From 940fcea58adc84f32aea4e773a71e043e43d9398 Mon Sep 17 00:00:00 2001 From: Julian Blake Kongslie Date: Mon, 19 Jul 2010 02:02:47 -0700 Subject: Correct mode for /etc/cgitrepos. --- usr/src/libpiny/lib/Piny/Repo.pm | 2 ++ 1 file changed, 2 insertions(+) (limited to 'usr') diff --git a/usr/src/libpiny/lib/Piny/Repo.pm b/usr/src/libpiny/lib/Piny/Repo.pm index 7cffd68..d8501f8 100644 --- a/usr/src/libpiny/lib/Piny/Repo.pm +++ b/usr/src/libpiny/lib/Piny/Repo.pm @@ -334,6 +334,8 @@ sub create { $temp->close or die "Could not close new cgitrc: $!"; + chmod( 00644, $temp->filename ); + rename( $temp->filename, "/etc/cgitrepos" ) or die "Could not rename over old cgitrc: $!"; system( "/usr/bin/sudo", "-u", $ikiuser->name, "/usr/bin/ikiwiki", "--setup", "/etc/ikiwiki/piny/" . $repo->name . ".setup" ) and die "Could not do initial compile of ikiwiki!"; -- cgit v1.2.3 From d70d3046d0816d457e9279ccca7eeb48eb6a5021 Mon Sep 17 00:00:00 2001 From: Julian Blake Kongslie Date: Mon, 19 Jul 2010 02:29:48 -0700 Subject: Code for destroying repos. --- usr/src/libpiny/lib/Piny/Repo.pm | 78 +++++++++++++++++++++++++++++++++++----- 1 file changed, 69 insertions(+), 9 deletions(-) (limited to 'usr') diff --git a/usr/src/libpiny/lib/Piny/Repo.pm b/usr/src/libpiny/lib/Piny/Repo.pm index d8501f8..05c5793 100644 --- a/usr/src/libpiny/lib/Piny/Repo.pm +++ b/usr/src/libpiny/lib/Piny/Repo.pm @@ -182,6 +182,64 @@ sub has_access { return $s->owner->uid == $user->uid || $user->has_group( $s->group ); }; +sub destroy { + my ( $s ) = @_; + + my $user = Piny::Environment->instance->user; + + unlink( "/etc/apache2/piny-enabled/" . $s->name ); + unlink( "/etc/apache2/piny-available/" . $s->name ); + + system( "/etc/init.d/apache2", "reload" ) and die "Could not reload apache config!"; + + unlink( "/etc/cgitrc.d/" . $s->name ); + + my $temp = File::Temp->new( ) or die "Could not create temporary file: $!"; + $temp->unlink_on_destroy( 0 ); + + $dh = IO::Dir->new( "/etc/cgitrc.d" ) or die "Could not open cgitrc.d directory: $!"; + while ( defined ( my $entry = $dh->read ) ) { + next if ( $entry =~ /^\./ ); + open( FILE, "<", "/etc/cgitrc.d" . $entry ) or die "Could not open cgitrc.d entry $entry: $!"; + print $temp ; + close( FILE ) or die "Could not close cgitrc.d entry $entry: $!"; + }; + + $temp->close or die "Could not close new cgitrc: $!"; + + chmod( 00644, $temp->filename ) or die "Could not fix mode of new cgitrc: $!"; + + rename( $temp->filename, "/etc/cgitrepos" ) or die "Could not rename over old cgitrc: $!"; + + unlink( "/etc/ikiwiki/wikilist.d/" . $s->name ); + + $temp = File::Temp->new( ) or die "Could not create temporary file: $!"; + $temp->unlink_on_destroy( 0 ); + + $dh = IO::Dir->new( "/etc/ikiwiki/wikilist.d" ) or die "Could not open wikilist.d directory: $!"; + while ( defined ( my $entry = $dh->read ) ) { + next if ( $entry =~ /^\./ ); + open( FILE, "<", "/etc/ikiwiki/wikilist.d/" . $entry ) or die "Could not open wikilist.d entry $entry: $!"; + print $temp ; + close( FILE ) or die "Could not close wikilist.d entry $entry: $!"; + }; + + $temp->close or die "Could not close new wikilist: $!"; + + chmod( 00644, $temp->filename ) or die "Could not fix mode of new wikilist: $!"; + + rename( $temp->filename, "/etc/ikiwiki/wikilist" ) or die "Could not rename over old wikilist: $!"; + + system( "rm", "-rf", $repo->secure_path, $repo->ikiwiki_destdir, $repo->ikiwiki_srcdir, "/etc/ikiwiki/piny/" . $repo->name . ".setup", $repo->path ); + + my $ikiuser = Piny::User::IkiWiki->new( "name" => "ikiwiki-" . $s->name ); + + system( "deluser", "--remove-home", $ikiuser->name ); + system( "delgroup", $ikiuser->name ); + system( "delgroup", "git-" . $repo->name ); + +}; + # Triggers sub _rename_repo { @@ -283,14 +341,6 @@ sub create { print SETUP $repo->ikiwiki_setup; close( SETUP ) or die "Could not close new ikiwiki setup file: $!"; - open( APACHE, ">", "/etc/apache2/piny-available/" . $repo->name ) or die "Could not open new apache config: $!"; - print APACHE $repo->apache_config; - close( APACHE ) or die "Could not close new apache config: $!"; - - symlink( "/etc/apache2/piny-available/" . $repo->name, "/etc/apache2/piny-enabled/" . $repo->name ) or die "Could not symlink apache config: $!"; - - system( "/etc/init.d/apache2", "reload" ) and die "Could not reload apache config!"; - system( "/usr/bin/git", "clone", "--quiet", $repo->path, $repo->ikiwiki_srcdir ) and die "Could not clone repo to ikiwiki srcdir!"; mkdir( $repo->ikiwiki_destdir ) or die "Could not create ikiwiki destdir: $!"; @@ -315,6 +365,8 @@ sub create { $temp->close or die "Could not close new wikilist: $!"; + chmod( 00644, $temp->filename ) or die "Could not fix mode of new wikilist: $!"; + rename( $temp->filename, "/etc/ikiwiki/wikilist" ) or die "Could not rename over old wikilist: $!"; open( CGITLIST, ">", "/etc/cgitrc.d/" . $repo->name ) or die "Could not create cgitrc.d file: $!"; @@ -334,12 +386,20 @@ sub create { $temp->close or die "Could not close new cgitrc: $!"; - chmod( 00644, $temp->filename ); + chmod( 00644, $temp->filename ) or die "Could not fix mode of new cgitrc: $!"; rename( $temp->filename, "/etc/cgitrepos" ) or die "Could not rename over old cgitrc: $!"; system( "/usr/bin/sudo", "-u", $ikiuser->name, "/usr/bin/ikiwiki", "--setup", "/etc/ikiwiki/piny/" . $repo->name . ".setup" ) and die "Could not do initial compile of ikiwiki!"; + open( APACHE, ">", "/etc/apache2/piny-available/" . $repo->name ) or die "Could not open new apache config: $!"; + print APACHE $repo->apache_config; + close( APACHE ) or die "Could not close new apache config: $!"; + + symlink( "/etc/apache2/piny-available/" . $repo->name, "/etc/apache2/piny-enabled/" . $repo->name ) or die "Could not symlink apache config: $!"; + + system( "/etc/init.d/apache2", "reload" ) and die "Could not reload apache config!"; + return $repo; }; -- cgit v1.2.3 From 0a92ac2e90d730ba61d9a7d3f39c99d9c85eb861 Mon Sep 