diff options
| author | Riyad Preukschas <riyad@informatik.uni-bremen.de> | 2013-01-15 03:53:00 +0400 |
|---|---|---|
| committer | Riyad Preukschas <riyad@informatik.uni-bremen.de> | 2013-01-15 03:53:00 +0400 |
| commit | bda7fe38d0b0e39a408c4eb44374a330c24c3a49 (patch) | |
| tree | 232212b8827c5be94da672287e3209c8e8f9f18a /lib | |
| parent | d28176b132bdc74055f31e2d62665d5d74ebacb4 (diff) | |
| parent | d8e697ac68d758d4f451594047056c459f546bf7 (diff) | |
Merge branch 'master' into discussions
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/gitlab/backend/grack_auth.rb | 64 | ||||
| -rw-r--r-- | lib/tasks/gitlab/check.rake | 50 | ||||
| -rw-r--r-- | lib/tasks/gitlab/info.rake | 14 | ||||
| -rw-r--r-- | lib/tasks/gitlab/task_helpers.rake | 31 | ||||
| -rw-r--r-- | lib/tasks/sidekiq.rake | 12 |
5 files changed, 104 insertions, 67 deletions
diff --git a/lib/gitlab/backend/grack_auth.rb b/lib/gitlab/backend/grack_auth.rb index cfad532a06c..c921ec0d50b 100644 --- a/lib/gitlab/backend/grack_auth.rb +++ b/lib/gitlab/backend/grack_auth.rb @@ -2,25 +2,41 @@ module Grack class Auth < Rack::Auth::Basic attr_accessor :user, :project - def valid? - # Authentication with username and password - login, password = @auth.credentials + def call(env) + @env = env + @request = Rack::Request.new(env) + @auth = Request.new(env) - self.user = User.find_by_email(login) || User.find_by_username(login) + # Pass Gitolite update hook + ENV['GL_BYPASS_UPDATE_HOOK'] = "true" - return false unless user.try(:valid_password?, password) + # Need this patch due to the rails mount + @env['PATH_INFO'] = @request.path + @env['SCRIPT_NAME'] = "" - email = user.email + return render_not_found unless project + return unauthorized unless project.public || @auth.provided? + return bad_request if @auth.provided? && !@auth.basic? - # Set GL_USER env variable - ENV['GL_USER'] = email - # Pass Gitolite update hook - ENV['GL_BYPASS_UPDATE_HOOK'] = "true" + if valid? + if @auth.provided? + @env['REMOTE_USER'] = @auth.username + end + return @app.call(env) + else + unauthorized + end + end - # Find project by PATH_INFO from env - if m = /^\/([\w\.\/-]+)\.git/.match(@request.path_info).to_a - self.project = Project.find_with_namespace(m.last) - return false unless project + def valid? + if @auth.provided? + # Authentication with username and password + login, password = @auth.credentials + self.user = User.find_by_email(login) || User.find_by_username(login) + return false unless user.try(:valid_password?, password) + + # Set GL_USER env variable + ENV['GL_USER'] = user.email end # Git upload and receive @@ -34,12 +50,12 @@ module Grack end def validate_get_request - can?(user, :download_code, project) + project.public || can?(user, :download_code, project) end def validate_post_request if @request.path_info.end_with?('git-upload-pack') - can?(user, :download_code, project) + project.public || can?(user, :download_code, project) elsif @request.path_info.end_with?('git-receive-pack') action = if project.protected_branch?(current_ref) :push_code_to_protected_branches @@ -68,6 +84,22 @@ module Grack /refs\/heads\/([\w\.-]+)/.match(input).to_a.first end + def project + unless instance_variable_defined? :@project + # Find project by PATH_INFO from env + if m = /^\/([\w\.\/-]+)\.git/.match(@request.path_info).to_a + @project = Project.find_with_namespace(m.last) + end + end + return @project + end + + PLAIN_TYPE = {"Content-Type" => "text/plain"} + + def render_not_found + [404, PLAIN_TYPE, ["Not Found"]] + end + protected def abilities diff --git a/lib/tasks/gitlab/check.rake b/lib/tasks/gitlab/check.rake index 5d850a17fe3..623028b16d2 100644 --- a/lib/tasks/gitlab/check.rake +++ b/lib/tasks/gitlab/check.rake @@ -2,7 +2,7 @@ namespace :gitlab do desc "GITLAB | Check the configuration of GitLab and its environment" task check: %w{gitlab:env:check gitlab:gitolite:check - gitlab:resque:check + gitlab:sidekiq:check gitlab:app:check} @@ -317,7 +317,7 @@ namespace :gitlab do gitolite_ssh_user = Gitlab.config.gitolite.ssh_user print "Has no \"-e\" in ~#{gitolite_ssh_user}/.profile ... " - profile_file = File.join(gitolite_home, ".profile") + profile_file = File.join(gitolite_user_home, ".profile") unless File.read(profile_file) =~ /^-e PATH/ puts "yes".green @@ -475,7 +475,7 @@ namespace :gitlab do def check_dot_gitolite_exists print "Config directory exists? ... " - gitolite_config_path = File.join(gitolite_home, ".gitolite") + gitolite_config_path = File.join(gitolite_user_home, ".gitolite") if File.directory?