Take back control of hooks (#1006)

* git: delegate all server-side Git hooks (#1623)

* create hooks directories

* take control hooks back

* fix lint

* bug fixed and minor changes

* fix imports style

* fix migration scripts
This commit is contained in:
Lunny Xiao 2017-02-23 11:40:44 +08:00 committed by GitHub
parent 4f3880ff15
commit 0e6b9ea786
14 changed files with 279 additions and 41 deletions

106
cmd/hook.go Normal file
View file

@ -0,0 +1,106 @@
// Copyright 2017 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
package cmd
import (
"fmt"
"os"
"code.gitea.io/gitea/models"
"github.com/urfave/cli"
)
var (
// CmdHook represents the available hooks sub-command.
CmdHook = cli.Command{
Name: "hook",
Usage: "Delegate commands to corresponding Git hooks",
Description: "This should only be called by Git",
Flags: []cli.Flag{
cli.StringFlag{
Name: "config, c",
Value: "custom/conf/app.ini",
Usage: "Custom configuration file path",
},
},
Subcommands: []cli.Command{
subcmdHookPreReceive,
subcmdHookUpadte,
subcmdHookPostReceive,
},
}
subcmdHookPreReceive = cli.Command{
Name: "pre-receive",
Usage: "Delegate pre-receive Git hook",
Description: "This command should only be called by Git",
Action: runHookPreReceive,
}
subcmdHookUpadte = cli.Command{
Name: "update",
Usage: "Delegate update Git hook",
Description: "This command should only be called by Git",
Action: runHookUpdate,
}
subcmdHookPostReceive = cli.Command{
Name: "post-receive",
Usage: "Delegate post-receive Git hook",
Description: "This command should only be called by Git",
Action: runHookPostReceive,
}
)
func runHookPreReceive(c *cli.Context) error {
if len(os.Getenv("SSH_ORIGINAL_COMMAND")) == 0 {
return nil
}
if err := setup("hooks/pre-receive.log"); err != nil {
fail("Hook pre-receive init failed", fmt.Sprintf("setup: %v", err))
}
return nil
}
func runHookUpdate(c *cli.Context) error {
if len(os.Getenv("SSH_ORIGINAL_COMMAND")) == 0 {
return nil
}
if err := setup("hooks/update.log"); err != nil {
fail("Hook update init failed", fmt.Sprintf("setup: %v", err))
}
args := c.Args()
if len(args) != 3 {
fail("Arguments received are not equal to three", "Arguments received are not equal to three")
} else if len(args[0]) == 0 {
fail("First argument 'refName' is empty", "First argument 'refName' is empty")
}
uuid := os.Getenv(envUpdateTaskUUID)
if err := models.AddUpdateTask(&models.UpdateTask{
UUID: uuid,
RefName: args[0],
OldCommitID: args[1],
NewCommitID: args[2],
}); err != nil {
fail("Internal error", "Fail to add update task '%s': %v", uuid, err)
}
return nil
}
func runHookPostReceive(c *cli.Context) error {
if len(os.Getenv("SSH_ORIGINAL_COMMAND")) == 0 {
return nil
}
if err := setup("hooks/post-receive.log"); err != nil {
fail("Hook post-receive init failed", fmt.Sprintf("setup: %v", err))
}
return nil
}

