After adding pre-existing repository, gitolite-admin shows up in Gitweb

[entrail]

Hello everybody,

I followed the instructions on how to add a pre-existing repository to Gitolite access control which worked fine.

However, when it says 'run gitolite setup' it does not state out from where exactly you should run that command, so I ran it from ~$ (home directory) - I guess that's why gitolite-admin suddenly shows up in my Gitweb view.
Maybe I should have run the command from ~/repositories/<new_repo>.git/ ?

Also, the documentation does not state out why you need to run that command - only the source (more precisely the source comments) itself do - thats just an idea to maybe add a tiny explanation to the documentation.

Although this question is not for 100% on Gitolite but also a little bit on Gitweb I hope to get an answer anyway.

Thank you in advance, kind regards
Philipp

[Sitaram Chamarty]

On Thu, May 3, 2012 at 5:41 PM, entrail <langer....@googlemail.com> wrote:
> Hello everybody,
>
> I followed the instructions on how to add a pre-existing repository to
> Gitolite access control which worked fine.
>
> However, when it says 'run gitolite setup' it does not state out from where
> exactly you should run that command, so I ran it from ~$ (home directory) -

Doesn't matter.

> I guess that's why gitolite-admin suddenly shows up in my Gitweb view.

Unlikely.

> Maybe I should have run the command from ~/repositories/<new_repo>.git/ ?

Irrelevant.

> Also, the documentation does not state out why you need to run that command
> - only the source (more precisely the source comments) itself do - thats
> just an idea to maybe add a tiny explanation to the documentation.

Disagree.

[entrail]

> Also, the documentation does not state out why you need to run that command
> - only the source (more precisely the source comments) itself do - thats
> just an idea to maybe add a tiny explanation to the documentation.

Disagree.

Yeah, sorry for that. I meant it doesn't state out what the command is actually doing (fix up hooks), only the effect if you don't.

However, what you are saying is that the setup command most likely didn't cause the gitolite-admin repo to show up. Thanks.

[Sitaram Chamarty]

On Thu, May 3, 2012 at 7:15 PM, entrail <langer....@googlemail.com> wrote:
>> > Also, the documentation does not state out why you need to run that
>> > command
>> > - only the source (more precisely the source comments) itself do - thats
>> > just an idea to maybe add a tiny explanation to the documentation.
>>
>> Disagree.
>
>
> Yeah, sorry for that. I meant it doesn't state out what the command is
> actually doing (fix up hooks), only the effect if you don't.

This is intentional.

> However, what you are saying is that the setup command most likely didn't
> cause the gitolite-admin repo to show up. Thanks.

You could post your conf/gitolite.conf file so we can determine what
the issue is (if it doesn't contain anything confidential).

You could also paste the output of these 2 commands:

gitolite access gitolite-admin gitweb R
gitolite git-config -r gitolite-admin gitweb

--
Sitaram

[Andreas Stenius]

Hi Sitaram,

Why is repos that have gitweb. config keys included in the
projects.list even if access gitweb R any says DENIED?

I can easily fix this in my case - am just curious what the reasoning
behind this or'ing behaviour is.
Or, if there's a better way to fix this in the config, that would be
even better than me patching the code.

I have:

repo gitolite-admin
RW+ = kaos
- = gitweb
option deny-rules = 1

repo [a-zA-Z0-9].*
C = kaos
RW+ = kaos
R = gitweb
owner = Andreas Stenius


To set the gitweb.owner of all wild repos. I don't care if
gitolite-admin gets a gitweb.owner, but I don't want it to show up in
the projects.list.

The easiest way that I see is to patch the update-gitweb-access-list
post-compile trigger to not include projects with a gitweb config
option. Just want to check if I'm overlooking something here, hence my
initial question at the top.

