diff options
| author |   Robin H. Johnson <robbat2@gentoo.org> | 2024-01-19 22:41:55 -0800 |
|---|---|---|
| committer | Robin H. Johnson <robbat2@gentoo.org> | 2024-01-20 16:44:17 -0800 |
| commit | 1d97aa4c8425ec34bebe55cc19ee46080f27ef9a (patch) | |
| tree | 68c814c1ba8122a500124dcfcd760dfadb213e27 | |
| parent | test: pin ssh-keygen key type for tests (diff) | |
| download | gitolite-gentoo-1d97aa4c8425ec34bebe55cc19ee46080f27ef9a.tar.gz gitolite-gentoo-1d97aa4c8425ec34bebe55cc19ee46080f27ef9a.tar.bz2 gitolite-gentoo-1d97aa4c8425ec34bebe55cc19ee46080f27ef9a.zip | |
feat: GL_METADATA during non-repo commandsgitolite-gentoo-3.6.13
Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
| -rw-r--r-- | README.Gentoo | 29 | ||||
| -rwxr-xr-x | src/commands/sshkeys-lint | 3 | ||||
| -rwxr-xr-x | src/gitolite-shell | 7 | ||||
| -rw-r--r-- | src/lib/Gitolite/Conf/Load.pm | 68 | ||||
| -rw-r--r-- | src/lib/Gitolite/Rc.pm | 5 | ||||
| -rwxr-xr-x | src/triggers/post-compile/ssh-authkeys | 1 | ||||
| -rw-r--r-- | t/keys/admin.pub | 2 | ||||
| -rw-r--r-- | t/keys/u1.pub | 4 | ||||
| -rw-r--r-- | t/keys/u2.pub | 2 | ||||
| -rw-r--r-- | t/keys/u3.pub | 2 | ||||
| -rw-r--r-- | t/keys/u4.pub | 2 | ||||
| -rw-r--r-- | t/keys/u5.pub | 2 | ||||
| -rw-r--r-- | t/keys/u6.pub | 2 | ||||
| -rw-r--r-- | t/metadata.t | 141 | ||||
| -rwxr-xr-x | t/ssh-authkeys.t | 12 |
15 files changed, 253 insertions, 29 deletions
diff --git a/README.Gentoo b/README.Gentoo index 50d9c4b..517c381 100644 --- a/README.Gentoo +++ b/README.Gentoo @@ -8,30 +8,41 @@ Features: Additional metadata can be provided to be passed to the gitolite environment This can be useful if you want to pass additional metadata to the hooks, - for e.g. cia.vc or other services. - You can set a list of allow/parsed variables (GL_METADATA) and a list of - *required* variables (GL_METADATA_REQUIRED). + e.g. notification services, or extra validation. + + You can set: + - list of allow/parsed variables (GL_METADATA) + - list of *required* variables (GL_METADATA_REQUIRED). + - list of *appended* variables (GL_METADATA_APPENDED). Example: .gitolite.rc: %RC = ( ... - GL_METADATA => [ 'realname-ascii', 'cia-user' ], - GL_METADATA_REQUIRED => [ 'realname-ascii', 'cia-user' ], + GL_METADATA => [ 'realname-ascii', 'github-user', 'gpg-fpr' ], + GL_METADATA_REQUIRED => [ 'realname-ascii', 'gpg-fpr' ], + GL_METADATA_APPENDED => [ 'gpg-fpr' ], ... ) keydir/$user.pub: # realname-ascii: foo bar - # cia-user: foo + # github-user: foo + # gpg-fpr: 0123456789ABCDEF + # gpg-fpr: ABCDEF0123456789 ssh-rsa ... user@host - The hooks can then use $realname_ascii and $cia_user from the - environment. + The hooks can then use the variables from the environment, and they + should available as follows: + + realname_ascii='foo bar' + github_user='foo' + gpg_fpr='0123456789ABCDEF ABCDEF0123456789' + Each '-' (dash) will be replaced by an '_' (underscore). If you want other metadata or information from the .pub files, you - should look at the