View file

@ -30,6 +30,7 @@ import (
const ( const (
accessDenied = "Repository does not exist or you do not have access" accessDenied = "Repository does not exist or you do not have access"
lfsAuthenticateVerb = "git-lfs-authenticate" lfsAuthenticateVerb = "git-lfs-authenticate"
envUpdateTaskUUID = "GITEA_UUID"
) )
// CmdServ represents the available serv sub-command. // CmdServ represents the available serv sub-command.
@ -170,7 +171,6 @@ func runServ(c *cli.Context) error {
var lfsVerb string var lfsVerb string
if verb == lfsAuthenticateVerb { if verb == lfsAuthenticateVerb {
if !setting.LFS.StartServer { if !setting.LFS.StartServer {
fail("Unknown git command", "LFS authentication request over SSH denied, LFS support is disabled") fail("Unknown git command", "LFS authentication request over SSH denied, LFS support is disabled")
} }
@ -291,9 +291,7 @@ func runServ(c *cli.Context) error {
} }
//LFS token authentication //LFS token authentication
if verb == lfsAuthenticateVerb { if verb == lfsAuthenticateVerb {
url := fmt.Sprintf("%s%s/%s.git/info/lfs", setting.AppURL, repoUser.Name, repo.Name) url := fmt.Sprintf("%s%s/%s.git/info/lfs", setting.AppURL, repoUser.Name, repo.Name)
now := time.Now() now := time.Now()
@ -326,7 +324,7 @@ func runServ(c *cli.Context) error {
} }
uuid := gouuid.NewV4().String() uuid := gouuid.NewV4().String()
os.Setenv("GITEA_UUID", uuid) os.Setenv(envUpdateTaskUUID, uuid)
// Keep the old env variable name for backward compability // Keep the old env variable name for backward compability
os.Setenv("uuid", uuid) os.Setenv("uuid", uuid)

View file

@ -30,7 +30,7 @@ func main() {
app.Commands = []cli.Command{ app.Commands = []cli.Command{
cmd.CmdWeb, cmd.CmdWeb,
cmd.CmdServ, cmd.CmdServ,
cmd.CmdUpdate, cmd.CmdHook,
cmd.CmdDump, cmd.CmdDump,
cmd.CmdCert, cmd.CmdCert,
cmd.CmdAdmin, cmd.CmdAdmin,

View file

@ -86,6 +86,8 @@ var migrations = []Migration{
NewMigration("set protect branches updated with created", setProtectedBranchUpdatedWithCreated), NewMigration("set protect branches updated with created", setProtectedBranchUpdatedWithCreated),
// v18 -> v19 // v18 -> v19
NewMigration("add external login user", addExternalLoginUser), NewMigration("add external login user", addExternalLoginUser),
// v19 -> v20
NewMigration("generate and migrate Git hooks", generateAndMigrateGitHooks),
} }
// Migrate database to current version // Migrate database to current version

View file

@ -13,8 +13,8 @@ import (
// ExternalLoginUser makes the connecting between some existing user and additional external login sources // ExternalLoginUser makes the connecting between some existing user and additional external login sources
type ExternalLoginUser struct { type ExternalLoginUser struct {
ExternalID string `xorm:"NOT NULL"` ExternalID string `xorm:"NOT NULL"`
UserID int64 `xorm:"NOT NULL"` UserID int64 `xorm:"NOT NULL"`
LoginSourceID int64 `xorm:"NOT NULL"` LoginSourceID int64 `xorm:"NOT NULL"`
} }
func addExternalLoginUser(x *xorm.Engine) error { func addExternalLoginUser(x *xorm.Engine) error {

