[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Monotone-commits-diffs] net.venge.monotone.contrib.usher: 16c4bbbb9ceb
|
From: |
code |
|
Subject: |
[Monotone-commits-diffs] net.venge.monotone.contrib.usher: 16c4bbbb9ceb649dbc1fbff5669ee5f7ce2cf311 |
|
Date: |
Wed, 19 Jan 2011 01:16:16 GMT |
revision: 16c4bbbb9ceb649dbc1fbff5669ee5f7ce2cf311
date: 2011-01-19T01:16:01
author: Richard Levitte <address@hidden>
branch: net.venge.monotone.contrib.usher
changelog:
Major change to usherctl:
- Add skeleton files to link to projects
This greatly simplifies how things are dealt with and makes it
possible to upgrade monotone server scripts with newer versions of
usherctl.
- Add a mechanism to add keys (read-only, read-write and remote-automate)
This removes the need addclientkeys. Also, it's been changed to use
remote put_public_key, which removes the need for an admin database.
- Add a mechanism to add branch patterns
This makes it easier for the administrator to specify exactly what
branches are handled by the different servers.
manifest:
format_version "1"
new_manifest [59d675d2db0c93f7884a65e1076404d3c9a4e063]
old_revision [1a897921eef66341c8afc7c99eaae5c45ab2a70a]
patch "utils/usherctl"
from [c11f5241f23515ef07d36f59041387fa0a441f3b]
to [bd5a99baf454e2414ff514e236aa8bfb69aecf5c]
============================================================
--- utils/usherctl c11f5241f23515ef07d36f59041387fa0a441f3b
+++ utils/usherctl bd5a99baf454e2414ff514e236aa8bfb69aecf5c
@@ -21,6 +21,8 @@ MTN=/usr/bin/mtn
# (default: $USHER_CONFDIR/global.conf)
# USHER_CONFD Directory for project specific configuration files.
# (default: $USHER_CONFDIR/conf.d)
+# USHER_SKEL Directory for project skeleton files.
+# (default: $USHER_CONFDIR/skel)
# USHER_PIDFILE Usher PID file.
# (default: /var/run/usher.pid)
# USHER_LOGDIR Usher log directory.
@@ -66,6 +68,7 @@ USHER_CONFD=${USHER_CONFD:-"$USHER_CONFD
USHER_CONF=${USHER_CONF:-"$USHER_CONFDIR/usher.conf"}
USHER_GLOBALCONF=${USHER_GLOBALCONF:-"$USHER_CONFDIR/global.conf"}
USHER_CONFD=${USHER_CONFD:-"$USHER_CONFDIR/conf.d"}
+USHER_SKEL=${USHER_SKEL:-"$USHER_CONFDIR/skel"}
USHER_PIDFILE=${USHER_PIDFILE:-/var/run/usher.pid}
USHER_LOGDIR=${USHER_LOGDIR:-/var/log/usher}
USHER_PROJECTDIR=${USHER_PROJECTDIR:-/var/lib/usher/projects}
@@ -196,6 +199,26 @@ rebuild () {
) > "$USHER_CONF"
_maybe_set_file_owner "$USHER_CONF"
chmod 640 "$USHER_CONF"
+
+ mkdir "$USHER_SKEL" 2> /dev/null
+ _maybe_set_file_owner "$USHER_SKEL"
+ chmod 750 "$USHER_SKEL"
+ cat "$THIS" | grep '^# -----BEGIN init:.*-----$' | \
+ sed -e 's/^# -----BEGIN init://' -e 's/-----$//' | while read f; do
+ d=`dirname "$f"`
+ if [ ! -d "$USHER_SKEL/$d" ]; then
+ mkdir -p "$USHER_SKEL/$d"
+ _maybe_set_file_owner "$USHER_SKEL/$d"
+ chmod 750 "$USHER_CONF"
+ fi
+ ff="`echo "$f" | sed -e 's|/|\\\\/|g'`"
+ sed -e '1,/^# -----BEGIN init:'"$ff"'-----$/d' \
+ -e '/^# -----END init:'"$ff"'-----$/,$d' \
+ -e 's/^# //' \
+ < "$THIS" > "$USHER_SKEL/$f"
+ _maybe_set_file_owner "$USHER_SKEL/$f"
+ chmod 640 "$USHER_SKEL/$f"
+ done
}
# $1 operation
@@ -319,6 +342,42 @@ delsrv () {
echo >&2 "Server '$name' deleted, please reload usher to activate."
