From 9fb5ea9b83b989b4acbe63592984cb04633478a7 Mon Sep 17 00:00:00 2001 From: Lars Wirzenius Date: Sun, 6 Oct 2013 22:27:09 +0100 Subject: Add test for public repo creation --- git.liw.fi.sh | 15 ++++++++++++ git.liw.fi.yarn | 72 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ssh | 2 +- 3 files changed, 88 insertions(+), 1 deletion(-) diff --git a/git.liw.fi.sh b/git.liw.fi.sh index 653e6ec..304bfdb 100644 --- a/git.liw.fi.sh +++ b/git.liw.fi.sh @@ -79,3 +79,18 @@ user_del() return 1 fi } + + +# Remove a repository from the server. This is a two-step process. + +destroy_repo() +{ + if run_gitano_as "$1" destroy "$2" 2> "$DATADIR/temp" + then + secret=$(awk '{ s = $2 } END { print s }' "$DATADIR/temp") + run_gitano_as "$1" destroy "$2" "$secret" + else + cat "$DATADIR/temp" 1>&2 + return 1 + fi +} diff --git a/git.liw.fi.yarn b/git.liw.fi.yarn index 72714d7..c3b0dbb 100644 --- a/git.liw.fi.yarn +++ b/git.liw.fi.yarn @@ -61,6 +61,27 @@ A non-admin mustn't be able to create or remove users. FINALLY remove user tstusr on server AND remove user tstusr2 on server +Public repository creation, access, and removal +----------------------------------------------- + +The ruleset is meant to make all repositories public. + +Admin should be able to create a public repository. That repository +should then be accessible to both the admin and a non-admin via both +git and ssh protocols. Finally, the admin, but not a non-admin, should +be able to remove the repository. + + SCENARIO public repositories + ASSUMING no tstusr user exists on server + GIVEN an ssh key for tstusr + WHEN admin creates user tstusr + AND admin creates repository tstrepo + THEN admin can clone tstrepo using git + AND admin can clone tstrepo using ssh + AND tstusr can clone tstrepo using ssh + FINALLY remove repository tstrepo on server + AND remove user tstusr on server + Implementation sections ======================= @@ -173,3 +194,54 @@ Admin clean up user at end of scenario. then user_del admin "$MATCH_1" fi + +Repository creation +------------------- + +Repositories can only be created by the admin. + + IMPLEMENTS WHEN admin creates repository (\S+) + run_gitano_as admin create "$MATCH_1" + +Repository cloning +------------------ + +Repositories can be cloned using git or ssh protocols, and they +may be cloned by various users. We store the clone repositories +as `$DATADIR/$USER/$REPO`. If the same user clones the same +repository more than once, we only keep the last one. + +It doesn't matter who clones over git, since git is open to everyone. +So we only have a variant for admin, for simplicity. + + IMPLEMENTS THEN admin can clone (\S+) using git + localdir="$DATADIR/admin/$MATCH_1" + rm -rf "$localdir" + mkdir -p "$localdir" + git clone "git://$GITHOST/$MATCH_1" "$localdir" + +However, cloning over ssh is serious business, for ACL. The tricky bit +here is to get git to use the right ssh key. We do this by having +a ./ssh script that runs the real ssh, but adds a `-i` option to the +desired keyfile. But we only do that for non-admin users. + + IMPLEMENTS THEN (\S+) can clone (\S+) using ssh + localdir="$DATADIR/admin/$MATCH_2" + rm -rf "$localdir" + mkdir -p "$localdir" + url="ssh://$GITANO@$GITHOST/$MATCH_2" + if [ "$MATCH_1" = admin ] + then + git clone "$url" "$localdir" + else + KEYFILE="$DATADIR/$MATCH_1.key" \ + PATH="$SRCDIR:$PATH" git clone "$url" "$localdir" + fi + +Repository removal +------------------ + +At the end, we need to clean up repositories. + + IMPLEMENTS FINALLY remove repository (\S+) on server + destroy_repo admin "$MATCH_1" diff --git a/ssh b/ssh index bb1a275..0be8977 100755 --- a/ssh +++ b/ssh @@ -1,4 +1,4 @@ #!/bin/sh SSH_AUTH_SOCK= -exec /usr/bin/ssh -i "KEYFILE""$@" +exec /usr/bin/ssh -i "$KEYFILE" "$@" -- cgit v1.2.1