(gitolite_config_path) puts "yes".green @@ -496,13 +496,13 @@ namespace :gitlab do def check_dot_gitolite_permissions print "Config directory access is drwxr-x---? ... " - gitolite_config_path = File.join(gitolite_home, ".gitolite") + gitolite_config_path = File.join(gitolite_user_home, ".gitolite") unless File.exists?(gitolite_config_path) puts "can't check because of previous errors".magenta return end - if `stat --printf %a #{gitolite_config_path}` == "750" + if File.stat(gitolite_config_path).mode.to_s(8).ends_with?("750") puts "yes".green else puts "no".red @@ -520,18 +520,17 @@ namespace :gitlab do gitolite_ssh_user = Gitlab.config.gitolite.ssh_user print "Config directory owned by #{gitolite_ssh_user}:#{gitolite_ssh_user} ... " - gitolite_config_path = File.join(gitolite_home, ".gitolite") + gitolite_config_path = File.join(gitolite_user_home, ".gitolite") unless File.exists?(gitolite_config_path) puts "can't check because of previous errors".magenta return end - if `stat --printf %U #{gitolite_config_path}` == gitolite_ssh_user && # user - `stat --printf %G #{gitolite_config_path}` == gitolite_ssh_user #group + if File.stat(gitolite_config_path).uid == uid_for(gitolite_ssh_user) && + File.stat(gitolite_config_path).gid == gid_for(gitolite_ssh_user) puts "yes".green else puts "no".red - puts "#{gitolite_config_path} is not owned by #{gitolite_ssh_user}".red try_fixing_it( "sudo chown -R #{gitolite_ssh_user}:#{gitolite_ssh_user} #{gitolite_config_path}" ) @@ -559,7 +558,7 @@ namespace :gitlab do end def check_gitoliterc_git_config_keys - gitoliterc_path = File.join(gitolite_home, ".gitolite.rc") + gitoliterc_path = File.join(gitolite_user_home, ".gitolite.rc") print "Allow all Git config keys in .gitolite.rc ... " option_name = if has_gitolite3? @@ -588,7 +587,7 @@ namespace :gitlab do end def check_gitoliterc_repo_umask - gitoliterc_path = File.join(gitolite_home, ".gitolite.rc") + gitoliterc_path = File.join(gitolite_user_home, ".gitolite.rc") print "Repo umask is 0007 in .gitolite.rc? ... " option_name = if has_gitolite3? @@ -722,11 +721,10 @@ namespace :gitlab do return end - if `stat --printf %a #{repo_base_path}` == "6770" + if File.stat(repo_base_path).mode.to_s(8).ends_with?("6770") puts "yes".green else puts "no".red - puts "#{repo_base_path} is not writable".red try_fixing_it( "sudo chmod -R ug+rwXs,o-rwx #{repo_base_path}" ) @@ -747,12 +745,11 @@ namespace :gitlab do return end - if `stat --printf %U #{repo_base_path}` == gitolite_ssh_user && # user - `stat --printf %G #{repo_base_path}` == gitolite_ssh_user #group + if File.stat(repo_base_path).uid == uid_for(gitolite_ssh_user) && + File.stat(repo_base_path).gid == gid_for(gitolite_ssh_user) puts "yes".green else puts "no".red - puts "#{repo_base_path} is not owned by #{gitolite_ssh_user}".red try_fixing_it( "sudo chown -R #{gitolite_ssh_user}:#{gitolite_ssh_user} #{repo_base_path}" ) @@ -833,7 +830,8 @@ namespace :gitlab do next end - if run_and_match("stat --format %N #{project_hook_file}", /#{hook_file}.+->.+#{gitolite_hook_file}/) + if File.lstat(project_hook_file).symlink? && + File.realpath(project_hook_file) == File.realpath(gitolite_hook_file) puts "ok".green else puts "not a link to Gitolite's hook".red @@ -852,12 +850,12 @@ namespace :gitlab do # Helper methods ######################## - def gitolite_home + def gitolite_user_home File.expand_path("~#{Gitlab.config.gitolite.ssh_user}") end def gitolite_version - gitolite_version_file = "#{gitolite_home}/gitolite/src/VERSION" + gitolite_version_file = "#{gitolite_user_home}/gitolite/src/VERSION" if File.readable?