Re: gitosis question: identifying/logging remote user

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Jun 02, 2009 at 06:49:22PM +0530, Sitaram Chamarty wrote:
> > 2. At the top, look for RFC822 headers with a leading "# " as padding:
> >   Examples from my own patch:
> >   # Full-Name: "Robin H. Johnson (robbat2)" <robbat2@xxxxxxxxxx>
> >   # cia-vc-username: robbat2
> Hmmm... is this a significantly different gitosis? 
Available here:
http://git.overlays.gentoo.org/gitweb/?p=proj/gitosis-gentoo.git;a=summary

> The files in my keydir mostly contain just one line (some have two,
> for people who work from different machines), looking like this:
> 
> ssh-rsa [long series of base64 type characters]== some.one@xxxxxxxxxxx
Comments ARE valid at the top of the files. Some of files have many
keys (users that keep keys unique to machines rather than use agents).
In the comments, we keep contact details for the user, as well as who
requested adding them, when, and for what purpose. The name of the file
is only for the ACL system. We had one potential conflict in naming
already, I got one of the users to rename to avoid having problems
elsewhere.

> >   The headers are followed by a blank line then further text is free-form
> >   and not parsed. Continuation lines are NOT supported.
> > 3. The header field names are transformed to enviornoment variable names
> >   as follows:
> >   - y/[[:lower:]]/[[:upper:]]/g
> >   - s/-/_/g
> > 4. Export the environment variables, named per above, with the full
> >   content of the rest of the line.
> > (We need to export the CIA.vc data, and also send off a commit mail).
> Nope, I'm completely lost.  Perhaps I failed miserably in explaining
> what I want... !
No, it just seems that you aren't expecting the extra level of
indirection. Instead of explicitly exporting values via environment in
authorized_keys, OR in gitosis-serve (like the other patch), I teach
gitosis-serve how to find the keydir again, and extract pre-formatted
data.

Say I'm committing to gitosis.
The entry in the authorized keys is:
command="gitosis-serve robbat2",no-port-forwarding,no-X11-forwarding,...

When gitosis-serve runs, it goes and opens keydir/robbat2.pub.
The following headers are there:
# Full-Name: "Robin H. Johnson (robbat2)"
# Email: <robbat2@xxxxxxxxxx>
# cia-vc-username: robbat2

And the gitosis-serve mangles these per my instructions above, and does
os.putenv with them.

Then the following exists in the environment:
FULL_NAME='Robin H. Johnson (robbat2)'
EMAIL='robbat2@xxxxxxxxxx'
CIA_VC_USERNAME='robbat2'

Which are thus usable in the hooks.

-- 
Robin Hugh Johnson
Gentoo Linux Developer & Infra Guy
E-Mail     : robbat2@xxxxxxxxxx
GnuPG FP   : 11AC BA4F 4778 E3F6 E4ED  F38E B27B 944E 3488 4E85

Attachment: pgpNPwUddQWGO.pgp
Description: PGP signature


[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]