85
models/migrations/v19.go Normal file
View file

@ -0,0 +1,85 @@
// Copyright 2017 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
package migrations
import (
"fmt"
"io/ioutil"
"os"
"path/filepath"
"strings"
"code.gitea.io/gitea/modules/setting"
"github.com/Unknwon/com"
"github.com/go-xorm/xorm"
)
func generateAndMigrateGitHooks(x *xorm.Engine) (err error) {
type Repository struct {
ID int64
OwnerID int64
Name string
}
type User struct {
ID int64
Name string
}
var (
hookNames = []string{"pre-receive", "update", "post-receive"}
hookTpls = []string{
fmt.Sprintf("#!/usr/bin/env %s\nORI_DIR=`pwd`\nSHELL_FOLDER=$(cd \"$(dirname \"$0\")\";pwd)\ncd \"$ORI_DIR\"\nfor i in `ls \"$SHELL_FOLDER/pre-receive.d\"`; do\n sh \"$SHELL_FOLDER/pre-receive.d/$i\"\ndone", setting.ScriptType),
fmt.Sprintf("#!/usr/bin/env %s\nORI_DIR=`pwd`\nSHELL_FOLDER=$(cd \"$(dirname \"$0\")\";pwd)\ncd \"$ORI_DIR\"\nfor i in `ls \"$SHELL_FOLDER/update.d\"`; do\n sh \"$SHELL_FOLDER/update.d/$i\" $1 $2 $3\ndone", setting.ScriptType),
fmt.Sprintf("#!/usr/bin/env %s\nORI_DIR=`pwd`\nSHELL_FOLDER=$(cd \"$(dirname \"$0\")\";pwd)\ncd \"$ORI_DIR\"\nfor i in `ls \"$SHELL_FOLDER/post-receive.d\"`; do\n sh \"$SHELL_FOLDER/post-receive.d/$i\"\ndone", setting.ScriptType),
}
giteaHookTpls = []string{
fmt.Sprintf("#!/usr/bin/env %s\n\"%s\" hook --config='%s' pre-receive\n", setting.ScriptType, setting.AppPath, setting.CustomConf),
fmt.Sprintf("#!/usr/bin/env %s\n\"%s\" hook --config='%s' update $1 $2 $3\n", setting.ScriptType, setting.AppPath, setting.CustomConf),
fmt.Sprintf("#!/usr/bin/env %s\n\"%s\" hook --config='%s' post-receive\n", setting.ScriptType, setting.AppPath, setting.CustomConf),
}
)
return x.Where("id > 0").Iterate(new(Repository),
func(idx int, bean interface{}) error {
repo := bean.(*Repository)
user := new(User)
has, err := x.Where("id = ?", repo.OwnerID).Get(user)
if err != nil {
return fmt.Errorf("query owner of repository [repo_id: %d, owner_id: %d]: %v", repo.ID, repo.OwnerID, err)
} else if !has {
return nil
}
repoPath := filepath.Join(setting.RepoRootPath, strings.ToLower(user.Name), strings.ToLower(repo.Name)) + ".git"
hookDir := filepath.Join(repoPath, "hooks")
for i, hookName := range hookNames {
oldHookPath := filepath.Join(hookDir, hookName)
newHookPath := filepath.Join(hookDir, hookName+".d", "gitea")
if err = os.MkdirAll(filepath.Join(hookDir, hookName+".d"), os.ModePerm); err != nil {
return fmt.Errorf("create hooks dir '%s': %v", filepath.Join(hookDir, hookName+".d"), err)
}
// WARNING: Old server-side hooks will be moved to sub directory with the same name
if hookName != "update" && com.IsExist(oldHookPath) {
newPlace := filepath.Join(hookDir, hookName+".d", hookName)
if err = os.Rename(oldHookPath, newPlace); err != nil {
return fmt.Errorf("Remove old hook file '%s' to '%s': %v", oldHookPath, newPlace, err)
}
}
if err = ioutil.WriteFile(oldHookPath, []byte(hookTpls[i]), 0777); err != nil {
return fmt.Errorf("write old hook file '%s': %v", oldHookPath, err)
}
if err = ioutil.WriteFile(newHookPath, []byte(giteaHookTpls[i]), 0777); err != nil {
return fmt.Errorf("write new hook file '%s': %v", oldHookPath, err)
}
}
return nil
})
}

