[git-users] Git changes the permissions on a file after push
Set up gitosis, and it turns out that all users are working on behalf of one member gituser. And every time the updated files in the repository that triggered the post-retseive: #! / bin / bash read oldrev newrev refname echo REFNAME: $ refname echo if [$ refname == refs / heads / master] then cd / var / www / siteA unset GIT_DIR git pull origin master echo YOU SEND COMMIT TO *** $ refname *** fi echo Done and after that, the updated files changes owner. And it is necessary to leave -- You received this message because you are subscribed to the Google Groups Git for human beings group. To unsubscribe from this group and stop receiving emails from it, send an email to git-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [git-users] Git changes the permissions on a file after push
On Wed, 2 Oct 2013 02:41:40 -0700 (PDT) Maximus Fedorov stm32...@gmail.com wrote: Set up gitosis, and it turns out that all users are working on behalf of one member gituser. And every time the updated files in the repository that triggered the post-retseive: #! / bin / bash read oldrev newrev refname echo REFNAME: $ refname echo if [$ refname == refs / heads / master] then cd / var / www / siteA unset GIT_DIR git pull origin master echo YOU SEND COMMIT TO *** $ refname *** fi echo Done and after that, the updated files changes owner. And it is necessary to leave The short answer: Git is not a deployment tool; Gitosis, being a front-end to Git is even less so. You have to implement a proper deployment scheme instead. The long answer. In your particular case `git pull` supposedly re-creates certain (updated) files in the work tree and since the session doing this runs with the credentials of the gitosis process, these files have their owner set to that from the credentials. You can remedy the situation by changing these credentials. A straightforward way to do this is to install sudo to the server and configure it to allow the user gitosis to run a deployment program with someone other's credentials (typically, www-data) *without asking for password.* How to implement this is beyond the scope of this discussion, but it should be noted that you *must not* just call `git pull` with modified privileges: the reason is that `git pull` not just updates files the work tree but the Git database itself, and these changes have to be done using the initial credentials (gitosis). A way to go then is to stop using `git pull` (why are you using it for this task anyway?) and instead turn to plumbing Git tools: `git read-tree` followed by `git checkout-index`; both should supposedly operate on a separate index file (created somewhere, possibly in a temporary directory using `mktemp`) made available to them using the GIT_INDEX_FILE environment variable. A sketch: cd /var/www/siteA export GIT_INDEX_FILE=`mktemp siteA.` trap rm -f '$GIT_INDEX_FILE' INT TERM QUIT EXIT git read-tree HEAD git checkout-index -a -f This code should be put into a script and *that* script should be made executable using `sudo` as explained above. An alternative is to allow the user gitosis to run /bin/sh as another user and just use a here document: sudo www-data /bin/sh -EOF cd /var/www/siteA export GIT_INDEX_FILE=`mktemp siteA.` trap rm -f '$GIT_INDEX_FILE' INT TERM QUIT EXIT git read-tree HEAD git checkout-index -a -f EOF See the git-read-tree, git-checkout-index and git manual pages (the latter explains the environment variables Git tools understand). -- You received this message because you are subscribed to the Google Groups Git for human beings group. To unsubscribe from this group and stop receiving emails from it, send an email to git-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [git-users] Git changes the permissions on a file after push
On Wed, 2 Oct 2013 14:30:14 +0400 Konstantin Khomoutov flatw...@users.sourceforge.net wrote: [...] cd /var/www/siteA export GIT_INDEX_FILE=`mktemp siteA.` trap rm -f '$GIT_INDEX_FILE' INT TERM QUIT EXIT git read-tree HEAD git checkout-index -a -f [...] git read-tree HEAD here is stupid in fact; for your task an explicit ref representing a branch would be much better, like in git read-tree refs/heads/master -- You received this message because you are subscribed to the Google Groups Git for human beings group. To unsubscribe from this group and stop receiving emails from it, send an email to git-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[git-users] git clone --recursive times out and fails to clone submodule
Hi, I am unable to clone a specific repository with submodules. $ git clone --recursive https://www.github.com/lagadic/visp_auto_tracker.git Cloning into 'visp_auto_tracker'... remote: Counting objects: 275, done. remote: Compressing objects: 100% (222/222), done. remote: Total 275 (delta 154), reused 157 (delta 42) Receiving objects: 100% (275/275), 44.52 KiB, done. Resolving deltas: 100% (154/154), done. Submodule 'flashcode_mbt' (git://github.com/lagadic/flashcode_mbt.git) registered for path 'flashcode_mbt' Cloning into 'flashcode_mbt'... fatal: unable to connect to github.com: github.com[0: 192.30.252.131]: errno=Connection timed out Clone of 'git://github.com/lagadic/flashcode_mbt.git' into submodule path 'flashcode_mbt' failed This happens on UbuntuLTS12.04 git version 1.7.9.5 as well as Fedora17 git version 1.7.11.7. It seems to be a network issue for sure. Because i asked other users on different networks to do it and it works. Any of you faced a similar problem? Thanks for your help. regards, mbkv -- You received this message because you are subscribed to the Google Groups Git for human beings group. To unsubscribe from this group and stop receiving emails from it, send an email to git-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[git-users] keeping two bare repos in sync?
