sysadmin-bin r86 - trunk

[otaylor svn gnome org]

Author: otaylor
Date: Wed Jan 14 23:21:38 2009
New Revision: 86
URL: http://svn.gnome.org/viewvc/sysadmin-bin?rev=86&view=rev

Log:
009-01-14  Owen Taylor  <otaylor redhat com>

        * run-git-or-special-cmd: Add an analogue of
        run-svn-or-special-cmd for git.gnome.org.

        * create-auth: Add --gnomegit option that works like --gnomecvs
        but uses run-svn-or-special-cmd.


Added:
   trunk/run-git-or-special-cmd   (contents, props changed)
Modified:
   trunk/ChangeLog
   trunk/create-auth

Modified: trunk/create-auth
==============================================================================
--- trunk/create-auth	(original)
+++ trunk/create-auth	Wed Jan 14 23:21:38 2009
@@ -24,6 +24,7 @@
     return user_md5sums
 
 GNOMECVS=0
+GNOMEGIT=0
 ## first you must open a connection to the server
 try:
     l = ldap.open("ldap-back")
@@ -105,13 +106,14 @@
     user_data = {}
     gnomecvs_users = set()
     global GNOMECVS
+    global GNOMEGIT
 
     # get a list of all the users.  Keep them in a hashtable to avoid duplicates
     users.update(get_uids_from_wheel())
     users.update(get_uids_from_sysadmin())
     for group in group_list:
         users.update(get_uids_from_group(group))
-    if GNOMECVS:
+    if GNOMECVS or GNOMEGIT:
         gnomecvs_users = set(get_uids_from_group ('gnomecvs')) - users
 
     # look up their keys (if we have them)
@@ -140,6 +142,8 @@
     os.rmdir (dir)
 
 def create_directory_structure (user_list):
+    global GNOMEGIT
+
     base_directory_name = tempfile.mktemp ('-sshd')
     sshd_directory_name = base_directory_name + "/sshd"
     users_directory_name = sshd_directory_name + "/users"
@@ -159,7 +163,10 @@
             for key in user['authorizedKey']:
                 if user['cvsOnly']:
                     #file.write ("command=\"/usr/bin/cvs server\",no-pty,no-port-forwarding ")
-                    file.write ("command=\"/home/admin/bin/run-svn-or-special-cmd\",no-pty,no-port-forwarding ")
+                    if GNOMEGIT:
+                        file.write ("command=\"/home/admin/bin/run-git-or-special-cmd\",no-pty,no-port-forwarding ")
+                    else:
+                        file.write ("command=\"/home/admin/bin/run-svn-or-special-cmd\",no-pty,no-port-forwarding ")
                 file.write (key)
                 file.write ("\n")
             file.close()
@@ -218,6 +225,13 @@
     if '--gnomecvs' in group_list:
         GNOMECVS=1
         group_list = filter (lambda x: x != '--gnomecvs', group_list)
+    if '--gnomegit' in group_list:
+        GNOMEGIT=1
+        group_list = filter (lambda x: x != '--gnomegit', group_list)
+
+    if GNOMECVS and GNOMEGIT:
+        print "--gnomecvs and --gnomegit are exclusive"
+        sys.exit(1)
 
     user_list = build_user_hash (group_list)
     base_directory_name = create_directory_structure (user_list)

Added: trunk/run-git-or-special-cmd
==============================================================================
--- (empty file)
+++ trunk/run-git-or-special-cmd	Wed Jan 14 23:21:38 2009
@@ -0,0 +1,30 @@
+#!/bin/bash
+
+# vim: set ts=4 sw=4:
+
+if [ "$SSH_ORIGINAL_COMMAND" != "" ]; then
+	if [ "$SSH_ORIGINAL_COMMAND" != "svnserve -t"  ]; then
+		case "$SSH_ORIGINAL_COMMAND" in
+			"new-git-repos "*)
+			        echo 'ERROR: new-git-repos: not yet implemented'
+				exit 1
+				;;
+
+# This existed for retrieving mango passwords from svn.gnome.org; if we keep the
+# system and repurpose socket for something else we could move the files to
+# git.gnome.org, but it's a bit of a wonky system.
+#			"mango")
+#				cat "/var/local/mango/`whoami`" 2> /dev/null
+#				echo > "/var/local/mango/`whoami`" 2> /dev/null
+#				exit
+#				;;
+		        *)
+			        exec /usr/bin/git-shell -c "$SSH_ORIGINAL_COMMAND"
+				;;
+		esac
+	fi
+fi
+
+echo 'ERROR: must specify a command'
+exit 1
+