1 package Girocco
::Project
;
10 use Girocco
::HashUtil
;
11 use Girocco
::ProjPerm
;
13 use base
('Girocco::ProjPerm::'.$Girocco::Config
::permission_control
); # mwahaha
28 require Digest
::SHA
::PurePerl
;
29 Digest
::SHA
::PurePerl
->import(
32 die "One of Digest::SHA or Digest::SHA1 or Digest::SHA::PurePerl "
33 . "must be available\n";
36 our $metadata_fields = {
37 homepage
=> ['Homepage URL', 'hp', 'text'],
38 shortdesc
=> ['Short description', 'desc', 'text'],
39 README
=> ['README (HTML, lt 8kb)', 'README', 'textarea'],
40 notifymail
=> ['Commit notify - mail to', 'notifymail', 'text'],
41 notifyjson
=> ['Commit notify - <a href="http://help.github.com/post-receive-hooks/">POST JSON</a> at', 'notifyjson', 'text'],
42 notifycia
=> ['Commit notify - <a href="http://cia.vc/doc/">CIA project</a> name', 'notifycia', 'text'],
47 my @pelems = split('/', $self->{name
});
48 pop @pelems; # do not create dir for the project itself
49 my $path = $self->{base_path
};
50 foreach my $pelem (@pelems) {
52 (-d
"$path") or mkdir $path or die "mkdir $path: $!";
53 chmod 02775, $path; # ok if fails (dir may already exist and be owned by someone else)
57 # With a leading ':' get from config replacing ':' with 'gitweb.'
58 # With a leading '%' get from config after removing '%'
59 # Otherwise it's a file name to be loaded
60 # %propmapro entries are loaded but never written
65 desc
=> 'description',
66 README
=> 'README.html',
68 notifymail
=> '%hooks.mailinglist',
69 notifytag
=> '%hooks.announcelist',
70 notifyjson
=> '%hooks.jsonurl',
71 notifycia
=> '%hooks.cianame',
75 lastchange
=> ':lastchange',
76 lastactivity
=> 'info/lastactivity',
77 creationtime
=> '%girocco.creationtime',
78 origurl
=> ':baseurl',
81 # Projects with any of these names will be disallowed to avoid possible
82 # collisions with cgi script paths or chroot paths
83 our %reservedprojectnames = (
84 b
=> 1, # /b/ -> bundle.cgi
86 h
=> 1, # /h/ -> html.cgi
87 r
=> 1, # /r/ -> git http
88 w
=> 1, # /w/ -> gitweb
89 srv
=> 1, # /srv/git/ -> chroot ssh git repositories
93 system($Girocco::Config
::basedir
. '/gitweb/genindex.sh');
99 $self->{path
}.'/'.$name;
105 my $pname = $propmap{$name};
106 $pname = $propmapro{$name} unless $pname;
107 $pname or die "unknown property: $name";
108 if ($pname =~ s/^://) {
109 my $val = `"$Girocco::Config::git_bin" --git-dir="$self->{path}" config "gitweb.$pname"`;
112 } elsif ($pname =~ s/^%//) {
113 my $val = `"$Girocco::Config::git_bin" --git-dir="$self->{path}" config "$pname"`;
118 open P
, '<', $self->_property_path($pname) or return undef;
121 my $value = join('', @value); chomp $value;
127 my ($name, $value) = @_;
128 my $pname = $propmap{$name};
129 $pname or die "unknown property: $name";
131 if ($pname =~ s/^://) {
132 system($Girocco::Config
::git_bin
, '--git-dir='.$self->{path
}, 'config', "gitweb.$pname", $value);
134 } elsif ($pname =~ s/^%//) {
135 system($Girocco::Config
::git_bin
, '--git-dir='.$self->{path
}, 'config', $pname, $value);
139 my $P = lock_file
($self->_property_path($pname));
140 $value ne '' and print $P "$value\n";
142 unlock_file
($self->_property_path($pname));
145 sub _properties_load
{
147 foreach my $prop (keys %propmap) {
148 $self->{$prop} = $self->_property_fget($prop);
150 foreach my $prop (keys %propmapro) {
151 $self->{$prop} = $self->_property_fget($prop);
153 my $val = `"$Girocco::Config::git_bin" --git-dir="$self->{path}" config --bool "gitweb.statusupdates" 2>/dev/null`;
155 $val = ($val eq 'false') ?