View file

@ -831,20 +831,54 @@ func cleanUpMigrateGitConfig(configPath string) error {
return nil return nil
} }
func createUpdateHook(repoPath string) error { // createDelegateHooks creates all the hooks scripts for the repo
return git.SetUpdateHook(repoPath, func createDelegateHooks(repoPath string) (err error) {
fmt.Sprintf(tplUpdateHook, setting.ScriptType, "\""+setting.AppPath+"\"", setting.CustomConf)) var (
hookNames = []string{"pre-receive", "update", "post-receive"}
hookTpls = []string{
fmt.Sprintf("#!/usr/bin/env %s\nORI_DIR=`pwd`\nSHELL_FOLDER=$(cd \"$(dirname \"$0\")\";pwd)\ncd \"$ORI_DIR\"\nfor i in `ls \"$SHELL_FOLDER/pre-receive.d\"`; do\n sh \"$SHELL_FOLDER/pre-receive.d/$i\"\ndone", setting.ScriptType),
fmt.Sprintf("#!/usr/bin/env %s\nORI_DIR=`pwd`\nSHELL_FOLDER=$(cd \"$(dirname \"$0\")\";pwd)\ncd \"$ORI_DIR\"\nfor i in `ls \"$SHELL_FOLDER/update.d\"`; do\n sh \"$SHELL_FOLDER/update.d/$i\" $1 $2 $3\ndone", setting.ScriptType),
fmt.Sprintf("#!/usr/bin/env %s\nORI_DIR=`pwd`\nSHELL_FOLDER=$(cd \"$(dirname \"$0\")\";pwd)\ncd \"$ORI_DIR\"\nfor i in `ls \"$SHELL_FOLDER/post-receive.d\"`; do\n sh \"$SHELL_FOLDER/post-receive.d/$i\"\ndone", setting.ScriptType),
}
giteaHookTpls = []string{
fmt.Sprintf("#!/usr/bin/env %s\n\"%s\" hook --config='%s' pre-receive\n", setting.ScriptType, setting.AppPath, setting.CustomConf),
fmt.Sprintf("#!/usr/bin/env %s\n\"%s\" hook --config='%s' update $1 $2 $3\n", setting.ScriptType, setting.AppPath, setting.CustomConf),
fmt.Sprintf("#!/usr/bin/env %s\n\"%s\" hook --config='%s' post-receive\n", setting.ScriptType, setting.AppPath, setting.CustomConf),
}
)
hookDir := filepath.Join(repoPath, "hooks")
for i, hookName := range hookNames {
oldHookPath := filepath.Join(hookDir, hookName)
newHookPath := filepath.Join(hookDir, hookName+".d", "gitea")
if err := os.MkdirAll(filepath.Join(hookDir, hookName+".d"), os.ModePerm); err != nil {
return fmt.Errorf("create hooks dir '%s': %v", filepath.Join(hookDir, hookName+".d"), err)
}
// WARNING: This will override all old server-side hooks
if err = ioutil.WriteFile(oldHookPath, []byte(hookTpls[i]), 0777); err != nil {
return fmt.Errorf("write old hook file '%s': %v", oldHookPath, err)
}
if err = ioutil.WriteFile(newHookPath, []byte(giteaHookTpls[i]), 0777); err != nil {
return fmt.Errorf("write new hook file '%s': %v", newHookPath, err)
}
}
return nil
} }
// CleanUpMigrateInfo finishes migrating repository and/or wiki with things that don't need to be done for mirrors. // CleanUpMigrateInfo finishes migrating repository and/or wiki with things that don't need to be done for mirrors.
func CleanUpMigrateInfo(repo *Repository) (*Repository, error) { func CleanUpMigrateInfo(repo *Repository) (*Repository, error) {
repoPath := repo.RepoPath() repoPath := repo.RepoPath()
if err := createUpdateHook(repoPath); err != nil { if err := createDelegateHooks(repoPath); err != nil {
return repo, fmt.Errorf("createUpdateHook: %v", err) return repo, fmt.Errorf("createDelegateHooks: %v", err)
} }
if repo.HasWiki() { if repo.HasWiki() {
if err := createUpdateHook(repo.WikiPath()); err != nil { if err := createDelegateHooks(repo.WikiPath()); err != nil {
return repo, fmt.Errorf("createUpdateHook (wiki): %v", err) return repo, fmt.Errorf("createDelegateHooks.(wiki): %v", err)
} }
} }
@ -994,8 +1028,8 @@ func initRepository(e Engine, repoPath string, u *User, repo *Repository, opts C
// Init bare new repository. // Init bare new repository.
if err = git.InitRepository(repoPath, true); err != nil { if err = git.InitRepository(repoPath, true); err != nil {
return fmt.Errorf("InitRepository: %v", err) return fmt.Errorf("InitRepository: %v", err)
} else if err = createUpdateHook(repoPath); err != nil { } else if err = createDelegateHooks(repoPath); err != nil {
return fmt.Errorf("createUpdateHook: %v", err) return fmt.Errorf("createDelegateHooks: %v", err)
} }
tmpDir := filepath.Join(os.TempDir(), "gitea-"+repo.Name+"-"+com.ToStr(time.Now().Nanosecond())) tmpDir := filepath.Join(os.TempDir(), "gitea-"+repo.Name+"-"+com.ToStr(time.Now().Nanosecond()))
@ -2009,15 +2043,16 @@ func ReinitMissingRepositories() error {
return nil return nil
} }
// RewriteRepositoryUpdateHook rewrites all repositories' update hook. // SyncRepositoryHooks rewrites all repositories' pre-receive, update and post-receive hooks
func RewriteRepositoryUpdateHook() error { // to make sure the binary and custom conf path are up-to-date.
return x. func SyncRepositoryHooks() error {
Where("id > 0"). return x.Where("id > 0").Iterate(new(Repository),
Iterate(new(Repository), func(idx int, bean interface{}) error {
func(idx int, bean interface{}) error { if err := createDelegateHooks(bean.(*Repository).RepoPath()); err != nil {
repo := bean.(*Repository) return fmt.Errorf("SyncRepositoryHook: %v", err)
return createUpdateHook(repo.RepoPath()) }
}) return nil
})
} }
// Prevent duplicate running tasks. // Prevent duplicate running tasks.
@ -2345,8 +2380,8 @@ func ForkRepository(u *User, oldRepo *Repository, name, desc string) (_ *Reposit
return nil, fmt.Errorf("git update-server-info: %v", stderr) return nil, fmt.Errorf("git update-server-info: %v", stderr)
} }
if err = createUpdateHook(repoPath); err != nil { if err = createDelegateHooks(repoPath); err != nil {
return nil, fmt.Errorf("createUpdateHook: %v", err) return nil, fmt.Errorf("createDelegateHooks: %v", err)
} }
//Commit repo to get Fork ID //Commit repo to get Fork ID

