1 package Girocco
::Project
;
10 use Girocco
::ProjPerm
;
12 use base
('Girocco::ProjPerm::'.$Girocco::Config
::permission_control
); # mwahaha
15 our $metadata_fields = {
16 homepage
=> ['Homepage URL', 'hp', 'text'],
17 shortdesc
=> ['Short description', 'desc', 'text'],
18 README
=> ['README (HTML, lt 8kb)', 'README', 'textarea'],
19 notifymail
=> ['Commit notify - mail to', 'notifymail', 'text'],
20 notifyjson
=> ['Commit notify - <a href="http://help.github.com/post-receive-hooks/">POST JSON</a> at', 'notifyjson', 'text'],
21 notifycia
=> ['Commit notify - <a href="http://cia.vc/doc/">CIA project</a> name', 'notifycia', 'text'],
26 my @pelems = split('/', $self->{name
});
27 pop @pelems; # do not create dir for the project itself
28 my $path = $self->{base_path
};
29 foreach my $pelem (@pelems) {
31 (-d
"$path") or mkdir $path or die "mkdir $path: $!";
32 chmod 0775, $path; # ok if fails (dir may already exist and be owned by someone else)
39 desc
=> 'description',
40 README
=> 'README.html',
42 notifymail
=> '%hooks.mailinglist',
43 notifyjson
=> '%hooks.jsonurl',
44 notifycia
=> '%hooks.cianame',
48 system($Girocco::Config
::basedir
. '/gitweb/genindex.sh');
54 $self->{path
}.'/'.$name;
60 my $pname = $propmap{$name};
61 $pname or die "unknown property: $name";
62 if ($pname =~ s/^://) {
63 my $val = `git --git-dir="$self->{path}" config "gitweb.$pname"`;
66 } elsif ($pname =~ s/^%//) {
67 my $val = `git --git-dir="$self->{path}" config "$pname"`;
72 open P
, $self->_property_path($pname) or return undef;
75 my $value = join('', @value); chomp $value;
81 my ($name, $value) = @_;
82 my $pname = $propmap{$name};
83 $pname or die "unknown property: $name";
85 if ($pname =~ s/^://) {
86 system('git', '--git-dir='.$self->{path
}, 'config', "gitweb.$pname", $value);
88 } elsif ($pname =~ s/^%//) {
89 system('git', '--git-dir='.$self->{path
}, 'config', $pname, $value);
93 my $P = lock_file
($self->_property_path($pname));
94 $value ne '' and print $P "$value\n";
96 unlock_file
($self->_property_path($pname));
99 sub _properties_load
{
101 foreach my $prop (keys %propmap) {
102 $self->{$prop} = $self->_property_fget($prop);
106 sub _properties_save
{
108 foreach my $prop (keys %propmap) {
109 $self->_property_fput($prop, $self->{$prop});
115 $self->_property_path('.nofetch');
121 my $np = $self->_nofetch_path;
123 open X
, '>'.$np or die "nofetch failed: $!";
126 unlink $np or die "yesfetch failed: $!";
132 $self->_property_path('.clonelog');
135 sub _clonefail_path
{
137 $self->_property_path('.clone_failed');
142 $self->_property_path('.clone_in_progress');
148 my $np = $self->_clonep_path;
150 open X
, '>'.$np or die "clonep failed: $!";
153 unlink $np or die "clonef failed: $!";
156 sub _alternates_setup
{
158 return unless $self->{name
} =~ m
#/#;
159 my $forkee_name = get_forkee_name
($self->{name
});
160 my $forkee_path = get_forkee_path
($self->{name
});
161 return unless -d
$forkee_path;
162 mkdir $self->{path
}.'/refs'; chmod 02775, $self->{path
}.'/refs';
163 mkdir $self->{path
}.'/objects'; chmod 02775, $self->{path
}.'/objects';
164 mkdir $self->{path
}.'/objects/info'; chmod 02775, $self->{path
}.'/objects/info';
166 # We set up both alternates and http_alternates since we cannot use
167 # relative path in alternates - that doesn't work recursively.
169 my $filename = $self->{path
}.'/objects/info/alternates';
170 open X
, '>'.$filename or die "alternates failed: $!";
171 print X
"$forkee_path/objects\n";
173 chmod 0664, $filename or warn "cannot chmod $filename: $!";
175 if ($Girocco::Config
::httppullurl
) {
176 $filename = $self->{path
}.'/objects/info/http-alternates';
177 open X
, '>'.$filename or die "http-alternates failed: $!";
178 my $upfork = $forkee_name;
179 do { print X
"$Girocco::Config::httppullurl/$upfork.git/objects\n"; } while ($upfork =~ s
#/?.+?$## and $upfork); #
181 chmod 0664, $filename or warn "cannot chmod $filename: $!";
184 # The symlink is problematic since git remote prune will traverse it.