Cheers,
Andreas

2012/5/3 Sitaram Chamarty <sita...@gmail.com>:

[entrail]

Am Donnerstag, 3. Mai 2012 16:35:50 UTC+2 schrieb Sitaram Chamarty: 

> However, what you are saying is that the setup command most likely didn't
> cause the gitolite-admin repo to show up. Thanks.

You could post your conf/gitolite.conf file so we can determine what
the issue is (if it doesn't contain anything confidential).

# Gitolite configuration file
repo gitolite-admin
    RW+     =   git-host-admin_rsa
repo testing
    RW+     =   @all
repo testing2
    RW        =    @all
 

You could also paste the output of these 2 commands:

    gitolite access gitolite-admin gitweb R

As the config file doesn't contain a user gitweb it is:
R any gitolite-admin gitweb DENIED by fallthru
 

    gitolite git-config -r gitolite-admin gitweb

No output returned.

Anyway, I just changed the file attributes manually to be 0700 again (was 0755) for gitolite-admin.git/ so it doesn't show up anymore.
If "gitolite setup" didn't change the file attributes, something else did (which I don't know yet).

Thanks for your answers.

Regards
Philipp

[Sitaram Chamarty]

On Fri, May 4, 2012 at 2:29 PM, Andreas Stenius <g...@astekk.se> wrote:
> Hi Sitaram,
>
> Why is repos that have gitweb. config keys included in the
> projects.list even if access gitweb R any says DENIED?
>
> I can easily fix this in my case - am just curious what the reasoning
> behind this or'ing behaviour is.

Because I consider having *any* gitweb config for a repo to mean
it is meant to be visible to gitweb.

> Or, if there's a better way to fix this in the config, that would be
> even better than me patching the code.

In g3, *everything* except src/gitolite, src/gitolite-shell, and
stuff under src/lib, is considered non-core. Feel free to
mangle it how you want. For example, one way to deal with this
would be:

- copy src/triggers/post-compile/update-gitweb-access-list as
src/triggers/post-compile/update-gitweb-access-list.local
- edit it to add a " | grep -v gitolite-admin " just before
the "> $plf"
- edit the rc file to replace lines containing
'post-compile/update-gitweb-access-list', with
'post-compile/update-gitweb-access-list.local',

> repo gitolite-admin
> RW+ = kaos
> - = gitweb
> option deny-rules = 1
>
> repo [a-zA-Z0-9].*
> C = kaos
> RW+ = kaos
> R = gitweb
> owner = Andreas Stenius

Well you could add these lines at the end:

repo gitolite-admin
config gitweb.owner =

But there was a bug in dealing with that, which I have just
fixed and pushed so you will have to upgrade if you want to use
that method.

> The easiest way that I see is to patch the update-gitweb-access-list
> post-compile trigger to not include projects with a gitweb config
> option. Just want to check if I'm overlooking something here, hence my
> initial question at the top.

That's even more aggressive than what I suggested, but the only
file that is writing is projects.list so clearly it won't affect
anything *else*.

It's your call; go for it!

[Sitaram Chamarty]

On Fri, May 4, 2012 at 3:21 PM, entrail <langer....@googlemail.com> wrote:
> Am Donnerstag, 3. Mai 2012 16:35:50 UTC+2 schrieb Sitaram Chamarty:

> # Gitolite configuration file
> repo gitolite-admin
>     RW+     =   git-host-admin_rsa
> repo testing
>     RW+     =   @all
> repo testing2
>     RW        =    @all

With this, you should see testing and testing2 in the projects.list
file, not gitolite-admin.

>>     gitolite access gitolite-admin gitweb R
>
>
> As the config file doesn't contain a user gitweb it is:

Don't make assumptions; try the same with 'testing' instead of
'gitolite-admin' :-)

> R any gitolite-admin gitweb DENIED by fallthru
>
>>
>>     gitolite git-config -r gitolite-admin gitweb
>
>
> No output returned.

With all this, it is impossible that gitolite-admin should show up in
projects.list. Something else is making gitweb show that repo,
outside gitolite's control.

