Merge git://repo.hackcoop.com.ar/hacking

Conflicts:
	authorized_keys
	parabola-keyring/Makefile
	parabola-keyring/packager-keyids
	parabola-keyring/packager/aurelien.asc
	parabola-keyring/packager/brendan.asc
	parabola-keyring/packager/coadde.asc
	parabola-keyring/packager/emulatorman.asc
	parabola-keyring/packager/encyclomundi.asc
	parabola-keyring/packager/fauno.asc
	parabola-keyring/packager/jorginho.asc
	parabola-keyring/packager/lukeshu.asc
	parabola-keyring/packager/mtjm.asc
	parabola-keyring/packager/ovruni.asc
	parabola-keyring/packager/shackra.asc
	parabola-keyring/packager/smv.asc
	parabola-keyring/packager/xihh.asc
	parabola-keyring/parabola-trusted
	parabola-keyring/parabola.gpg
	parabola-keyring/update-keys

17 files changed, 257 insertions, 31 deletions

diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..62690e3
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,49 @@
+SHELL=/bin/bash
+# The git user home, from where repos are served
+PREFIX=/srv/git
+# The git user
+USER=git
+# The git-shell path
+GIT_SHELL=/usr/bin/git-shell
+# The hacking.git clone
+HACKERS=$(shell pwd)
+
+# Add all of your pubkeys
+# TODO this can fail if you don't have any keys (why don't you)
+bootstrap:
+	cat $(HOME)/.ssh/id_{rsa,ecdsa,dsa}.pub >>authorized_keys 2>/dev/null || true 
+	git commit authorized_keys -m "Bootstraping hacking.git" ; \
+
+# Create the user
+user: 
+	useradd --home $(PREFIX) \
+          --shell $(GIT_SHELL) \
+          --create-home \
+          --system \
+          --user-group \
+          $(USER)
+
+# Check if we have at least a key
+check:
+	if [ $(shell wc -l authorized_keys | cut -d' ' -f1) -eq 0 ]; then \
+		echo 'Add at least your key to authorized_keys!'; \
+		exit 1 ;\
+	fi 
+
+# Add the hackers repo to the local clone
+install-local:
+	git remote add git git:hackers.git
+	cat ssh_config >>$(HOME)/.ssh/config
+
+# Create the hackers.git bare repo and clone as .ssh 
+# Then create needed symlinks and add hooks to hackers.git
+install: check
+	cd $(PREFIX); \
+	git clone --bare $(HACKERS) hackers.git && \
+	git clone hackers.git .ssh && \
+	chmod 700 $(PREFIX) && \
+	chmod 700 .ssh && \
+	chmod 600 .ssh/authorized_keys && \
+	ln -s $(PREFIX)/.ssh/git-hooks/hackers-update hackers.git/hooks/post-receive && \
+	ln -s $(PREFIX)/.ssh/git-shell-commands && \
+	chown -R $(USER):$(USER) $(PREFIX)
diff --git a/README.markdown b/README.markdown
index de5eee6..949f2d7 100644
--- a/README.markdown
+++ b/README.markdown
@@ -1,14 +1,57 @@
-Parabola Hackers
-================
+Hackers
+=======
+
+## What's this? Why?
+
+Hackers is a simple git repository management tool. I started this for Parabola
+GNU/Linux-libre when our gitosis broke and was never fixed. We didn't need
+gitosis' granular permissions anyway.
+
+Hackers.git allows for decentralized management, since any hacker added can add
+new keys, own and others'.
+
+It uses the git-shell to allow users to do git repository tasks (create a repo,
+mirror one, etc.) using ssh to connect to the repository server.
+
+## Install
+
+Clone hackers.git somewhere and add yours and other people's SSH pubkeys (at
+least yours) to the authorized\_keys file, then commit.
+
+This step can be done in a single step with `make bootstrap` (or let the next
+step do it). If you don't you won't be able to login later!
+
+Run `make PREFIX=/srv/git` as root, where *PREFIX* is the git root. Check the
+Makefile itself to see other options.
+
+Now you can use `ssh git@host command arguments`, run the *help* command to
+list commands and arguments available.
+
+## Host requirements
+
+You'll need `git-shell`, on Parabola it's on the *git* package. Also a working
+ssh daemon with "AuthorizedKeysFile  .ssh/authorized_keys" (default in most
+installations).
+
+## Local configuration
+
+On your hacking user, you can add this to your *~/.ssh/config*
+
+    Host git
+      HostName git_hostname_can_be_localhost
+      User git
+
+The repo URL will be *git:repo.git* or *ssh://gitPREFIX/repo.git*.
 
 ## How to add new keys
 
-* Add your key to the authorized\_keys file.
+* Add your key to the authorized\_keys file on your local clone
 * Change the key comment to the "Name <name@email.nu>" format (just for keeping
   it tidy)
 * Commit
 * Push if you have push privileges and you're adding a new hacker, or
-* Run `git format-patch HEAD-1` and send the generated patches to Parabola
+* Run `git format-patch HEAD-1` and send the generated patches to one of the
+  other hackers listed.
 
