Adminsys-commits
Threads by month
- ----- 2026 -----
- June
- May
- April
- March
- February
- January
- ----- 2025 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- 129 discussions
Author: athimel
Date: 2016-01-06 11:43:07 +0100 (Wed, 06 Jan 2016)
New Revision: 135
Url: http://forge.codelutin.com/projects/adminsys/repository/revisions/135
Log:
Disparition de tomcat6
Modified:
demo-tools/tomcat/apache-demo-ng
demo-tools/tomcat/tomcat-default
demo-tools/tomcat/tomcat-init.d
Modified: demo-tools/tomcat/apache-demo-ng
===================================================================
--- demo-tools/tomcat/apache-demo-ng 2015-12-15 07:47:13 UTC (rev 134)
+++ demo-tools/tomcat/apache-demo-ng 2016-01-06 10:43:07 UTC (rev 135)
@@ -15,8 +15,9 @@
# les sous repertoires
Options ExecCGI FollowSymLinks
AllowOverride None
- Order Deny,Allow
- Allow from All
+# Order Deny,Allow
+# Allow from All
+ Require all granted
AddHandler cgi-script .cgi
</Directory>
@@ -27,8 +28,9 @@
# index.html pour presenter l'application
Options All
AllowOverride All
- Order Deny,Allow
- Allow from All
+ Require all granted
+# Order Deny,Allow
+# Allow from All
</Directory>
<Directory /var/local/demo/app/*/*/>
@@ -41,12 +43,12 @@
# (TODO: trouver la bonne config)
# Order Deny,Allow
# Deny from All
+ Require all denied
</Directory>
<Files ".apache.conf">
# on interdit la recuperation des fichiers inclus (.apache.conf)
- Order Deny,Allow
- Deny from All
+ Require all denied
</Files>
@@ -116,8 +118,9 @@
# les sous repertoires
Options ExecCGI FollowSymLinks
AllowOverride None
- Order Deny,Allow
- Allow from All
+# Order Deny,Allow
+# Allow from All
+ Require all granted
AddHandler cgi-script .cgi
</Directory>
@@ -128,8 +131,9 @@
# index.html pour presenter l'application
Options All
AllowOverride All
- Order Deny,Allow
- Allow from All
+# Order Deny,Allow
+# Allow from All
+ Require all granted
</Directory>
<Directory /var/local/demo/app/*/*/>
@@ -142,12 +146,14 @@
# (TODO: trouver la bonne config)
# Order Deny,Allow
# Deny from All
+ Require all denied
</Directory>
<Files ".apache.conf">
# on interdit la recuperation des fichiers inclus (.apache.conf)
- Order Deny,Allow
- Deny from All
+# Order Deny,Allow
+# Deny from All
+ Require all denied
</Files>
Modified: demo-tools/tomcat/tomcat-default
===================================================================
--- demo-tools/tomcat/tomcat-default 2015-12-15 07:47:13 UTC (rev 134)
+++ demo-tools/tomcat/tomcat-default 2016-01-06 10:43:07 UTC (rev 135)
@@ -1,8 +1,10 @@
TOMCAT_USER=www-data
TOMCAT_GROUP=www-data
JAVA_HOME=/opt/jdk
+DISPLAY=":1.0"
JAVA_OPTS="-Djava.awt.headless=true -XX:+UseConcMarkSweepGC -Dfile.encoding=UTF-8"
-JAVA_OPTS="$JAVA_OPTS -XX:MaxPermSize=512m -Xms512m -Xmx2048m -XX:-UseGCOverheadLimit"
+#JAVA_OPTS="-XX:+UseConcMarkSweepGC -Dfile.encoding=UTF-8"
+JAVA_OPTS="$JAVA_OPTS -XX:MaxPermSize=512m -Xms128m -Xmx2048m -XX:-UseGCOverheadLimit"
JTOMCAT_SECURITY=no
LOGFILE_DAYS=30
JVM_TMP=/tmp/tomcat-temp
Modified: demo-tools/tomcat/tomcat-init.d
===================================================================
--- demo-tools/tomcat/tomcat-init.d 2015-12-15 07:47:13 UTC (rev 134)
+++ demo-tools/tomcat/tomcat-init.d 2016-01-06 10:43:07 UTC (rev 135)
@@ -104,7 +104,7 @@
# It also looks like the default heap size of 64M is not enough for most cases
# so the maximum heap size is set to 128M
if [ -z "$JAVA_OPTS" ]; then
- JAVA_OPTS="-Djava.awt.headless=true -Xmx128M"
+ JAVA_OPTS="-Djava.awt.headless=true"
fi
SECURITY=""
@@ -297,7 +297,7 @@
fi
;;
*)
- log_failure_msg "Usage: $0 {start|stop|restart|try-restart|force-reload|status} {6|7|all} {stable|staging|latest|all}"
+ log_failure_msg "Usage: $0 {start|stop|restart|try-restart|force-reload|status} {7|8|all} {stable|staging|latest|all}"
exit 1
;;
esac
@@ -304,15 +304,15 @@
}
if [ "$#" -lt 1 ]; then
- log_failure_msg "Usage: $0 {start|stop|restart|try-restart|force-reload|status} {6|7|all (default)} {stable|staging|latest|all (default)}"
+ log_failure_msg "Usage: $0 {start|stop|restart|try-restart|force-reload|status} {7|8|all (default)} {stable|staging|latest|all (default)}"
exit 1
fi
# ACTION
ACTION=$1
-# 6|7|8|all
+# 7|8|all
TOMCAT_VERSION=${2:-all}
-TOMCAT_VERSION=${TOMCAT_VERSION/all/6 7 8}
+TOMCAT_VERSION=${TOMCAT_VERSION/all/7 8}
# stable|staging|latest|all
TOMCAT_INSTANCE=${3:-all}
TOMCAT_INSTANCE=${TOMCAT_INSTANCE/all/stable staging latest}
1
0
Author: tchemit
Date: 2015-12-15 08:47:13 +0100 (Tue, 15 Dec 2015)
New Revision: 134
Url: http://forge.codelutin.com/projects/adminsys/repository/revisions/134
Log:
Mise ?\195?\160 jour du script de mise ?\195?\160 jour des sites techniques (mais s'il tend ?\195?\160 disparaire)
Modified:
scripts/redmine-tools/update_technical_site.sh
Modified: scripts/redmine-tools/update_technical_site.sh
===================================================================
--- scripts/redmine-tools/update_technical_site.sh 2015-12-15 07:46:29 UTC (rev 133)
+++ scripts/redmine-tools/update_technical_site.sh 2015-12-15 07:47:13 UTC (rev 134)
@@ -10,7 +10,8 @@
# 2014-12-22 chemit(a)codelutin.com :
# - do nothing if main site directory is not found
# - espace version name (some extra spaces could be in it)
-#
+# 2015-01-12 chemit(a)codelutin.com
+# - chown to publish.www-data
FORGE=$1
PROJECT=$2
@@ -42,7 +43,7 @@
unlink $DOC_DIR/latest 2> /dev/null
(cd $DOC_DIR ; ln -s $LAST_VERSION_NAME latest)
-chown www-data. $DOC_DIR/latest
+chown publish.www-data $DOC_DIR/latest
SITE_DIR=/var/lib/doc/site/$FORGE/$PROJECT
@@ -89,6 +90,6 @@
#cat $INDEX_FILE2
cp -f $INDEX_FILE $INDEX_FILE"_backup"
mv -f $INDEX_FILE2 $INDEX_FILE
- chown www-data. $INDEX_FILE
+ chown publish.www-data $INDEX_FILE
fi
1
0
Author: tchemit
Date: 2015-12-15 08:46:29 +0100 (Tue, 15 Dec 2015)
New Revision: 133
Url: http://forge.codelutin.com/projects/adminsys/repository/revisions/133
Log:
Ajout du fichier robot utilis?\195?\169
Added:
scripts/redmine-tools/public-robots.txt
Added: scripts/redmine-tools/public-robots.txt
===================================================================
--- scripts/redmine-tools/public-robots.txt (rev 0)
+++ scripts/redmine-tools/public-robots.txt 2015-12-15 07:46:29 UTC (rev 133)
@@ -0,0 +1,12 @@
+User-agent: *
+Disallow: /projects/*/repository*
+Disallow: /svn
+Disallow: *.atom
+Disallow: *.csv
+Disallow: *.pdf
+Disallow: /projects/*/time_entries
+Disallow: /issues/*/time_entries
+Disallow: /time_entries
+
+User-agent: Yandex
+Disallow: *
1
0
Author: tchemit
Date: 2015-12-15 08:45:55 +0100 (Tue, 15 Dec 2015)
New Revision: 132
Url: http://forge.codelutin.com/projects/adminsys/repository/revisions/132
Log:
Mise ?\195?\160 jour des scripts utilis?\195?\169s lors de la cr?\195?\169ation d'un projet
Modified:
scripts/redmine-tools/project-list.rb
scripts/redmine-tools/project-scm.rb
scripts/redmine-tools/project-site.rb
scripts/redmine-tools/project-technical-site.rb
Modified: scripts/redmine-tools/project-list.rb
===================================================================
--- scripts/redmine-tools/project-list.rb 2015-12-15 07:44:54 UTC (rev 131)
+++ scripts/redmine-tools/project-list.rb 2015-12-15 07:45:55 UTC (rev 132)
@@ -41,9 +41,10 @@
print "run /opt/redmine-tools/project-list.rb #{ARGV}\n"
#tchemit - fix verbose deprecated warning about iconv (since it used in cron, don't want to header about it)
-oldverb = $VERBOSE; $VERBOSE = nil
-require 'iconv'
-$VERBOSE = oldverb
+# poussin 20150708 load iconv file faild (doesn't exist) try without it
+##oldverb = $VERBOSE; $VERBOSE = nil
+##require 'iconv'
+##$VERBOSE = oldverb
require 'getoptlong'
#require 'rdoc/usage'
@@ -115,6 +116,8 @@
#class Project < ActiveRecord::Base
self.headers["User-agent"] = "Redmine repository manager/#{Version}"
+ # /sys only return xml :(. remove /sys return json but parse must be change: see https://www.mail-archive.com/rubyonrails-talk@googlegroups.com/msg126406.ht…
+ self.format = :xml
end
log("querying Redmine for projects...", :level => 1);
@@ -197,4 +200,3 @@
end
end
-
Modified: scripts/redmine-tools/project-scm.rb
===================================================================
--- scripts/redmine-tools/project-scm.rb 2015-12-15 07:44:54 UTC (rev 131)
+++ scripts/redmine-tools/project-scm.rb 2015-12-15 07:45:55 UTC (rev 132)
@@ -35,13 +35,22 @@
# == References
#
# You can find more information on the redmine's wiki : http://www.redmine.org/wiki/redmine/HowTos
+#
+# == ChangeLog
+#
+# 20150708 poussin(a)codelutin.com
+# - comment unused require iconv
+# - remove /sys in URL to return json and not XML
+# - add ProjectCollection to parse correctly redmine json
+#
print "run /opt/redmine-tools/project-scm.rb #{ARGV}\n"
#tchemit - fix verbose deprecated warning about iconv (since it used in cron, don't want to header about it)
-oldverb = $VERBOSE; $VERBOSE = nil
-require 'iconv'
-$VERBOSE = oldverb
+# poussin 20150708 load iconv file faild (doesn't exist) try without it
+##oldverb = $VERBOSE; $VERBOSE = nil
+##require 'iconv'
+##$VERBOSE = oldverb
require 'getoptlong'
#require 'rdoc/usage'
@@ -110,21 +119,30 @@
log("This script requires activeresource.\nRun 'gem install activeresource' to install it.", :exit => true)
end
+$redmine_host.gsub!(/^/, "http://") unless $redmine_host.match("^https?://")
+$redmine_host.gsub!(/\/$/, '')
+
+class ProjectCollection < ActiveResource::Collection
+ def initialize(parsed = {})
+ @elements = parsed['projects']
+ end
+end
+
class Project < ActiveResource::Base
self.headers["User-agent"] = "Redmine repository manager/#{Version}"
+ self.site = "#{$redmine_host}/";
+ self.collection_parser = ProjectCollection;
end
log("querying Redmine for projects...", :level => 1);
-$redmine_host.gsub!(/^/, "http://") unless $redmine_host.match("^https?://")
-$redmine_host.gsub!(/\/$/, '')
-Project.site = "#{$redmine_host}/sys";
-
begin
# Get all active projects that have the Repository module enabled
projects = Project.find(:all, :params => {:key => $api_key})
rescue => e
+ log("uncaught #{e} exception while handling connection: #{e.message}", :level => 1);
+ log("Stack trace: #{e.backtrace}", :level => 1);
log("Unable to connect to #{Project.site}: #{e}", :exit => true)
end
Modified: scripts/redmine-tools/project-site.rb
===================================================================
--- scripts/redmine-tools/project-site.rb 2015-12-15 07:44:54 UTC (rev 131)
+++ scripts/redmine-tools/project-site.rb 2015-12-15 07:45:55 UTC (rev 132)
@@ -34,9 +34,10 @@
print "run /opt/redmine-tools/project-site.rb #{ARGV}\n"
#tchemit - fix verbose deprecated warning about iconv (since it used in cron, don't want to header about it)
-oldverb = $VERBOSE; $VERBOSE = nil
-require 'iconv'
-$VERBOSE = oldverb
+# poussin 20150708 load iconv file faild (doesn't exist) try without it
+##oldverb = $VERBOSE; $VERBOSE = nil
+##require 'iconv'
+##$VERBOSE = oldverb
require 'getoptlong'
#require 'rdoc/usage'
@@ -99,6 +100,8 @@
#class Project < ActiveRecord::Base
self.headers["User-agent"] = "Redmine repository manager/#{Version}"