View file

@ -69,8 +69,8 @@ func (repo *Repository) InitWiki() error {
if err := git.InitRepository(repo.WikiPath(), true); err != nil { if err := git.InitRepository(repo.WikiPath(), true); err != nil {
return fmt.Errorf("InitRepository: %v", err) return fmt.Errorf("InitRepository: %v", err)
} else if err = createUpdateHook(repo.WikiPath()); err != nil { } else if err = createDelegateHooks(repo.WikiPath()); err != nil {
return fmt.Errorf("createUpdateHook: %v", err) return fmt.Errorf("createDelegateHooks: %v", err)
} }
return nil return nil
} }

View file

@ -1003,8 +1003,8 @@ dashboard.git_gc_repos = Do garbage collection on repositories
dashboard.git_gc_repos_success = All repositories have done garbage collection successfully. dashboard.git_gc_repos_success = All repositories have done garbage collection successfully.
dashboard.resync_all_sshkeys = Rewrite '.ssh/authorized_keys' file (caution: non-Gitea keys will be lost) dashboard.resync_all_sshkeys = Rewrite '.ssh/authorized_keys' file (caution: non-Gitea keys will be lost)
dashboard.resync_all_sshkeys_success = All public keys have been rewritten successfully. dashboard.resync_all_sshkeys_success = All public keys have been rewritten successfully.
dashboard.resync_all_update_hooks = Rewrite all update hook of repositories (needed when custom config path is changed) dashboard.resync_all_hooks = Resync pre-receive, update and post-receive hooks of all repositories.
dashboard.resync_all_update_hooks_success = All repositories' update hook have been rewritten successfully. dashboard.resync_all_hooks_success = All repositories' pre-receive, update and post-receive hooks have been resynced successfully.
dashboard.reinit_missing_repos = Reinitialize all repository records that lost Git files dashboard.reinit_missing_repos = Reinitialize all repository records that lost Git files
dashboard.reinit_missing_repos_success = All repository records that lost Git files have been reinitialized successfully. dashboard.reinit_missing_repos_success = All repository records that lost Git files have been reinitialized successfully.

View file

@ -152,8 +152,8 @@ func Dashboard(ctx *context.Context) {
success = ctx.Tr("admin.dashboard.resync_all_sshkeys_success") success = ctx.Tr("admin.dashboard.resync_all_sshkeys_success")
err = models.RewriteAllPublicKeys() err = models.RewriteAllPublicKeys()
case syncRepositoryUpdateHook: case syncRepositoryUpdateHook:
success = ctx.Tr("admin.dashboard.resync_all_update_hooks_success") success = ctx.Tr("admin.dashboard.resync_all_hooks_success")
err = models.RewriteRepositoryUpdateHook() err = models.SyncRepositoryHooks()
case reinitMissingRepository: case reinitMissingRepository:
success = ctx.Tr("admin.dashboard.reinit_missing_repos_success") success = ctx.Tr("admin.dashboard.reinit_missing_repos_success")
err = models.ReinitMissingRepositories() err = models.ReinitMissingRepositories()