}
+# $1 name
+rebuild_permissions () {
+ confdir="$USHER_PROJECTDIR/$name"
+ aconfdir="$confdir/admin"
+ amtn="$MTN --confdir \"$aconfdir\" --no-standard-rcfiles --no-workspace"
+ listenport=`cat "$USHER_CONF" | grep '^ *listenaddr' | tail -1 | \
+ cut -f2 -d'"' | cut -f2 -d:`
+
+ cp "$aconfdir/rakeys" "$confdir/remote-automate-permissions.new.$$"
+ cp "$aconfdir/rwkeys" "$confdir/write-permissions.new.$$"
+ patterns="`cat "$aconfdir/patterns" | sed -e '/^ *$/d'`"
+ if [ -z "$patterns" ]; then patterns="*"; fi
+ echo "$patterns" | while read p; do
+ echo "pattern \"$p\"";
+ if [ -f "$aconfdir/type.private" ]; then
+ cat "$aconfdir/rokeys" "$aconfdir/rwkeys" | sort | uniq | \
+ sed -e 's/^/ allow "/' -e 's/$/"/'
+ else
+ echo " allow \"*\""
+ fi
+ echo
+ done > "$confdir/read-permissions.new.$$"
+
+ mv "$confdir/read-permissions.new.$$" "$confdir/read-permissions"
+ mv "$confdir/write-permissions.new.$$" "$confdir/write-permissions"
+ mv "$confdir/remote-automate-permissions.new.$$" \
+ "$confdir/remote-automate-permissions"
+
+ _maybe_set_file_owner "$confdir/read-permissions"
+ _maybe_set_file_owner "$confdir/write-permissions"
+ _maybe_set_file_owner "$confdir/remote-automate-permissions"
+ chmod 0640 "$confdir/read-permissions"
+ chmod 0640 "$confdir/write-permissions"
+ chmod 0640 "$confdir/remote-automate-permissions"
+}
+
# $1 type
# $2 name
mkproject () {
@@ -331,6 +390,10 @@ mkproject () {
fi
confdir="$USHER_PROJECTDIR/$name"
+ aconfdir="$confdir/admin"
+
+
+ # Create protect project infrastructure
set -e
mkdir "$confdir"
mkdir "$confdir/hooks.d"
@@ -339,6 +402,35 @@ mkproject () {
_maybe_set_directory_owner "$confdir"
chmod 0750 "$confdir"
+ # Create and protect admin infrastructure
+ set -e
+ mkdir "$aconfdir"
+ set +e
+
+ _maybe_set_directory_owner "$aconfdir"
+ chmod 700 "$aconfdir"
+
+
+ # --- Usher administration ---
+ amtn="$MTN --confdir \"$aconfdir\" --no-standard-rcfiles --no-workspace"
+
+ # Generate admin key
+ (echo; echo) | eval $amtn genkey "\"$name-admin\"" > /dev/null 2> /dev/null
+ akid=`eval $amtn ls keys | grep "$name-admin\$" | tail -1 | cut -f1 -d' '`
+ _maybe_set_directory_owner "$aconfdir/keys"
+
+ # Add admin information
+ touch "$aconfdir/type.$type" # A marker for the project type
+ touch "$aconfdir/patterns" # The branch patterns handled by this
+ # project. If none, "*" is assumed.
+ touch "$aconfdir/rokeys" # r/o key identities, one per line.
+ touch "$aconfdir/rwkeys" # r/w key identities, one per line.
+ touch "$aconfdir/rakeys" # remote_automate permissions key
+ # identities, one per line.