+ # /sys only return xml :(. remove /sys return json but parse must be change: see https://www.mail-archive.com/rubyonrails-talk@googlegroups.com/msg126406.ht…
+ self.format = :xml
end
log("querying Redmine for projects...", :level => 1);
Modified: scripts/redmine-tools/project-technical-site.rb
===================================================================
--- scripts/redmine-tools/project-technical-site.rb 2015-12-15 07:44:54 UTC (rev 131)
+++ scripts/redmine-tools/project-technical-site.rb 2015-12-15 07:45:55 UTC (rev 132)
@@ -30,9 +30,10 @@
print "run /opt/redmine-tools/project-technical-site.rb #{ARGV}\n"
#tchemit - fix verbose deprecated warning about iconv (since it used in cron, don't want to header about it)
-oldverb = $VERBOSE; $VERBOSE = nil
-require 'iconv'
-$VERBOSE = oldverb
+# poussin 20150708 load iconv file faild (doesn't exist) try without it
+##oldverb = $VERBOSE; $VERBOSE = nil
+##require 'iconv'
+##$VERBOSE = oldverb
require 'getoptlong'
#require 'rdoc/usage'
@@ -95,6 +96,8 @@
#class Project < ActiveRecord::Base
self.headers["User-agent"] = "Redmine repository manager/#{Version}"
+ # /sys only return xml :(. remove /sys return json but parse must be change: see https://www.mail-archive.com/rubyonrails-talk@googlegroups.com/msg126406.ht…
+ self.format = :xml
end
log("querying Redmine for projects...", :level => 1);
1
0
Author: tchemit
Date: 2015-12-15 08:44:54 +0100 (Tue, 15 Dec 2015)
New Revision: 131
Url: http://forge.codelutin.com/projects/adminsys/repository/revisions/131
Log:
Mise ?\195?\160 jour du script de nettoyage des sessions redmine
Modified:
scripts/redmine-tools/cron-clean-readmine-session
Modified: scripts/redmine-tools/cron-clean-readmine-session
===================================================================
--- scripts/redmine-tools/cron-clean-readmine-session 2015-12-15 07:44:03 UTC (rev 130)
+++ scripts/redmine-tools/cron-clean-readmine-session 2015-12-15 07:44:54 UTC (rev 131)
@@ -8,5 +8,6 @@
find /tmp -type d -atime +10 -exec rmdir '{}' ';'
find /var/tmp -type d -atime +10 -exec rmdir '{}' ';'
-find /opt/redmine-nuiton/tmp/sessions/ ! -type d -ctime +2 -exec rm -f '{}' ';'
-find /opt/redmine-chorem/tmp/sessions/ ! -type d -ctime +2 -exec rm -f '{}' ';'
+[ -d /opt/redmine-nuiton.org/tmp/sessions ] && find /opt/redmine-nuiton.org/tmp/sessions/ ! -type d -ctime +2 -exec rm -f '{}' ';'
+[ -d /opt/redmine-chorem.org/tmp/sessions ] && find /opt/redmine-chorem.org/tmp/sessions/ ! -type d -ctime +2 -exec rm -f '{}' ';'
+[ -d /opt/redmine-codelutin.com/tmp/sessions ] && find /opt/redmine-codelutin.com/tmp/sessions/ ! -type d -ctime +2 -exec rm -f '{}' ';'
1
0
Author: tchemit
Date: 2015-12-15 08:44:03 +0100 (Tue, 15 Dec 2015)
New Revision: 130
Url: http://forge.codelutin.com/projects/adminsys/repository/revisions/130
Log:
Ajout des pm utilis?\195?\169 par redmine qui corrige l'authentification pour les d?\195?\169pot git intern (?\195?\160 supprimer ult?\195?\169rieurement si on utilise gitlab)
Added:
scripts/redmine-tools/Redmine-3.0-by-CL.pm
scripts/redmine-tools/Redmine-3.0.pm
scripts/redmine-tools/Redmine-by-tchemit.pm
Added: scripts/redmine-tools/Redmine-3.0-by-CL.pm
===================================================================
--- scripts/redmine-tools/Redmine-3.0-by-CL.pm (rev 0)
+++ scripts/redmine-tools/Redmine-3.0-by-CL.pm 2015-12-15 07:44:03 UTC (rev 130)
@@ -0,0 +1,561 @@
+package Apache::Authn::Redmine;
+
+=head1 Apache::Authn::Redmine
+
+Redmine - a mod_perl module to authenticate webdav subversion users
+against redmine database
+
+=head1 SYNOPSIS
+
+This module allow anonymous users to browse public project and
+registred users to browse and commit their project. Authentication is
+done against the redmine database or the LDAP configured in redmine.
+
+This method is far simpler than the one with pam_* and works with all
+database without an hassle but you need to have apache/mod_perl on the
+svn server.
+
+=head1 INSTALLATION
+
+For this to automagically work, you need to have a recent reposman.rb
+(after r860) and if you already use reposman, read the last section to
+migrate.
+
+Sorry ruby users but you need some perl modules, at least mod_perl2,
+DBI and DBD::mysql (or the DBD driver for you database as it should
+work on allmost all databases).
+
+On debian/ubuntu you must do :
+
+ aptitude install libapache-dbi-perl libapache2-mod-perl2 libdbd-mysql-perl
+
+If your Redmine users use LDAP authentication, you will also need
+Authen::Simple::LDAP (and IO::Socket::SSL if LDAPS is used):
+
+ aptitude install libauthen-simple-ldap-perl libio-socket-ssl-perl
+
+=head1 CONFIGURATION
+
+ ## This module has to be in your perl path
+ ## eg: /usr/lib/perl5/Apache/Authn/Redmine.pm
+ PerlLoadModule Apache::Authn::Redmine
+ <Location /svn>
+ DAV svn
+ SVNParentPath "/var/svn"
+
+ AuthType Basic
+ AuthName redmine
+ Require valid-user
+
+ PerlAccessHandler Apache::Authn::Redmine::access_handler
+ PerlAuthenHandler Apache::Authn::Redmine::authen_handler
+
+ ## for mysql
+ RedmineDSN "DBI:mysql:database=databasename;host=my.db.server"
+ ## for postgres
+ # RedmineDSN "DBI:Pg:dbname=databasename;host=my.db.server"
+
+ RedmineDbUser "redmine"
+ RedmineDbPass "password"
+ ## Optional where clause (fulltext search would be slow and
+ ## database dependant).
+ # RedmineDbWhereClause "and members.role_id IN (1,2)"
+ ## Optional credentials cache size
+ # RedmineCacheCredsMax 50
+ </Location>
+
+To be able to browse repository inside redmine, you must add something
+like that :
+
+ <Location /svn-private>
+ DAV svn
+ SVNParentPath "/var/svn"
+ Order deny,allow
+ Deny from all
+ # only allow reading orders
+ <Limit GET PROPFIND OPTIONS REPORT>
+ Allow from redmine.server.ip
+ </Limit>
+ </Location>
+
+and you will have to use this reposman.rb command line to create repository :
+
+ reposman.rb --redmine my.redmine.server --svn-dir /var/svn --owner www-data -u http://svn.server/svn-private/
+
+=head1 REPOSITORIES NAMING
+
+A projet repository must be named with the projet identifier. In case
+of multiple repositories for the same project, use the project identifier
+and the repository identifier separated with a dot:
+
+ /var/svn/foo
+ /var/svn/foo.otherrepo
+
+=head1 MIGRATION FROM OLDER RELEASES
+
+If you use an older reposman.rb (r860 or before), you need to change
+rights on repositories to allow the apache user to read and write
+S<them :>
+
+ sudo chown -R www-data /var/svn/*
+ sudo chmod -R u+w /var/svn/*
+
+And you need to upgrade at least reposman.rb (after r860).
+
+=head1 GIT SMART HTTP SUPPORT
+
+Git's smart HTTP protocol (available since Git 1.7.0) will not work with the
+above settings. Redmine.pm normally does access control depending on the HTTP
+method used: read-only methods are OK for everyone in public projects and
+members with read rights in private projects. The rest require membership with
+commit rights in the project.
+
+However, this scheme doesn't work for Git's smart HTTP protocol, as it will use
+POST even for a simple clone. Instead, read-only requests must be detected using
+the full URL (including the query string): anything that doesn't belong to the
+git-receive-pack service is read-only.
+
+To activate this mode of operation, add this line inside your <Location /git>
+block:
+
+ RedmineGitSmartHttp yes
+
+Here's a sample Apache configuration which integrates git-http-backend with
+a MySQL database and this new option:
+
+ SetEnv GIT_PROJECT_ROOT /var/www/git/
+ SetEnv GIT_HTTP_EXPORT_ALL
+ ScriptAlias /git/ /usr/libexec/git-core/git-http-backend/
+ <Location /git>
+ Order allow,deny
+ Allow from all
+
+ AuthType Basic
+ AuthName Git
+ Require valid-user
+
+ PerlAccessHandler Apache::Authn::Redmine::access_handler
+ PerlAuthenHandler Apache::Authn::Redmine::authen_handler
+ # for mysql
+ RedmineDSN "DBI:mysql:database=redmine;host=127.0.0.1"
+ RedmineDbUser "redmine"
+ RedmineDbPass "xxx"
+ RedmineGitSmartHttp yes
+ </Location>
+
+Make sure that all the names of the repositories under /var/www/git/ have a
+matching identifier for some project: /var/www/git/myproject and
+/var/www/git/myproject.git will work. You can put both bare and non-bare
+repositories in /var/www/git, though bare repositories are strongly
+recommended. You should create them with the rights of the user running Redmine,
+like this:
+
+ cd /var/www/git
+ sudo -u user-running-redmine mkdir myproject
+ cd myproject
+ sudo -u user-running-redmine git init --bare
+
+Once you have activated this option, you have three options when cloning a
+repository:
+
+- Cloning using "http://user@host/git/repo(.git)" works, but will ask for the password
+ all the time.
+
+- Cloning with "http://user:pass@host/git/repo(.git)" does not have this problem, but
+ this could reveal accidentally your password to the console in some versions
+ of Git, and you would have to ensure that .git/config is not readable except
+ by the owner for each of your projects.
+
+- Use "http://host/git/repo(.git)", and store your credentials in the ~/.netrc
+ file. This is the recommended solution, as you only have one file to protect
+ and passwords will not be leaked accidentally to the console.
+
+ IMPORTANT NOTE: It is *very important* that the file cannot be read by other
+ users, as it will contain your password in cleartext. To create the file, you
+ can use the following commands, replacing yourhost, youruser and yourpassword
+ with the right values:
+
+ touch ~/.netrc
+ chmod 600 ~/.netrc
+ echo -e "machine yourhost\nlogin youruser\npassword yourpassword" > ~/.netrc
+
+=cut
+
+use strict;
+use warnings FATAL => 'all', NONFATAL => 'redefine';
+
+use DBI;
+use Digest::SHA;
+# optional module for LDAP authentication
+my $CanUseLDAPAuth = eval("use Authen::Simple::LDAP; 1");
+
+use Apache2::Module;
+use Apache2::Access;
+use Apache2::ServerRec qw();
+use Apache2::RequestRec qw();
+use Apache2::RequestUtil qw();
+use Apache2::Const qw(:common :override :cmd_how);
+use APR::Pool ();
+use APR::Table ();
+
+# use Apache2::Directive qw();
+
+my @directives = (
+ {
+ name => 'RedmineDSN',
+ req_override => OR_AUTHCFG,
+ args_how => TAKE1,
+ errmsg => 'Dsn in format used by Perl DBI. eg: "DBI:Pg:dbname=databasename;host=my.db.server"',
+ },
+ {
+ name => 'RedmineDbUser',
+ req_override => OR_AUTHCFG,
+ args_how => TAKE1,
+ },
+ {
+ name => 'RedmineDbPass',
+ req_override => OR_AUTHCFG,
+ args_how => TAKE1,
+ },
+ {
+ name => 'RedmineDbWhereClause',
+ req_override => OR_AUTHCFG,
+ args_how => TAKE1,
+ },
+ {
+ name => 'RedmineCacheCredsMax',
+ req_override => OR_AUTHCFG,
+ args_how => TAKE1,
+ errmsg => 'RedmineCacheCredsMax must be decimal number',
+ },
+ {
+ name => 'RedmineGitSmartHttp',
+ req_override => OR_AUTHCFG,
+ args_how => TAKE1,
+ },
+);
+
+sub RedmineDSN {
+ my ($self, $parms, $arg) = @_;
+ $self->{RedmineDSN} = $arg;
+ my $query = "SELECT
+ users.hashed_password, users.salt, users.auth_source_id, roles.permissions, projects.status
+ FROM projects, users, roles
+ WHERE
+ users.login=?