17 00:00:00 2001 From: Julian Blake Kongslie Date: Mon, 19 Jul 2010 02:31:05 -0700 Subject: Use Piny::Repo to destroy repos. --- usr/src/libpiny/debian/changelog | 6 ++++ usr/src/pinyadmin/debian/control | 2 +- usr/src/pinyadmin/sbin/rmrepo | 63 +++++++--------------------------------- 3 files changed, 17 insertions(+), 54 deletions(-) (limited to 'usr') diff --git a/usr/src/libpiny/debian/changelog b/usr/src/libpiny/debian/changelog index fc1ae42..3dcd6c4 100644 --- a/usr/src/libpiny/debian/changelog +++ b/usr/src/libpiny/debian/changelog @@ -1,3 +1,9 @@ +libpiny-perl (0.11) unstable; urgency=low + + * Destroying dead repos. + + -- Julian Blake Kongslie Mon, 19 Jul 2010 02:30:01 -0700 + libpiny-perl (0.10) unstable; urgency=low * Support for the global /etc/piny.conf stuff. diff --git a/usr/src/pinyadmin/debian/control b/usr/src/pinyadmin/debian/control index 950a6c9..ea2b073 100644 --- a/usr/src/pinyadmin/debian/control +++ b/usr/src/pinyadmin/debian/control @@ -7,7 +7,7 @@ Standards-version: 3.8.4 Package: pinyadmin Architecture: all -Depends: ${perl:Depends}, ${misc:Depends}, libpiny-perl (>= 0.9) +Depends: ${perl:Depends}, ${misc:Depends}, libpiny-perl (>= 0.11) Description: Administrative programs for piny The command-line programs for day-to-day administrative tasks in the Piny infrastructure. diff --git a/usr/src/pinyadmin/sbin/rmrepo b/usr/src/pinyadmin/sbin/rmrepo index 864830f..8b26feb 100755 --- a/usr/src/pinyadmin/sbin/rmrepo +++ b/usr/src/pinyadmin/sbin/rmrepo @@ -3,62 +3,19 @@ use strict; use warnings; -my( $reponame, $uid, $gitowner, $wikilisttempfile, $cgitrctempfile); +use Piny; -if ( ( ! scalar $ARGV[0] ) or ( scalar $ARGV[1] ) or ( $ARGV[0] !~ /^[a-z0-9][a-z0-9-]+$/ ) ) { - print( "Usage: rmrepo REPONAME\n" ); - exit( 1 ); -} else { - $reponame = $ARGV[0]; -}; - -open (PASSWD, '/etc/passwd'); -while() { - if( $_ =~ /^$ENV{SUDO_USER}:.+?:(.+?):/ ) { $uid = $1; }; # grabbing uid. -}; -close(PASSWD); - -unless( -d "/srv/git/$reponame.git" ) { - print( "/srv/git/$reponame.git doesn't exist!\n" ); - exit( 2 ); -}; - -$gitowner = (stat "/srv/git/$reponame.git")[4]; +my $env = Piny::Environment->new; -if( ( $gitowner != $uid ) and ( $gitowner != 65534 ) ) { - print( "$reponame is not owned by you!\n" ); - exit( 3 ); -}; - -# We have to be careful about how we delete things; we don't want have post-update or ikiwiki.cgi thrashing, and we REALLY don't want to leave remappable owner UIDs around, but we're also keying security on /srv/git/$reponame -system( "/bin/chown -R nobody.nogroup /srv/git/$reponame.git" ); - -unlink( "/etc/ikiwiki/wikilist.d/$reponame" ); -$wikilisttempfile = `/bin/mktemp`; -chomp ( $wikilisttempfile ); -chmod ( 0644, $wikilisttempfile ); -system( "/bin/cat /etc/ikiwiki/wikilist.d/* > $wikilisttempfile" ); -system( "/bin/mv $wikilisttempfile /etc/ikiwiki/wikilist" ); # This is marginally racy, but the consequences are probably ignorable. +foreach my $reponame ( @ARGV ) { -unlink( "/etc/cgitrc.d/$reponame" ); -$cgitrctempfile = `/bin/mktemp`; -chomp ( $cgitrctempfile ); -chmod ( 0644, $cgitrctempfile ); -system( "/bin/cat /etc/cgitrc.d/* > $cgitrctempfile" ); -system( "/bin/mv $cgitrctempfile /etc/cgitrepos" ); # This is marginally racy, but the consequences are probably ignorable. + my $repo = Piny::Repo->new( $reponame ); -system( "/bin/rm -r /srv/www/piny.be/$reponame" ); -system( "/bin/rm -r /srv/www/secure.piny.be/repos/$reponame" ); + if ( $repo->owner->uid != $env->user->uid ) { + print STDERR "You are not the owner of $reponame!\n"; + exit 1; + }; -unlink( "/etc/ikiwiki/piny/$reponame.setup" ); -system( "/bin/rm -r /srv/ikiwiki/$reponame" ); + $repo->destroy; -unlink( "/etc/apache2/piny-available/$reponame" ); -unlink( "/etc/apache2/piny-enabled/$reponame" ); -system( '/etc/init.d/apache2 reload | grep -v "Reloading web server config: apache2."' ); - -system( "/usr/sbin/delgroup --quiet git-$reponame" ); -system( "/usr/sbin/deluser --quiet --remove-home ikiwiki-$reponame" ); -system( "/usr/sbin/delgroup --quiet ikiwiki-$reponame" ); - -system( "/bin/rm -rf /srv/git/$reponame.git" ); +}; -- cgit v1.2.3 From 9ddb2e2aa1f9a0c387e1a33b438b0065e7ebe4f9 Mon Sep 17 00:00:00 2001 From: Julian Blake Kongslie Date: Mon, 19 Jul 2010 02:35:27 -0700 Subject: Typo. --- usr/src/libpiny/lib/Piny/Repo.pm | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'usr') diff --git a/usr/src/libpiny/lib/Piny/Repo.pm b/usr/src/libpiny/lib/Piny/Repo.pm index 05c5793..8b2045c 100644 --- a/usr/src/libpiny/lib/Piny/Repo.pm +++ b/usr/src/libpiny/lib/Piny/Repo.pm @@ -197,10 +197,10 @@ sub destroy { my $temp = File::Temp->new( ) or die "Could not create temporary file: $!"; $temp->unlink_on_destroy( 0 ); - $dh = IO::Dir->new( "/etc/cgitrc.d" ) or die "Could not open cgitrc.d directory: $!"; + my $dh = IO::Dir->new( "/etc/cgitrc.d" ) or die "Could not open cgitrc.d directory: $!"; while ( defined ( my $entry = $dh->read ) ) { next if ( $entry =~ /^\./ ); - open( FILE, "<", "/etc/cgitrc.d" . $entry ) or die "Could not open cgitrc.d entry $entry: $!"; + open( FILE, "<", "/etc/cgitrc.d/" . $entry ) or die "Could not open cgitrc.d entry $entry: $!"; print $temp ; close( FILE ) or die "Could not close cgitrc.d entry $entry: $!"; }; @@ -230,13 +230,13 @@ sub destroy { rename( $temp->filename, "/etc/ikiwiki/wikilist" ) or die "Could not rename over old wikilist: $!"; - system( "rm", "-rf", $repo->secure_path, $repo->ikiwiki_destdir, $repo->ikiwiki_srcdir, "/etc/ikiwiki/piny/" . $repo->name . ".setup", $repo->path ); + system( "rm", "-rf", $s->secure_path, $s->ikiwiki_destdir, $s->ikiwiki_srcdir, "/etc/ikiwiki/piny/" . $s->name . ".setup", $s->path ); my $ikiuser = Piny::User::IkiWiki->new( "name" => "ikiwiki-" . $s->name ); system( "deluser", "--remove-home", $ikiuser->name ); system( "delgroup", $ikiuser->name ); - system( "delgroup", "git-" . $repo->name ); + system( "delgroup", "git-" . $s->name ); }; -- cgit v1.2.3