* [gentoo-commits] proj/gitolite-gentoo:upstream commit in: src/, doc/, conf/
@ 2011-02-15 16:42 Christian Ruppert
0 siblings, 0 replies; only message in thread
From: Christian Ruppert @ 2011-02-15 16:42 UTC (permalink / raw
To: gentoo-commits
commit: 27081ad1c1f923487c571b9ecc4ef4cf3ced2b94
Author: Sitaram Chamarty <sitaram <AT> atc <DOT> tcs <DOT> com>
AuthorDate: Sat Jan 1 14:18:18 2011 +0000
Commit: Christian Ruppert <idl0r <AT> gentoo <DOT> org>
CommitDate: Sun Jan 2 04:51:39 2011 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/gitolite-gentoo.git;a=commit;h=27081ad1
new rc var: GL_ALL_READ_ALL
---
conf/example.gitolite.rc | 4 +++-
doc/gitolite.rc.mkd | 7 +++++++
src/gl-auth-command | 9 +++++++--
3 files changed, 17 insertions(+), 3 deletions(-)
diff --git a/conf/example.gitolite.rc b/conf/example.gitolite.rc
index 8626be1..9ee7840 100644
--- a/conf/example.gitolite.rc
+++ b/conf/example.gitolite.rc
@@ -33,8 +33,10 @@ $GL_BIG_CONFIG = 0;
$GL_NO_DAEMON_NO_GITWEB = 0;
# ------------------------------------------------------------------------------
-# VARIABLES WITH A SECURITY IMPACT
+# VARIABLES WITH A SECURITY IMPACT. READ DOC WELL BEFORE CHANGING THESE.
+# http://github.com/sitaramc/gitolite/blob/pu/doc/gitolite.rc.mkd#_variables_with_a_security_impact
# ------------------------------------------------------------------------------
+# $GL_ALL_READ_ALL = 0;
$GIT_PATH="";
$GL_GITCONFIG_KEYS = "";
# $GL_GITCONFIG_WILD = 0;
diff --git a/doc/gitolite.rc.mkd b/doc/gitolite.rc.mkd
index ecf5758..e354ff0 100644
--- a/doc/gitolite.rc.mkd
+++ b/doc/gitolite.rc.mkd
@@ -96,6 +96,13 @@ test suite, my actual production use, my time, and sometimes (LDAP comes to
mind) even my skill or resources available to me, and that therefore I depend
on feedback from my users to find or fix issues.
+ * `$GL_ALL_READ_ALL`, boolean, default undef
+
+ Eliminates the access control check for read access. Makes things much
+ (**much**!) faster when you have 10,000 projects and the compiled conf
+ file is more than 20MB in size! **Double check with your boss or have a
+ new job lined up before setting this on!**
+
* `$GIT_PATH`, string, default empty
If git on your server is on a standard path (that is `ssh git@server git
diff --git a/src/gl-auth-command b/src/gl-auth-command
index 46cea7d..1ebacb5 100755
--- a/src/gl-auth-command
+++ b/src/gl-auth-command
@@ -32,7 +32,7 @@ use warnings;
# ----------------------------------------------------------------------------
# these are set by the "rc" file
-our ($GL_LOGT, $GL_CONF_COMPILED, $REPO_BASE, $GIT_PATH, $REPO_UMASK, $GL_ADMINDIR, $RSYNC_BASE, $HTPASSWD_FILE, $GL_WILDREPOS, $GL_WILDREPOS_DEFPERMS, $GL_ADC_PATH, $SVNSERVE, $PROJECTS_LIST, $GL_SLAVE_MODE, $GL_PERFLOGT);
+our ($GL_LOGT, $GL_CONF_COMPILED, $REPO_BASE, $GIT_PATH, $REPO_UMASK, $GL_ADMINDIR, $RSYNC_BASE, $HTPASSWD_FILE, $GL_WILDREPOS, $GL_WILDREPOS_DEFPERMS, $GL_ADC_PATH, $SVNSERVE, $PROJECTS_LIST, $GL_SLAVE_MODE, $GL_PERFLOGT, $GL_ALL_READ_ALL);
# and these are set by gitolite.pm
our ($R_COMMANDS, $W_COMMANDS, $REPONAME_PATT, $REPOPATT_PATT, $ADC_CMD_ARGS_PATT);
our %repos;
@@ -227,7 +227,12 @@ $ENV{GL_REPO}=$repo;
# first level permissions check
# ----------------------------------------------------------------------------
-my ($perm, $creator, $wild) = &repo_rights($repo);
+my ($perm, $creator, $wild);
+if ( $GL_ALL_READ_ALL and $verb =~ $R_COMMANDS and -d "$ENV{GL_REPO_BASE_ABS}/$repo.git") {
+ $perm = 'R';
+} else {
+ ($perm, $creator, $wild) = &repo_rights($repo);
+}
if ($perm =~ /C/) {
# it was missing, and you have create perms
wrap_chdir("$ENV{GL_REPO_BASE_ABS}");
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2011-02-15 16:44 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-02-15 16:42 [gentoo-commits] proj/gitolite-gentoo:upstream commit in: src/, doc/, conf/ Christian Ruppert
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox