File hooks/pre-commit changed (mode: 100755) (index b7b08ff..eb815e1) |
... |
... |
umask(0022); |
27 |
27 |
if (rg_git_rev_ok("HEAD")) |
if (rg_git_rev_ok("HEAD")) |
28 |
28 |
$against = "HEAD"; |
$against = "HEAD"; |
29 |
29 |
else |
else |
30 |
|
$against = $rg_repo_empty; |
|
|
30 |
|
$against = $rg_git_empty; |
31 |
31 |
|
|
32 |
32 |
// TODO: Here we can deny non ascii file names |
// TODO: Here we can deny non ascii file names |
33 |
33 |
// git diff --cached --name-only --diff-filter=A -z $against | LC_ALL=C tr -d '[ -~]\0') |
// git diff --cached --name-only --diff-filter=A -z $against | LC_ALL=C tr -d '[ -~]\0') |
File inc/git.inc.php changed (mode: 100644) (index 66c6e80..c6dff79) |
... |
... |
require_once($INC . "/log.inc.php"); |
4 |
4 |
require_once($INC . "/prof.inc.php"); |
require_once($INC . "/prof.inc.php"); |
5 |
5 |
|
|
6 |
6 |
$rg_git_zero = "0000000000000000000000000000000000000000"; |
$rg_git_zero = "0000000000000000000000000000000000000000"; |
|
7 |
|
$rg_git_empty = "4b825dc642cb6eb9a060e54bf8d69288fbee4904"; |
7 |
8 |
|
|
8 |
9 |
$rg_git_error = ""; |
$rg_git_error = ""; |
9 |
10 |
|
|
|
... |
... |
function rg_git_rev_ok($rev) |
253 |
254 |
function rg_git_whitespace_ok($old, $new) |
function rg_git_whitespace_ok($old, $new) |
254 |
255 |
{ |
{ |
255 |
256 |
global $rg_git_zero; |
global $rg_git_zero; |
|
257 |
|
global $rg_git_empty; |
256 |
258 |
|
|
257 |
259 |
rg_prof_start("git_whitespace_ok"); |
rg_prof_start("git_whitespace_ok"); |
258 |
260 |
|
|
259 |
261 |
rg_log("git_whitespace_ok: old=$old new=$new"); |
rg_log("git_whitespace_ok: old=$old new=$new"); |
260 |
262 |
|
|
261 |
|
// TODO: how should I check from 000000 till new?! |
|
262 |
|
if (strcmp($old, $rg_git_zero) == 0) { |
|
263 |
|
$ret = TRUE; |
|
|
263 |
|
if (strcmp($old, $rg_git_zero) == 0) |
|
264 |
|
$old = $rg_git_empty; |
|
265 |
|
|
|
266 |
|
$cmd = "git diff --check" |
|
267 |
|
. " " . escapeshellarg($old) |
|
268 |
|
. " " . escapeshellarg($new); |
|
269 |
|
$a = rg_exec($cmd); |
|
270 |
|
rg_log("\ta:" . print_r($a, TRUE)); |
|
271 |
|
if ($a['ok'] != 1) { |
|
272 |
|
rg_git_set_error("error on diff (" . $a['errmsg'] . ")"); |
|
273 |
|
$ret = $a['data']; |
264 |
274 |
} else { |
} else { |
265 |
|
$cmd = "git diff --check"; |
|
266 |
|
$cmd .= " " . escapeshellarg($old); |
|
267 |
|
$cmd .= " " . escapeshellarg($new); |
|
268 |
|
$a = rg_exec($cmd); |
|
269 |
|
rg_log("\ta:" . print_r($a, TRUE)); |
|
270 |
|
if ($a['ok'] != 1) { |
|
271 |
|
rg_git_set_error("error on diff (" . $a['errmsg'] . ")"); |
|
272 |
|
$ret = $a['data']; |
|
273 |
|
} else { |
|
274 |
|
$ret = TRUE; |
|
275 |
|
} |
|
|
275 |
|
$ret = TRUE; |
276 |
276 |
} |
} |
277 |
277 |
|
|
278 |
278 |
rg_prof_end("git_whitespace_ok"); |
rg_prof_end("git_whitespace_ok"); |
File inc/mr.inc.php changed (mode: 100644) (index 780f93f..3949651) |