0 : 1;
156 $self->{statusupdates
} = $val;
157 delete $self->{auth
};
158 $val = `"$Girocco::Config::git_bin" --git-dir="$self->{path}" config "gitweb.repoauth"`;
160 if ($val =~ /^# ([A-Z]+)AUTH ([0-9a-f]+) (\d+)/) {
162 if (time < $expire) {
163 $self->{authtype
} = $1;
169 sub _properties_save
{
171 foreach my $prop (keys %propmap) {
172 $self->_property_fput($prop, $self->{$prop});
174 $self->{statusupdates
} = 1
175 unless defined($self->{statusupdates
}) && $self->{statusupdates
} =~ /^\d+$/;
176 system($Girocco::Config
::git_bin
, '--git-dir='.$self->{path
}, 'config', '--bool',
177 "gitweb.statusupdates", $self->{statusupdates
});
178 if (defined($self->{origurl
}) && defined($self->{url
}) &&
179 $self->{origurl
} ne $self->{url
} && -e
$self->_property_path(".banged")) {
180 if (open(X
, '>', $self->_property_path(".bangagain"))) {
182 chmod(0664, $self->_property_path(".bangagain"));
189 $self->_property_path('.nofetch');
195 my $nf = $self->_nofetch_path;
197 open X
, '>', $nf or die "nofetch failed: $!";
200 unlink $nf or die "yesfetch failed: $!";
206 $self->_property_path('.clonelog');
209 sub _clonefail_path
{
211 $self->_property_path('.clone_failed');
216 $self->_property_path('.clone_in_progress');
222 my $np = $self->_clonep_path;
224 open X
, '>', $np or die "clonep failed: $!";
227 unlink $np or die "clonef failed: $!";
230 sub _alternates_setup
{
232 return unless $self->{name
} =~ m
#/#;
233 my $forkee_name = get_forkee_name
($self->{name
});
234 my $forkee_path = get_forkee_path
($self->{name
});
235 return unless -d
$forkee_path;
236 mkdir $self->{path
}.'/refs'; chmod 02775, $self->{path
}.'/refs';
237 mkdir $self->{path
}.'/objects'; chmod 02775, $self->{path
}.'/objects';
238 mkdir $self->{path
}.'/objects/info'; chmod 02775, $self->{path
}.'/objects/info';
240 # We set up both alternates and http_alternates since we cannot use
241 # relative path in alternates - that doesn't work recursively.
243 my $filename = $self->{path
}.'/objects/info/alternates';
244 open X
, '>', $filename or die "alternates failed: $!";
245 print X
"$forkee_path/objects\n";
247 chmod 0664, $filename or warn "cannot chmod $filename: $!";
249 if ($Girocco::Config
::httppullurl
) {
250 $filename = $self->{path
}.'/objects/info/http-alternates';
251 open X
, '>', $filename or die "http-alternates failed: $!";
252 my $upfork = $forkee_name;
253 do { print X
"$Girocco::Config::httppullurl/$upfork.git/objects\n"; } while ($upfork =~ s
#/?.+?$## and $upfork); #
255 chmod 0664, $filename or warn "cannot chmod $filename: $!";
258 # The symlink is problematic since git remote prune will traverse it.
259 #symlink "$forkee_path/refs", $self->{path}.'/refs/forkee';
261 # copy refs from parent project
262 # ownership information is changed by a root cronjob
263 system("cp -pR $forkee_path/refs $self->{path}/");
264 # initialize HEAD, hacky version
265 system("cp $forkee_path/HEAD $self->{path}/HEAD");
270 my $perms = $Girocco::Config
::permission_control
eq 'Hooks' ?