base Gitolite v3 documentation for "distinguishing + must look at the base Gitolite v3 documentation for "distinguishing one key from another" and enable the '--key-file-name' option to 'ssh-authkeys'. diff --git a/src/commands/sshkeys-lint b/src/commands/sshkeys-lint index b67e77d..ca23ce1 100755 --- a/src/commands/sshkeys-lint +++ b/src/commands/sshkeys-lint @@ -19,7 +19,8 @@ $|++; my $in_gl_section = 0; my $warnings = 0; -my $KEYTYPE_REGEX = qr/\b(?:ssh-(?:rsa|dss|ed25519)|ecdsa-sha2-nistp(?:256|384|521))\b/; +use Net::SSH::AuthorizedKey::SSH2; +our $KEYTYPE_REGEX = ${Net::SSH::AuthorizedKey::SSH2::KEYTYPE_REGEX}; sub msg { my $warning = shift; diff --git a/src/gitolite-shell b/src/gitolite-shell index e8efe3d..71d1a85 100755 --- a/src/gitolite-shell +++ b/src/gitolite-shell @@ -106,6 +106,11 @@ sub main { # set up the user my $user = $ENV{GL_USER} = shift @ARGV; + # set up the key file name (might be absent) + my $kfn = $ENV{GL_KFN} = shift @ARGV; + + # Load user data for the non-git commands + env_user_options($user, $kfn); # set up the repo and the attempted access my ( $verb, $repo ) = parse_soc(); # returns only for git commands @@ -114,7 +119,7 @@ sub main { my $aa = ( $verb =~ 'upload' ? 'R' : 'W' ); # set up env vars from options set for this repo - env_options($repo, $user); + env_options($repo, $user, $kfn); # auto-create? if ( repo_missing($repo) and access( $repo, $user, '^C', 'any' ) !~ /DENIED/ ) { diff --git a/src/lib/Gitolite/Conf/Load.pm b/src/lib/Gitolite/Conf/Load.pm index 8c89759..0744ee3 100644 --- a/src/lib/Gitolite/Conf/Load.pm +++ b/src/lib/Gitolite/Conf/Load.pm @@ -9,6 +9,7 @@ package Gitolite::Conf::Load; access git_config env_options + env_user_options option repo_missing @@ -227,6 +228,8 @@ sub env_options { my $cwd = getcwd(); my $repo = shift; + my $user = shift; + my $kfn = shift; map { delete $ENV{$_} } grep { /^GL_OPTION_/ } keys %ENV; my $h = git_config( $repo, '^gitolite-options.ENV\.' ); while ( my ( $k, $v ) = each %$h ) { @@ -238,26 +241,39 @@ sub env_options { # GL_ADMIN_BASE should also be absolute chdir($cwd); + env_user_options($user, $kfn); + +} + +sub env_user_options { + return unless -f "$rc{GL_ADMIN_BASE}/conf/gitolite.conf-compiled.pm"; + #$ENV{'GL_env_user_options'} = printf "%d", (int($ENV{'GL_env_user_options'} || '0') + 1); + # prevent catch-22 during initial install my $user = shift; + my $kfn = shift; + $kfn = undef if $kfn && $kfn eq ''; if($user) { my @pubkeys; # ssh-authkeys --key-file-name passes the actual pubkey file! - if(defined($ARGV[0])) { - my $f = $rc{GL_ADMIN_BASE}.'/'.$ARGV[0]; + if(defined($kfn)) { + my $f = $rc{GL_ADMIN_BASE}.'/'.$kfn; push @pubkeys, $f if -f $f; } - # This catches the base 'user.pub', 'user@host.pub', exact matches my $keydir = $rc{GL_ADMIN_BASE}.'