+ AND projects.identifier=?
+ AND users.status=1
+ AND (
+ roles.id IN (SELECT member_roles.role_id FROM members, member_roles WHERE members.user_id = users.id AND members.project_id = projects.id AND members.id = member_roles.member_id)
+ OR
+ (cast(projects.is_public as CHAR) IN ('t', '1')
+ AND (roles.builtin=1
+ OR roles.id IN (SELECT member_roles.role_id FROM members, member_roles, users g
+ WHERE members.user_id = g.id AND members.project_id = projects.id AND members.id = member_roles.member_id
+ AND g.type = 'GroupNonMember'))
+ )
+ )
+ AND roles.permissions IS NOT NULL";
+ $self->{RedmineQuery} = trim($query);
+}
+
+sub RedmineDbUser { set_val('RedmineDbUser', @_); }
+sub RedmineDbPass { set_val('RedmineDbPass', @_); }
+sub RedmineDbWhereClause {
+ my ($self, $parms, $arg) = @_;
+ $self->{RedmineQuery} = trim($self->{RedmineQuery}.($arg ? $arg : "")." ");
+}
+
+sub RedmineCacheCredsMax {
+ my ($self, $parms, $arg) = @_;
+ if ($arg) {
+ $self->{RedmineCachePool} = APR::Pool->new;
+ $self->{RedmineCacheCreds} = APR::Table::make($self->{RedmineCachePool}, $arg);
+ $self->{RedmineCacheCredsCount} = 0;
+ $self->{RedmineCacheCredsMax} = $arg;
+ }
+}
+
+sub RedmineGitSmartHttp {
+ my ($self, $parms, $arg) = @_;
+ $arg = lc $arg;
+
+ if ($arg eq "yes" || $arg eq "true") {
+ $self->{RedmineGitSmartHttp} = 1;
+ } else {
+ $self->{RedmineGitSmartHttp} = 0;
+ }
+}
+
+sub trim {
+ my $string = shift;
+ $string =~ s/\s{2,}/ /g;
+ return $string;
+}
+
+sub set_val {
+ my ($key, $self, $parms, $arg) = @_;
+ $self->{$key} = $arg;
+}
+
+Apache2::Module::add(__PACKAGE__, \@directives);
+
+
+my %read_only_methods = map { $_ => 1 } qw/GET HEAD PROPFIND REPORT OPTIONS/;
+
+sub request_is_read_only {
+ my ($r) = @_;
+ my $cfg = Apache2::Module::get_config(__PACKAGE__, $r->server, $r->per_dir_config);
+
+ # Do we use Git's smart HTTP protocol, or not?
+ if (defined $cfg->{RedmineGitSmartHttp} and $cfg->{RedmineGitSmartHttp}) {
+ my $uri = $r->unparsed_uri;
+ my $location = $r->location;
+ my $is_read_only = $uri !~ m{^$location/*[^/]+/+(info/refs\?service=)?git\-receive\-pack$}o;
+ return $is_read_only;
+ } else {
+ # Standard behaviour: check the HTTP method
+ my $method = $r->method;
+ return defined $read_only_methods{$method};
+ }
+}
+
+sub access_handler {
+ my $r = shift;
+
+ unless ($r->some_auth_required) {
+ $r->log_reason("No authentication has been configured");
+ return FORBIDDEN;
+ }
+
+ return OK unless request_is_read_only($r);
+
+ my $project_id = get_project_identifier($r);
+
+ # CL 2015-07-06 (force un utilisateur pour que l'auth apache fonctionne avec: require valid-user)
+ if (is_public_project($project_id, $r) && anonymous_allowed_to_browse_repository($project_id, $r)) {
+ $r->set_handlers(PerlAuthenHandler => [\&OK]);
+ $r->user("anonymous") unless $r->user();
+ }
+ # END
+
+ return OK
+}
+
+sub authen_handler {
+ my $r = shift;
+
+ my ($res, $redmine_pass) = $r->get_basic_auth_pw();
+ return $res unless $res == OK;
+
+ if (is_member($r->user, $redmine_pass, $r)) {
+ return OK;
+ } else {
+ $r->note_auth_failure();
+ return DECLINED;
+ }
+}
+
+# check if authentication is forced
+sub is_authentication_forced {
+ my $r = shift;
+
+ my $dbh = connect_database($r);
+ my $sth = $dbh->prepare(
+ "SELECT value FROM settings where settings.name = 'login_required';"
+ );
+
+ $sth->execute();
+ my $ret = 0;
+ if (my @row = $sth->fetchrow_array) {
+ if ($row[0] eq "1" || $row[0] eq "t") {
+ $ret = 1;
+ }
+ }
+ $sth->finish();
+ undef $sth;
+
+ $dbh->disconnect();
+ undef $dbh;
+
+ $ret;
+}
+
+sub is_public_project {
+ my $project_id = shift;
+ my $r = shift;
+
+ if (is_authentication_forced($r)) {
+ return 0;
+ }
+
+ my $dbh = connect_database($r);
+ my $sth = $dbh->prepare(
+ "SELECT is_public FROM projects WHERE projects.identifier = ? AND projects.status <> 9;"
+ );
+
+ $sth->execute($project_id);
+ my $ret = 0;
+ if (my @row = $sth->fetchrow_array) {
+ if ($row[0] eq "1" || $row[0] eq "t") {
+ $ret = 1;
+ }
+ }
+ $sth->finish();
+ undef $sth;
+ $dbh->disconnect();
+ undef $dbh;
+
+ $ret;
+}
+
+sub anonymous_allowed_to_browse_repository {
+ my $project_id = shift;
+ my $r = shift;
+
+ my $dbh = connect_database($r);
+ my $sth = $dbh->prepare(
+ "SELECT permissions FROM roles WHERE permissions like '%browse_repository%'
+ AND (roles.builtin = 2
+ OR roles.id IN (SELECT member_roles.role_id FROM projects, members, member_roles, users
+ WHERE members.user_id = users.id AND members.project_id = projects.id AND members.id = member_roles.member_id
+ AND projects.identifier = ? AND users.type = 'GroupAnonymous'));"
+ );
+
+ $sth->execute($project_id);
+ my $ret = 0;
+ if (my @row = $sth->fetchrow_array) {
+ if ($row[0] =~ /:browse_repository/) {
+ $ret = 1;
+ }
+ }
+ $sth->finish();
+ undef $sth;
+ $dbh->disconnect();
+ undef $dbh;
+
+ $ret;
+}
+
+# perhaps we should use repository right (other read right) to check public access.
+# it could be faster BUT it doesn't work for the moment.
+# sub is_public_project_by_file {
+# my $project_id = shift;
+# my $r = shift;
+
+# my $tree = Apache2::Directive::conftree();
+# my $node = $tree->lookup('Location', $r->location);
+# my $hash = $node->as_hash;
+
+# my $svnparentpath = $hash->{SVNParentPath};
+# my $repos_path = $svnparentpath . "/" . $project_id;
+# return 1 if (stat($repos_path))[2] & 00007;
+# }
+
+sub is_member {
+ my $redmine_user = shift;
+ my $redmine_pass = shift;
+ my $r = shift;
+
+ my $dbh = connect_database($r);
+ my $project_id = get_project_identifier($r);
+
+ my $pass_digest = Digest::SHA::sha1_hex($redmine_pass);
+
+ my $access_mode = request_is_read_only($r) ? "R" : "W";
+
+ my $cfg = Apache2::Module::get_config(__PACKAGE__, $r->server, $r->per_dir_config);
+ my $usrprojpass;
+ if ($cfg->{RedmineCacheCredsMax}) {
+ $usrprojpass = $cfg->{RedmineCacheCreds}->get($redmine_user.":".$project_id.":".$access_mode);
+ return 1 if (defined $usrprojpass and ($usrprojpass eq $pass_digest));
+ }
+ my $query = $cfg->{RedmineQuery};
+ my $sth = $dbh->prepare($query);
+ $sth->execute($redmine_user, $project_id);
+
+ my $ret;
+ while (my ($hashed_password, $salt, $auth_source_id, $permissions, $project_status) = $sth->fetchrow_array) {
+ if ($project_status eq "9" || ($project_status ne "1" && $access_mode eq "W")) {
+ last;
+ }
+
+ unless ($auth_source_id) {
+ my $method = $r->method;
+ my $salted_password = Digest::SHA::sha1_hex($salt.$pass_digest);
+ if ($hashed_password eq $salted_password && (($access_mode eq "R" && $permissions =~ /:browse_repository/) || $permissions =~ /:commit_access/) ) {
+ $ret = 1;
+ last;
+ }
+ } elsif ($CanUseLDAPAuth) {
+ my $sthldap = $dbh->prepare(
+ "SELECT host,port,tls,account,account_password,base_dn,attr_login from auth_sources WHERE id = ?;"
+ );
+ $sthldap->execute($auth_source_id);
+ while (my @rowldap = $sthldap->fetchrow_array) {
+ my $bind_as = $rowldap[3] ? $rowldap[3] : "";
+ my $bind_pw = $rowldap[4] ? $rowldap[4] : "";
+ if ($bind_as =~ m/\$login/) {
+ # replace $login with $redmine_user and use $redmine_pass
+ $bind_as =~ s/\$login/$redmine_user/g;
+ $bind_pw = $redmine_pass
+ }
+ my $ldap = Authen::Simple::LDAP->new(
+ host => ($rowldap[2] eq "1" || $rowldap[2] eq "t") ? "ldaps://$rowldap[0]:$rowldap[1]" : $rowldap[0],
+ port => $rowldap[1],
+ basedn => $rowldap[5],
+ binddn => $bind_as,
+ bindpw => $bind_pw,
+ filter => "(".$rowldap[6]."=%s)"
+ );
+ my $method = $r->method;
+ $ret = 1 if ($ldap->authenticate($redmine_user, $redmine_pass) && (($access_mode eq "R" && $permissions =~ /:browse_repository/) || $permissions =~ /:commit_access/));
+
+ }
+ $sthldap->finish();
+ undef $sthldap;
+ }
+ }
+ $sth->finish();
+ undef $sth;
+ $dbh->disconnect();
+ undef $dbh;
+
+ if ($cfg->{RedmineCacheCredsMax} and $ret) {
+ if (defined $usrprojpass) {
+ $cfg->{RedmineCacheCreds}->set($redmine_user.":".$project_id.":".$access_mode, $pass_digest);
+ } else {
+ if ($cfg->{RedmineCacheCredsCount} < $cfg->{RedmineCacheCredsMax}) {
+ $cfg->{RedmineCacheCreds}->set($redmine_user.":".$project_id.":".$access_mode, $pass_digest);
+ $cfg->{RedmineCacheCredsCount}++;
+ } else {
+ $cfg->{RedmineCacheCreds}->clear();
+ $cfg->{RedmineCacheCredsCount} = 0;
+ }
+ }
+ }
+
+ $ret;
+}
+
+sub get_project_identifier {
+ my $r = shift;
+
+ my $cfg = Apache2::Module::get_config(__PACKAGE__, $r->server, $r->per_dir_config);
+ my $location = $r->location;
+ $location =~ s/\.git$// if (defined $cfg->{RedmineGitSmartHttp} and $cfg->{RedmineGitSmartHttp});
+# CL 2014-10-06 (ajout du _ pour pouvoir utiliser des depots multiples mapod_test par exemple)
+# my ($identifier) = $r->uri =~ m{$location/*([^/.]+)};
+ my ($identifier) = $r->uri =~ m{$location/*([^/._]+)};
+# CL END
+ $identifier;
+}
+
+sub connect_database {
+ my $r = shift;
+
+ my $cfg = Apache2::Module::get_config(__PACKAGE__, $r->server, $r->per_dir_config);
+ return DBI->connect($cfg->{RedmineDSN}, $cfg->{RedmineDbUser}, $cfg->{RedmineDbPass});
+}
+
+1;
Added: scripts/redmine-tools/Redmine-3.0.pm
===================================================================
--- scripts/redmine-tools/Redmine-3.0.pm (rev 0)
+++ scripts/redmine-tools/Redmine-3.0.pm 2015-12-15 07:44:03 UTC (rev 130)
@@ -0,0 +1,554 @@
+package Apache::Authn::Redmine;
+
+=head1 Apache::Authn::Redmine
+
+Redmine - a mod_perl module to authenticate webdav subversion users
+against redmine database
+
+=head1 SYNOPSIS
+
+This module allow anonymous users to browse public project and
+registred users to browse and commit their project. Authentication is
+done against the redmine database or the LDAP configured in redmine.