02777 : 02775;
271 mkdir $self->{path
}.'/ctags'; chmod $perms, $self->{path
}.'/ctags';
277 $xtra .= join(',', @
{$self->{users
}});
278 filedb_atomic_append
(jailed_file
('/etc/group'),
279 join(':', $self->{name
}, $self->{crypt}, '\i', $xtra));
284 my $xtra = join(',', @
{$self->{users
}});
285 filedb_atomic_edit
(jailed_file
('/etc/group'),
289 if ($self->{name
} eq (split /:/)[0]) {
290 # preserve readonly flag
291 s/::([^:]*)$/:$1/ and $xtra = ":$xtra";
292 return join(':', $self->{name
}, $self->{crypt}, $self->{gid
}, $xtra)."\n";
302 filedb_atomic_edit
(jailed_file
('/etc/group'),
304 $self->{name
} ne (split /:/)[0] and return $_;
312 $self->{path
}.'/hooks/'.$name;
318 open SRC
, '<', "$Girocco::Config::basedir/hooks/$name" or die "cannot open hook $name: $!";
319 open DST
, '>', $self->_hook_path($name) or die "cannot open hook $name for writing: $!";
320 while (<SRC
>) { print DST
$_; }
323 chmod 0775, $self->_hook_path($name) or die "cannot chmod hook $name: $!";
328 foreach my $hook ('pre-receive', 'post-receive', 'update', 'post-update') {
329 $self->_hook_install($hook);
333 # private constructor, do not use
336 my ($name, $base_path, $path) = @_;
337 does_exist
($name,1) || valid_name
($name) or die "refusing to create project with invalid name ($name)!";
338 $path ||= "$base_path/$name.git";
339 my $proj = { name
=> $name, base_path
=> $base_path, path
=> $path };
344 # public constructor #0
345 # creates a virtual project not connected to disk image
346 # you can conjure() it later to disk
349 my ($name, $mirror) = @_;
350 my $self = $class->_new($name, $Girocco::Config
::reporoot
);
352 $self->{mirror
} = $mirror;
353 $self->{email
} = $self->{orig_email
} = '';
357 # public constructor #1
360 my $name = shift || '';
362 open F
, '<', jailed_file
("/etc/group") or die "project load failed: $!";
366 next unless (shift eq $name);
368 my $self = $class->_new($name, $Girocco::Config
::reporoot
);
369 (-d
$self->{path
}) or die "invalid path (".$self->{path
}.") for project ".$self->{name
};
372 ($self->{crypt}, $self->{gid
}, $ulist) = @_;
374 $self->{users
} = [split /,/, $ulist];
375 $self->{HEAD
} = $self->get_HEAD;
376 $self->{orig_HEAD
} = $self->{HEAD
};
377 $self->{orig_users
} = [@
{$self->{users
}}];
378 $self->{mirror
} = ! -e
$self->_nofetch_path;
379 $self->{clone_in_progress
} = -e
$self->_clonep_path;
380 $self->{clone_logged
} = -e
$self->_clonelog_path;
381 $self->{clone_failed
} = -e
$self->_clonefail_path;
382 $self->{ccrypt
} = $self->{crypt};
384 $self->_properties_load;
385 $self->{orig_email
} = $self->{email
};
386 $self->{loaded
} = 1; # indicates self was loaded from etc/group file
393 # $proj may not be in sane state if this returns false!
397 my $cgi = $gcgi->cgi;
399 my ($pwd, $pwd2) = ($cgi->param('pwd'), $cgi->param('pwd2'));
400 # in case passwords are disabled
401 defined($pwd) or $pwd = ''; defined($pwd2) or $pwd = '';
402 if ($Girocco::Config
::project_passwords
and not $self->{crypt} and $pwd eq '' and $pwd2 eq '') {
403 $gcgi->err("Empty passwords are not permitted.");
405 if ($pwd ne '' or not $self->{crypt}) {
406 $self->{crypt} = scrypt_sha1
($pwd);
408 if (($pwd ne '' || $pwd2 ne '') and $pwd ne $pwd2) {
409 $gcgi->err("Our high-paid security consultants have determined that the admin passwords you have entered do not match each other.");
412 $self->{cpwd
} = $cgi->param('cpwd');
414 my ($forkee,$project) = ($self->{name
} =~ m
#^(.*/)?([^/]+)$#);
415 my $newtype = $forkee ?
