From owner-svn-ports-svnadmin@FreeBSD.ORG Sun Sep 16 11:27:07 2012 Return-Path: Delivered-To: svn-ports-svnadmin@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 74A5D106564A; Sun, 16 Sep 2012 11:27:07 +0000 (UTC) (envelope-from bz@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 600578FC15; Sun, 16 Sep 2012 11:27:07 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id q8GBR70r072864; Sun, 16 Sep 2012 11:27:07 GMT (envelope-from bz@svn.freebsd.org) Received: (from bz@localhost) by svn.freebsd.org (8.14.4/8.14.4/Submit) id q8GBR7UB072862; Sun, 16 Sep 2012 11:27:07 GMT (envelope-from bz@svn.freebsd.org) Message-Id: <201209161127.q8GBR7UB072862@svn.freebsd.org> From: "Bjoern A. Zeeb" Date: Sun, 16 Sep 2012 11:27:07 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-svnadmin@freebsd.org X-SVN-Group: ports-svnadmin MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r304341 - svnadmin/hooks/scripts X-BeenThere: svn-ports-svnadmin@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for svnadmin of the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 16 Sep 2012 11:27:07 -0000 Author: bz (src committer) Date: Sun Sep 16 11:27:06 2012 New Revision: 304341 URL: http://svn.freebsd.org/changeset/ports/304341 Log: Harmonize env.sh with base r240535 passing the repo name as argument, checking for checkacl-ports before checkacl allowing us to harmonize things while retaining the current status quo. Approved by: portmgr (implicit, beat) Modified: svnadmin/hooks/scripts/env.sh Modified: svnadmin/hooks/scripts/env.sh ============================================================================== --- svnadmin/hooks/scripts/env.sh Sun Sep 16 11:16:06 2012 (r304340) +++ svnadmin/hooks/scripts/env.sh Sun Sep 16 11:27:06 2012 (r304341) @@ -6,4 +6,6 @@ cd /s/svn/ports umask 002 if [ -x /usr/local/bin/checkacl-ports ]; then eval `/usr/local/bin/checkacl-ports ports` +elif [ -x /usr/local/bin/checkacl ]; then + eval `/usr/local/bin/checkacl ports` fi From owner-svn-ports-svnadmin@FreeBSD.ORG Sun Sep 16 11:30:22 2012 Return-Path: Delivered-To: svn-ports-svnadmin@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 71FE8106564A; Sun, 16 Sep 2012 11:30:22 +0000 (UTC) (envelope-from bz@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 52B9F8FC12; Sun, 16 Sep 2012 11:30:22 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id q8GBUM81073464; Sun, 16 Sep 2012 11:30:22 GMT (envelope-from bz@svn.freebsd.org) Received: (from bz@localhost) by svn.freebsd.org (8.14.4/8.14.4/Submit) id q8GBUMWF073461; Sun, 16 Sep 2012 11:30:22 GMT (envelope-from bz@svn.freebsd.org) Message-Id: <201209161130.q8GBUMWF073461@svn.freebsd.org> From: "Bjoern A. Zeeb" Date: Sun, 16 Sep 2012 11:30:22 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-svnadmin@freebsd.org X-SVN-Group: ports-svnadmin MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r304342 - svnadmin/tools/checkacl X-BeenThere: svn-ports-svnadmin@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for svnadmin of the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 16 Sep 2012 11:30:22 -0000 Author: bz (src committer) Date: Sun Sep 16 11:30:21 2012 New Revision: 304342 URL: http://svn.freebsd.org/changeset/ports/304342 Log: In preparation of synching this file between repos, rename it to a common source file name. We still install as checkacl-ports. Approved by: portmgr (implicit, beat) Added: svnadmin/tools/checkacl/checkacl.c - copied unchanged from r304293, svnadmin/tools/checkacl/checkacl-ports.c Deleted: svnadmin/tools/checkacl/checkacl-ports.c Modified: svnadmin/tools/checkacl/Makefile Modified: svnadmin/tools/checkacl/Makefile ============================================================================== --- svnadmin/tools/checkacl/Makefile Sun Sep 16 11:27:06 2012 (r304341) +++ svnadmin/tools/checkacl/Makefile Sun Sep 16 11:30:21 2012 (r304342) @@ -1,6 +1,7 @@ # $FreeBSD$ PROG= checkacl-ports +SRCS= checkacl.c NO_MAN= too bad NO_SHARED=yes