Hey; I just had the bare vs non-bare repo concept smack me in the face. Painful way to learn things, but I won't forget it any time soon. Since my remote repos are no longer work trees, how can I keep two bare repos in sync? This is primarily for DR purposes. Here's more detail in case it'll help: I have two rhel6 systems running git 1.7.1 that will be maintaining OS and web configuration files for a variety of teams, once I get the bugs in my understanding ironed out. One git server is in datacenter A (prod) where most of the updates will be occurring. Appropriate people will clone the bare repo, make their updates and push it back. The other git server is at our warm DR site. While rare, updates to this server should be possible. I need to be able to fetch changes from the production git server and apply them to the DR one. When I tried it straight, I got the expected fatal: This operation must be run in a work tree I suppose I could hack out a script to pull the configs down to a temp repo and push them back up to the DR one (and vice versa), but that seems like a kludge. As flexible and seemingly well thought out as git appears to be, I have to believe there's a better approach. Could someone clue me in on what I'm missing or how a generic DR process is typically set up? Thanks for any hints/tips/suggestions. Doug O'Leary -- You received this message because you are subscribed to the Google Groups Git for human beings group. To unsubscribe from this group and stop receiving emails from it, send an email to git-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[git-users] Re: keeping two bare repos in sync?
Apologies for replying to my own post, but I did just find the git --bare fetch. While that seems to have worked, # git --bare fetch ${prod}:/opt/app/git/filemover From ${prod}:/opt/app/git/filemover * branchHEAD - FETCH_HEAD how do I go about getting those changes into the bare repo? A git log isn't showing the new commits yet... Thanks. -- You received this message because you are subscribed to the Google Groups Git for human beings group. To unsubscribe from this group and stop receiving emails from it, send an email to git-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[git-users] Git-Enforced Policy
Hello, I am trying to prevent users from attempting certain operations on my repository which is located on a Linux server by employing Server-Side hooks. The Git manual recommends creating a shell wrapper script to set a USER environment variable, which will then be used to restrict certain permissions. I looked for the better part of yesterday for a guide on how to do this (*as I'm new to both unix and git*), but was unable to find anything definitive. So I started piecing things together and trying different options. After wasting close to two days now I am sitting at a solution I feel should work, but am unable to actually clone a directory at. I have defined the following bash script: #!/bin/bash export USER=$1 /bin/bash In the authorized_keys file I call this script with a user parameter whom would be logging in. At this point, git would use the update script (which is not currently in place) and do whatever it needs to do. However I've been attempting a basic clone and I'm stuck at the command line after the .git folder has been created, and before any files have been brought down. Can you link me to a guide for this or explain what I'm doing wrong? manualhttp://git-scm.com/book/en/Customizing-Git-An-Example-Git-Enforced-Policy -- You received this message because you are subscribed to the Google Groups Git for human beings group. To unsubscribe from this group and stop receiving emails from it, send an email to git-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.