'fork' : 'project';
416 length($project) <= 64
417 or $gcgi->err("The $newtype name is longer than 64 characters. Do you really need that much?");
419 if ($Girocco::Config
::project_owners
eq 'email') {
420 $self->{email
} = $gcgi->wparam('email');
421 valid_email
($self->{email
})
422 or $gcgi->err("Your email sure looks weird...?");
423 length($self->{email
}) <= 96
424 or $gcgi->err("Your email is longer than 96 characters. Do you really need that much?");
427 $self->{url
} = $gcgi->wparam('url');
429 valid_repo_url
($self->{url
})
430 or $gcgi->err("Invalid URL. Note that only HTTP and Git protocols are supported. If the URL contains funny characters, contact me.");
431 if ($Girocco::Config
::restrict_mirror_hosts
) {
432 my $mh = extract_url_hostname
($self->{url
});
434 or $gcgi->err("Invalid URL. Note that only DNS names are allowed, not IP addresses.");
435 !is_our_hostname
($mh)
436 or $gcgi->err("Invalid URL. Mirrors from this host are not allowed, please create a fork instead.");
440 $self->{desc
} = $gcgi->wparam('desc');
441 length($self->{desc
}) <= 1024
442 or $gcgi->err("<b>Short</b> description length > 1kb!");
444 $self->{README
} = $gcgi->wparam('README');
445 length($self->{README
}) <= 8192
446 or $gcgi->err("README length > 8kb!");
448 $self->{hp
} = $gcgi->wparam('hp');
450 valid_web_url
($self->{hp
})
451 or $gcgi->err("Invalid homepage URL. Note that only HTTP protocol is supported. If the URL contains funny characters, contact me.");
454 $self->{users
} = [grep { Girocco
::User
::valid_name
($_) && Girocco
::User
::does_exist
($_) } $cgi->param('user')];
456 $self->{HEAD
} = $cgi->param('HEAD') if $cgi->param('HEAD');
458 # schedule deletion of tags (will be committed by update() after auth)
459 $self->{tags_to_delete
} = [$cgi->param('tags')];
461 $self->{notifymail
} = $gcgi->wparam('notifymail');
462 if ($self->{notifymail
}) {
463 (valid_email_multi
($self->{notifymail
}) and length($self->{notifymail
}) <= 512)
464 or $gcgi->err("Invalid notify e-mail address. Use mail,mail to specify multiple addresses; total length must not exceed 512 characters, however.");
467 $self->{notifyjson
} = $gcgi->wparam('notifyjson');
468 if ($self->{notifyjson
}) {
469 valid_web_url
($self->{notifyjson
})
470 or $gcgi->err("Invalid JSON notify URL. Note that only HTTP protocol is supported. If the URL contains funny characters, contact me.");
473 $self->{notifycia
} = $gcgi->wparam('notifycia');
474 if ($self->{notifycia
}) {
475 $self->{notifycia
} =~ /^[a-zA-Z0-9._-]+$/
476 or $gcgi->err("Overly suspicious CIA notify project name. If it is actually valid, contact me.");
479 if ($cgi->param('setstatusupdates')) {
480 my $val = $gcgi->wparam('statusupdates') || '0';
481 $self->{statusupdates
} = $val ?
1 : 0;
484 not $gcgi->err_check;
490 name
=> $self->{name
},
491 email
=> $self->{email
},
493 desc
=> html_esc
($self->{desc
}),
494 README
=> html_esc
($self->{README
}),
496 users
=> $self->{users
},
497 notifymail
=> html_esc
($self->{notifymail
}),
498 notifyjson
=> html_esc
($self->{notifyjson
}),
499 notifycia
=> html_esc
($self->{notifycia
}),
503 # return true if $enc_passwd is a match for $plain_passwd
504 my $_check_passwd_match = sub {
505 my $enc_passwd = shift;
506 my $plain_passwd = shift;
507 defined($enc_passwd) or $enc_passwd = '';
508 defined($plain_passwd) or $plain_passwd = '';
509 # $enc_passwd may be crypt or crypt_sha1
510 if ($enc_passwd =~ m
(^\
$sha1\
$(\d
+)\
$([./0-9A-Za-z]{1,64})\$[./0-9A
-Za
-z
]{28}$)) {
511 # It's using sha1-crypt
512 return $enc_passwd eq crypt_sha1
($plain_passwd, $2, -(0+$1));
515 return $enc_passwd eq crypt($plain_passwd, $enc_passwd);
523 $self->{ccrypt
} or die "Can't authenticate against a project with no password";
524 defined($self->{cpwd
}) or $self->{cpwd
} = '';
525 unless ($_check_passwd_match->($self->{ccrypt
}, $self->{cpwd
})) {
526 $gcgi->err("Your admin password does not match!");
532 # return true if the password from the file is empty or consists of all the same
533 # character. However, if the project was NOT loaded from the group file
534 # (!self->{loaded}) then the password is never locked.