/keydir/'; - if(-d $keydir) { + if(scalar(@pubkeys) == 0 && -d $keydir) { + # exact matches: base 'user.pub', 'user@host.pub' push @pubkeys, `find "$keydir" -type f -name "${user}.pub"`; - # this catches 'user@host@NN.pub' variant, for email-named users with multiple keys - push @pubkeys, `find "$keydir" -type f -name "${user}@*.pub"` if $user =~ m/@/; + # 'user@host@NN.pub' variant, for email-named users with multiple keys + push @pubkeys, `find "$keydir" -type f -name "${user}@*.pub"` if $user =~ m/@/ && $user !~ m/@.*@/; } chomp(@pubkeys); - return if $#pubkeys <= 0; + return if scalar(@pubkeys) <= 0; + + my %GL_METADATA; + foreach (@{$rc{'GL_METADATA'}}, @{$rc{'GL_METADATA_REQUIRED'}}, @{$rc{'GL_METADATA_APPENDED'}}) { + $GL_METADATA{$_} = ''; + } - # If they have multiple pubkeys, they SHOULD be the same, but we check - # anyway. foreach my $pubkey (@pubkeys) { my $pk_fh = _open('<', $pubkey); while(defined(my $line = <$pk_fh>)) { @@ -266,16 +282,36 @@ sub env_options { $line =~ s/^\s*#\s*//; my ($variable, $value) = split(/:\s*/, $line, 2); + chomp($value); + $value =~ s/^\s+|\s+$//; - if(grep(/^\Q${variable}\E$/, @{$rc{'GL_METADATA'}})) { + if(grep(/^\Q${variable}\E$/, keys %GL_METADATA)) { if(length($value) > 0) { - $variable =~ s/-/_/g; - _die "Metadata $variable has conflicted values: '$ENV{$variable}' vs '$value'" if(defined($ENV{$variable}) and $ENV{$variable} ne $value); - $ENV{$variable} = $value; - } - } - } + if(grep(/^\Q${variable}\E$/, @{$rc{'GL_METADATA_APPENDED'}})) { + # Metadata should appear 0+/1+ times. + $GL_METADATA{$variable} .= ' '.$value; # TODO: what should this seperator really be? + } else { + # Metadata should appear exactly once + if($GL_METADATA{$variable} ne '' && $GL_METADATA{$variable} ne $value) { + _die "Metadata $variable has conflicted values: '$GL_METADATA{$variable}' vs '$value';" + } + $GL_METADATA{$variable} = $value; + } + } # if(length($value) > 0) + } # variable in GL_METADATA + } # pk_fh close($pk_fh); + } # foreach pubkey + + # GL_METADATA -> ENV + foreach my $k0 (keys %GL_METADATA) { + my $k1 = $k0; + my $v = $GL_METADATA{$k0}; + $k1 =~ s/-/_/g; + chomp $v; + $v =~ s/^\s+|\s+$//; + delete $ENV{$k1}; + $ENV{$k1} = $v if length($v) > 0; } } } diff --git a/src/lib/Gitolite/Rc.pm b/src/lib/Gitolite/Rc.pm index 87387d3..fa65a3f 100644 --- a/src/lib/Gitolite/Rc.pm +++ b/src/lib/Gitolite/Rc.pm @@ -308,7 +308,10 @@ sub trigger { # name, so setup env from options require Gitolite::Conf::Load; Gitolite::Conf::Load->import('env_options'); - if($_[0] && $_[1]) { + if($_[0] && $_[1] && $_[2]) { + env_options($_[0], $_[1], $_[2]); + } + elsif($_[0] && $_[1]) { env_options($_[0], $_[1]); } elsif($_[0]) { diff --git a/src/triggers/post-compile/ssh-authkeys b/src/triggers/post-compile/ssh-authkeys index a95018d..4735bfb 100755 --- a/src/triggers/post-compile/ssh-authkeys +++ b/src/triggers/post-compile/ssh-authkeys @@ -11,6 +11,7 @@ use Gitolite::Common; # To parse the pubkeyfile with options etc. # 0.16 adds ecdsa keys # 0.17 adds ed25519 keys +# 0.17.xx Gentoo patching adds security keys use Net::SSH::AuthorizedKeysFile 0.17; $|++; diff --git a/t/keys/admin.pub b/t/keys/admin.pub index b50a5b9..81c488d 100644 --- a/t/keys/admin.pub +++ b/t/keys/admin.pub @@ -1 +1,3 @@ +# glt-meta-required: admin_req +# glt-meta-optional: admin_opt ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDT9fu7B3vE68LdRNloCcU5HnGqF2BzJzy+Td3Vtde2GK5RKarm3i6FL2qPSKyZw9fRhE2FIMSWi0bUpJanwNx4mlHZzsZiYQumqgTt5tU+cQEpjRw9f4b0pk2BsnLLHflCWkmaU74uKYzSg7xdqtGmGfeRzSMJMspojmd0SMYMcfh+w57CWvJbtrRFH9usw2IlhjPLkAMI6QCfJdCZutBbidE4I+oWiMEVMQEul7wS44OUlcSZEelrWT6T+CsWCn9zXFs6uOjHXbstlPi+Qt/n6VLCSGryjLNYdStD6tQlmyyLUsIYRlK52Ffmt6qSyYiVPBfQY8gjBLBkU1XGGPnX g3@sita-lt.atc.tcs.com diff --git a/t/keys/u1.pub b/t/keys/u1.pub index 264c1f0..3bce015 100644 --- a/t/keys/u1.pub +++ b/t/keys/u1.pub @@ -1 +1,5 @@ +# glt-meta-required: u1_req +# glt-meta-optional: u1_opt +# glt-meta-append: u1.entry1 +# glt-meta-append: u1.entry2 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4HweYnlRffTEWS2a+UuBKvOwYjNKJiIBgfx5Tp6kkav/GNgP0YTob0Rwv781NzTOI+EhS1Wb6H6QUQe1DVV44US5W5YC6Q81dEUOtg4x95HhTWHuiVPnxTf4iVy2t4pq9ev7ts8+FuG90HsU8zzG6xo9/BPoEbixOofI48vlrd5dbtKm25UPzso0cqjeyRZxtvvwRVC3sx8IxNqbpfY7hjTLV1rnWQ6G3qpFp4kehoCNcHhWlj2UlJAD4qbm5i74UjCfz3Ps/iPZpQ1kWrZQ5LC5WJ6RJHqV8e+iu3KHxgWtJFSxDht6tlQgIOnQSTYGImKtaI9cCn27HBeaz1Ru9 g3@sita-lt.atc.tcs.com diff --git a/t/keys/u2.pub b/t/keys/u2.pub index 916dcf5..f537897 100644 --- a/t/keys/u2.pub +++ b/t/keys/u2.pub @@ -1 +1,3 @@ +# glt-meta-required: u2_req +# glt-meta-optional: u2_opt ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDj+3dZXir3wyVhX0lu9t/uATYPOK3p0PzEexYGHbBOaCBAz0jZGw+nW1Mig6m3hh2VPNXjXnvsEotUy+obsDGdWWMLv6bs+tPZibEQauttysd5se76nCHSWQ38IjPoweNbMtsWJGgeEqH0vJ9KIrEKAnd3KMWACcD7CteTAh89Ebyo4uSxvUpSwx19ibQ5QQL+YdTZ2whLkchjrGHLlDkFdaCR9hQrssvsTLDp98uG+rhT229C/67rhCjB7DgFjgHyu/JvveIQZwicgXYlFjSNULzIkV6NMmjYoqVfG7wzIC0CG2FwcTqADvGafV3xMXuzEcM2qmu8P2YtONRV3PWj g3@sita-lt.atc.tcs.com diff --git a/t/keys/u3.pub b/t/keys/u3.pub index e97645c..075abe2 100644 --- a/t/keys/u3.pub +++ b/t/keys/u3.pub @@ -1 +1,3 @@ +# glt-meta-required: u3_req +# glt-meta-optional: u3_opt ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsrq5CSCgCdL7Dq+zgOa9059wZ0VTOHeK8cBce6DuyOMoZQHYrBxc3ByYk+3I1czQEn1mg4lKomjlxYsyXtCfUcG5u7IzTYh30Sp4m7Vi2f+LVcVg0ynx+PjCZrctlN147LehyRt5+TDpVBSrdyF5ch5pWlP3WOy7IhoTR6NaSMYy7n3rNcVBlhNI7bxMhiCFG+Fcarlb2EndXaT5kBD8CxZCqMrheu4gKL5EZGkqPn0QIjtXMiurgxQS2L7cuV1pjq3JixMZAu0Uli76X9lq+Ssz3v1w87Et6iLxkc9M8qHpqx2tlcDYnr74jIiA3LZDiw3FOaQiVT8QPKy9NMZ0z g3@sita-lt.atc.tcs.com diff --git a/t/keys/u4.pub b/t/keys/u4.pub index 06f3648..11f809a 100644 --- a/t/keys/u4.pub +++ b/t/keys/u4.pub @@ -1 +1,3 @@ +# glt-meta-required: u4_req +# glt-meta-optional: u4_opt ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZaDduXtPQLxW5Hwd1sCqbC9Afj9P+ZpqqVB4mpwBNGBZA0O9W2ERqxbkrHwPNxJVFZLRwnkSlMsa+uzzhpeB2+DpPAVko7+6OuQUNmbD2F3gj8O/R2n9juGKZLy8C+edZ9jKokGJfimUTH0qDyhYfDLworcccqg7yMBYAc5Y7cYwHwFXXbxUui8YHpKn30auCW3M/1SE1Ee392hre97z58OTvzZJqd1VNNH0w0u3uqExI4qtuagVa0vfpbmGZWMUZNkLVk0hTo+KrKBSo+3IBhuXC/+dnfmzvYqbE/tJ5qDdKy5lQ+dGMzg9n7tgTu1w9M5TFxy3zG5NleCOHZaI3 g3@sita-lt.atc.tcs.com