From b9150dc7a908c79145520461b3e026254131ca48 Mon Sep 17 00:00:00 2001
From: Petr Baudis
Warning: This is a mirrored repository, thus you cannot push into it. Changing the user set will have no practical effect.
\n"; +} elsif (not grep { $_ eq 'mob' } @{$h{users}}) { + print "(Please consider adding the mob user. [learn more])/em>
\n"; } foreach my $user (@{$h{users}}) { print "The mob account (the name a tribute to the paper +Mob Software: The Erotic Life of Code) +is.a way to enable anonymous push access for your project. +This is largely an experiment and may be scrapped in the future if +it will not get widespread use, but I think it's an interesting try. +The idea is to provide unmoderated side channel for random +contributors to work on a project, coming from the same place as +e.g. Wikipedia - that given enough interested people, the quality +will grow rapidly and occassional "vandalism" will get fixed quickly. +Of course this may not work nearly so well for software, but here +we are, to give it a try.
+ +How it works? First, you need to add the mob user to the
+list of users allowed to push in your project. mob is a
+keyless, passwordless user that anyone can use to push, without
+any special setup. But this does not mean that
+your project is not in the hands of raging mindless mob! The mob
+user has a special restriction: it can push only to an existing
+mob branch. This means that the second step you need to take
+is to create a mob branch in the repository (e.g.
+cg branch-add mob git+ssh://repo.or.cz/srv/git/project.git#mob
+ && cg-push mob
). Then the mob user
+will be able to push to that and only that branch, and it won't be
+able to push whatsoever until you take the second step.
To sum it up: Anonymous pushes are allowed only to the mob +branch and only if you add a mob user and do an initial +pushout of the mob branch.
+ +To clone the mob branch instead of the default master +branch, paste #mob to the URL passed to cg-clone.
+ +Note that you are taking a huge security risk on yourself + if you just blindly grab the mob branch and run it on your + system.
+ +Set up a remote branch to point at git+ssh://mob@repo.or.cz/srv/git/project.git#mob. +Then push there. Have fun and enjoy, you are making the history!
+ + + diff --git a/update-hook b/update-hook new file mode 100644 index 0000000..5fbe408 --- /dev/null +++ b/update-hook @@ -0,0 +1,21 @@ +#!/bin/sh +# +# Currently, we just confine the mob user to the mob branch here. +# +# TODO: CIA support. Mailing list notifications support. Generalized +# branches push permissions support. +# + +# mob user is 65538, that's hardcoded +if [ $EUID -eq 65538 ]; then + if [ x"$1" != x"refs/heads/mob" ]; then + echo "The mob user can push only to the 'mob' branch, sorry" >&2 + exit 1 + fi + if expr "$2" : '0*$' >/dev/null; then + echo "The mob user cannot _create_ the 'mob' branch, sorry" >&2 + exit 2 + fi +fi + +exit 0 -- 2.11.4.GIT