+
+ # --- Project ---
+ mtn="$MTN -d \"$confdir/database.mtn\" --confdir \"$confdir\" --no-standard-rcfiles --ticker=dot --no-workspace"
+
# Generate name and password for the server key
skn="$name-server"
skp=`dd if=/dev/random ibs=8 count=1 2>/dev/null | \
@@ -347,101 +439,63 @@ mkproject () {
_maybe_set_file_owner "$confdir/passphrases"
chmod 400 $confdir/passphrases
- # Generate database
- mtn="$MTN -d \"$confdir/database.mtn\" --confdir \"$confdir\" --no-standard-rcfiles --ticker=dot"
+ # Generate server database
eval $mtn db init
_maybe_set_file_owner "$confdir/database.mtn"
chmod 0600 "$confdir/database.mtn"
- # Generate key
+ # Generate server key
(echo "$skp"; echo "$skp") | \
- eval $mtn genkey "$skn" > /dev/null 2> /dev/null
+ eval $mtn genkey "\"$skn\"" > /dev/null 2> /dev/null
skid=`eval $mtn ls keys | grep "$skn\$" | tail -1 | cut -f1 -d' '`
_maybe_set_directory_owner "$confdir/keys"
- sed -e '1,/^# -----BEGIN monotonerc-----$/d' \
- -e '/^# -----END monotonerc-----$/,$d' \
- -e 's/^# //' \
- < "$THIS" > "$confdir/monotonerc"
- _maybe_set_file_owner "$confdir/monotonerc"
- chmod 0640 "$confdir/monotonerc"
+ # Generate server monotonerc and other scripts, from skeleton files
+ (
+ cd "$USHER_SKEL"
+ for x in both $type; do
+ [ -d $x ] && find $x -type f
+ done
+ ) | while read f; do
+ section=`echo "$f" | sed -e 's|/.*$||'`
+ ff=`echo "$f" | sed -e 's|^'"$section"'/||'`
+ d=`dirname "$ff"`
+ b=`basename "$ff" .in`
+ if [ ! -d "$confdir/$d" ]; then
+ mkdir -p "$confdir/$d"
+ _maybe_set_file_owner "$confdir/$d"
+ chmod 750 "$confdir/$d"
+ fi
+ if [ "$d/$b" = "$ff" ]; then
+ ln -s "$USHER_SKEL/$f" "$confdir/$d/$b"
+ else
+ sed -e "s|%adminkey%|$akid|g" \
+ < "$USHER_SKEL/$f" > "$confdir/$d/$b"
+ fi
+ _maybe_set_file_owner "$confdir/$d/$b"
+ chmod 0640 "$confdir/$d/$b"
+ done
- aconfdir="$confdir/admin"
- mkdir "$aconfdir"
- _maybe_set_directory_owner "$aconfdir"
- chmod 700 "$aconfdir"
+ # --- Finalise ---
- amtn="$MTN -d \"$aconfdir/database.mtn\" --confdir \"$aconfdir\" --no-standard-rcfiles --ticker=dot"
- eval $amtn db init
- _maybe_set_file_owner "$aconfdir/database.mtn"
- chmod 0600 "$aconfdir/database.mtn"
+ # bootstrap admin key into the project database
+ eval $amtn pubkey "\"$name-admin\"" | eval $mtn read 2> /dev/null
+ echo "$akid" > "$aconfdir/rakeys"
- (echo; echo) | eval $amtn genkey "$name-admin" > /dev/null 2> /dev/null
- akid=`eval $amtn ls keys | grep "$akn\$" | tail -1 | cut -f1 -d' '`
- _maybe_set_directory_owner "$aconfdir/keys"
-
- listenport=`cat "$USHER_CONF" | grep '^ *listenaddr' | tail -1 | \
- cut -f2 -d'"' | cut -f2 -d:`
-
- case $type in
- public )
- (
- echo 'pattern "*"'
- echo ' allow "*"'
- ) > "$confdir/read-permissions"
- touch "$confdir/write-permissions"
- sed -e '1,/^# -----BEGIN pub:addclientkeys-----$/d' \
- -e '/^# -----END pub:addclientkeys-----$/,$d' \
- -e "s|%amtn%|$amtn|g" \
- -e "s|%confdir%|$confdir|g" \
- -e "s|%listenport%|$listenport|g" \
- -e "s|%name%|$name|g" \
- -e "s|%user%|$USHER_USER|g" \
- -e "s|%group%|$USHER_GROUP|g" \
- -e 's/^# //' \
- < "$THIS" > "$confdir/addclientkeys"
- ;;
- private )
- (