Do not forget that the end result of what gitolite does is merely
"does the repo name show up in ~/projects.list or not". Nothing more.

Perhaps I should have asked that question right in the beginning...

[entrail]

Am Freitag, 4. Mai 2012 15:08:51 UTC+2 schrieb Sitaram Chamarty:

On Fri, May 4, 2012 at 3:21 PM, entrail wrote:
> Am Donnerstag, 3. Mai 2012 16:35:50 UTC+2 schrieb Sitaram Chamarty:

> # Gitolite configuration file
> repo gitolite-admin
>     RW+     =   git-host-admin_rsa
> repo testing
>     RW+     =   @all
> repo testing2
>     RW        =    @all

With this, you should see testing and testing2 in the projects.list
file, not gitolite-admin.

True.
 

>>     gitolite access gitolite-admin gitweb R
>
>
> As the config file doesn't contain a user gitweb it is:

Don't make assumptions; try the same with 'testing' instead of
'gitolite-admin' :-)

refs/.*
 

With all this, it is impossible that gitolite-admin should show up in
projects.list.  Something else is making gitweb show that repo,
outside gitolite's control.

Do not forget that the end result of what gitolite does is merely
"does the repo name show up in ~/projects.list or not".  Nothing more.

Perhaps I should have asked that question right in the beginning...

 
I'll let you know if gitolite-admin shows up again and/or I figured it out what made it initially show up.

[Andreas Stenius]

2012/5/4 Sitaram Chamarty <sita...@gmail.com>:

> On Fri, May 4, 2012 at 2:29 PM, Andreas Stenius <g...@astekk.se> wrote:
>> Hi Sitaram,
>>
>> Why is repos that have gitweb. config keys included in the
>> projects.list even if access gitweb R any says DENIED?
>>
>> I can easily fix this in my case - am just curious what the reasoning
>> behind this or'ing behaviour is.
>
> Because I consider having *any* gitweb config for a repo to mean
> it is meant to be visible to gitweb.

OK, thanks. I wouldn't have done it like that, but that is more a
matter of taste, really.

>> Or, if there's a better way to fix this in the config, that would be
>> even better than me patching the code.
>
> In g3, *everything* except src/gitolite, src/gitolite-shell, and
> stuff under src/lib, is considered non-core.  Feel free to
> mangle it how you want.  For example, one way to deal with this
> would be:
>
>  - copy src/triggers/post-compile/update-gitweb-access-list as
>    src/triggers/post-compile/update-gitweb-access-list.local
>  - edit it to add a " | grep -v gitolite-admin " just before
>    the "> $plf"
>  - edit the rc file to replace lines containing
>    'post-compile/update-gitweb-access-list', with
>    'post-compile/update-gitweb-access-list.local',
>

Thanks for the tips. Less intrusive than my initial idea (although close).

>> repo gitolite-admin
>>     RW+        = kaos
>>     -          = gitweb
>>     option deny-rules = 1
>>
>> repo [a-zA-Z0-9].*
>>     C          = kaos
>>     RW+        = kaos
>>     R          = gitweb
>>     owner      = Andreas Stenius
>
> Well you could add these lines at the end:
>
>    repo gitolite-admin
>        config gitweb.owner =

Yes, that was what I was hoping for. Thank you.

>
> But there was a bug in dealing with that, which I have just
> fixed and pushed so you will have to upgrade if you want to use
> that method.

I have no issue pulling in your recent commits.

>
>> The easiest way that I see is to patch the update-gitweb-access-list
>> post-compile trigger to not include projects with a gitweb config
>> option. Just want to check if I'm overlooking something here, hence my
>> initial question at the top.
>
> That's even more aggressive than what I suggested, but the only
> file that is writing is projects.list so clearly it won't affect
> anything *else*.
>
> It's your call; go for it!

Thanks for your help.
Btw, my apologies for hijacking another thread. I meant to start a new
one for this.

//Andreas