185 #symlink "$forkee_path/refs", $self->{path}.'/refs/forkee';
187 # copy refs from parent project
188 # ownership information is changed by a root cronjob
189 system("cp -pR $forkee_path/refs $self->{path}/");
190 # initialize HEAD, hacky version
191 system("cp $forkee_path/HEAD $self->{path}/HEAD");
196 mkdir $self->{path
}.'/ctags'; chmod 01777, $self->{path
}.'/ctags';
202 $xtra .= join(',', @
{$self->{users
}});
203 filedb_atomic_append
(jailed_file
('/etc/group'),
204 join(':', $self->{name
}, $self->{crypt}, '\i', $xtra));
209 my $xtra = join(',', @
{$self->{users
}});
210 filedb_atomic_edit
(jailed_file
('/etc/group'),
214 if ($self->{name
} eq (split /:/)[0]) {
215 # preserve readonly flag
216 s/::([^:]*)$/:$1/ and $xtra = ":$xtra";
217 return join(':', $self->{name
}, $self->{crypt}, $self->{gid
}, $xtra)."\n";
227 filedb_atomic_edit
(jailed_file
('/etc/group'),
229 $self->{name
} ne (split /:/)[0] and return $_;
237 $self->{path
}.'/hooks/'.$name;
243 open SRC
, "$Girocco::Config::basedir/hooks/$name" or die "cannot open hook $name: $!";
244 open DST
, '>'.$self->_hook_path($name) or die "cannot open hook $name for writing: $!";
245 while (<SRC
>) { print DST
$_; }
248 chmod 0775, $self->_hook_path($name) or die "cannot chmod hook $name: $!";
253 foreach my $hook ('post-receive', 'update', 'post-update') {
254 $self->_hook_install($hook);
258 # private constructor, do not use
261 my ($name, $base_path, $path) = @_;
262 valid_name
($name) or die "refusing to create project with invalid name ($name)!";
263 $path ||= "$base_path/$name.git";
264 my $proj = { name
=> $name, base_path
=> $base_path, path
=> $path };
269 # public constructor #0
270 # creates a virtual project not connected to disk image
271 # you can conjure() it later to disk
274 my ($name, $mirror) = @_;
275 my $self = $class->_new($name, $Girocco::Config
::reporoot
);
277 $self->{mirror
} = $mirror;
278 $self->{email
} = $self->{orig_email
} = '';
282 # public constructor #1
287 open F
, jailed_file
("/etc/group") or die "project load failed: $!";
291 next unless (shift eq $name);
293 my $self = $class->_new($name, $Girocco::Config
::reporoot
);
294 (-d
$self->{path
}) or die "invalid path (".$self->{path
}.") for project ".$self->{name
};
297 ($self->{crypt}, $self->{gid
}, $ulist) = @_;
299 $self->{users
} = [split /,/, $ulist];
300 $self->{HEAD
} = $self->get_HEAD;
301 $self->{orig_HEAD
} = $self->{HEAD
};
302 $self->{orig_users
} = [@
{$self->{users
}}];
303 $self->{mirror
} = ! -e
$self->_nofetch_path;
304 $self->{clone_in_progress
} = -e
$self->_clonep_path;
305 $self->{clone_logged
} = -e
$self->_clonelog_path;
306 $self->{clone_failed
} = -e
$self->_clonefail_path;
307 $self->{ccrypt
} = $self->{crypt};
309 $self->_properties_load;
310 $self->{orig_email
} = $self->{email
};
317 # $proj may not be in sane state if this returns false!