- echo 'pattern "*"'
- ) > "$confdir/read-permissions"
- touch "$confdir/write-permissions"
- sed -e '1,/^# -----BEGIN priv:addclientkeys-----$/d' \
- -e '/^# -----END priv:addclientkeys-----$/,$d' \
- -e "s|%amtn%|$amtn|g" \
- -e "s|%confdir%|$confdir|g" \
- -e "s|%listenport%|$listenport|g" \
- -e "s|%name%|$name|g" \
- -e "s|%user%|$USHER_USER|g" \
- -e "s|%group%|$USHER_GROUP|g" \
- -e 's/^# //' \
- < "$THIS" > "$confdir/addclientkeys"
- ;;
- esac
-
- _maybe_set_file_owner "$confdir/read-permissions"
- _maybe_set_file_owner "$confdir/write-permissions"
- _maybe_set_file_owner "$confdir/addclientkeys"
- chmod 0640 $confdir/read-permissions
- chmod 0640 $confdir/write-permissions
- chmod 0600 $confdir/addclientkeys
-
- # We need a quick bootstrap, otherwise addclientkeys won't work
- eval $amtn pubkey "$name-admin" | eval $mtn read 2> /dev/null
-
+ # add project server
addsrv "$name" "" "" \
local "--confdir" "$confdir" "-d" "$confdir/database.mtn" \
"--no-standard-rcfiles" "--rcfile" "$confdir/monotonerc" \
"--timestamps" "--ticker=dot" 2>/dev/null
+
restart_if_started
- _maybe_set_file_owner "$confdir/addclientkeys"
- chmod 700 "$confdir/addclientkeys"
- eval $amtn pubkey "$name-admin" | "$confdir/addclientkeys"
+ rebuild_permissions "$name"
echo >&2 "$type project '$name' created."
}
+# $1: name
rmproject () {
name="$1"; shift
@@ -456,6 +510,98 @@ rmproject () {
echo >&2 "project '$name' removed."
}
+# $1: name
+# $2: type
+# stdin: public key
+addprojectkey () {
+ name="$1"; shift
+ type="$1"; shift
+ key="`cat`"
+
+ if [ ! -e "$USHER_PROJECTDIR/$name" ]; then
+ echo >&2 "There is no project named '$name'."
+ exit 1
+ fi
+
+ confdir="$USHER_PROJECTDIR/$name"
+ aconfdir="$confdir/admin"
+ amtn="$MTN --confdir \"$aconfdir\" --no-standard-rcfiles --no-workspace"
+ listenaddr=mtn://`cat "$USHER_CONF" | grep '^ *listenaddr' | tail -1 | \
+ cut -f2 -d'"' | sed -e 's|^0\.0\.0\.0:\(.*\)$|127.0.0.1:\1|'`/"$name"
+
+ # Send the public key to the project server
+ if ! eval $amtn --keydir "\"$aconfdir/keys\"" --key "$name-admin" \
+ automate remote --remote-stdio-host $listenaddr \
+ put_public_key "\"$key\"" 2> /tmp/mtn.$$.err; then
+ echo >&2 "Couldn't add public key to remote server $listenaddr"
+ echo >&2 "------------"
+ cat >&2 /tmp/mtn.$$.err
+ echo >&2 "------------"
+ exit 1
+ fi
+
+ # Figure out the key identity
+ eval $amtn --db "\"$aconfdir/throwaway.$$.mtn\"" db init
+ echo "$key" | \
+ eval $amtn --db "\"$aconfdir/throwaway.$$.mtn\"" read 2> /dev/null
+ keyid=`eval $amtn --db "\"$aconfdir/throwaway.$$.mtn\"" ls keys | \
+ sed -e '/\[private keys\]/,$d' | grep '^[0-9a-f]' | fgrep -v '(*)' | \
+ cut -f1 -d' '`
+ rm -f "$aconfdir/throwaway.$$.mtn"
+
+ # Add the key identity to the appropriate key file
+ x=$type
+ case "$type" in
+ ro )
+ echo "$aconfdir/rokeys"
+ ;;
+ rw )
+ echo "$aconfdir/rokeys"
+ echo "$aconfdir/rwkeys"
+ ;;
+ ra )
+ echo "$aconfdir/rakeys"
+ ;;
+ esac | while read keyfile; do
+ if ! grep '^'"$keyid"'$' "$keyfile" > /dev/null; then
+ echo "$keyid" >> "$keyfile"
+ fi
+ done
+
+ rebuild_permissions "$name"
+
+ echo >&2 "key '$keyid' added to project '$name'."