diff --git a/t/keys/u5.pub b/t/keys/u5.pub index 96a0045..7ee9d01 100644 --- a/t/keys/u5.pub +++ b/t/keys/u5.pub @@ -1 +1,3 @@ +# glt-meta-required: u5_req +# glt-meta-optional: u5_opt ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDjUDRtjr7RqQ1ImVHY95EBM22dwBFdU5RqvsI1rHA+pVdBHX5OZT16+YgSREt/SQUBrsvdAMWugW7iwOJImO99giQd2jE7gWTXbw8kGE5shdpqspxQEhnb3/wjd1N52rkJj9gcv8CNpP7RWS1ZftjCKC8YNqatcAqqOdbWZYqnpM2Pxum+mkG+PfK91ig4ti8Kz9Ip8p2VrKeCKKFNsoQs9xG7w3NjEeIXZv+7S3fV690/R8D9qkCyUqEd0KbxJxkm7Ih3O1yiAEUTl0abSHeqVskq8pPwmZNyBDlMEFyao9WZSSac+8jN3YbsPWyZsTEbsuep6QdxL129o+cXQHeh g3@sita-lt.atc.tcs.com diff --git a/t/keys/u6.pub b/t/keys/u6.pub index de5b06b..4e6cd06 100644 --- a/t/keys/u6.pub +++ b/t/keys/u6.pub @@ -1 +1,3 @@ +# glt-meta-required: u6_req +# glt-meta-optional: u6_opt ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDHJGNFPxGhIOcCdtl2tONeEEyuR81+iVYWpzeoCMCjxOans2yftH4oKXfVEOQL27iWXgA58X1sh0/2i8NW9ehMyiI509NiqydowEGkMfTi/EgPZTmsQ6FLNu9NrPNpKVg0UQPZr1sx9Qu4XpbFyEU8FAaFNloLxwMCRLlhhe+MdcCfUY2Sm/STmqW0Py+MmgzsyDkkubzhZ6M9DkKbA5eqxCPr1lRkTIDwneipZViQSGliRsoi7NoeStMLQ9RAnwxLfAzzfnxtannfNgUkyTIvVr/MlA84xoOIVNdePVS57/lmQgz9+SQ4wttoKAQUIxsvweRUSrhDR0uEkqXUh3Nt g3@sita-lt.atc.tcs.com diff --git a/t/metadata.t b/t/metadata.t new file mode 100644 index 0000000..70babce --- /dev/null +++ b/t/metadata.t @@ -0,0 +1,141 @@ +#!/usr/bin/perl +use strict; +use warnings; +use 5.10.0; +use Data::Dumper; + +# this is hardcoded; change it if needed +use lib "$ENV{PWD}/src/lib"; +use Gitolite::Common; +use Gitolite::Test; +use Gitolite::Rc; +use Gitolite::Conf::Load; + +BEGIN { + $ENV{G3T_RC} = "$ENV{HOME}/g3trc"; + put "$ENV{G3T_RC}", ""; +} + +my $bd = `gitolite query-rc -n GL_BINDIR`; +my $h = $ENV{HOME}; +my $ab = `gitolite query-rc -n GL_ADMIN_BASE`; +my $ak = "$ENV{HOME}/.ssh/authorized_keys"; +my $kd = `gitolite query-rc -n GL_ADMIN_BASE` . "/keydir"; +umask 0077; + +# test metadata in keyfiles +# ---------------------------------------------------------------------- +confreset; confadd ' + @g1 = u1 + @g2 = u2 + repo foo + RW = @g1 u3 + R = @g2 u4 +'; + + +# This is a special command to test that metadata is exporter to the +# environment for hooks/commands to use. +my $printenv_cmd = $bd.'/commands/printenv.t'; + +open(FH, '>>', $ENV{HOME}.'/.gitolite.rc'); + +print FH <<"EOF"; +\$RC{GL_METADATA} = [ 'glt-meta-required', 'glt-meta-optional', 'glt-meta-append' ]; +\$RC{GL_METADATA_REQUIRED} = [ 'glt-meta-required' ]; +\$RC{GL_METADATA_APPENDED} = [ 'glt-meta-append' ]; +push \@{ \$RC{ENABLE} }, "printenv.t"; + +# Required as last line. +1; +EOF + +close FH; + +put $printenv_cmd, <<'EOF'; +#!