535 # This function does NOT check $Girocco::Config::project_passwords, the caller
536 # is responsible for doing so if desired. Same for $self->{email}.
537 sub is_password_locked
{
540 $self->{loaded
} or return 0;
541 my $testcrypt = $self->{ccrypt
}; # The value from the group file
542 defined($testcrypt) or $testcrypt = '';
543 $testcrypt ne '' or return 1; # No password at all
544 $testcrypt =~ /^(.)\1*$/ and return 1; # Bogus crypt value
545 return 0; # Not locked
549 use POSIX
qw(strftime);
553 $self->_mkdir_forkees;
555 mkdir($self->{path
}) or die "mkdir $self->{path} failed: $!";
556 if ($Girocco::Config
::owning_group
) {
557 my $gid = scalar(getgrnam($Girocco::Config
::owning_group
));
558 chown(-1, $gid, $self->{path
}) or die "chgrp $gid $self->{path} failed: $!";
559 chmod(02775, $self->{path
}) or die "chmod 02775 $self->{path} failed: $!";
561 chmod(02777, $self->{path
}) or die "chmod 02777 $self->{path} failed: $!";
563 system($Girocco::Config
::git_bin
, '--git-dir='.$self->{path
}, 'init', '--bare', '--shared='.$self->shared_mode()) == 0
564 or die "git init $self->{path} failed: $?";
565 system($Girocco::Config
::git_bin
, '--git-dir='.$self->{path
}, 'config', 'receive.denyNonFastforwards', 'false') == 0
566 or die "disabling receive.denyNonFastforwards failed: $?";
567 system($Girocco::Config
::git_bin
, '--git-dir='.$self->{path
}, 'config', 'gc.auto', '0') == 0
568 or die "disabling gc.auto failed: $?";
569 my ($S,$M,$H,$d,$m,$y) = gmtime(time());
570 $self->{creationtime
} = strftime
("%Y-%m-%dT%H:%M:%SZ", $S, $M, $H, $d, $m, $y, -1, -1, -1);
571 system($Girocco::Config
::git_bin
, '--git-dir='.$self->{path
}, 'config', 'girocco.creationtime', $self->{creationtime
}) == 0
572 or die "setting girocco.creationtime failed: $?";
573 system($Girocco::Config
::git_bin
, '--git-dir='.$self->{path
}, 'config', 'repack.writebitmaps', 'true') == 0
574 or die "enabling repack.writebitmaps failed: $?";
576 # /info must have right permissions,
577 # and git init didn't do it for some reason.
578 if ($Girocco::Config
::owning_group
) {
579 chmod(02775, $self->{path
}."/info") or die "chmod 02775 $self->{path}/info failed: $!";
581 chmod(02777, $self->{path
}."/info") or die "chmod 02777 $self->{path}/info failed: $!";
584 $self->_properties_save;
585 $self->_alternates_setup;
587 $self->_group_remove;
588 $self->_group_add($pushers);
589 $self->_hooks_install;
590 #$self->perm_initialize;
591 $self->_update_index;
599 $self->perm_initialize;
607 if ($Girocco::Config
::mob
&& $Girocco::Config
::mob
eq "mob") {
608 system("$Girocco::Config::basedir/bin/create-personal-mob-area", $self->{name
}) == 0
609 or die "create-personal-mob-area $self->{name} failed";
611 $self->perm_initialize;
617 unlink ($self->_clonefail_path()); # Ignore EEXIST error
618 unlink ($self->_clonelog_path()); # Ignore EEXIST error
621 my $sock = IO
::Socket
::UNIX
->new($Girocco::Config
::chroot.'/etc/taskd.socket') or die "cannot connect to taskd.socket: $!";
622 $sock->print("clone ".$self->{name
}."\n");
623 # Just ignore reply, we are going to succeed anyway and the I/O
624 # would apparently get quite hairy.