+}
+
+# $1: name
+# $2: branch pattern
+addprojectpattern () {
+ name="$1"; shift
+ pattern="$1"; shift
+
+ if [ ! -e "$USHER_PROJECTDIR/$name" ]; then
+ echo >&2 "There is no project named '$name'."
+ exit 1
+ fi
+
+ confdir="$USHER_PROJECTDIR/$name"
+ aconfdir="$confdir/admin"
+
+ found_pattern=false
+ while read p; do
+ if [ "$p" = "$pattern" ]; then
+ found_pattern=true
+ fi
+ done < "$aconfdir/patterns"
+ if ! $found_pattern; then
+ echo "$pattern" >> "$aconfdir/patterns"
+ fi
+
+ rebuild_permissions "$name"
+
+ echo >&2 "pattern '$pattern' added to project '$name'."
+}
+
list () {
grep '^ *server *"' "$USHER_CONF" | cut -f2 -d'"' | while read name; do
text="$name"
@@ -602,6 +748,46 @@ case $1 in
rmproject "$1"
;;
+ addkey )
+ shift
+ name="$1"
+ shift
+
+ type=ro
+ key=
+ TEMP=`POSIXLY_CORRECT=yes getopt -o t: -n "usherctl addkey" -- "$@"`
+ eval set -- "$TEMP"
+ while true; do
+ case "$1" in
+ -t )
+ type="$2"; shift 2
+ if [ "$type" != "ro" -a "$type" != "rw" -a "$type" != "ra" ]; then
+ echo >&2 "The type must be 'rw', 'ro' or 'ra'."
+ fi
+ ;;
+ --)
+ shift
+ break
+ ;;
+ esac
+ done
+
+ if [ -z "$name" ]; then
+ echo >&2 "You have to give your project a name."
+ exit 1
+ fi
+
+ addprojectkey "$name" "$type" # The key itself is on stdin
+ ;;
+
+ addpattern )
+ shift
+ name="$1"
+ pattern="$2"
+
+ addprojectpattern "$name" "$pattern"
+ ;;
+
start | stop | restart | reload | status | list )
$1
;;
@@ -623,11 +809,124 @@ exit
# logdir "%USHER_LOGDIR%"
# -----END globalconf-----
-# -----BEGIN monotonerc-----
-# ----------------------------------------------------------------------
-# ---- usherctl: this is a copy of contrib/get_passphrase_from_file.lua
-# ---- from the monotone distribution.
-# ----------------------------------------------------------------------
+# -----BEGIN init:both/monotonerc.in-----
+# ---- Load local hooks if they exist.
+# -- The way this is supposed to work is that hooks.d can contain symbolic
+# -- links to lua scripts. These links MUST have the extension .lua
+# -- If the script needs some configuration, a corresponding lua file with
+# -- the extension .conf is the right spot.
+# ----
+# -- First load the configuration of the hooks, if applicable
+# includedirpattern(get_confdir() .. "/hooks.d/","*.conf")
+# -- Then load the hooks themselves
+# includedirpattern(get_confdir() .. "/hooks.d/","*.lua")
+# -----END init:both/monotonerc.in-----
+
+# Copied from monotone: contrib/authorize_remote_automate.lua
+# -----BEGIN init:both/hooks.d/authorize_remote_automate.lua-----
+# -- Copyright (c) 2010, Thomas Keller <address@hidden>
+# -- Richard Levitte <address@hidden>
+# --
+# -- This script reads key identities from a file "remote-automate-permissions"
+# -- in the configuration directory and permits those authenticating with one
+# -- of those keys to perform dangerous (read/write) remote automate operations.
+# -- The format of the file is very simple, one key identity on every line.
+# -- Lines starting with # are ignore, as well as empty lines.
+# --
+# -- It's possible to configure this script to allow the performance of some
+# -- remote automate commands anonymously, through the variable
+# -- ARA_safe_commands, which has to be a table of commands as strings.