+
+This method is far simpler than the one with pam_* and works with all
+database without an hassle but you need to have apache/mod_perl on the
+svn server.
+
+=head1 INSTALLATION
+
+For this to automagically work, you need to have a recent reposman.rb
+(after r860) and if you already use reposman, read the last section to
+migrate.
+
+Sorry ruby users but you need some perl modules, at least mod_perl2,
+DBI and DBD::mysql (or the DBD driver for you database as it should
+work on allmost all databases).
+
+On debian/ubuntu you must do :
+
+ aptitude install libapache-dbi-perl libapache2-mod-perl2 libdbd-mysql-perl
+
+If your Redmine users use LDAP authentication, you will also need
+Authen::Simple::LDAP (and IO::Socket::SSL if LDAPS is used):
+
+ aptitude install libauthen-simple-ldap-perl libio-socket-ssl-perl
+
+=head1 CONFIGURATION
+
+ ## This module has to be in your perl path
+ ## eg: /usr/lib/perl5/Apache/Authn/Redmine.pm
+ PerlLoadModule Apache::Authn::Redmine
+ <Location /svn>
+ DAV svn
+ SVNParentPath "/var/svn"
+
+ AuthType Basic
+ AuthName redmine
+ Require valid-user
+
+ PerlAccessHandler Apache::Authn::Redmine::access_handler
+ PerlAuthenHandler Apache::Authn::Redmine::authen_handler
+
+ ## for mysql
+ RedmineDSN "DBI:mysql:database=databasename;host=my.db.server"
+ ## for postgres
+ # RedmineDSN "DBI:Pg:dbname=databasename;host=my.db.server"
+
+ RedmineDbUser "redmine"
+ RedmineDbPass "password"
+ ## Optional where clause (fulltext search would be slow and
+ ## database dependant).
+ # RedmineDbWhereClause "and members.role_id IN (1,2)"
+ ## Optional credentials cache size
+ # RedmineCacheCredsMax 50
+ </Location>
+
+To be able to browse repository inside redmine, you must add something
+like that :
+
+ <Location /svn-private>
+ DAV svn
+ SVNParentPath "/var/svn"
+ Order deny,allow
+ Deny from all
+ # only allow reading orders
+ <Limit GET PROPFIND OPTIONS REPORT>
+ Allow from redmine.server.ip
+ </Limit>
+ </Location>
+
+and you will have to use this reposman.rb command line to create repository :
+
+ reposman.rb --redmine my.redmine.server --svn-dir /var/svn --owner www-data -u http://svn.server/svn-private/
+
+=head1 REPOSITORIES NAMING
+
+A projet repository must be named with the projet identifier. In case
+of multiple repositories for the same project, use the project identifier
+and the repository identifier separated with a dot:
+
+ /var/svn/foo
+ /var/svn/foo.otherrepo
+
+=head1 MIGRATION FROM OLDER RELEASES
+
+If you use an older reposman.rb (r860 or before), you need to change
+rights on repositories to allow the apache user to read and write
+S<them :>
+
+ sudo chown -R www-data /var/svn/*
+ sudo chmod -R u+w /var/svn/*
+
+And you need to upgrade at least reposman.rb (after r860).
+
+=head1 GIT SMART HTTP SUPPORT
+
+Git's smart HTTP protocol (available since Git 1.7.0) will not work with the
+above settings. Redmine.pm normally does access control depending on the HTTP
+method used: read-only methods are OK for everyone in public projects and
+members with read rights in private projects. The rest require membership with
+commit rights in the project.
+
+However, this scheme doesn't work for Git's smart HTTP protocol, as it will use
+POST even for a simple clone. Instead, read-only requests must be detected using
+the full URL (including the query string): anything that doesn't belong to the
+git-receive-pack service is read-only.
+
+To activate this mode of operation, add this line inside your <Location /git>
+block:
+
+ RedmineGitSmartHttp yes
+
+Here's a sample Apache configuration which integrates git-http-backend with
+a MySQL database and this new option:
+
+ SetEnv GIT_PROJECT_ROOT /var/www/git/
+ SetEnv GIT_HTTP_EXPORT_ALL
+ ScriptAlias /git/ /usr/libexec/git-core/git-http-backend/
+ <Location /git>
+ Order allow,deny
+ Allow from all
+
+ AuthType Basic
+ AuthName Git
+ Require valid-user
+
+ PerlAccessHandler Apache::Authn::Redmine::access_handler
+ PerlAuthenHandler Apache::Authn::Redmine::authen_handler
+ # for mysql
+ RedmineDSN "DBI:mysql:database=redmine;host=127.0.0.1"
+ RedmineDbUser "redmine"
+ RedmineDbPass "xxx"
+ RedmineGitSmartHttp yes
+ </Location>
+
+Make sure that all the names of the repositories under /var/www/git/ have a
+matching identifier for some project: /var/www/git/myproject and
+/var/www/git/myproject.git will work. You can put both bare and non-bare
+repositories in /var/www/git, though bare repositories are strongly
+recommended. You should create them with the rights of the user running Redmine,
+like this:
+
+ cd /var/www/git
+ sudo -u user-running-redmine mkdir myproject
+ cd myproject
+ sudo -u user-running-redmine git init --bare
+
+Once you have activated this option, you have three options when cloning a
+repository:
+
+- Cloning using "http://user@host/git/repo(.git)" works, but will ask for the password
+ all the time.
+
+- Cloning with "http://user:pass@host/git/repo(.git)" does not have this problem, but
+ this could reveal accidentally your password to the console in some versions
+ of Git, and you would have to ensure that .git/config is not readable except
+ by the owner for each of your projects.
+
+- Use "http://host/git/repo(.git)", and store your credentials in the ~/.netrc
+ file. This is the recommended solution, as you only have one file to protect
+ and passwords will not be leaked accidentally to the console.
+
+ IMPORTANT NOTE: It is *very important* that the file cannot be read by other
+ users, as it will contain your password in cleartext. To create the file, you
+ can use the following commands, replacing yourhost, youruser and yourpassword
+ with the right values:
+
+ touch ~/.netrc
+ chmod 600 ~/.netrc
+ echo -e "machine yourhost\nlogin youruser\npassword yourpassword" > ~/.netrc
+
+=cut
+
+use strict;
+use warnings FATAL => 'all', NONFATAL => 'redefine';
+
+use DBI;
+use Digest::SHA;
+# optional module for LDAP authentication
+my $CanUseLDAPAuth = eval("use Authen::Simple::LDAP; 1");
+
+use Apache2::Module;
+use Apache2::Access;
+use Apache2::ServerRec qw();
+use Apache2::RequestRec qw();
+use Apache2::RequestUtil qw();
+use Apache2::Const qw(:common :override :cmd_how);
+use APR::Pool ();
+use APR::Table ();
+
+# use Apache2::Directive qw();
+
+my @directives = (
+ {
+ name => 'RedmineDSN',
+ req_override => OR_AUTHCFG,
+ args_how => TAKE1,
+ errmsg => 'Dsn in format used by Perl DBI. eg: "DBI:Pg:dbname=databasename;host=my.db.server"',
+ },
+ {
+ name => 'RedmineDbUser',
+ req_override => OR_AUTHCFG,
+ args_how => TAKE1,
+ },
+ {
+ name => 'RedmineDbPass',
+ req_override => OR_AUTHCFG,
+ args_how => TAKE1,
+ },
+ {
+ name => 'RedmineDbWhereClause',
+ req_override => OR_AUTHCFG,
+ args_how => TAKE1,
+ },
+ {
+ name => 'RedmineCacheCredsMax',
+ req_override => OR_AUTHCFG,
+ args_how => TAKE1,
+ errmsg => 'RedmineCacheCredsMax must be decimal number',
+ },
+ {
+ name => 'RedmineGitSmartHttp',
+ req_override => OR_AUTHCFG,
+ args_how => TAKE1,
+ },
+);
+
+sub RedmineDSN {
+ my ($self, $parms, $arg) = @_;
+ $self->{RedmineDSN} = $arg;
+ my $query = "SELECT
+ users.hashed_password, users.salt, users.auth_source_id, roles.permissions, projects.status
+ FROM projects, users, roles
+ WHERE
+ users.login=?
+ AND projects.identifier=?
+ AND users.status=1
+ AND (
+ roles.id IN (SELECT member_roles.role_id FROM members, member_roles WHERE members.user_id = users.id AND members.project_id = projects.id AND members.id = member_roles.member_id)
+ OR
+ (cast(projects.is_public as CHAR) IN ('t', '1')
+ AND (roles.builtin=1
+ OR roles.id IN (SELECT member_roles.role_id FROM members, member_roles, users g
+ WHERE members.user_id = g.id AND members.project_id = projects.id AND members.id = member_roles.member_id
+ AND g.type = 'GroupNonMember'))
+ )
+ )
+ AND roles.permissions IS NOT NULL";
+ $self->{RedmineQuery} = trim($query);
+}
+
+sub RedmineDbUser { set_val('RedmineDbUser', @_); }
+sub RedmineDbPass { set_val('RedmineDbPass', @_); }
+sub RedmineDbWhereClause {
+ my ($self, $parms, $arg) = @_;
+ $self->{RedmineQuery} = trim($self->{RedmineQuery}.($arg ? $arg : "")." ");
+}
+
+sub RedmineCacheCredsMax {
+ my ($self, $parms, $arg) = @_;
+ if ($arg) {
+ $self->{RedmineCachePool} = APR::Pool->new;
+ $self->{RedmineCacheCreds} = APR::Table::make($self->{RedmineCachePool}, $arg);
+ $self->{RedmineCacheCredsCount} = 0;
+ $self->{RedmineCacheCredsMax} = $arg;
+ }
+}
+
+sub RedmineGitSmartHttp {
+ my ($self, $parms, $arg) = @_;
+ $arg = lc $arg;
+
+ if ($arg eq "yes" || $arg eq "true") {
+ $self->{RedmineGitSmartHttp} = 1;
+ } else {
+ $self->{RedmineGitSmartHttp} = 0;
+ }
+}
+
+sub trim {
+ my $string = shift;
+ $string =~ s/\s{2,}/ /g;
+ return $string;
+}
+
+sub set_val {
+ my ($key, $self, $parms, $arg) = @_;
+ $self->{$key} = $arg;
+}
+
+Apache2::Module::add(__PACKAGE__, \@directives);
+
+
+my %read_only_methods = map { $_ => 1 } qw/GET HEAD PROPFIND REPORT OPTIONS/;
+
+sub request_is_read_only {
+ my ($r) = @_;
+ my $cfg = Apache2::Module::get_config(__PACKAGE__, $r->server, $r->per_dir_config);
+
+ # Do we use Git's smart HTTP protocol, or not?
+ if (defined $cfg->{RedmineGitSmartHttp} and $cfg->{RedmineGitSmartHttp}) {
+ my $uri = $r->unparsed_uri;
+ my $location = $r->location;
+ my $is_read_only = $uri !~ m{^$location/*[^/]+/+(info/refs\?service=)?git\-receive\-pack$}o;
+ return $is_read_only;
+ } else {
+ # Standard behaviour: check the HTTP method
+ my $method = $r->method;
+ return defined $read_only_methods{$method};
+ }
+}
+
+sub access_handler {
+ my $r = shift;
+
+ unless ($r->some_auth_required) {
+ $r->log_reason("No authentication has been configured");
+ return FORBIDDEN;
+ }
+
+ return OK unless request_is_read_only($r);
+
+ my $project_id = get_project_identifier($r);
+
+ $r->set_handlers(PerlAuthenHandler => [\&OK])
+ if is_public_project($project_id, $r) && anonymous_allowed_to_browse_repository($project_id, $r);
+
+ return OK
+}
+
+sub authen_handler {
+ my $r = shift;
+
+ my ($res, $redmine_pass) = $r->get_basic_auth_pw();
+ return $res unless $res == OK;
+
+ if (is_member($r->user, $redmine_pass, $r)) {
+ return OK;
+ } else {
+ $r->note_auth_failure();
+ return DECLINED;
+ }
+}
+
+# check if authentication is forced
+sub is_authentication_forced {
+ my $r = shift;
+
+ my $dbh = connect_database($r);
+ my $sth = $dbh->prepare(
+ "SELECT value FROM settings where settings.name = 'login_required';"
+ );
+
+ $sth->execute();
+ my $ret = 0;
+ if (my @row = $sth->fetchrow_array) {
+ if ($row[0] eq "1" || $row[0] eq "t") {
+ $ret = 1;
+ }
+ }
+ $sth->finish();
+ undef $sth;
+
+ $dbh->disconnect();
+ undef $dbh;
+
+ $ret;
+}
+
+sub is_public_project {
+ my $project_id = shift;
+ my $r = shift;
+
+ if (is_authentication_forced($r)) {
+ return 0;
+ }
+
+ my $dbh = connect_database($r);
+ my $sth = $dbh->prepare(
+ "SELECT is_public FROM projects WHERE projects.identifier = ? AND projects.status <> 9;"
+ );
+
+ $sth->execute($project_id);
+ my $ret = 0;
+ if (my @row = $sth->fetchrow_array) {
+ if ($row[0] eq "1" || $row[0] eq "t") {
+ $ret = 1;
+ }
+ }
+ $sth->finish();
+ undef $sth;
+ $dbh->disconnect();
+ undef $dbh;
+
+ $ret;
+}
+
+sub anonymous_allowed_to_browse_repository {
+ my $project_id = shift;
+ my $r = shift;
+
+ my $dbh = connect_database($r);
+ my $sth = $dbh->prepare(
+ "SELECT permissions FROM roles WHERE permissions like '%browse_repository%'
+ AND (roles.builtin = 2
+ OR roles.id IN (SELECT member_roles.role_id FROM projects, members, member_roles, users
+ WHERE members.user_id = users.id AND members.project_id = projects.id AND members.id = member_roles.member_id
+ AND projects.identifier = ? AND users.type = 'GroupAnonymous'));"
+ );
+
+ $sth->execute($project_id);
+ my $ret = 0;
+ if (my @row = $sth->fetchrow_array) {
+ if ($row[0] =~ /:browse_repository/) {
+ $ret = 1;
+ }
+ }
+ $sth->finish();
+ undef $sth;
+ $dbh->disconnect();
+ undef $dbh;
+
+ $ret;
+}
+
+# perhaps we should use repository right (other read right) to check public access.