(gitolite_version_file) File.read(gitolite_version_file) end @@ -870,22 +868,22 @@ namespace :gitlab do - namespace :resque do + namespace :sidekiq do desc "GITLAB | Check the configuration of Sidekiq" task check: :environment do warn_user_is_not_gitlab - start_checking "Resque" + start_checking "Sidekiq" - check_resque_running + check_sidekiq_running - finished_checking "Resque" + finished_checking "Sidekiq" end # Checks ######################## - def check_resque_running + def check_sidekiq_running print "Running? ... " if run_and_match("ps aux | grep -i sidekiq", /sidekiq \d\.\d\.\d.+$/) @@ -893,9 +891,7 @@ namespace :gitlab do else puts "no".red try_fixing_it( - "sudo service gitlab restart", - "or", - "sudo /etc/init.d/gitlab restart" + "sudo -u gitlab -H bundle exec rake sidekiq:start" ) for_more_information( see_installation_guide_section("Install Init Script"), diff --git a/lib/tasks/gitlab/info.rake b/lib/tasks/gitlab/info.rake index fd3e83e8338..4b906684dcd 100644 --- a/lib/tasks/gitlab/info.rake +++ b/lib/tasks/gitlab/info.rake @@ -3,20 +3,6 @@ namespace :gitlab do desc "GITLAB | Show information about GitLab and its environment" task info: :environment do - # check which OS is running - os_name = run("lsb_release -irs") - os_name ||= if File.readable?('/etc/system-release') - File.read('/etc/system-release') - end - os_name ||= if File.readable?('/etc/debian_version') - debian_version = File.read('/etc/debian_version') - "Debian #{debian_version}" - end - os_name ||= if File.readable?('/etc/SuSE-release') - File.read('/etc/SuSE-release') - end - os_name.try(:squish!) - # check if there is an RVM environment rvm_version = run_and_match("rvm --version", /[\d\.]+/).try(:to_s) # check Ruby version diff --git a/lib/tasks/gitlab/task_helpers.rake b/lib/tasks/gitlab/task_helpers.rake index c9635f058ee..5dd97fa2f92 100644 --- a/lib/tasks/gitlab/task_helpers.rake +++ b/lib/tasks/gitlab/task_helpers.rake @@ -1,5 +1,27 @@ namespace :gitlab do + # Check which OS is running + # + # It will primarily use lsb_relase to determine the OS. + # It has fallbacks to Debian, SuSE and OS X. + def os_name + os_name = run("lsb_release -irs") + os_name ||= if File.readable?('/etc/system-release') + File.read('/etc/system-release') + end + os_name ||= if File.readable?('/etc/debian_version') + debian_version = File.read('/etc/debian_version') + "Debian #{debian_version}" + end + os_name ||= if File.readable?('/etc/SuSE-release') + File.read('/etc/SuSE-release') + end + os_name ||= if os_x_version = run("sw_vers -productVersion") + "Mac OS X #{os_x_version}" + end + os_name.try(:squish!) + end + # Runs the given command and matches the output agains the given pattern # # Returns nil if nothing matched @@ -23,6 +45,15 @@ namespace :gitlab do end end + def uid_for(user_name) + run("id -u #{user_name}").chomp.to_i + end + + def gid_for(group_name) + group_line = File.read("/etc/group").lines.select{|l| l.start_with?("#{group_name}:")}.first + group_line.split(":")[2].to_i + end + def warn_user_is_not_gitlab unless @warned_user_not_gitlab current_user = run("whoami").chomp diff --git a/lib/tasks/sidekiq.rake b/lib/tasks/sidekiq.rake index 6bbcb3da4bc..01da919d7f8 100644 --- a/lib/tasks/sidekiq.rake +++ b/lib/tasks/sidekiq.rake @@ -6,18 +6,10 @@ namespace :sidekiq do desc "GITLAB | Start sidekiq" task :start do - run "nohup bundle exec sidekiq -q post_receive,mailer,system_hook,common,default -e #{rails_env} -P #{pidfile} >> #{root_path}/log/sidekiq.log 2>&1 &" - end - - def root_path - @root_path ||= File.join(File.expand_path(File.dirname(__FILE__)), "../..") + run "nohup bundle exec sidekiq -q post_receive,mailer,system_hook,common,default -e #{Rails.env} -P #{pidfile} >> #{Rails.root.join("log", "sidekiq.log")} 2>&1 &" end def pidfile - "#{root_path}/tmp/pids/sidekiq.pid" - end - - def rails_env - ENV['RAILS_ENV'] || "production" + Rails.root.join("tmp", "pids", "sidekiq.pid") end end |