+# -- One example configuration, taken from the setup at code.monotone.ca, could
+# -- be this:
+# --
+# -- ARA_safe_commands = {
+# -- "get_corresponding_path", "get_content_changed", "tags", "branches",
+# -- "common_ancestors", "packet_for_fdelta", "packet_for_fdata",
+# -- "packets_for_certs", "packet_for_rdata", "get_manifest_of",
+# -- "get_revision", "select", "graph", "children", "parents", "roots",
+# -- "leaves", "ancestry_difference", "toposort", "erase_ancestors",
+# -- "descendents", "ancestors", "heads", "get_file_of", "get_file",
+# -- "interface_version", "get_attributes", "content_diff",
+# -- "file_merge", "show_conflicts", "certs", "keys", "get_extended_manifest_of"
+# -- }
+#
+# do
+# local _safe_commands = {}
+# if ARA_safe_commands then
+# _safe_commands = ARA_safe_commands
+# end
+#
+# function _get_remote_automate_permitted(key_identity, permfilename)
+# if not exists(permfilename) or isdir(permfilename) then return false end
+# local permfile = io.open(permfilename, "r")
+# if (permfile == nil) then
+# return false
+# end
+# local matches = false
+# local line = permfile:read()
+# while (not matches and line ~= nil) do
+# if not globish_match("#*", line) then
+# local _, _, ln = string.find(line, "%s*([^%s]*)%s*")
+# if ln == "*" then matches = true end
+# if ln == key_identity.id then matches = true end
+# if globish_match(ln, key_identity.name) then matches = true end
+# line = permfile:read()
+# end
+# end
+# io.close(permfile)
+# return matches
+# end
+#
+# local _save_get_remote_automate_permitted = get_remote_automate_permitted
+# function get_remote_automate_permitted(key_identity, command, options)
+# local permfilename = get_confdir() .. "/remote-automate-permissions"
+# local permdirname = permfilename .. ".d"
+#
+# -- See if the incoming key matches any of the key identities or
+# -- patterns found in the permissions file.
+# if _get_remote_automate_permitted(key_identity, permfilename) then
+# return true
+# end
+# if isdir(permdirname) then
+# local files = read_directory(permdirname)
+# table.sort(files)
+# for _,f in ipairs(files) do
+# pf = permdirname.."/"..f
+# if _get_remote_automate_permitted(key_identity, pf) then
+# return true
+# end
+# end
+# end
+#
+# -- No matching key found, let's see if the command matches one the
+# -- admin allowed to be performed anonymously
+# for _,v in ipairs(_safe_commands) do
+# if (v == command[1]) then
+# return true
+# end
+# end
+#
+# -- No matches found anywhere, then don't permit this operation
+# return false
+# end
+# end
+# -----END init:both/hooks.d/authorize_remote_automate.lua-----
+
+# -----BEGIN init:public/hooks.d/authorize_remote_automate.conf-----
+# ARA_safe_commands = {
+# "get_corresponding_path", "get_content_changed", "tags", "branches",
+# "common_ancestors", "packet_for_fdelta", "packet_for_fdata",
+# "packets_for_certs", "packet_for_rdata", "get_manifest_of",
+# "get_revision", "select", "graph", "children", "parents", "roots",
+# "leaves", "ancestry_difference", "toposort", "erase_ancestors",
+# "descendents", "ancestors", "heads", "get_file_of", "get_file",
+# "interface_version", "get_attributes", "content_diff",
+# "file_merge", "show_conflicts", "certs", "keys", "get_extended_manifest_of"
+# }
+# -----END init:public/hooks.d/authorize_remote_automate.conf-----
+
+# Copied from monotone: contrib/get_passphrase_from_file.lua
+# -----BEGIN init:both/hooks.d/get_passphrase_from_file.lua-----
# -- This hook reads the 'passphrases' file from the confdir. It expects the
# -- file to be formatted as follows:
# --
@@ -643,120 +942,10 @@ exit
# local line = permfile:read()
# while (line ~= nil) do
# local _, _, key, passphrase = string.find(line, "%s*([^%s]*)%s*\"(.*)\"%s*")
-# if keypair_id.given_name == key then
-# return passphrase
-# end
+# if keypair_id.given_name == key then return passphrase end
# line = permfile:read()
# end
# io.close(permfile)
# return false
# end
-# ----------------------------------------------------------------------
-#
-# function get_remote_automate_permitted(key_identity, command, options)
-# -- Use the key identity from clients that may use dangerous remote commands
-# if (key_identity.id == "?????") then
-# return true
-# end
-#
-# local read_only_commands = {
-# "get_corresponding_path", "get_content_changed", "tags", "branches",
-# "common_ancestors", "packet_for_fdelta", "packet_for_fdata",
-# "packets_for_certs", "packet_for_rdata", "get_manifest_of",
-# "get_revision", "select", "graph", "children", "parents", "roots",
-# "leaves", "ancestry_difference", "toposort", "erase_ancestors",
-# "descendents", "ancestors", "heads", "get_file_of", "get_file",
-# "interface_version", "get_attributes", "content_diff",
-# "file_merge", "show_conflicts", "certs", "keys", "get_extended_manifest_of"
-# }
-#
-# for _,v in ipairs(read_only_commands) do
-# if (v == command[1]) then
-# return true
-# end
-# end
-#
-# return false
-# end
-#
-# ---- Load local hooks if they exist.