321 my $cgi = $gcgi->cgi;
323 my ($pwd, $pwd2) = ($cgi->param('pwd'), $cgi->param('pwd2'));
324 $pwd ||= ''; $pwd2 ||= ''; # in case passwords are disabled
325 if ($pwd or not $self->{crypt}) {
326 $self->{crypt} = scrypt
($pwd);
329 if ($pwd2 and $pwd ne $pwd2) {
330 $gcgi->err("Our high-paid security consultants have determined that the admin passwords you have entered do not match each other.");
333 $self->{cpwd
} = $cgi->param('cpwd');
335 if ($Girocco::Config
::project_owners
eq 'email') {
336 $self->{email
} = $gcgi->wparam('email');
337 valid_email
($self->{email
})
338 or $gcgi->err("Your email sure looks weird...?");
341 $self->{url
} = $gcgi->wparam('url');
343 valid_repo_url
($self->{url
})
344 or $gcgi->err("Invalid URL. Note that only HTTP and Git protocol is supported. If the URL contains funny characters, contact me.");
347 $self->{desc
} = $gcgi->wparam('desc');
348 length($self->{desc
}) <= 1024
349 or $gcgi->err("<b>Short</b> description length > 1kb!");
351 $self->{README
} = $gcgi->wparam('README');
352 length($self->{README
}) <= 8192
353 or $gcgi->err("README length > 8kb!");
355 $self->{hp
} = $gcgi->wparam('hp');
357 valid_web_url
($self->{hp
})
358 or $gcgi->err("Invalid homepage URL. Note that only HTTP protocol is supported. If the URL contains funny characters, contact me.");
361 $self->{users
} = [grep { Girocco
::User
::valid_name
($_) && Girocco
::User
::does_exist
($_) } $cgi->param('user')];
363 $self->{HEAD
} = $cgi->param('HEAD') if $cgi->param('HEAD');
365 # schedule deletion of tags (will be committed by update() after auth)
366 $self->{tags_to_delete
} = [$cgi->param('tags')];
368 $self->{notifymail
} = $gcgi->wparam('notifymail');
369 if ($self->{notifymail
}) {
370 (valid_email_multi
($self->{notifymail
}) and length($self->{notifymail
}) <= 512)
371 or $gcgi->err("Invalid notify e-mail address. Use mail,mail to specify multiple addresses; total length must not exceed 512 characters, however.");
374 $self->{notifyjson
} = $gcgi->wparam('notifyjson');
375 if ($self->{notifyjson
}) {
376 valid_web_url
($self->{notifyjson
})
377 or $gcgi->err("Invalid JSON notify URL. Note that only HTTP protocol is supported. If the URL contains funny characters, contact me.");
380 $self->{notifycia
} = $gcgi->wparam('notifycia');
381 if ($self->{notifycia
}) {
382 $self->{notifycia
} =~ /^[a-zA-Z0-9._-]+$/
383 or $gcgi->err("Overly suspicious CIA notify project name. If it is actually valid, contact me.");
386 not $gcgi->err_check;
392 name
=> $self->{name
},
393 email
=> $self->{email
},
395 desc
=> html_esc
($self->{desc
}),
396 README
=> html_esc
($self->{README
}),
398 users
=> $self->{users
},
399 notifymail
=> html_esc
($self->{notifymail
}),
400 notifyjson
=> html_esc
($self->{notifyjson
}),
401 notifycia
=> html_esc
($self->{notifycia
}),
409 $self->{ccrypt
} or die "Can't authenticate against a project with no password";
410 $self->{cpwd
} ||= '';
411 unless ($self->{ccrypt
} eq crypt($self->{cpwd
}, $self->{ccrypt
})) {
412 $gcgi->err("Your admin password does not match!");
422 $self->_mkdir_forkees;
424 mkdir($self->{path
}) or die "mkdir $self->{path} failed: $!";
425 if ($Girocco::Config
::owning_group
) {
426 my $gid = scalar(getgrnam($Girocco::Config
::owning_group
));
427 chown(-1, $gid, $self->{path
}) or die "chgrp $gid $self->{path} failed: $!";
428 chmod(02775, $self->{path
}) or die "chmod 2775 $self->{path} failed: $!";
430 chmod(02777, $self->{path
}) or die "chmod 2777 $self->{path} failed: $!";
432 system($Girocco::Config
::git_bin
, '--git-dir='.$self->{path
}, 'init', '--bare', '--shared='.$self->shared_mode()) == 0
433 or die "git init $self->{path} failed: $?";
434 system($Girocco::Config
::git_bin
, '--git-dir='.$self->{path
}, 'config', 'receive.denyNonFastforwards', 'false') == 0
435 or die "disabling receive.denyNonFastforwards failed: $?";
436 system($Girocco::Config
::git_bin
, '--git-dir='.$self->{path
}, 'config', 'gc.auto', '0') == 0
437 or die "disabling gc.auto failed: $?";
439 # /info must have right permissions even before the fixup job,
440 # and git init didn't do it for some reason.