 ## How does this work?
 
@@ -18,10 +61,5 @@ privileges for the git user.
 
 ## Is this insecure?
 
-'git' is an unprivileged user. If you know how to skip this and gain access to
+*git* is an unprivileged user. If you know how to skip this and gain access to
 our servers be kind and let us now ;)
-
-## Why?
-
-Gitosis broke once and was never fixed. We didn't need gitosis' granular
-permissions anyway. Now Parabola hackers can add new hackers!
diff --git a/git-hooks/auto-deploy b/git-hooks/auto-deploy
new file mode 100755
index 0000000..02a22e7
--- /dev/null
+++ b/git-hooks/auto-deploy
@@ -0,0 +1,16 @@
+#!/bin/bash
+# auto-deploy
+# Usage: auto-deploy /srv/http/repo
+
+# fail on any error
+set -e
+
+# Can we write on the clone?
+test -w "${1}/.git/HEAD"
+
+alias git="git --git-dir '${1}/.git' --work-tree '${1}'"
+
+# pull this repo on the current branch
+git pull origin $(git rev-parse --abbrev-ref HEAD)
+
+exit $?
diff --git a/git-hooks/generic b/git-hooks/generic
new file mode 100755
index 0000000..ebf56f4
--- /dev/null
+++ b/git-hooks/generic
@@ -0,0 +1,12 @@
+#!/bin/sh
+# Generic hook, installs itself as a valid githook(5) and runs whatever it
+# finds on hacking.hook.$self
+# Format:
+# hacking.hooks.post-receive.auto-deploy /srv/http/markpower.hackcoop.com.ar
+
+git config -f config --get-regexp "hacking.hooks.$(basename ${0}).*" | \
+while read hook repo; do
+  hook="`echo "${hook}" | cut -d'.' -f4`"
+
+  ${HOME}/.ssh/git-hooks/${hook} ${repo} ${@} </dev/stdin
+done
diff --git a/git-hooks/post-receive b/git-hooks/hackers-update
index 671dd4e..b78c54d 100755
--- a/git-hooks/post-receive
+++ b/git-hooks/hackers-update
@@ -5,17 +5,17 @@
 # cp .ssh/git-hooks/post-receive hackers.git/hooks/
 
 # fail on any error
-set -E
+set -e
 
 # the ssh dir
-ssh_dir=/srv/git/.ssh
+ssh_dir=${HOME}/.ssh
 
 # pull this repo 
 git --git-dir ${ssh_dir}/.git \
     --work-tree ${ssh_dir} \
     pull origin master
 
-# secure the files
+# secure the files (sshd will refuse connections otherwise)
 chmod 600 ${ssh_dir}/authorized_keys
 chmod 700 ${ssh_dir}
 
diff --git a/git-shell-commands/change-description b/git-shell-commands/change-description
index 437833c..730777c 100755
--- a/git-shell-commands/change-description
+++ b/git-shell-commands/change-description
@@ -1,12 +1,12 @@
 #!/bin/sh
-# Allows users to change project description
-# $ ssh git@host change-description repo "description"
+# * change-description
+#   Cambia la descripcion del projecto, necesita archivo description en el proyecto
+#   ssh git@host change-description repo "description"
 
-set -E
+set -e
 
 repo=$1; shift
-description="$@"
 
-echo "${repo}.git/${description}" > description
+test -d ${repo}.git && echo "${@}" > ${repo}.git/description
 
 exit $?
diff --git a/git-shell-commands/change-owner b/git-shell-commands/change-owner
new file mode 100755
index 0000000..4cf90c7
--- /dev/null
+++ b/git-shell-commands/change-owner
@@ -0,0 +1,13 @@
+#!/bin/sh
+# * change-owner
+#   Define quién manda
+#   ssh git@host change-owner repo "Hacklab"
+
+set -e
+
+repo=$1; shift
+
+test -d "${repo}".git && \
+git config -f "${repo}.git/config" "gitweb.owner" "${@}"
+
+exit $?
diff --git a/git-shell-commands/create-bare-repo b/git-shell-commands/create-bare-repo
index 14a640b..3051c9d 100755
--- a/git-shell-commands/create-bare-repo
+++ b/git-shell-commands/create-bare-repo
@@ -1,16 +1,17 @@
 #!/bin/sh
-# Allows users to create repo.git
-# $ ssh git@host create-bare-repo repo1 repo2 ...
+# * create-bare-repo
+#   Allows users to create repo.git
+#   ssh git@host create-bare-repo repo1 repo2 ...
 