633 $self->_properties_save;
634 $self->_group_update;
636 if (exists($self->{tags_to_delete
})) {
637 $self->delete_ctag($_) foreach(@
{$self->{tags_to_delete
}});
640 $self->set_HEAD($self->{HEAD
}) unless $self->{orig_HEAD
} eq $self->{HEAD
};
642 my @users_add = grep { $a = $_; not scalar grep { $a eq $_ } $self->{orig_users
} } $self->{users
};
643 my @users_del = grep { $a = $_; not scalar grep { $a eq $_ } $self->{users
} } $self->{orig_users
};
644 $self->perm_user_add($_, Girocco
::User
::resolve_uid
($_)) foreach (@users_add);
645 $self->perm_user_del($_, Girocco
::User
::resolve_uid
($_)) foreach (@users_del);
647 $self->_update_index if $self->{email
} ne $self->{orig_email
};
648 $self->{orig_email
} = $self->{email
};
653 sub update_password
{
657 $self->{crypt} = scrypt_sha1
($pwd);
658 $self->_group_update;
661 # You can explicitly do this just on a ghost() repository too.
665 if (-d
$self->{path
}) {
666 system('rm', '-rf', $self->{path
}) == 0
667 or die "rm -rf $self->{path} failed: $?";
669 # attempt to clean up any empty fork directories by removing them
670 my @pelems = split('/', $self->{name
});
671 while (@pelems > 1) {
674 rmdir join('/', $Girocco::Config
::reporoot
, @pelems) or last;
676 $self->_group_remove;
677 $self->_update_index;
680 sub _contains_files
{
682 (-d
$dir) or return 0;
683 opendir(my $dh, $dir) or die "opendir $dir failed: $!";
684 while (my $entry = readdir($dh)) {
685 next if $entry eq '' || $entry eq '.' || $entry eq '..';
686 closedir($dh), return 1
687 if -f
"$dir/$entry" ||
688 -d
"$dir/$entry" && _contains_files
("$dir/$entry");
697 return _contains_files
($Girocco::Config
::reporoot
.'/'.$self->{name
});
701 # A project is considered empty if the git repository does not
702 # have any refs. This means packed-refs does not exist or is
703 # empty or only has lines starting with '#' AND there are no
704 # files in the refs subdirectory hierarchy (no matter how deep).
708 (-d
$self->{path
}) or return 0;
709 if (-e
$self->{path
}.'/packed-refs') {
710 open(my $pr, '<', $self->{path
}.'/packed-refs')
711 or die "open $self->{path}./packed-refs failed: $!";
713 while (my $ref = <$pr>) {
714 next if $ref =~ /^#/;
719 return 0 if $foundref;
721 (-d
$self->{path
}.'/refs') or return 1;
722 return !_contains_files
($self->{path
}.'/refs');
729 # sanity check, disallow filenames starting with . .. or /
730 unlink($self->{path
}.'/ctags/'.$ctag) if($ctag !~ m
|^(\
.\
.?