+# it could be faster BUT it doesn't work for the moment.
+# sub is_public_project_by_file {
+# my $project_id = shift;
+# my $r = shift;
+
+# my $tree = Apache2::Directive::conftree();
+# my $node = $tree->lookup('Location', $r->location);
+# my $hash = $node->as_hash;
+
+# my $svnparentpath = $hash->{SVNParentPath};
+# my $repos_path = $svnparentpath . "/" . $project_id;
+# return 1 if (stat($repos_path))[2] & 00007;
+# }
+
+sub is_member {
+ my $redmine_user = shift;
+ my $redmine_pass = shift;
+ my $r = shift;
+
+ my $dbh = connect_database($r);
+ my $project_id = get_project_identifier($r);
+
+ my $pass_digest = Digest::SHA::sha1_hex($redmine_pass);
+
+ my $access_mode = request_is_read_only($r) ? "R" : "W";
+
+ my $cfg = Apache2::Module::get_config(__PACKAGE__, $r->server, $r->per_dir_config);
+ my $usrprojpass;
+ if ($cfg->{RedmineCacheCredsMax}) {
+ $usrprojpass = $cfg->{RedmineCacheCreds}->get($redmine_user.":".$project_id.":".$access_mode);
+ return 1 if (defined $usrprojpass and ($usrprojpass eq $pass_digest));
+ }
+ my $query = $cfg->{RedmineQuery};
+ my $sth = $dbh->prepare($query);
+ $sth->execute($redmine_user, $project_id);
+
+ my $ret;
+ while (my ($hashed_password, $salt, $auth_source_id, $permissions, $project_status) = $sth->fetchrow_array) {
+ if ($project_status eq "9" || ($project_status ne "1" && $access_mode eq "W")) {
+ last;
+ }
+
+ unless ($auth_source_id) {
+ my $method = $r->method;
+ my $salted_password = Digest::SHA::sha1_hex($salt.$pass_digest);
+ if ($hashed_password eq $salted_password && (($access_mode eq "R" && $permissions =~ /:browse_repository/) || $permissions =~ /:commit_access/) ) {
+ $ret = 1;
+ last;
+ }
+ } elsif ($CanUseLDAPAuth) {
+ my $sthldap = $dbh->prepare(
+ "SELECT host,port,tls,account,account_password,base_dn,attr_login from auth_sources WHERE id = ?;"
+ );
+ $sthldap->execute($auth_source_id);
+ while (my @rowldap = $sthldap->fetchrow_array) {
+ my $bind_as = $rowldap[3] ? $rowldap[3] : "";
+ my $bind_pw = $rowldap[4] ? $rowldap[4] : "";
+ if ($bind_as =~ m/\$login/) {
+ # replace $login with $redmine_user and use $redmine_pass
+ $bind_as =~ s/\$login/$redmine_user/g;
+ $bind_pw = $redmine_pass
+ }
+ my $ldap = Authen::Simple::LDAP->new(
+ host => ($rowldap[2] eq "1" || $rowldap[2] eq "t") ? "ldaps://$rowldap[0]:$rowldap[1]" : $rowldap[0],
+ port => $rowldap[1],
+ basedn => $rowldap[5],
+ binddn => $bind_as,
+ bindpw => $bind_pw,
+ filter => "(".$rowldap[6]."=%s)"
+ );
+ my $method = $r->method;
+ $ret = 1 if ($ldap->authenticate($redmine_user, $redmine_pass) && (($access_mode eq "R" && $permissions =~ /:browse_repository/) || $permissions =~ /:commit_access/));
+
+ }
+ $sthldap->finish();
+ undef $sthldap;
+ }
+ }
+ $sth->finish();
+ undef $sth;
+ $dbh->disconnect();
+ undef $dbh;
+
+ if ($cfg->{RedmineCacheCredsMax} and $ret) {
+ if (defined $usrprojpass) {
+ $cfg->{RedmineCacheCreds}->set($redmine_user.":".$project_id.":".$access_mode, $pass_digest);
+ } else {
+ if ($cfg->{RedmineCacheCredsCount} < $cfg->{RedmineCacheCredsMax}) {
+ $cfg->{RedmineCacheCreds}->set($redmine_user.":".$project_id.":".$access_mode, $pass_digest);
+ $cfg->{RedmineCacheCredsCount}++;
+ } else {
+ $cfg->{RedmineCacheCreds}->clear();
+ $cfg->{RedmineCacheCredsCount} = 0;
+ }
+ }
+ }
+
+ $ret;
+}
+
+sub get_project_identifier {
+ my $r = shift;
+
+ my $cfg = Apache2::Module::get_config(__PACKAGE__, $r->server, $r->per_dir_config);
+ my $location = $r->location;
+ $location =~ s/\.git$// if (defined $cfg->{RedmineGitSmartHttp} and $cfg->{RedmineGitSmartHttp});
+ my ($identifier) = $r->uri =~ m{$location/*([^/.]+)};
+ $identifier;
+}
+
+sub connect_database {
+ my $r = shift;
+
+ my $cfg = Apache2::Module::get_config(__PACKAGE__, $r->server, $r->per_dir_config);
+ return DBI->connect($cfg->{RedmineDSN}, $cfg->{RedmineDbUser}, $cfg->{RedmineDbPass});
+}
+
+1;
Added: scripts/redmine-tools/Redmine-by-tchemit.pm
===================================================================
--- scripts/redmine-tools/Redmine-by-tchemit.pm (rev 0)
+++ scripts/redmine-tools/Redmine-by-tchemit.pm 2015-12-15 07:44:03 UTC (rev 130)
@@ -0,0 +1,547 @@
+package Apache::Authn::Redmine;
+
+=head1 Apache::Authn::Redmine
+
+Redmine - a mod_perl module to authenticate webdav subversion users
+against redmine database
+
+=head1 SYNOPSIS
+
+This module allow anonymous users to browse public project and
+registred users to browse and commit their project. Authentication is
+done against the redmine database or the LDAP configured in redmine.
+
+This method is far simpler than the one with pam_* and works with all
+database without an hassle but you need to have apache/mod_perl on the
+svn server.
+
+=head1 INSTALLATION
+
+For this to automagically work, you need to have a recent reposman.rb
+(after r860) and if you already use reposman, read the last section to
+migrate.
+
+Sorry ruby users but you need some perl modules, at least mod_perl2,
+DBI and DBD::mysql (or the DBD driver for you database as it should
+work on allmost all databases).
+
+On debian/ubuntu you must do :
+
+ aptitude install libapache-dbi-perl libapache2-mod-perl2 libdbd-mysql-perl
+
+If your Redmine users use LDAP authentication, you will also need
+Authen::Simple::LDAP (and IO::Socket::SSL if LDAPS is used):
+
+ aptitude install libauthen-simple-ldap-perl libio-socket-ssl-perl
+
+=head1 CONFIGURATION
+
+ ## This module has to be in your perl path
+ ## eg: /usr/lib/perl5/Apache/Authn/Redmine.pm
+ PerlLoadModule Apache::Authn::Redmine
+ <Location /svn>
+ DAV svn
+ SVNParentPath "/var/svn"
+
+ AuthType Basic
+ AuthName redmine
+ Require valid-user
+
+ PerlAccessHandler Apache::Authn::Redmine::access_handler
+ PerlAuthenHandler Apache::Authn::Redmine::authen_handler
+
+ ## for mysql
+ RedmineDSN "DBI:mysql:database=databasename;host=my.db.server"
+ ## for postgres
+ # RedmineDSN "DBI:Pg:dbname=databasename;host=my.db.server"
+
+ RedmineDbUser "redmine"
+ RedmineDbPass "password"
+ ## Optional where clause (fulltext search would be slow and
+ ## database dependant).
+ # RedmineDbWhereClause "and members.role_id IN (1,2)"
+ ## Optional credentials cache size
+ # RedmineCacheCredsMax 50
+ </Location>
+
+To be able to browse repository inside redmine, you must add something
+like that :
+
+ <Location /svn-private>
+ DAV svn
+ SVNParentPath "/var/svn"
+ Order deny,allow
+ Deny from all
+ # only allow reading orders
+ <Limit GET PROPFIND OPTIONS REPORT>
+ Allow from redmine.server.ip
+ </Limit>
+ </Location>
+
+and you will have to use this reposman.rb command line to create repository :
+
+ reposman.rb --redmine my.redmine.server --svn-dir /var/svn --owner www-data -u http://svn.server/svn-private/
+
+=head1 REPOSITORIES NAMING
+
+A projet repository must be named with the projet identifier. In case
+of multiple repositories for the same project, use the project identifier
+and the repository identifier separated with a dot:
+
+ /var/svn/foo
+ /var/svn/foo.otherrepo
+
+=head1 MIGRATION FROM OLDER RELEASES
+
+If you use an older reposman.rb (r860 or before), you need to change
+rights on repositories to allow the apache user to read and write
+S<them :>
+
+ sudo chown -R www-data /var/svn/*
+ sudo chmod -R u+w /var/svn/*
+
+And you need to upgrade at least reposman.rb (after r860).
+
+=head1 GIT SMART HTTP SUPPORT
+
+Git's smart HTTP protocol (available since Git 1.7.0) will not work with the
+above settings. Redmine.pm normally does access control depending on the HTTP
+method used: read-only methods are OK for everyone in public projects and
+members with read rights in private projects. The rest require membership with
+commit rights in the project.
+
+However, this scheme doesn't work for Git's smart HTTP protocol, as it will use
+POST even for a simple clone. Instead, read-only requests must be detected using
+the full URL (including the query string): anything that doesn't belong to the
+git-receive-pack service is read-only.
+
+To activate this mode of operation, add this line inside your <Location /git>
+block:
+
+ RedmineGitSmartHttp yes
+
+Here's a sample Apache configuration which integrates git-http-backend with
+a MySQL database and this new option:
+
+ SetEnv GIT_PROJECT_ROOT /var/www/git/
+ SetEnv GIT_HTTP_EXPORT_ALL
+ ScriptAlias /git/ /usr/libexec/git-core/git-http-backend/
+ <Location /git>
+ Order allow,deny
+ Allow from all
+
+ AuthType Basic
+ AuthName Git
+ Require valid-user
+
+ PerlAccessHandler Apache::Authn::Redmine::access_handler
+ PerlAuthenHandler Apache::Authn::Redmine::authen_handler
+ # for mysql
+ RedmineDSN "DBI:mysql:database=redmine;host=127.0.0.1"
+ RedmineDbUser "redmine"
+ RedmineDbPass "xxx"
+ RedmineGitSmartHttp yes
+ </Location>
+
+Make sure that all the names of the repositories under /var/www/git/ have a
+matching identifier for some project: /var/www/git/myproject and
+/var/www/git/myproject.git will work. You can put both bare and non-bare
+repositories in /var/www/git, though bare repositories are strongly
+recommended. You should create them with the rights of the user running Redmine,
+like this:
+
+ cd /var/www/git
+ sudo -u user-running-redmine mkdir myproject
+ cd myproject
+ sudo -u user-running-redmine git init --bare
+
+Once you have activated this option, you have three options when cloning a
+repository:
+
+- Cloning using "http://user@host/git/repo(.git)" works, but will ask for the password
+ all the time.
+
+- Cloning with "http://user:pass@host/git/repo(.git)" does not have this problem, but
+ this could reveal accidentally your password to the console in some versions
+ of Git, and you would have to ensure that .git/config is not readable except
+ by the owner for each of your projects.
+
+- Use "http://host/git/repo(.git)", and store your credentials in the ~/.netrc
+ file. This is the recommended solution, as you only have one file to protect
+ and passwords will not be leaked accidentally to the console.