DESTDIR=/usr/local/bin Copied: svnadmin/tools/checkacl/checkacl.c (from r304293, svnadmin/tools/checkacl/checkacl-ports.c) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ svnadmin/tools/checkacl/checkacl.c Sun Sep 16 11:30:21 2012 (r304342, copy of r304293, svnadmin/tools/checkacl/checkacl-ports.c) @@ -0,0 +1,214 @@ +/* + * Ok, so this isn't exactly pretty, so sue me. + * + * FreeBSD Subversion tree ACL check helper. The program looks in + * relevant access files to find out if the committer may commit. + * + * From: Id: cvssh.c,v 1.38 2008/05/31 02:54:58 peter Exp + * $FreeBSD$ + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#define SRCACCESS "/s/svn/base/conf/access" +#define DOCACCESS "/s/svn/doc/conf/access" +#define PORTSACCESS "/s/svn/ports/conf/access" + + +static char username[32]; +static char committag[256]; + +static void +msg(const char *fmt, ...) +{ + va_list ap; + + va_start(ap, fmt); + vfprintf(stderr, fmt, ap); + fprintf(stderr, "\n"); + va_end(ap); +} + +static int +karmacheck(FILE *fp, char *name) +{ + char buf[1024]; + char *p, *s; + int karma; + + karma = 0; + while ((p = fgets(buf, sizeof(buf) - 1, fp)) != NULL) { + while ((s = strsep(&p, " \t\n")) != NULL) { + if (*s == '\0') + continue; /* whitespace */ + if (*s == '#' || *s == '/' || *s == ';') + break; /* comment */ + if (strcmp(s, "*") == 0) { /* all */ + karma++; + break; + } + if (strcmp(s, name) == 0) { + karma++; + break; + } + break; /* ignore further tokens on line */ + } + } + return karma; +} + +int +main(int argc, char *argv[]) +{ + struct passwd *pw; + struct stat st; + FILE *fp; + int i; + gid_t repogid; + gid_t mygroups[NGROUPS_MAX]; + int ngroups; + int writeable; + int karma; + int doccommit; + int portscommit; + int srccommit; + int srckarma; +#ifdef PORTSACCESS + int portskarma; +#endif +#ifdef DOCACCESS + int dockarma; +#endif + const char *comma; + + srckarma = 0; +#ifdef PORTSACCESS + portskarma = 0; +#endif +#ifdef DOCACCESS + dockarma = 0; +#endif + karma = 0; + doccommit = 0; + portscommit = 0; + srccommit = 0; + writeable = 0; + pw = getpwuid(getuid()); + if (pw == NULL) { + msg("no user for uid %d", getuid()); + exit(1); + } + if (pw->pw_dir == NULL) { + msg("no home directory"); + exit(1); + } + + if (argc == 2) { + if (strcmp(argv[1], "src") == 0) + srccommit = 1; + if (strcmp(argv[1], "ports") == 0) + portscommit = 1; + if (strcmp(argv[1], "doc") == 0) + doccommit = 1; + } else { + srccommit = 1; + } + + /* save in a static buffer */ + strlcpy(username, pw->pw_name, sizeof(username)); + + if (stat("/s/svn", &st) < 0) { + msg("Cannot stat %s", "/s/svn"); + exit(1); + } + repogid = st.st_gid; + if (repogid < 10) { + msg("unsafe repo gid %d\n", repogid); + exit(1); + } + ngroups = getgroups(NGROUPS_MAX, mygroups); + if (ngroups > 0) { + for (i = 0; i < ngroups; i++) + if (mygroups[i] == repogid) + writeable = 1; + } + if (!writeable) + printf("export SVN_READONLY=y\n"); + + fp = fopen(SRCACCESS, "r"); + if (fp == NULL) { + msg("Cannot open %s", SRCACCESS); + exit(1); + } else { + srckarma += karmacheck(fp, pw->pw_name); + fclose(fp); + } +#ifdef DOCACCESS + if ((fp = fopen(DOCACCESS, "r")) != NULL) { + dockarma += karmacheck(fp, pw->pw_name); + fclose(fp); + } +#endif +#ifdef PORTSACCESS + if ((fp = fopen(PORTSACCESS, "r")) != NULL) { + portskarma += karmacheck(fp, pw->pw_name); + fclose(fp); + } +#endif + + if ((srccommit == 1 && srckarma == 0) || + (portscommit == 1 && portskarma == 0) || + (doccommit == 1 && dockarma == 0)) { + strcpy(committag, "SVN_COMMIT_ATTRIB="); + comma = ""; +#ifdef DOCACCESS + if (dockarma > 0) { + strcat(committag, comma); + strcat(committag, "doc"); + comma = ","; + karma += dockarma; + } +#endif +#ifdef PORTSACCESS + if (portskarma > 0) { + strcat(committag, comma); + strcat(committag, "ports"); + comma = ","; + karma += portskarma; + } +#endif + if (srckarma > 0) { + strcat(committag, comma); + strcat(committag, "src"); + comma = ","; + karma += srckarma; + } + if (karma != 0) { + printf("export %s\n", committag); + } + } else { + karma += dockarma; + karma += portskarma; + karma += srckarma; + } + + if (karma == 0) { + /* If still zero, its a readonly access */ + printf("export SVN_READONLY=y\n"); + } + return (0); +} From owner-svn-ports-svnadmin@FreeBSD.ORG Sun Sep 16 11:31:26 2012 Return-Path: Delivered-To: svn-ports-svnadmin@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 71AA7106564A; Sun, 16 Sep 2012 11:31:26 +0000 (UTC) (envelope-from bz@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 5B4E38FC08; Sun, 16 Sep 2012 11:31:26 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id q8GBVQEJ073716; Sun, 16 Sep 2012 11:31:26 GMT (envelope-from bz@svn.freebsd.org) Received: (from bz@localhost) by svn.freebsd.org (8.14.4/8.14.4/Submit) id q8GBVQFC073714; Sun, 16 Sep 2012 11:31:26 GMT (envelope-from bz@svn.freebsd.org) Message-Id: <201209161131.q8GBVQFC073714@svn.freebsd.org> From: "Bjoern A. Zeeb" Date: Sun, 16 Sep 2012 11:31:26 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-svnadmin@freebsd.org X-SVN-Group: ports-svnadmin MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r304343 - svnadmin/tools/checkacl X-BeenThere: svn-ports-svnadmin@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for svnadmin of the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 16 Sep 2012 11:31:26 -0000 Author: bz (src committer) Date: Sun Sep 16 11:31:25 2012 New Revision: 304343 URL: http://svn.freebsd.org/changeset/ports/304343 Log: Copy over the version from base r240538. This copy is provided to allow the doc repository to be self-hosted. All changes should be synchronized with the other repositories. The "base" version should be seen as master copy. Approved by: portmgr (implicit, beat) Modified: svnadmin/tools/checkacl/checkacl.c Modified: svnadmin/tools/checkacl/checkacl.c ============================================================================== --- svnadmin/tools/checkacl/checkacl.c Sun Sep 16 11:30:21 2012 (r304342) +++ svnadmin/tools/checkacl/checkacl.c Sun Sep 16 11:31:25 2012 (r304343) @@ -4,6 +4,8 @@ * FreeBSD Subversion tree ACL check helper. The program looks in * relevant access files to find out if the committer may commit. * + * !!! Please keep in sync between various SVN repositories. !!! + * * From: Id: cvssh.c,v 1.38 2008/05/31 02:54:58 peter Exp * $FreeBSD$ */ @@ -24,13 +26,16 @@ #include #include -#define SRCACCESS "/s/svn/base/conf/access" -#define DOCACCESS "/s/svn/doc/conf/access" -#define PORTSACCESS "/s/svn/ports/conf/access" - +#define BASE 0x01 +#define DOC 0x02 +#define PORTS 0x04 + +#define SVNROOT "/s/svn" +#define BASEACCESS SVNROOT "/base/conf/access" +#define DOCACCESS SVNROOT "/doc/conf/access" +#define PORTSACCESS SVNROOT "/ports/conf/access" -static char username[32]; -static char committag[256]; +static char username[_SC_LOGIN_NAME_MAX + 1]; static void msg(const char *fmt, ...) @@ -43,12 +48,12 @@ msg(const char *fmt, ...) va_end(ap); } -static int -karmacheck(FILE *fp, char *name) +static u_int +karmacheck(FILE *fp, const char *name, u_int k) { char buf[1024]; char *p, *s; - int karma; + u_int karma; karma = 0; while ((p = fgets(buf, sizeof(buf) - 1, fp)) != NULL) { @@ -58,11 +63,11 @@ karmacheck(FILE *fp, char *name) if (*s == '#' || *s == '/' || *s == ';') break; /* comment */ if (strcmp(s, "*") == 0) { /* all */ - karma++; + karma |= k; break; } if (strcmp(s, name) == 0) { - karma++; + karma |= k; break; } break; /* ignore further tokens on line */ @@ -71,42 +76,49 @@ karmacheck(FILE *fp, char *name) return karma; } +static u_int +read_access(const char *accessf, const u_int repo, u_int k, + const char *name) +{ + FILE *fp; + u_int karma; + + karma = 0; + fp = fopen(accessf, "r"); + if (fp == NULL && (repo & k) == k) { + msg("Cannot open %s", accessf); + exit(1); + } else if (fp != NULL) { + karma |= karmacheck(fp, name, k); + fclose(fp); + } + + return (karma); +} + +static void +catcommittag(char *committag, const char **comma, const u_int karma, + const u_int k, const char *s) +{ + + if ((karma & k) == 0) + return; + + strcat(committag, *comma); + strcat(committag, s); + *comma = ","; +} + int main(int argc, char *argv[]) { struct passwd *pw; struct stat st; - FILE *fp; - int i; gid_t repogid; gid_t mygroups[NGROUPS_MAX]; - int ngroups; - int writeable; - int karma; - int doccommit; - int portscommit; - int srccommit; - int srckarma; -#ifdef PORTSACCESS - int portskarma; -#endif -#ifdef DOCACCESS - int dockarma; -#endif - const char *comma; + int i, ngroups, writeable; + u_int karma, repo; - srckarma = 0; -#ifdef PORTSACCESS - portskarma = 0; -#endif -#ifdef DOCACCESS - dockarma = 0; -#endif - karma = 0; - doccommit = 0; - portscommit = 0; - srccommit = 0; - writeable = 0; pw = getpwuid(getuid()); if (pw == NULL) { msg("no user for uid %d", getuid()); @@ -117,22 +129,12 @@ main(int argc, char *argv[]) exit(1); } - if (argc == 2) { - if (strcmp(argv[1], "src") == 0) - srccommit = 1; - if (strcmp(argv[1], "ports") == 0) - portscommit = 1; - if (strcmp(argv[1], "doc") == 0) - doccommit = 1; - } else { - srccommit = 1; - } - - /* save in a static buffer */ + /* Save in a static buffer. */ strlcpy(username, pw->pw_name, sizeof(username)); + endpwent(); - if (stat("/s/svn", &st) < 0) { - msg("Cannot stat %s", "/s/svn"); + if (stat(SVNROOT, &st) < 0) { + msg("Cannot stat %s", SVNROOT); exit(1); } repogid = st.st_gid; @@ -140,6 +142,7 @@ main(int argc, char *argv[]) msg("unsafe repo gid %d\n", repogid); exit(1); } + writeable = 0; ngroups = getgroups(NGROUPS_MAX, mygroups); if (ngroups > 0) { for (i = 0; i < ngroups; i++) @@ -149,66 +152,48 @@ main(int argc, char *argv[]) if (!writeable) printf("export SVN_READONLY=y\n"); - fp = fopen(SRCACCESS, "r"); - if (fp == NULL) { - msg("Cannot open %s", SRCACCESS); + if (argc != 2) { + msg("No repository given"); exit(1); - } else { - srckarma += karmacheck(fp, pw->pw_name); - fclose(fp); } -#ifdef DOCACCESS - if ((fp = fopen(DOCACCESS, "r")) != NULL) { - dockarma += karmacheck(fp, pw->pw_name); - fclose(fp); - } -#endif -#ifdef PORTSACCESS - if ((fp = fopen(PORTSACCESS, "r")) != NULL) { - portskarma += karmacheck(fp, pw->pw_name); - fclose(fp); + repo = 0; + /* Forward compat for base. */ + if (strcmp(argv[1], "base") == 0 || strcmp(argv[1], "src") == 0) + repo |= BASE; + else if (strcmp(argv[1], "doc") == 0) + repo |= DOC; + else if (strcmp(argv[1], "ports") == 0) + repo |= PORTS; + else { + msg("Invalid repository given: %s", argv[1]); + exit(1); } -#endif - if ((srccommit == 1 && srckarma == 0) || - (portscommit == 1 && portskarma == 0) || - (doccommit == 1 && dockarma == 0)) { - strcpy(committag, "SVN_COMMIT_ATTRIB="); - comma = ""; + karma = 0; +#ifdef BASEACCESS + karma |= read_access(BASEACCESS, repo, BASE, username); +#endif #ifdef DOCACCESS - if (dockarma > 0) { - strcat(committag, comma); - strcat(committag, "doc"); - comma = ","; - karma += dockarma; - } + karma |= read_access(DOCACCESS, repo, DOC, username); #endif #ifdef PORTSACCESS - if (portskarma > 0) { - strcat(committag, comma); - strcat(committag, "ports"); - comma = ","; - karma += portskarma; - } + karma |= read_access(PORTSACCESS, repo, PORTS, username); #endif - if (srckarma > 0) { - strcat(committag, comma); - strcat(committag, "src"); - comma = ","; - karma += srckarma; - } - if (karma != 0) { - printf("export %s\n", committag); - } - } else { - karma += dockarma; - karma += portskarma; - karma += srckarma; - } - if (karma == 0) { /* If still zero, its a readonly access */ printf("export SVN_READONLY=y\n"); + + } else if ((repo & karma) == 0) { + char committag[sizeof("src,doc,ports") + 1]; + const char *comma; + + committag[0] = '\0'; + comma = ""; + catcommittag(committag, &comma, karma, BASE, "src"); + catcommittag(committag, &comma, karma, DOC, "doc"); + catcommittag(committag, &comma, karma, PORTS, "ports"); + printf("export SVN_COMMIT_ATTRIB=\"%s\"\n", committag); } + return (0); }