4 |
4 |
require_once($INC . "/util.inc.php"); |
require_once($INC . "/util.inc.php"); |
5 |
5 |
require_once($INC . "/sql.inc.php"); |
require_once($INC . "/sql.inc.php"); |
6 |
6 |
|
|
7 |
|
$rg_mr_queue = $rg_base . "/q_merge_requests"; |
|
|
7 |
|
$rg_mr_env_q = getenv("ROCKETGIT_MR_QUEUE"); |
|
8 |
|
if (empty($rg_mr_env_q)) |
|
9 |
|
$rg_mr_queue = $rg_base . "/q_merge_requests"; |
|
10 |
|
else |
|
11 |
|
$rg_mr_queue = $rg_mr_env_q; |
8 |
12 |
|
|
9 |
13 |
$rg_mr_error = ""; |
$rg_mr_error = ""; |
10 |
14 |
|
|
|
... |
... |
function rg_mr_queue_add($repo_id, $namespace, $old_rev, $new_rev, $refname, $ip |
32 |
36 |
|
|
33 |
37 |
rg_log("rg_mr_create: repo_id=$repo_id namespace=$namespace" |
rg_log("rg_mr_create: repo_id=$repo_id namespace=$namespace" |
34 |
38 |
. " old_rev=$old_rev new_rev=$new_rev, refname=$refname" |
. " old_rev=$old_rev new_rev=$new_rev, refname=$refname" |
35 |
|
. " ip=$ip"); |
|
|
39 |
|
. " ip=$ip rg_mr_queue=$rg_mr_queue"); |
36 |
40 |
|
|
37 |
41 |
$c = "repo_id=$repo_id namespace=$namespace old_rev=$old_rev" |
$c = "repo_id=$repo_id namespace=$namespace old_rev=$old_rev" |
38 |
42 |
. " new_rev=$new_rev refname=$refname ip=$ip"; |
. " new_rev=$new_rev refname=$refname ip=$ip"; |
39 |
43 |
|
|
40 |
|
$f = "mr-" . time() . "-" . rg_id(6); |
|
|
44 |
|
$f = "mr-" . $repo_id . "-" . time() . "-" . rg_id(6); |
41 |
45 |
|
|
42 |
46 |
if (!file_exists($rg_mr_queue)) { |
if (!file_exists($rg_mr_queue)) { |
43 |
47 |
if (@mkdir($rg_mr_queue, 0700) === FALSE) { |
if (@mkdir($rg_mr_queue, 0700) === FALSE) { |
|
... |
... |
function rg_mr_queue_process($db) |
143 |
147 |
} else { |
} else { |
144 |
148 |
if (@unlink($path) !== TRUE) |
if (@unlink($path) !== TRUE) |
145 |
149 |
rg_log("Warn: Cannot unlink file $path!"); |
rg_log("Warn: Cannot unlink file $path!"); |
|
150 |
|
// TODO: Verify it exists in database |
146 |
151 |
} |
} |
147 |
152 |
} |
} |
148 |
153 |
closedir($dir); |
closedir($dir); |
File inc/repo.inc.php changed (mode: 100644) (index ac2c314..550d190) |
... |
... |
require_once($INC . "/git.inc.php"); |
7 |
7 |
require_once($INC . "/rights.inc.php"); |
require_once($INC . "/rights.inc.php"); |
8 |
8 |
require_once($INC . "/prof.inc.php"); |
require_once($INC . "/prof.inc.php"); |
9 |
9 |
|
|
10 |
|
$rg_repo_empty = "4b825dc642cb6eb9a060e54bf8d69288fbee4904"; |
|
11 |
|
|
|
12 |
10 |
$rg_repo_error = ""; |
$rg_repo_error = ""; |
13 |
11 |
|
|
14 |
12 |
$rg_repo_rights = array( |
$rg_repo_rights = array( |
|
... |
... |
$rg_repo_rights = array( |
30 |
28 |
); |
); |
31 |
29 |
|
|
32 |
30 |
// What rights are on by default |
// What rights are on by default |
33 |
|
$rg_repo_rights_default = "FM"; |
|
|
31 |
|
$rg_repo_rights_default = "FMH"; |
34 |
32 |
|
|
35 |
33 |
rg_rights_register("repo", $rg_repo_rights); |
rg_rights_register("repo", $rg_repo_rights); |
36 |
34 |
|