+
+ IMPORTANT NOTE: It is *very important* that the file cannot be read by other
+ users, as it will contain your password in cleartext. To create the file, you
+ can use the following commands, replacing yourhost, youruser and yourpassword
+ with the right values:
+
+ touch ~/.netrc
+ chmod 600 ~/.netrc
+ echo -e "machine yourhost\nlogin youruser\npassword yourpassword" > ~/.netrc
+
+=cut
+
+use strict;
+use warnings FATAL => 'all', NONFATAL => 'redefine';
+
+use DBI;
+use Digest::SHA;
+# optional module for LDAP authentication
+my $CanUseLDAPAuth = eval("use Authen::Simple::LDAP; 1");
+
+use Apache2::Module;
+use Apache2::Access;
+use Apache2::ServerRec qw();
+use Apache2::RequestRec qw();
+use Apache2::RequestUtil qw();
+use Apache2::Const qw(:common :override :cmd_how);
+use APR::Pool ();
+use APR::Table ();
+
+# use Apache2::Directive qw();
+
+my @directives = (
+ {
+ name => 'RedmineDSN',
+ req_override => OR_AUTHCFG,
+ args_how => TAKE1,
+ errmsg => 'Dsn in format used by Perl DBI. eg: "DBI:Pg:dbname=databasename;host=my.db.server"',
+ },
+ {
+ name => 'RedmineDbUser',
+ req_override => OR_AUTHCFG,
+ args_how => TAKE1,
+ },
+ {
+ name => 'RedmineDbPass',
+ req_override => OR_AUTHCFG,
+ args_how => TAKE1,
+ },
+ {
+ name => 'RedmineDbWhereClause',
+ req_override => OR_AUTHCFG,
+ args_how => TAKE1,
+ },
+ {
+ name => 'RedmineCacheCredsMax',
+ req_override => OR_AUTHCFG,
+ args_how => TAKE1,
+ errmsg => 'RedmineCacheCredsMax must be decimal number',
+ },
+ {
+ name => 'RedmineGitSmartHttp',
+ req_override => OR_AUTHCFG,
+ args_how => TAKE1,
+ },
+);
+
+sub RedmineDSN {
+ my ($self, $parms, $arg) = @_;
+ $self->{RedmineDSN} = $arg;
+ my $query = "SELECT
+ users.hashed_password, users.salt, users.auth_source_id, roles.permissions, projects.status
+ FROM projects, users, roles
+ WHERE
+ users.login=?
+ AND projects.identifier=?
+ AND users.status=1
+ AND (
+ roles.id IN (SELECT member_roles.role_id FROM members, member_roles WHERE members.user_id = users.id AND members.project_id = projects.id AND members.id = member_roles.member_id)
+ OR
+ (roles.builtin=1 AND cast(projects.is_public as CHAR) IN ('t', '1'))
+ )
+ AND roles.permissions IS NOT NULL";
+ $self->{RedmineQuery} = trim($query);
+}
+
+sub RedmineDbUser { set_val('RedmineDbUser', @_); }
+sub RedmineDbPass { set_val('RedmineDbPass', @_); }
+sub RedmineDbWhereClause {
+ my ($self, $parms, $arg) = @_;
+ $self->{RedmineQuery} = trim($self->{RedmineQuery}.($arg ? $arg : "")." ");
+}
+
+sub RedmineCacheCredsMax {
+ my ($self, $parms, $arg) = @_;
+ if ($arg) {
+ $self->{RedmineCachePool} = APR::Pool->new;
+ $self->{RedmineCacheCreds} = APR::Table::make($self->{RedmineCachePool}, $arg);
+ $self->{RedmineCacheCredsCount} = 0;
+ $self->{RedmineCacheCredsMax} = $arg;
+ }
+}
+
+sub RedmineGitSmartHttp {
+ my ($self, $parms, $arg) = @_;
+ $arg = lc $arg;
+
+ if ($arg eq "yes" || $arg eq "true") {
+ $self->{RedmineGitSmartHttp} = 1;
+ } else {
+ $self->{RedmineGitSmartHttp} = 0;
+ }
+}
+
+sub trim {
+ my $string = shift;
+ $string =~ s/\s{2,}/ /g;
+ return $string;
+}
+
+sub set_val {
+ my ($key, $self, $parms, $arg) = @_;
+ $self->{$key} = $arg;
+}
+
+Apache2::Module::add(__PACKAGE__, \@directives);
+
+
+my %read_only_methods = map { $_ => 1 } qw/GET HEAD PROPFIND REPORT OPTIONS/;
+
+sub request_is_read_only {
+ my ($r) = @_;
+ my $cfg = Apache2::Module::get_config(__PACKAGE__, $r->server, $r->per_dir_config);
+
+ # Do we use Git's smart HTTP protocol, or not?
+ if (defined $cfg->{RedmineGitSmartHttp} and $cfg->{RedmineGitSmartHttp}) {
+ my $uri = $r->unparsed_uri;
+ my $location = $r->location;
+ my $is_read_only = $uri !~ m{^$location/*[^/]+/+(info/refs\?service=)?git\-receive\-pack$}o;
+ return $is_read_only;
+ } else {
+ # Standard behaviour: check the HTTP method
+ my $method = $r->method;
+ return defined $read_only_methods{$method};
+ }
+}
+
+sub access_handler {
+ my $r = shift;
+
+ unless ($r->some_auth_required) {
+ $r->log_reason("No authentication has been configured");
+ return FORBIDDEN;
+ }
+
+ return OK unless request_is_read_only($r);
+
+ my $project_id = get_project_identifier($r);
+
+ $r->set_handlers(PerlAuthenHandler => [\&OK])
+ if is_public_project($project_id, $r) && anonymous_role_allows_browse_repository($r);
+
+ return OK
+}
+
+sub authen_handler {
+ my $r = shift;
+
+ my ($res, $redmine_pass) = $r->get_basic_auth_pw();
+ return $res unless $res == OK;
+
+ if (is_member($r->user, $redmine_pass, $r)) {
+ return OK;
+ } else {
+ $r->note_auth_failure();
+ return DECLINED;
+ }
+}
+
+# check if authentication is forced
+sub is_authentication_forced {
+ my $r = shift;
+
+ my $dbh = connect_database($r);
+ my $sth = $dbh->prepare(
+ "SELECT value FROM settings where settings.name = 'login_required';"
+ );
+
+ $sth->execute();
+ my $ret = 0;
+ if (my @row = $sth->fetchrow_array) {
+ if ($row[0] eq "1" || $row[0] eq "t") {
+ $ret = 1;
+ }
+ }
+ $sth->finish();
+ undef $sth;
+
+ $dbh->disconnect();
+ undef $dbh;
+
+ $ret;
+}
+
+sub is_public_project {
+ my $project_id = shift;
+ my $r = shift;
+
+ if (is_authentication_forced($r)) {
+ return 0;
+ }
+
+ my $dbh = connect_database($r);
+ my $sth = $dbh->prepare(
+ "SELECT is_public FROM projects WHERE projects.identifier = ? AND projects.status <> 9;"
+ );
+
+ $sth->execute($project_id);
+ my $ret = 0;
+ if (my @row = $sth->fetchrow_array) {
+ if ($row[0] eq "1" || $row[0] eq "t") {
+ $ret = 1;
+ }
+ }
+ $sth->finish();
+ undef $sth;
+ $dbh->disconnect();
+ undef $dbh;
+
+ $ret;
+}
+
+sub anonymous_role_allows_browse_repository {
+ my $r = shift;
+
+ my $dbh = connect_database($r);
+ my $sth = $dbh->prepare(
+ "SELECT permissions FROM roles WHERE builtin = 2;"
+ );
+
+ $sth->execute();
+ my $ret = 0;
+ if (my @row = $sth->fetchrow_array) {
+ if ($row[0] =~ /:browse_repository/) {
+ $ret = 1;
+ }
+ }
+ $sth->finish();
+ undef $sth;
+ $dbh->disconnect();
+ undef $dbh;
+
+ $ret;
+}
+
+# perhaps we should use repository right (other read right) to check public access.
+# it could be faster BUT it doesn't work for the moment.
+# sub is_public_project_by_file {
+# my $project_id = shift;
+# my $r = shift;
+
+# my $tree = Apache2::Directive::conftree();
+# my $node = $tree->lookup('Location', $r->location);
+# my $hash = $node->as_hash;
+
+# my $svnparentpath = $hash->{SVNParentPath};
+# my $repos_path = $svnparentpath . "/" . $project_id;
+# return 1 if (stat($repos_path))[2] & 00007;
+# }
+
+sub is_member {
+ my $redmine_user = shift;
+ my $redmine_pass = shift;
+ my $r = shift;
+
+ my $dbh = connect_database($r);
+ my $project_id = get_project_identifier($r);
+
+ my $pass_digest = Digest::SHA::sha1_hex($redmine_pass);
+
+ my $access_mode = request_is_read_only($r) ? "R" : "W";
+
+ my $cfg = Apache2::Module::get_config(__PACKAGE__, $r->server, $r->per_dir_config);
+ my $usrprojpass;
+ if ($cfg->{RedmineCacheCredsMax}) {
+ $usrprojpass = $cfg->{RedmineCacheCreds}->get($redmine_user.":".$project_id.":".$access_mode);
+ return 1 if (defined $usrprojpass and ($usrprojpass eq $pass_digest));
+ }
+ my $query = $cfg->{RedmineQuery};
+ my $sth = $dbh->prepare($query);
+ $sth->execute($redmine_user, $project_id);
+
+ my $ret;
+ while (my ($hashed_password, $salt, $auth_source_id, $permissions, $project_status) = $sth->fetchrow_array) {
+ if ($project_status eq "9" || ($project_status ne "1" && $access_mode eq "W")) {
+ last;
+ }
+
+ unless ($auth_source_id) {
+ my $method = $r->method;
+ my $salted_password = Digest::SHA::sha1_hex($salt.$pass_digest);
+ if ($hashed_password eq $salted_password && (($access_mode eq "R" && $permissions =~ /:browse_repository/) || $permissions =~ /:commit_access/) ) {
+ $ret = 1;
+ last;
+ }
+ } elsif ($CanUseLDAPAuth) {
+ my $sthldap = $dbh->prepare(
+ "SELECT host,port,tls,account,account_password,base_dn,attr_login from auth_sources WHERE id = ?;"
+ );
+ $sthldap->execute($auth_source_id);
+ while (my @rowldap = $sthldap->fetchrow_array) {
+ my $bind_as = $rowldap[3] ? $rowldap[3] : "";
+ my $bind_pw = $rowldap[4] ? $rowldap[4] : "";
+ if ($bind_as =~ m/\$login/) {
+ # replace $login with $redmine_user and use $redmine_pass
+ $bind_as =~ s/\$login/$redmine_user/g;
+ $bind_pw = $redmine_pass
+ }
+ my $ldap = Authen::Simple::LDAP->new(
+ host => ($rowldap[2] eq "1" || $rowldap[2] eq "t") ? "ldaps://$rowldap[0]:$rowldap[1]" : $rowldap[0],
+ port => $rowldap[1],
+ basedn => $rowldap[5],
+ binddn => $bind_as,
+ bindpw => $bind_pw,
+ filter => "(".$rowldap[6]."=%s)"
+ );
+ my $method = $r->method;
+ $ret = 1 if ($ldap->authenticate($redmine_user, $redmine_pass) && (($access_mode eq "R" && $permissions =~ /:browse_repository/) || $permissions =~ /:commit_access/));
+
+ }
+ $sthldap->finish();
+ undef $sthldap;
+ }
+ }
+ $sth->finish();
+ undef $sth;
+ $dbh->disconnect();
+ undef $dbh;
+
+ if ($cfg->{RedmineCacheCredsMax} and $ret) {
+ if (defined $usrprojpass) {
+ $cfg->{RedmineCacheCreds}->set($redmine_user.":".$project_id.":".$access_mode, $pass_digest);
+ } else {
+ if ($cfg->{RedmineCacheCredsCount} < $cfg->{RedmineCacheCredsMax}) {
+ $cfg->{RedmineCacheCreds}->set($redmine_user.":".$project_id.":".$access_mode, $pass_digest);
+ $cfg->{RedmineCacheCredsCount}++;
+ } else {
+ $cfg->{RedmineCacheCreds}->clear();
+ $cfg->{RedmineCacheCredsCount} = 0;
+ }
+ }
+ }
+
+ $ret;
+}
+
+sub get_project_identifier {
+ my $r = shift;
+
+ my $cfg = Apache2::Module::get_config(__PACKAGE__, $r->server, $r->per_dir_config);
+ my $location = $r->location;
+ $location =~ s/\.git$// if (defined $cfg->{RedmineGitSmartHttp} and $cfg->{RedmineGitSmartHttp});
+
+# my ($identifier) = $r->uri =~ m{$location/*([^/.]+)};
+# tchemit-2014-10-06 (ajout du _ pour pouvoir utiliser des depots multiples mapod_test par exemple)
+ my ($identifier) = $r->uri =~ m{$location/*([^/._]+)};
+ $identifier;
+}
+
+sub connect_database {
+ my $r = shift;
+
+ my $cfg = Apache2::Module::get_config(__PACKAGE__, $r->server, $r->per_dir_config);
+ return DBI->connect($cfg->{RedmineDSN}, $cfg->{RedmineDbUser}, $cfg->{RedmineDbPass});
+}
+
+1;
1
0
Author: tchemit
Date: 2015-12-15 08:43:00 +0100 (Tue, 15 Dec 2015)
New Revision: 129
Url: http://forge.codelutin.com/projects/adminsys/repository/revisions/129
Log:
Mise ?\195?\160 jour des scripts post-receive pour les depot git sur la forge
Modified:
