[Fusionforge-commits] FusionForge branch 6.0 updated. abd4f06ed59f5b60e980e10b0c9c085e9b52ca09

Sylvain Beucler beuc-inria at fusionforge.org
Wed Feb 18 18:19:37 CET 2015


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "FusionForge".

The branch, 6.0 has been updated
       via  abd4f06ed59f5b60e980e10b0c9c085e9b52ca09 (commit)
       via  54f3889db41307a341d7aacba036d570f6d36b12 (commit)
       via  2f69ab2be27c9b806122c52a8cd8dd5531571feb (commit)
      from  79c2b02baab87224d82e5e084e0e1139c2ef481c (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit abd4f06ed59f5b60e980e10b0c9c085e9b52ca09
Author: Sylvain Beucler <sylvain.beucler at inria.fr>
Date:   Wed Feb 18 18:12:12 2015 +0100

    svnscm: factor out apache configuration

diff --git a/src/plugins/scmsvn/common/SVNPlugin.class.php b/src/plugins/scmsvn/common/SVNPlugin.class.php
index d905e54..d401004 100644
--- a/src/plugins/scmsvn/common/SVNPlugin.class.php
+++ b/src/plugins/scmsvn/common/SVNPlugin.class.php
@@ -364,12 +364,6 @@ some control over it to the project's administrator.");
 
 			$access_data .= "\n";
 			$engine->invalidateRoleCaches();  // caching all roles takes ~1GB RAM for 5K projects/15K users
-
-			if ($project->enableAnonSCM()) {
-				fwrite($config_f, 'Use ScmsvnProjectWithAnon '.$project->getUnixName().'
-');
-			}
-			
 			fwrite($config_f, "\n");
 		}
 
diff --git a/src/plugins/scmsvn/etc/httpd.conf.d/05-config-macros-scmsvn.conf b/src/plugins/scmsvn/etc/httpd.conf.d/05-config-macros-scmsvn.conf
index 8f1d725..218b88f 100644
--- a/src/plugins/scmsvn/etc/httpd.conf.d/05-config-macros-scmsvn.conf
+++ b/src/plugins/scmsvn/etc/httpd.conf.d/05-config-macros-scmsvn.conf
@@ -1,25 +1,13 @@
-<Macro ScmsvnProjectWithAnon $project>
-<Location /anonscm/svn/$project>
-  DAV svn
-  SVNPath {scmsvn/repos_path}/$project
-  # allow read-only browsing
-  <LimitExcept GET PROPFIND OPTIONS REPORT>
-  </LimitExcept>
-</Location>
-</Macro>
-
 <Macro ScmsvnUser $user>
 <Location /authscm/$user/svn>
   DAV svn
   SVNParentPath {scmsvn/repos_path}
-
-  # how to authenticate a user
-  AuthzSVNAccessFile {core/data_path}/svnroot-access
-  AuthType Basic
-  AuthName "SCM for {core/forge_name}"
-  AuthUserFile {core/data_path}/svnroot-authfile
-
   # only authenticated users may access the repository
   Require user $user
+  # Note: AuthzSVNAccessFile would have priority over this so don't use it
+</Location>
+<Location /authscm/$user/viewvc>
+  # TODO: let's find a way to authenticate from viewvc.php
+  #Require user $user
 </Location>
 </Macro>
diff --git a/src/plugins/scmsvn/etc/httpd.conf.d/plugin-scmsvn.inc b/src/plugins/scmsvn/etc/httpd.conf.d/plugin-scmsvn.inc
index 669edfc..1bc20d2 100644
--- a/src/plugins/scmsvn/etc/httpd.conf.d/plugin-scmsvn.inc
+++ b/src/plugins/scmsvn/etc/httpd.conf.d/plugin-scmsvn.inc
@@ -1,18 +1,38 @@
+<Location /anonscm/svn/>
+  DAV svn
+  SVNParentPath {scmsvn/repos_path}
+  # allow read-only browsing
+  <LimitExcept GET PROPFIND OPTIONS REPORT>
+  </LimitExcept>
+</Location>
+
+<LocationMatch "^/authscm/[^/]+/svn">
+  # how to authenticate a user
+  AuthType Basic
+  AuthName "SCM for FusionForge"
+  AuthUserFile {core/data_path}/svnroot-authfile
+  # Rely on macro 'ScmsvnUser' and Unix privs
+  #AuthzSVNAccessFile {core/data_path}/svnroot-access
+</LocationMatch>
+
+<LocationMatch "^/authscm/[^/]+/viewvc">
+  # TODO: let's find a way to authenticate from viewvc.php
+  #AuthType Basic
+  #AuthName "SCM for FusionForge"
+  #AuthUserFile {core/data_path}/svnroot-authfile
+</LocationMatch>
+
+ScriptAlias /anonscm/viewvc {core/source_path}/plugins/scmsvn/cgi-bin/viewvc.cgi
+ScriptAliasMatch ^/authscm/[^/]+/viewvc(.*) {core/source_path}/plugins/scmsvn/cgi-bin/viewvc.cgi$1
+<Directory {core/source_path}/plugins/scmsvn/cgi-bin>
+  Require all granted
+</Directory>
+#Alias /doc/viewvc /usr/share/viewvc/docroot
+
+# Redirect URLs from FF < 6.0
 <IfModule mod_authz_svn.c>
   Alias /svn {core/source_path}/www/plugins/scmsvn/redirect-to-itk.php
 </IfModule>
 <IfModule !mod_authz_svn.c>
   Redirect permanent /svn /anonscm/svn/
 </IfModule>
-
-ScriptAlias /anonscm/viewvc {core/source_path}/plugins/scmsvn/cgi-bin/viewvc.cgi
-ScriptAliasMatch ^/authscm/[^/]+/viewvc(.*) {core/source_path}/plugins/scmsvn/cgi-bin/viewvc.cgi$1
-<Directory {core/source_path}/plugins/scmsvn/cgi-bin/>
-  <IfVersion >= 2.3>
-    Require all granted
-  </IfVersion>
-  <IfVersion < 2.3>
-    order allow,deny
-    allow from all
-  </IfVersion>
-</Directory>