-# -- The way this is supposed to work is that hooks.d can contain symbolic
-# -- links to lua scripts. These links MUST have the extension .lua
-# -- If the script needs some configuration, a corresponding lua file with
-# -- the extension .conf is the right spot.
-# ----
-# -- First load the configuration of the hooks, if applicable
-# includedirpattern(get_confdir() .. "/hooks.d/","*.conf")
-# -- Then load the hooks themselves
-# includedirpattern(get_confdir() .. "/hooks.d/","*.lua")
-# -----END monotonerc-----
-
-# -----BEGIN priv:addclientkeys-----
-# #! /bin/sh
-#
-# mtn='%amtn%'
-# confdir='%confdir%'
-# listenport='%listenport%'
-# name='%name%'
-# user='%user%'
-# group='%group%'
-#
-# set -e
-# cd "$confdir"
-#
-# eval $mtn read 2> /dev/null
-# rm -f "$confdir/write-permissions"
-# touch "$confdir/write-permissions"
-# echo 'pattern "*"' > "$confdir/read-permissions"
-# chmod 0640 "$confdir/read-permissions"
-# chmod 0640 "$confdir/write-permissions"
-# eval $mtn ls keys | grep '^[0-9a-f]' | cut -f1 -d' ' | sort | uniq | \
-# while read K; do
-# echo $K >> "$confdir/write-permissions"
-# echo " allow \"$K\"" >> "$confdir/read-permissions"
-# if /etc/init.c/usher status >/dev/null 2>/dev/null; then
-# eval $mtn push mtn://127.0.0.1:$listenport/$name '"*"' \
-# --key-to-push $K 2> /dev/null
-# else
-# eval $mtn push file://$confdir/database.mtn '"*"' \
-# --key-to-push $K 2> /dev/null
-# fi
-# done
-# if [ -n "$user" -a -n "$group" ]; then
-# chown ${user}:${group} "$confdir/write-permissions"
-# chown ${user}:${group} "$confdir/read-permissions"
-# fi
-# -----END priv:addclientkeys-----
-
-# -----BEGIN pub:addclientkeys-----
-# #! /bin/sh
-#
-# mtn='%amtn%'
-# confdir='%confdir%'
-# listenport='%listenport%'
-# name='%name%'
-# user='%user%'
-# group='%group%'
-#
-# set -e
-# cd "$confdir"
-#
-# eval $mtn read 2> /dev/null
-# rm -f "$confdir/write-permissions"
-# touch "$confdir/write-permissions"
-# chmod 0640 "$confdir/write-permissions"
-# eval $mtn ls keys | grep '^[0-9a-f]' | cut -f1 -d' ' | sort | uniq | \
-# while read K; do
-# echo $K >> "$confdir/write-permissions"
-# if /etc/init.c/usher status >/dev/null 2>/dev/null; then
-# eval $mtn push mtn://127.0.0.1:$listenport/$name '"*"' \
-# --key-to-push $K 2> /dev/null
-# else
-# eval $mtn push file://$confdir/database.mtn '"*"' \
-# --key-to-push $K 2> /dev/null
-# fi
-# done
-# if [ -n "$user" -a -n "$group" ]; then
-# chown ${user}:${group} "$confdir/write-permissions"
-# fi
-# -----END pub:addclientkeys-----
+# -----END init:both/hooks.d/get_passphrase_from_file.lua-----
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Monotone-commits-diffs] net.venge.monotone.contrib.usher: 16c4bbbb9ceb649dbc1fbff5669ee5f7ce2cf311,
code <=