scripts/redmine-tools/redmine-post-commit-git-with-repoid.sh
scripts/redmine-tools/redmine-post-commit.sh
Modified: scripts/redmine-tools/redmine-post-commit-git-with-repoid.sh
===================================================================
--- scripts/redmine-tools/redmine-post-commit-git-with-repoid.sh 2015-12-15 07:42:27 UTC (rev 128)
+++ scripts/redmine-tools/redmine-post-commit-git-with-repoid.sh 2015-12-15 07:43:00 UTC (rev 129)
@@ -10,15 +10,23 @@
# refresh redmine scm viewer
curl -s "http://forge.$DOMAIN/sys/fetch_changesets?key=$SCM_API_KEY&id=$PROJECT_NAME" &> /dev/null
+#echo "Redmine notified"
+
# send post-commit email
(cd /var/lib/git/git-$DOMAIN/$REPO_ID.git ; python /opt/git-tools/git-multimail-run.py)
-DEPLOY_DEMO=$( git config -f /var/lib/git/git-$DOMAIN/$REPO_ID.git/config --get --bool nightlybuild.deploy-latest-to-demo )
-if [ "$DEPLOY_DEMO" = "true" ] ; then
- touch /var/cache/redmine/nightly-build/$DOMAIN/$REPO_ID.deploy-demo && chmod o+w /var/cache/redmine/nightly-build/$DOMAIN/$REPO_ID.deploy-demo
-fi
-
-DEPLOY_SITE=$( git config -f /var/lib/git/git-$DOMAIN/$REPO_ID.git/config --get --bool nightlybuild.deploy-snapshot-site )
-if [ "$DEPLOY_SITE" = "true" ] ; then
- touch /var/cache/redmine/nightly-build/$DOMAIN/$REPO_ID.site
-fi
+#echo "Mail sent"
+#
+#DEPLOY_DEMO=$( git config -f /var/lib/git/git-$DOMAIN/$REPO_ID.git/config --get --bool nightlybuild.deploy-latest-to-demo )
+#if [ "$DEPLOY_DEMO" = "true" ] ; then
+# touch /var/cache/redmine/nightly-build/$DOMAIN/$REPO_ID.deploy-demo && chmod o+w /var/cache/redmine/nightly-build/$DOMAIN/$REPO_ID.deploy-demo
+#fi
+#
+#echo "Deploy demo's touch done"
+#
+#DEPLOY_SITE=$( git config -f /var/lib/git/git-$DOMAIN/$REPO_ID.git/config --get --bool nightlybuild.deploy-snapshot-site )
+#if [ "$DEPLOY_SITE" = "true" ] ; then
+# touch /var/cache/redmine/nightly-build/$DOMAIN/$REPO_ID.site
+#fi
+#
+#echo "Deploy site's touch done"
Modified: scripts/redmine-tools/redmine-post-commit.sh
===================================================================
--- scripts/redmine-tools/redmine-post-commit.sh 2015-12-15 07:42:27 UTC (rev 128)
+++ scripts/redmine-tools/redmine-post-commit.sh 2015-12-15 07:43:00 UTC (rev 129)
@@ -18,7 +18,7 @@
/opt/redmine-tools/commit-email.pl -h users.$MAIL_DOMAIN "$REPOS" "$REV" $PROJECT_NAME-commits(a)list.$MAIL_DOMAIN
# refresh redmine svn viewer
-wget "http://forge.$DOMAIN/sys/fetch_changesets?key=$SVN_API_KEY" --spider &
+wget "http://forge.$DOMAIN/sys/fetch_changesets?id=$PROJECT_NAME&key=$SVN_API_KEY" --spider &
# touch project for nightly build
touch /var/cache/redmine/nightly-build/$DOMAIN/$PROJECT_NAME.site
1
0
Author: tchemit
Date: 2015-12-15 08:42:27 +0100 (Tue, 15 Dec 2015)
New Revision: 128
Url: http://forge.codelutin.com/projects/adminsys/repository/revisions/128
Log:
Ajout des script post-receive des depot git-lab
Added:
scripts/redmine-tools/gitlab-post-commit-with-repoid.sh
scripts/redmine-tools/gitlab-post-commit.sh
Added: scripts/redmine-tools/gitlab-post-commit-with-repoid.sh
===================================================================
--- scripts/redmine-tools/gitlab-post-commit-with-repoid.sh (rev 0)
+++ scripts/redmine-tools/gitlab-post-commit-with-repoid.sh 2015-12-15 07:42:27 UTC (rev 128)
@@ -0,0 +1,19 @@
+#!/bin/sh
+#
+# Script lance a chaque push sur le serveur
+
+ORGANISATION="$1"
+PROJECT_NAME="$2"
+REPO_ID="$3"
+DOMAIN="$4"
+SCM_API_KEY="$5"
+
+# refresh redmine scm viewer
+curl -s "http://forge.$DOMAIN/sys/fetch_changesets?key=$SCM_API_KEY&id=$PROJECT_NAME" &> /dev/null
+
+#echo "Redmine notified"
+
+# send post-commit email
+(cd /var/opt/gitlab/git-data/repositories/$ORGANISATION/$REPO_ID.git ; python /opt/git-tools/git-multimail-run.py)
+
+#echo "Mail sent"
\ No newline at end of file
Property changes on: scripts/redmine-tools/gitlab-post-commit-with-repoid.sh
___________________________________________________________________
Added: svn:executable
## -0,0 +1 ##
+*
\ No newline at end of property
Added: scripts/redmine-tools/gitlab-post-commit.sh
===================================================================
--- scripts/redmine-tools/gitlab-post-commit.sh (rev 0)
+++ scripts/redmine-tools/gitlab-post-commit.sh 2015-12-15 07:42:27 UTC (rev 128)
@@ -0,0 +1,10 @@
+#!/bin/sh
+#
+# Script lance a chaque push sur le serveur
+
+ORGANISATION="$1"
+PROJECT_NAME="$2"
+DOMAIN="$3"
+SCM_API_KEY="$4"
+
+sh /opt/redmine-tools/gitlab-post-commit-with-repoid.sh "$ORGANISATION" "$PROJECT_NAME" "$PROJECT_NAME" "$DOMAIN" "$SCM_API_KEY"
Property changes on: scripts/redmine-tools/gitlab-post-commit.sh
___________________________________________________________________
Added: svn:executable
## -0,0 +1 ##
+*
\ No newline at end of property
1
0
Author: tchemit
Date: 2015-12-15 08:41:33 +0100 (Tue, 15 Dec 2015)
New Revision: 127
Url: http://forge.codelutin.com/projects/adminsys/repository/revisions/127
Log:
Mise ?\195?\160 jour du cron redmine (mais il ne doit plus servir)
Modified:
scripts/redmine-tools/cron-redmine
Modified: scripts/redmine-tools/cron-redmine
===================================================================
--- scripts/redmine-tools/cron-redmine 2015-12-15 07:40:58 UTC (rev 126)
+++ scripts/redmine-tools/cron-redmine 2015-12-15 07:41:33 UTC (rev 127)
@@ -2,6 +2,8 @@
#
# cron-jobs for redmine
#
+# poussin 20150112 redirection des erreurs vers les fichiers de log pour eviter l'envoie d'email a admin toutes les heures (
+# /usr/lib/ruby/1.9.1/rubygems/custom_require.rb:36:in `require': iconv will be deprecated in the future, use String#encode instead.)
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
#MAILTO=root
@@ -20,56 +22,56 @@
# Create nuiton.org mailing-lists
-ruby /opt/redmine-tools/project-list.rb --redmine-host forge.nuiton.org --admin-email moderate(a)codelutin.com --list-domain list.nuiton.org --list-suffix commits --key $nuiton_key >> $nuiton_log
-ruby /opt/redmine-tools/project-list.rb --redmine-host forge.nuiton.org --admin-email moderate(a)codelutin.com --list-domain list.nuiton.org --list-suffix users --key $nuiton_key >> $nuiton_log
-ruby /opt/redmine-tools/project-list.rb --redmine-host forge.nuiton.org --admin-email moderate(a)codelutin.com --list-domain list.nuiton.org --list-suffix devel --key $nuiton_key >> $nuiton_log
-ruby /opt/redmine-tools/project-list.rb --redmine-host forge.nuiton.org --admin-email moderate+nuiton.org+build(a)codelutin.com --list-domain list.nuiton.org --list-suffix build --key $nuiton_key >> $nuiton_log
+ruby /opt/redmine-tools/project-list.rb --redmine-host forge.nuiton.org --admin-email moderate(a)codelutin.com --list-domain list.nuiton.org --list-suffix commits --key $nuiton_key >> $nuiton_log 2>&1
+ruby /opt/redmine-tools/project-list.rb --redmine-host forge.nuiton.org --admin-email moderate(a)codelutin.com --list-domain list.nuiton.org --list-suffix users --key $nuiton_key >> $nuiton_log 2>&1
+ruby /opt/redmine-tools/project-list.rb --redmine-host forge.nuiton.org --admin-email moderate(a)codelutin.com --list-domain list.nuiton.org --list-suffix devel --key $nuiton_key >> $nuiton_log 2>&1
+ruby /opt/redmine-tools/project-list.rb --redmine-host forge.nuiton.org --admin-email moderate+nuiton.org+build(a)codelutin.com --list-domain list.nuiton.org --list-suffix build --key $nuiton_key >> $nuiton_log 2>&1
# Create chorem.org mailing-lists
-ruby /opt/redmine-tools/project-list.rb --redmine-host forge.chorem.org --admin-email moderate(a)codelutin.com --list-domain list.chorem.org --list-suffix commits --key $chorem_key >> $chorem_log
-ruby /opt/redmine-tools/project-list.rb --redmine-host forge.chorem.org --admin-email moderate(a)codelutin.com --list-domain list.chorem.org --list-suffix users --key $chorem_key >> $chorem_log
-ruby /opt/redmine-tools/project-list.rb --redmine-host forge.chorem.org --admin-email moderate(a)codelutin.com --list-domain list.chorem.org --list-suffix devel --key $chorem_key >> $chorem_log
-ruby /opt/redmine-tools/project-list.rb --redmine-host forge.chorem.org --admin-email moderate+chorem.org+build(a)codelutin.com --list-domain list.chorem.org --list-suffix build --key $chorem_key >> $chorem_log
+ruby /opt/redmine-tools/project-list.rb --redmine-host forge.chorem.org --admin-email moderate(a)codelutin.com --list-domain list.chorem.org --list-suffix commits --key $chorem_key >> $chorem_log 2>&1
+ruby /opt/redmine-tools/project-list.rb --redmine-host forge.chorem.org --admin-email moderate(a)codelutin.com --list-domain list.chorem.org --list-suffix users --key $chorem_key >> $chorem_log 2>&1
+ruby /opt/redmine-tools/project-list.rb --redmine-host forge.chorem.org --admin-email moderate(a)codelutin.com --list-domain list.chorem.org --list-suffix devel --key $chorem_key >> $chorem_log 2>&1
+ruby /opt/redmine-tools/project-list.rb --redmine-host forge.chorem.org --admin-email moderate+chorem.org+build(a)codelutin.com --list-domain list.chorem.org --list-suffix build --key $chorem_key >> $chorem_log 2>&1
# Create codelutin.com mailing-lists
-ruby /opt/redmine-tools/project-list.rb --redmine-host forge.codelutin.com --admin-email moderate(a)codelutin.com --list-domain list.forge.codelutin.com --list-suffix commits --key $codelutin_key >> $codelutin_log
-ruby /opt/redmine-tools/project-list.rb --redmine-host forge.codelutin.com --admin-email moderate(a)codelutin.com --list-domain list.forge.codelutin.com --list-suffix users --key $codelutin_key >> $codelutin_log
-ruby /opt/redmine-tools/project-list.rb --redmine-host forge.codelutin.com --admin-email moderate(a)codelutin.com --list-domain list.forge.codelutin.com --list-suffix devel --key $codelutin_key >> $codelutin_log
-ruby /opt/redmine-tools/project-list.rb --redmine-host forge.codelutin.com --admin-email moderate(a)codelutin.com --list-domain list.forge.codelutin.com --list-suffix private --key $codelutin_key >> $codelutin_log
-ruby /opt/redmine-tools/project-list.rb --redmine-host forge.codelutin.com --admin-email moderate+codelutin.com+build(a)codelutin.com --list-domain list.forge.codelutin.com --list-suffix build --key $codelutin_key >> $codelutin_log
+ruby /opt/redmine-tools/project-list.rb --redmine-host forge.codelutin.com --admin-email moderate(a)codelutin.com --list-domain list.forge.codelutin.com --list-suffix commits --key $codelutin_key >> $codelutin_log 2>&1