-set -E
+set -e
 
-for i in $@; do
-# Cleanup names
-    i="`echo "$i" | sed "s/[^a-z0-9\.\-\_]//gi"`"
+for repo in $@; do
+# Cleanup names, allow hidden repos
+    repo="`echo "$repo" | sed -e "s/\.\.//g" -e "s,^/\+,,g" -e "s,[^a-z0-9\./_-],,gi"`"
+    test -d "$repo".git && continue
 
-    if [ -z "$i" ]; then continue; fi
-
-    mkdir "$i".git
-    pushd "$i".git
+    mkdir -p "$repo".git
+    pushd "$repo".git
     git init --bare
+    popd
 done
diff --git a/git-shell-commands/delete-repo b/git-shell-commands/delete-repo
new file mode 100755
index 0000000..4ca644e
--- /dev/null
+++ b/git-shell-commands/delete-repo
@@ -0,0 +1,16 @@
+#!/bin/sh
+# * delete-repo
+#   Allows users to delete repositories permanently
+#   ssh git@host delete-repo repo1 repo2 ...
+
+set -e
+
+for repo in $@; do
+# Remove leading slashes and dots and perform cleanup
+    repo="`echo "$repo" | sed -e "s/\.\.//g" -e "s,^/\+,,g" -e "s,[^a-z0-9\./_-],,gi"`"
+    test ! -d "$repo".git && continue
+
+    echo "Removing ${repo}.git"
+    # lo and behold absolute horror
+    rm -rf "$repo".git
+done
diff --git a/git-shell-commands/fetch-mirrors b/git-shell-commands/fetch-mirrors
new file mode 100755
index 0000000..a9442ba
--- /dev/null
+++ b/git-shell-commands/fetch-mirrors
@@ -0,0 +1,20 @@
+#!/bin/sh
+# * fetch-mirrors
+#   Actualiza el `mirrors` (espejos) creados con `mirror`
+#   ssh git@host fetch-mirrors
+
+set -e
+
+# Find all mirrors
+~/git-shell-commands/mirrors | \
+  while read _mirror; do
+
+    pushd "$_mirror" >/dev/null
+
+    git remote update
+
+    popd >/dev/null
+
+done
+
+exit $?
diff --git a/git-shell-commands/help b/git-shell-commands/help
new file mode 100755
index 0000000..e707df8
--- /dev/null
+++ b/git-shell-commands/help
@@ -0,0 +1,12 @@
+#!/bin/sh
+# * help
+#   Obtiene los comando habilitados
+#   ssh git@host help
+
+set -e
+
+# Gets three lines from every git-shell-command
+for c in `dirname $0`/*; do
+    head -q -n4 $c | tail -n3 | sed "s/^..//"
+    echo
+done
diff --git a/git-shell-commands/hook-install b/git-shell-commands/hook-install
new file mode 100755
index 0000000..08a0340
--- /dev/null
+++ b/git-shell-commands/hook-install
@@ -0,0 +1,23 @@
+#!/bin/sh
+# * hook-install
+#   Instala un hook en un repo
+#   ssh git@host hook-install hook script repo [alt-dir]
+
+set -e
+
+hook="${1}"
+script="${HOME}/.ssh/git-hooks/${2}"
+repo="${HOME}/${3}"
+clone="${4:-${repo}}"
+
+# Tests
+test -f "${repo}/HEAD"
+test -f "${clone}/.git/HEAD"
+
+# Installs the generic hook that runs scripts
+test -f "${repo}/hooks/${hook}" || ln -s "${HOME}/.ssh/git-hooks/generic" "${repo}/hooks/${hook}"
+
+# Install the hook on the repo
+git config -f "${repo}/config" --add "hacking.hooks.${hook}.${2}" "${clone}"
+
+exit $?
diff --git a/git-shell-commands/mirror b/git-shell-commands/mirror
new file mode 100755
index 0000000..212687e
--- /dev/null
+++ b/git-shell-commands/mirror
@@ -0,0 +1,12 @@
+#!/bin/sh
+# * mirror
+#   Espeja un repositorio
+#   ssh git@host mirror git://url/repo.git
+
+set -E
+
+for _m in $@; do
+    git clone --mirror $_m
+done
+
+exit $?
diff --git a/git-shell-commands/mirrors b/git-shell-commands/mirrors
new file mode 100755
index 0000000..d1301a8
--- /dev/null
+++ b/git-shell-commands/mirrors
@@ -0,0 +1,11 @@
+#!/bin/sh
+# * mirrors
+#   Muestra todos los repositorios espejos (mirror)
+#   ssh git@host mirrors
+
+set -e
+
+# Find all mirrors
+find *.git -maxdepth 1 -iname config -print0 | \
+  xargs -0 grep -l 'mirror = true' | \
+  sed 's,/config$,,'
diff --git a/parabola-keyring/.directory b/parabola-keyring/.directory
deleted file mode 100644
index d8a1780..0000000
--- a/parabola-keyring/.directory
+++ /dev/null
@@ -1,3 +0,0 @@
-[Dolphin]
-Timestamp=2012,8,16,17,56,23
-Version=3
diff --git a/parabola-keyring/parabola-revoked b/parabola-keyring/parabola-revoked
deleted file mode 100644
index e69de29..0000000
--- a/parabola-keyring/parabola-revoked
+++ /dev/null
diff --git a/ssh_config b/ssh_config
new file mode 100644
index 0000000..2a57c97
--- /dev/null
+++ b/ssh_config
@@ -0,0 +1,6 @@
+
+# ssh shortcut for git@localhost
+Host git
+  HostName localhost
+  User git
+# Port 22 # change to your ssh port