)/|);
736 opendir(my $dh, $self->{path
}.'/ctags')
738 @ctags = grep { -f
"$self->{path}/ctags/$_" } readdir($dh);
746 open($fh, '-|', "$Girocco::Config::git_bin --git-dir=$self->{path} show-ref --heads") or die "could not get list of heads";
750 next if !m
#^[0-9a-f]{40}\s+refs/heads/(.+)$ #x;
759 my $HEAD = `$Girocco::Config::git_bin --git-dir=$self->{path} symbolic-ref HEAD`;
761 die "could not get HEAD" if ($HEAD !~ m{^refs/heads/(.+)$});
768 # Cursory checks only -- if you want to break your HEAD, be my guest
769 if ($newHEAD =~ /^\/|['<>]|\.\.|\/$/) {
770 die "grossly invalid new HEAD: $newHEAD";
772 system($Girocco::Config::git_bin, "--git-dir=$self->{path}", 'symbolic
-ref', 'HEAD
', "refs/heads/$newHEAD");
773 die "could not set HEAD" if ($? >> 8);
774 ! -d "$self->{path}/mob" || $Girocco::Config::mob ne 'mob
'
775 or system('cp
', '-p
', '-f
', "$self->{path}/HEAD", "$self->{path}/mob/HEAD") == 0;
781 $type = 'REPO
' unless $type && $type =~ /^[A-Z]+$/;
783 $self->{authtype} = $type;
786 $self->{auth} = sha1_hex(time . $$ . rand() . join(':',%$self));
788 my $expire = time + 24 * 3600;
789 my $propval = "# ${type}AUTH $self->{auth} $expire";
790 system($Girocco::Config::git_bin, '--git
-dir
='.$self->{path}, 'config
', 'gitweb
.repoauth
', $propval);
797 delete $self->{auth};
798 delete $self->{authtype};
799 system($Girocco::Config::git_bin, '--git
-dir
='.$self->{path}, 'config
', '--unset
', 'gitweb
.repoauth
');
806 my $before_count = @{$self->{users}};
807 $self->{users} = [grep { $_ ne $username } @{$self->{users}}];
808 return @{$self->{users}} != $before_count;
813 sub get_forkee_name {
815 (m#^(.*)/.*?$#)[0]; #
818 sub get_forkee_path {
819 no warnings; # avoid silly 'unsuccessful
stat on filename with
\n' warning
820 my $forkee = $Girocco::Config::reporoot.'/'.get_forkee_name($_[0]).'.git
';
821 -d $forkee ? $forkee : '';
824 # Ultimately the full project/fork name could end up being part of a Git ref name
825 # when a project's forks are combined into one giant repository
for efficiency
.
826 # That means that the project/fork name must satisfy the Git ref name requirements:
828 # 1. Characters with an ASCII value less than or equal to 32 are not allowed
829 # 2. The character with an ASCII value of 0x7F is not allowed
830 # 3. The characters '~', '^', ':', '\', '*', '?', and '[' are not allowed
831 # 4. The character '/' is a separator and is not allowed within a name
832 # 5. The name may not start with '.' or end with '.'
833 # 6. The name may not end with '.lock'
834 # 7. The name may not contain the '..' sequence
835 # 8. The name may not contain the '@{' sequence
836 # 9. If multiple components are used (separated by '/'), no empty '' components
838 # We also prohibit a trailing '.git' on any path component and futher restrict
839 # the allowed characters to alphanumeric and [+._-] where names must start with
842 # The rules are relaxed slightly for existing projects (for now) to accomodate them.
844 sub _valid_name_characters
{
850 and (not m
#/[+._-]# or $relaxed)
852 and (not m
#\.$# or $relaxed)
855 and (not m
#\.lock/#i)
856 and (not m
#\.lock$#i)
858 and m
#^[a-zA-Z0-9/+._-]+$#;
862 no warnings
; # avoid silly 'unsuccessful stat on filename with \n' warning
864 _valid_name_characters
($_) and not exists($reservedprojectnames{$_})
865 and @
{[m
#/#g]} <= 5 # maximum fork depth is 5
866 and ((not m
#/#) or -d get_forkee_path($_)); # will also catch ^/
869 # It's possible that some forks have been kept but the forkee is gone.
870 # In this case the standard valid_name check is too strict.
872 no warnings
; # avoid silly 'unsuccessful stat on filename with \n' warning
873 my ($name, $nodie) = @_;
875 _valid_name_characters
($name, 1)
876 and ((not $name =~ m
#/#)
877 or -d get_forkee_path
($name)
878 or -d
$Girocco::Config
::reporoot
.'/'.get_forkee_name
($name)));
879 (!$okay && $nodie) and return undef;
880 !$okay and die "tried to query for project with invalid name $name!";
881 (-d
$Girocco::Config
::reporoot
."/$name.git");
888 open F
, '<', jailed_file
("/etc/group") or die "getting project list failed: $!";
892 next if ($_[2] < 65536);
894 push @projects, $_[0];