|
File scripts/remote.php changed (mode: 100644) (index 17e5ed4..1a3532a) |
... |
... |
if (rg_rights_allow($rights, $needed_rights) === FALSE) |
152 |
152 |
fatal("Repo does not exists."); |
fatal("Repo does not exists."); |
153 |
153 |
|
|
154 |
154 |
// TODO: limit per connection |
// TODO: limit per connection |
155 |
|
|
|
156 |
155 |
// TODO: limit time and/or cpu |
// TODO: limit time and/or cpu |
157 |
|
|
|
158 |
156 |
// TODO: limit cpuset |
// TODO: limit cpuset |
159 |
|
|
|
160 |
157 |
// TODO: limit io |
// TODO: limit io |
|
158 |
|
// TODO: put process in a cgroup? |
161 |
159 |
|
|
162 |
160 |
$repo_base = rg_repo_name2base($rr); |
$repo_base = rg_repo_name2base($rr); |
163 |
161 |
$repo_path = $repo_base . $repo . ".git"; |
$repo_path = $repo_base . $repo . ".git"; |
File tests/hook_update_anon.sh changed (mode: 100755) (index 77528cd..8bd7a49) |
2 |
2 |
|
|
3 |
3 |
# Test anonymous push |
# Test anonymous push |
4 |
4 |
|
|
|
5 |
|
C=`pwd` |
|
6 |
|
|
5 |
7 |
rm -rf hook_update_anon_*.git |
rm -rf hook_update_anon_*.git |
6 |
8 |
mkdir hook_update_anon_dest.git |
mkdir hook_update_anon_dest.git |
7 |
9 |
( |
( |
|
... |
... |
cd hook_update_anon_src.git |
17 |
19 |
export ROCKETGIT_REPO_ID=2000000000 |
export ROCKETGIT_REPO_ID=2000000000 |
18 |
20 |
export ROCKETGIT_IP="IP" |
export ROCKETGIT_IP="IP" |
19 |
21 |
export GIT_NAMESPACE="abcdefgh" # we have to set it manually |
export GIT_NAMESPACE="abcdefgh" # we have to set it manually |
|
22 |
|
export ROCKETGIT_MR_QUEUE="${C}/mr_queue" |
20 |
23 |
|
|
21 |
|
echo "=== Testing anon push without rights..." |
|
22 |
|
export ROCKETGIT_REPO_RIGHTS="C" |
|
|
24 |
|
rm -f ../mr_queue/mr-${ROCKETGIT_REPO_ID}-* |
|
25 |
|
|
|
26 |
|
echo "=== Preparing repo..." |
23 |
27 |
echo "bbb" > a |
echo "bbb" > a |
24 |
28 |
git add a |
git add a |
25 |
29 |
git commit -m "b" a |
git commit -m "b" a |
|
30 |
|
|
|
31 |
|
echo "=== Testing anon push without rights..." |
|
32 |
|
export ROCKETGIT_REPO_RIGHTS="C" |
26 |
33 |
git push origin master |
git push origin master |
27 |
34 |
if [ "${?}" = "0" ]; then |
if [ "${?}" = "0" ]; then |
28 |
35 |
echo "Should not work!" |
echo "Should not work!" |
|
... |
... |
if [ "${?}" != "0" ]; then |
44 |
51 |
echo "We did not update the namespace!" |
echo "We did not update the namespace!" |
45 |
52 |
exit 1 |
exit 1 |
46 |
53 |
fi |
fi |
|
54 |
|
if [ -r ../hook_update_anon_dest.git/refs/heads/master ]; then |
|
55 |
|
echo "Seems we updated also main namespace!" |
|
56 |
|
exit 1 |
|
57 |
|
fi |
|
58 |
|
if [ "`ls ../mr_queue/mr-${ROCKETGIT_REPO_ID}-*`" = "" ]; then |
|
59 |
|
echo "Seems that the merge queue file was not created!" |
|
60 |
|
exit 1 |
|
61 |
|
fi |
47 |
62 |
|
|
48 |
63 |
# TODO: we should not allow force pushes on anon branches |
# TODO: we should not allow force pushes on anon branches |
49 |
64 |
|
|