+ruby /opt/redmine-tools/project-list.rb --redmine-host forge.codelutin.com --admin-email moderate(a)codelutin.com --list-domain list.forge.codelutin.com --list-suffix users --key $codelutin_key >> $codelutin_log 2>&1
+ruby /opt/redmine-tools/project-list.rb --redmine-host forge.codelutin.com --admin-email moderate(a)codelutin.com --list-domain list.forge.codelutin.com --list-suffix devel --key $codelutin_key >> $codelutin_log 2>&1
+ruby /opt/redmine-tools/project-list.rb --redmine-host forge.codelutin.com --admin-email moderate(a)codelutin.com --list-domain list.forge.codelutin.com --list-suffix private --key $codelutin_key >> $codelutin_log 2>&1
+ruby /opt/redmine-tools/project-list.rb --redmine-host forge.codelutin.com --admin-email moderate+codelutin.com+build(a)codelutin.com --list-domain list.forge.codelutin.com --list-suffix build --key $codelutin_key >> $codelutin_log 2>&1
# Create scm repositories
#TODO Deal with git
-ruby /opt/redmine-nuiton.org/extra/svn/reposman.rb --redmine-host forge.nuiton.org --svn-dir /var/lib/svn/svn-nuiton.org --owner www-data --group publish --url http://forge.nuiton.org/svn-private/ --key $nuiton_key >> $nuiton_log
-ruby /opt/redmine-chorem.org/extra/svn/reposman.rb --redmine-host forge.chorem.org --svn-dir /var/lib/svn/svn-chorem.org --owner www-data --group publish --url http://forge.chorem.org/svn-private/ --key $chorem_key >> $chorem_log
-ruby /opt/redmine-codelutin.com/extra/svn/reposman.rb --redmine-host forge.codelutin.com --svn-dir /var/lib/svn/svn-codelutin.com --owner www-data --group publish --url http://forge.codelutin.com/svn-private/ --key $codelutin_key >> $codelutin_log
+ruby /opt/redmine-nuiton.org/extra/svn/reposman.rb --redmine-host forge.nuiton.org --svn-dir /var/lib/svn/svn-nuiton.org --owner www-data --group publish --url http://forge.nuiton.org/svn-private/ --key $nuiton_key >> $nuiton_log 2>&1
+ruby /opt/redmine-chorem.org/extra/svn/reposman.rb --redmine-host forge.chorem.org --svn-dir /var/lib/svn/svn-chorem.org --owner www-data --group publish --url http://forge.chorem.org/svn-private/ --key $chorem_key >> $chorem_log 2>&1
+ruby /opt/redmine-codelutin.com/extra/svn/reposman.rb --redmine-host forge.codelutin.com --svn-dir /var/lib/svn/svn-codelutin.com --owner www-data --group publish --url http://forge.codelutin.com/svn-private/ --key $codelutin_key >> $codelutin_log 2>&1
# Manage project scm
#TODO Rename the script, this is not clear at all
-ruby /opt/redmine-tools/project-scm.rb -s /var/lib/doc/nuiton.org -r forge.nuiton.org --owner publish --key $nuiton_key >> $nuiton_log
-ruby /opt/redmine-tools/project-scm.rb -s /var/lib/doc/chorem.org -r forge.chorem.org --owner publish --key $chorem_key >> $chorem_log
-ruby /opt/redmine-tools/project-scm.rb -s /var/lib/doc/codelutin.com -r forge.codelutin.com --owner publish --key $codelutin_key >> $codelutin_log
+ruby /opt/redmine-tools/project-scm.rb -s /var/lib/doc/nuiton.org -r forge.nuiton.org --owner publish --key $nuiton_key >> $nuiton_log 2>&1
+ruby /opt/redmine-tools/project-scm.rb -s /var/lib/doc/chorem.org -r forge.chorem.org --owner publish --key $chorem_key >> $chorem_log 2>&1
+ruby /opt/redmine-tools/project-scm.rb -s /var/lib/doc/codelutin.com -r forge.codelutin.com --owner publish --key $codelutin_key >> $codelutin_log 2>&1
# Make git project visible in gitweb
#TODO Should use a ruby script to allow private git repositories
-bash /opt/git-tools/mark_public_git_repositories.sh nuiton.org >> $nuiton_log
-bash /opt/git-tools/mark_public_git_repositories.sh chorem.org >> $chorem_log
-bash /opt/git-tools/mark_public_git_repositories.sh codelutin.com >> $codelutin_log
+bash /opt/git-tools/mark_public_git_repositories.sh nuiton.org >> $nuiton_log 2>&1
+bash /opt/git-tools/mark_public_git_repositories.sh chorem.org >> $chorem_log 2>&1
+bash /opt/git-tools/mark_public_git_repositories.sh codelutin.com >> $codelutin_log 2>&1
# Create project site configuration (apache)
# TODO Do it for chorem.org and codelutin.com sites
-ruby /opt/redmine-tools/project-site.rb -f nuiton.org -k $nuiton_key >> $nuiton_log
+ruby /opt/redmine-tools/project-site.rb -f nuiton.org -k $nuiton_key >> $nuiton_log 2>&1
#ruby /opt/redmine-tools/project-site.rb -f chorem.org -k $chorem_key >> $chorem_log
#ruby /opt/redmine-tools/project-site.rb -f codelutin.com -k $codelutin_key >> codelutin_log
# Update project technical site
-ruby /opt/redmine-tools/project-technical-site.rb -f nuiton.org -k $nuiton_key >> $nuiton_log
-ruby /opt/redmine-tools/project-technical-site.rb -f chorem.org -k $chorem_key >> $chorem_log
-ruby /opt/redmine-tools/project-technical-site.rb -f codelutin.com -k $codelutin_key >> $codelutin_log
+ruby /opt/redmine-tools/project-technical-site.rb -f nuiton.org -k $nuiton_key >> $nuiton_log 2>&1
+ruby /opt/redmine-tools/project-technical-site.rb -f chorem.org -k $chorem_key >> $chorem_log 2>&1
+ruby /opt/redmine-tools/project-technical-site.rb -f codelutin.com -k $codelutin_key >> $codelutin_log 2>&1
1
0
Author: tchemit
Date: 2015-12-15 08:40:58 +0100 (Tue, 15 Dec 2015)
New Revision: 126
Url: http://forge.codelutin.com/projects/adminsys/repository/revisions/126
Log:
Ajout des cron sp?\195?\169cifique ?\195?\160 chaque forge
Added:
scripts/redmine-tools/cron-redmine-chorem.org
scripts/redmine-tools/cron-redmine-codelutin.com
scripts/redmine-tools/cron-redmine-nuiton.org
scripts/redmine-tools/cron-redmine.sh
Added: scripts/redmine-tools/cron-redmine-chorem.org
===================================================================
--- scripts/redmine-tools/cron-redmine-chorem.org (rev 0)
+++ scripts/redmine-tools/cron-redmine-chorem.org 2015-12-15 07:40:58 UTC (rev 126)
@@ -0,0 +1,6 @@
+#!/bin/sh
+#
+# cron-jobs for forge.chorem.org
+#
+
+sh /opt/redmine-tools/cron-redmine.sh chorem.org chorem.org 03WmG5DuFqdlp75GyAeT "commits user devel build"
\ No newline at end of file
Property changes on: scripts/redmine-tools/cron-redmine-chorem.org
___________________________________________________________________
Added: svn:executable
## -0,0 +1 ##
+*
\ No newline at end of property
Added: scripts/redmine-tools/cron-redmine-codelutin.com
===================================================================
--- scripts/redmine-tools/cron-redmine-codelutin.com (rev 0)
+++ scripts/redmine-tools/cron-redmine-codelutin.com 2015-12-15 07:40:58 UTC (rev 126)
@@ -0,0 +1,6 @@
+#!/bin/sh
+#
+# cron-jobs for forge.codelutin.com
+#
+
+sh /opt/redmine-tools/cron-redmine.sh codelutin.com forge.codelutin.com UDh19sTvBsU7HmzbxSlk "commits user devel build private"
Property changes on: scripts/redmine-tools/cron-redmine-codelutin.com
___________________________________________________________________
Added: svn:executable
## -0,0 +1 ##
+*
\ No newline at end of property
Added: scripts/redmine-tools/cron-redmine-nuiton.org
===================================================================
--- scripts/redmine-tools/cron-redmine-nuiton.org (rev 0)
+++ scripts/redmine-tools/cron-redmine-nuiton.org 2015-12-15 07:40:58 UTC (rev 126)
@@ -0,0 +1,6 @@
+#!/bin/sh
+#
+# cron-job for forge.nuiton.org
+#
+
+sh /opt/redmine-tools/cron-redmine.sh nuiton.org nuiton.org q6aM3bhpwi9w5Y0Q4tLA "commits user devel build"
Property changes on: scripts/redmine-tools/cron-redmine-nuiton.org
___________________________________________________________________
Added: svn:executable
## -0,0 +1 ##
+*
\ No newline at end of property
Added: scripts/redmine-tools/cron-redmine.sh
===================================================================
--- scripts/redmine-tools/cron-redmine.sh (rev 0)
+++ scripts/redmine-tools/cron-redmine.sh 2015-12-15 07:40:58 UTC (rev 126)
@@ -0,0 +1,52 @@
+#!/bin/sh
+#
+# cron-jobs for redmine
+#
+
+PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+#MAILTO=root
+
+FORGE=$1
+LIST_DOMAIN=$2
+API_KEY=$3
+LISTS=$4
+
+LOG_FILE=/var/log/cron-redmine-$FORGE.log
+
+
+date >> $LOG_FILE
+
+# Create common mailing-lists
+for LIST_SUFFIX in $(echo $LISTS) ; do
+ echo "-- list $LIST_SUFFIX $(date)"
+ ruby /opt/redmine-tools/project-list.rb --redmine-host forge.$FORGE --admin-email moderate+$FORGE+$LIST_SUFFIX(a)codelutin.com --list-domain list.$LIST_DOMAIN --list-suffix $LIST_SUFFIX --key $API_KEY >> $LOG_FILE
+
+done
+
+#ruby /opt/redmine-tools/project-list.rb --redmine-host forge.$FORGE --admin-email moderate(a)codelutin.com --list-domain list.$LIST_DOMAIN --list-suffix commits --key $API_KEY >> $LOG_FILE
+#ruby /opt/redmine-tools/project-list.rb --redmine-host forge.$FORGE --admin-email moderate(a)codelutin.com --list-domain list.$LIST_DOMAIN --list-suffix users --key $API_KEY >> $LOG_FILE
+#ruby /opt/redmine-tools/project-list.rb --redmine-host forge.$FORGE --admin-email moderate(a)codelutin.com --list-domain list.$LIST_DOMAIN --list-suffix devel --key $API_KEY >> $LOG_FILE
+#ruby /opt/redmine-tools/project-list.rb --redmine-host forge.$FORGE --admin-email moderate+$FORGE+build(a)codelutin.com --list-domain list.$LIST_DOMAIN --list-suffix build --key $API_KEY >> $LOG_FILE
+
+# Create scm repositories
+echo "-- create scm $(date)"
+#TODO Deal with git (so for the moment do nothing)
+#ruby /opt/redmine-$FORGE/extra/svn/reposman.rb --redmine-host forge.$FORGE --svn-dir /var/lib/svn/svn-$FORGE --owner www-data --group publish --url http://forge.$FORGE/svn-private/ --key $API_KEY >> $LOG_FILE
+
+# Manage project scm
+echo "-- manage scm $(date)"
+#TODO Deal with git (so for the moment do nothing)
+#ruby /opt/redmine-tools/project-scm.rb -s /var/lib/doc/$FORGE -r forge.$FORGE --owner publish --key $API_KEY >> $LOG_FILE
+
+# Make git project visible in gitweb
+#TODO Should use a ruby script to allow private git repositories
+echo "-- gitweb update $(date)"
+bash /opt/git-tools/mark_public_git_repositories.sh $FORGE >> $LOG_FILE
+
+# Create project site configuration (apache)
+echo "-- apache sites $(date)"
+ruby /opt/redmine-tools/project-site.rb -f $FORGE -k $API_KEY >> $LOG_FILE
+
+# Update project technical site
+echo "-- technical sites $(date)"
+ruby /opt/redmine-tools/project-technical-site.rb -f $FORGE -k $API_KEY >> $LOG_FILE
Property changes on: scripts/redmine-tools/cron-redmine.sh
___________________________________________________________________
Added: svn:executable
## -0,0 +1 ##
+*
\ No newline at end of property
1
0