View file

@ -40,7 +40,7 @@
<td><i class="fa fa-caret-square-o-right"></i> <a href="{{AppSubUrl}}/admin?op=5">{{.i18n.Tr "admin.dashboard.operation_run"}}</a></td> <td><i class="fa fa-caret-square-o-right"></i> <a href="{{AppSubUrl}}/admin?op=5">{{.i18n.Tr "admin.dashboard.operation_run"}}</a></td>
</tr> </tr>
<tr> <tr>
<td>{{.i18n.Tr "admin.dashboard.resync_all_update_hooks"}}</td> <td>{{.i18n.Tr "admin.dashboard.resync_all_hooks"}}</td>
<td><i class="fa fa-caret-square-o-right"></i> <a href="{{AppSubUrl}}/admin?op=6">{{.i18n.Tr "admin.dashboard.operation_run"}}</a></td> <td><i class="fa fa-caret-square-o-right"></i> <a href="{{AppSubUrl}}/admin?op=6">{{.i18n.Tr "admin.dashboard.operation_run"}}</a></td>
</tr> </tr>
<tr> <tr>

10
vendor/code.gitea.io/git/hook.go generated vendored
View file

@ -9,6 +9,7 @@ import (
"io/ioutil" "io/ioutil"
"os" "os"
"path" "path"
"path/filepath"
"strings" "strings"
"github.com/Unknwon/com" "github.com/Unknwon/com"
@ -17,7 +18,7 @@ import (
// hookNames is a list of Git server hooks' name that are supported. // hookNames is a list of Git server hooks' name that are supported.
var hookNames = []string{ var hookNames = []string{
"pre-receive", "pre-receive",
// "update", "update",
"post-receive", "post-receive",
} }
@ -52,8 +53,9 @@ func GetHook(repoPath, name string) (*Hook, error) {
} }
h := &Hook{ h := &Hook{
name: name, name: name,
path: path.Join(repoPath, "hooks", name), path: path.Join(repoPath, "hooks", name+".d", name),
} }
samplePath := filepath.Join(repoPath, "hooks", name+".sample")
if isFile(h.path) { if isFile(h.path) {
data, err := ioutil.ReadFile(h.path) data, err := ioutil.ReadFile(h.path)
if err != nil { if err != nil {
@ -61,8 +63,8 @@ func GetHook(repoPath, name string) (*Hook, error) {
} }
h.IsActive = true h.IsActive = true
h.Content = string(data) h.Content = string(data)
} else if isFile(h.path + ".sample") { } else if isFile(samplePath) {
data, err := ioutil.ReadFile(h.path + ".sample") data, err := ioutil.ReadFile(samplePath)
if err != nil { if err != nil {
return nil, err return nil, err
} }

10
vendor/code.gitea.io/git/repo_blame.go generated vendored Normal file
View file

@ -0,0 +1,10 @@
// Copyright 2017 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
package git
// FileBlame return the Blame object of file
func (repo *Repository) FileBlame(revision, path, file string) ([]byte, error) {
return NewCommand("blame", "--root", file).RunInDirBytes(path)
}

6
vendor/vendor.json vendored
View file

@ -3,10 +3,10 @@
"ignore": "test", "ignore": "test",
"package": [ "package": [
{ {
"checksumSHA1": "km1AOUs34DCwgXT55fh6PrkPdiU=", "checksumSHA1": "nt2y/SNJe3Rl0tzdaEyGQfCc4L4=",
"path": "code.gitea.io/git", "path": "code.gitea.io/git",
"revision": "dd951bf625ebf5c16ef403f681aaec6c34324bca", "revision": "b4c06a53d0f619e84a99eb042184663d4ad8a32b",
"revisionTime": "2017-02-05T02:50:57Z" "revisionTime": "2017-02-22T02:52:05Z"
}, },
{ {
"checksumSHA1": "BKj0haFTDebzdC2nACpoGzp3s8A=", "checksumSHA1": "BKj0haFTDebzdC2nACpoGzp3s8A=",