/bin/sh +#printenv -0 |grep --null-data -i -e gl -e glt -e gitolite |sort -z |tr '\0' '\n' +printenv |grep -i -e gl -e glt -e gitolite |sort +EOF +chmod 0755, $printenv_cmd; + +END { + unlink $printenv_cmd; +} + +try " + plan 49; + + grep printenv $printenv_cmd; ok or die 8; + + # reset stuff + rm -f $h/.ssh/authorized_keys; ok or die 1 + + cp $bd/../t/keys/u[1-6]* $h/.ssh; ok or die 2 + cp $bd/../t/keys/admin* $h/.ssh; ok or die 3 + cp $bd/../t/keys/config $h/.ssh; ok or die 4 + cat $h/.ssh/config + perl s/%USER/$ENV{USER}/ + put $h/.ssh/config + + mkdir $kd/; ok or die 5 + cp $bd/../t/keys/*.pub $kd/; ok or die 6 + + # Setup authorized_keys with third parameter for keyfiles names, and validates the metadata. + gitolite ../triggers/post-compile/ssh-authkeys --key-file-name; ok or die 7; + + ssh u1 printenv.t; ok; /glt_meta/ + /glt_meta_required=u1_req/ + /glt_meta_optional=u1_opt/ + !/glt_meta_required=u2_req/ + !/glt_meta_optional=u2_opt/ + /glt_meta_append=u1.entry1 u1.entry2/ + !/glt_meta_append=u1.entry1 u1.entry2./ + + ssh u2 printenv.t; ok; /glt_meta/ + !/glt_meta_required=u1_req/ + !/glt_meta_optional=u1_opt/ + /glt_meta_required=u2_req/ + /glt_meta_optional=u2_opt/ + + ## Set u1 key to be missing required metadata + cat $kd/u1.pub + perl s/glt/xglt/g + put $kd/u1.pub + + # Should *omit* the u1 key + gitolite ../triggers/post-compile/ssh-authkeys --key-file-name; ok or die 8; + grep keydir/u1.pub $ak; !ok; !/opt.u1/ + + ## Set u1 key to be have metadata key conflicts + cat $bd/../t/keys/u1.pub ; ok + put $kd/u1.pub ; ok + echo '# glt-meta-optional: xxconflict' >>$kd/u1.pub ; ok + + # Should ssh-authkeys should WORK, NON-FATAL + gitolite ../triggers/post-compile/ssh-authkeys --key-file-name; ok or die 9; + # But this should fail with the conflict + ssh u1 printenv.t; !ok; /Metadata glt-meta-optional has conflicted values:/ + /glt-meta-optional.*u1_opt/ + /glt-meta-optional.*xxconflict/ + + # Repair key. + cp $bd/../t/keys/*.pub $kd/; ok or die 10 + + # Setup authorized_keys with scan for keyfile based on user. + gitolite ../triggers/post-compile/ssh-authkeys; ok or die 11; + + ssh u1 printenv.t; ok; /glt_meta/ + /glt_meta_required=u1_req/ + /glt_meta_optional=u1_opt/ + !/glt_meta_required=u2_req/ + !/glt_meta_optional=u2_opt/ + /glt_meta_append=u1.entry1 u1.entry2/ + !/glt_meta_append=u1.entry1 u1.entry2./ + + ssh u2 printenv.t; ok; /glt_meta/ + !/glt_meta_required=u1_req/ + !/glt_meta_optional=u1_opt/ + /glt_meta_required=u2_req/ + /glt_meta_optional=u2_opt/ +"; diff --git a/t/ssh-authkeys.t b/t/ssh-authkeys.t index 43dec2e..e59f97e 100755 --- a/t/ssh-authkeys.t +++ b/t/ssh-authkeys.t @@ -15,7 +15,7 @@ my $ak = "$ENV{HOME}/.ssh/authorized_keys"; mkdir("$ENV{HOME}/.ssh", 0700) if not -d "$ENV{HOME}/.ssh"; my $kd = `gitolite query-rc -n GL_ADMIN_BASE` . "/keydir"; -try "plan 49"; +try "plan 55"; my $pgm = "gitolite ../triggers/post-compile/ssh-authkeys"; @@ -74,4 +74,14 @@ try " # duplicate gl key cp bob.pub robert.pub $pgm; ok; /robert.pub duplicates.*bob.pub/ + rm robert.pub; ok; + + # Check key-file-name functionality + # should be disabled by default + $pgm; + grep -n dave $ak; ok; /command=.\Q$ENV{GL_BINDIR}/\Egitolite-shell dave. ssh/ + + # and only apply when enabled + $pgm --key-file-name; ok; + grep -n dave $ak; ok; /command=.\Q$ENV{GL_BINDIR}/\Egitolite-shell dave keydir/dave.pub. ssh/ "; |