441 if ($Girocco::Config
::owning_group
) {
442 chmod(02775, $self->{path
}."/info") or die "chmod 2775 $self->{path}/info failed: $!";
444 chmod(02777, $self->{path
}."/info") or die "chmod 2777 $self->{path}/info failed: $!";
447 $self->_properties_save;
448 $self->_alternates_setup;
450 $self->_group_remove;
451 $self->_group_add($pushers);
452 $self->_hooks_install;
453 #$self->perm_initialize;
454 $self->_update_index;
462 $self->perm_initialize;
470 $self->perm_initialize;
476 unlink ($self->_clonefail_path()); # Ignore EEXIST error
477 unlink ($self->_clonelog_path()); # Ignore EEXIST error
480 my $sock = IO
::Socket
::UNIX
->new($Girocco::Config
::chroot.'/etc/taskd.socket') or die "cannot connect to taskd.socket: $!";
481 $sock->print("clone ".$self->{name
}."\n");
482 # Just ignore reply, we are going to succeed anyway and the I/O
483 # would apparently get quite hairy.
492 $self->_properties_save;
493 $self->_group_update;
495 if (exists($self->{tags_to_delete
})) {
496 $self->delete_ctag($_) foreach(@
{$self->{tags_to_delete
}});
499 $self->set_HEAD($self->{HEAD
}) unless $self->{orig_HEAD
} eq $self->{HEAD
};
501 my @users_add = grep { $a = $_; not scalar grep { $a eq $_ } $self->{orig_users
} } $self->{users
};
502 my @users_del = grep { $a = $_; not scalar grep { $a eq $_ } $self->{users
} } $self->{orig_users
};
503 $self->perm_user_add($_, Girocco
::User
::resolve_uid
($_)) foreach (@users_add);
504 $self->perm_user_del($_, Girocco
::User
::resolve_uid
($_)) foreach (@users_del);
506 $self->_update_index if $self->{email
} ne $self->{orig_email
};
507 $self->{orig_email
} = $self->{email
};
512 sub update_password
{
516 $self->{crypt} = scrypt
($pwd);
517 $self->_group_update;
520 # You can explicitly do this just on a ghost() repository too.
524 if (-d
$self->{path
}) {
525 system('rm', '-rf', $self->{path
}) == 0
526 or die "rm -rf $self->{path} failed: $?";
528 $self->_group_remove;
529 $self->_update_index;
535 return glob($Girocco::Config
::reporoot
.'/'.$self->{name
}.'/*');
542 # sanity check, disallow filenames starting with . .. or /
543 unlink($self->{path
}.'/ctags/'.$ctag) if($ctag !~ m
|^(\
.\
.?
)/|);
549 opendir(my $dh, $self->{path
}.'/ctags')
551 @ctags = grep { -f
"$self->{path}/ctags/$_" } readdir($dh);
559 open($fh, '-|', "$Girocco::Config::git_bin --git-dir=$self->{path} show-ref --heads") or die "could not get list of heads";
563 next if !m
#^[0-9a-f]{40}\s+refs/heads/(.+)$ #x;
572 my $HEAD = `$Girocco::Config::git_bin --git-dir=$self->{path} symbolic-ref HEAD`;
574 die "could not get HEAD" if ($HEAD !~ m{^refs/heads/(.+)$});
581 # Cursory checks only -- if you want to break your HEAD, be my guest
582 if ($newHEAD =~ /^\/|['<>]|\.\.|\/$/) {
583 die "grossly invalid new HEAD: $newHEAD";
585 system($Girocco::Config::git_bin, "--git-dir=$self->{path}", 'symbolic
-ref', 'HEAD
', "refs/heads/$newHEAD");
586 die "could not set HEAD" if ($? >> 8);
591 sub get_forkee_name {
593 (m#^(.*)/.*?$#)[0]; #
595 sub get_forkee_path {
596 my $forkee = $Girocco::Config::reporoot.'/'.get_forkee_name($_[0]).'.git
';
597 -d $forkee ? $forkee : '';
602 (not m#/# or -d get_forkee_path($_)) # will also catch ^/
605 and m#^[a-zA-Z0-9+./_-]+$#;
610 valid_name($name) or die "tried to query for project with invalid name $name!";
611 (-d $Girocco::Config::reporoot."/$name.git");
618 open F, jailed_file("/etc/group") or die "getting project list failed: $!";
622 next if ($_[2] < 65536);
624 push @projects, $_[0];