( $q->param('r') ) ) { unless ( system( '/usr/sbin/piny-suid', $ENV{'REMOTE_USER'}, 'lsaccess', $q->param('r') ) == 0 ) { die( 'lsaccess was unsuccessful.' ); }; diff --git a/pinyweb/cgi-bin/auth/newrepo.cgi b/pinyweb/cgi-bin/auth/newrepo.cgi index 000be02..aa42732 100755 --- a/pinyweb/cgi-bin/auth/newrepo.cgi +++ b/pinyweb/cgi-bin/auth/newrepo.cgi @@ -13,7 +13,7 @@ $q = CGI->new; print( "Content-type: text/plain\n\n"); -if( $q->param('r') && $q->param('d') ) { +if( defined( $q->param('r') ) && defined( $q->param('d') ) ) { unless( open2( OUT, IN, '/usr/sbin/piny-suid', $ENV{'REMOTE_USER'}, 'newrepo', '--batch', $q->param('r') ) ) { die 'could not execute newrepo'; }; diff --git a/pinyweb/cgi-bin/auth/pinyconfig.cgi b/pinyweb/cgi-bin/auth/pinyconfig.cgi index af7cebd..4fd8e89 100755 --- a/pinyweb/cgi-bin/auth/pinyconfig.cgi +++ b/pinyweb/cgi-bin/auth/pinyconfig.cgi @@ -13,11 +13,11 @@ $q = CGI->new; print( "Content-type: text/plain\n\n"); -if( $q->param('r') && $q->param('n') && $q->param('v') ) { +if( defined( $q->param('r') ) && defined( $q->param('n') ) && defined( $q->param('v') ) ) { unless( system( '/usr/sbin/piny-suid', $ENV{'REMOTE_USER'}, 'pinyconfig', $q->param('r'), $q->param('n'), $q->param('v') ) == 0 ) { die( 'pinyconfig was unsuccessful.' ); }; -} elsif( $q->param('r') ) { +} elsif( defined( $q->param('r') ) ) { unless( system( '/usr/sbin/piny-suid', $ENV{'REMOTE_USER'}, 'pinyconfig', $q->param('r') ) == 0 ) { die( 'pinyconfig was unsuccessful.' ); }; diff --git a/pinyweb/cgi-bin/auth/rebuildrepo.cgi b/pinyweb/cgi-bin/auth/rebuildrepo.cgi index 0d23fbd..912e004 100755 --- a/pinyweb/cgi-bin/auth/rebuildrepo.cgi +++ b/pinyweb/cgi-bin/auth/rebuildrepo.cgi @@ -13,7 +13,7 @@ $q = CGI->new; print( "Content-type: text/plain\n\n"); -if( $q->param('r') ) { +if( defined( $q->param('r') ) ) { unless ( system( '/usr/sbin/piny-suid', $ENV{'REMOTE_USER'}, 'rebuildrepo', $q->param('r') ) == 0 ) { die( 'rebuildrepo was unsuccessful.' ); }; diff --git a/pinyweb/cgi-bin/auth/rmaccess.cgi b/pinyweb/cgi-bin/auth/rmaccess.cgi index 5123041..35736ab 100755 --- a/pinyweb/cgi-bin/auth/rmaccess.cgi +++ b/pinyweb/cgi-bin/auth/rmaccess.cgi @@ -13,7 +13,7 @@ $q = CGI->new; print( "Content-type: text/plain\n\n"); -if( $q->param('r') && $q->param('n') ) { +if( defined( $q->param('r') ) && defined( $q->param('n') ) ) { unless ( system( '/usr/sbin/piny-suid', $ENV{'REMOTE_USER'}, 'rmaccess', $q->param('r'), $q->param('n') ) == 0 ) { die( 'rmaccess was unsuccessful.' ); }; diff --git a/pinyweb/cgi-bin/auth/rmrepo.cgi b/pinyweb/cgi-bin/auth/rmrepo.cgi index 2d0ff23..f57170a 100755 --- a/pinyweb/cgi-bin/auth/rmrepo.cgi +++ b/pinyweb/cgi-bin/auth/rmrepo.cgi @@ -13,7 +13,7 @@ $q = CGI->new; print( "Content-type: text/plain\n\n"); -if( $q->param('r') ) { +if( defined( $q->param('r') ) ) { unless ( system( '/usr/sbin/piny-suid', $ENV{'REMOTE_USER'}, 'rmrepo', $q->param('r') ) == 0 ) { die( 'rmrepo was unsuccessful.' ); }; -- cgit v1.2.3 From 9a8be1d87c03fbcdbc7b62e1369cdfe3f5aba193 Mon Sep 17 00:00:00 2001 From: Joe Rayhawk Date: Fri, 13 May 2011 14:54:08 -0700 Subject: Partially bringing data.mdwn up to date --- docs/architecture/data.mdwn | 29 +++++++++++++---------------- 1 file changed, 13 insertions(+), 16 deletions(-) diff --git a/docs/architecture/data.mdwn b/docs/architecture/data.mdwn index cc824ab..76e69ea 100644 --- a/docs/architecture/data.mdwn +++ b/docs/architecture/data.mdwn @@ -1,19 +1,16 @@ -Data model! - -Dynamic data lookup should opportunisticly cache any associated cheap data. For instance, there are three data from stat(/srv/git/$reponame.git), so looking up one should grab the others. Jules points out that everything here is inherently cached, and I should be using getpw*() for passwd parsing. +# Data model [[!table format=dsv delimiter=# data=""" -datum #stored location #constraint -username #usually $ENV{SUDO_USER} # !~ /^git-|^iki-/ and =~ /^[a-zA-Z][a-zA-Z0-9_.-]{0,30}$/ -uid #/etc/passwd # None -email #/etc/passwd GECOS #Email::Valid::Loose->new("-fqdn" => 1, "-fudge" => 0, "-local_rules" => 0, "-mxcheck" => 1, "-tldcheck" => 0 ); -repoaccess #/etc/group git-$reponame entry # None -reponame #/srv/git/$reponame.git # =~ /^[a-z0-9][a-z0-9.-]*$/ -repodescription #/srv/git/$reponame.git/description # =~ /^[\x{0020}-\x{FDCF}\x{FDF0}-\x{FFFD}]{1,80}$/ -repoowner #stat /srv/git/$reponame.git/objects uid; might be better as first non-ikiwiki user in /etc/group git-$reponame entry # None -repoglobalwritable #stat /srv/git/$reponame.git/objects o+w bit # None -repoglobalreadable #stat /srv/git/$reponame.git/objects o+r bit # None -repoikiwikidisable #probably in /srv/git/$reponame.git/config # None -repointernaltemplates #probably in /srv/git/$reponame.git/config # None -repospecialdomain #probably in /srv/git/$reponame.git/config # None +datum # stored location #constraint +username # usually $ENV{SUDO_USER} # !~ /^git-|^iki-/ and =~ /^[a-zA-Z][a-zA-Z0-9_.-]{0,30}$/ +uid # /etc/passwd # >= 1000 +user.email # pinyconfig # Email::Valid::Loose->new("-fqdn" => 1, "-fudge" => 0, "-local_rules" => 0, "-mxcheck" => 1, "-tldcheck" => 0 ); +repoaccess # /etc/group git-$reponame # None +reponame # /srv/git/$reponame.git # =~ /^[a-z0-9][a-z0-9.-]*$/ +repodescription # /srv/git/$reponame.git/description # =~ /^[\x{0020}-\x{FDCF}\x{FDF0}-\x{FFFD}]{1,80}$/ +repoowner # /srv/git/$reponame.git/objects owner # None +core.sharedrepository # pinyconfig # =~ /^(0666|0664|all|world|everybody|0660|group|true|0640)$/ +piny.ikiwiki # pinyconfig # =~ /^(1|0|true|false)$/ +piny.ikiwikitemplates # TODO, presumably pinyconfig # None +piny.ikiwikidomain # TODO, presumably pinyconfig # None """]] -- cgit v1.2.3