commit 54f3889db41307a341d7aacba036d570f6d36b12
Author: Sylvain Beucler <sylvain.beucler at inria.fr>
Date:   Wed Feb 18 18:06:57 2015 +0100

    scmsvn: disable viewvc auth so we can work on other solution

diff --git a/src/plugins/scmsvn/cgi-bin/viewvc.cgi b/src/plugins/scmsvn/cgi-bin/viewvc.cgi
index f18f187..4c51a76 100755
--- a/src/plugins/scmsvn/cgi-bin/viewvc.cgi
+++ b/src/plugins/scmsvn/cgi-bin/viewvc.cgi
@@ -51,18 +51,23 @@ cfg.general.root_parents = [repos_path+': svn']
 
 # Authentify request
 try:
-  p = subprocess.Popen(['sudo', 'forge_check_cookie'], stdin=subprocess.PIPE)
-  p.communicate(os.environ.get('HTTP_COOKIE', ''))
-  if p.returncode != 0:
-    raise Exception('Unauthorized')
+  # TODO: itk prevents sudo from gaining privileges, let's try with something else
+  # p = subprocess.Popen(['sudo', 'forge_check_cookie'], stdin=subprocess.PIPE)
+  #p.communicate(os.environ.get('HTTP_COOKIE', ''))
+  #if p.returncode != 0:
+  #  raise Exception('Unauthorized')
+  pass  # no auth for now
 except Exception, e:
   print "Content-type: text/plain\n\n";
   print e
   sys.exit(1)
 
+# Pretend we're running on the source host
 os.environ['SCRIPT_NAME'] = '/scm/viewvc.php'
-cfg.general.address = 'root@' + os.environ['HTTP_HOST']
 cfg.options.docroot = '/scm/viewvc/docroot';
+
+# Generic configuration
+cfg.general.address = 'root@' + os.environ['HTTP_HOST']
 #cfg.options.allow_compress = False
 #cfg.options.generate_etags = False
 #cfg.options.allowed_views = ['annotate', 'diff', 'markup', 'roots', 'tar', 'co']
diff --git a/src/www/scm/viewvc.php b/src/www/scm/viewvc.php
index 9e9d59c..f1c9480 100644
--- a/src/www/scm/viewvc.php
+++ b/src/www/scm/viewvc.php
@@ -81,6 +81,7 @@ $scm_box = $Group->getSCMBox();
 //$external_scm = (gethostbyname(forge_get_config('web_host')) != gethostbyname($scm_box));
 //$external_scm = !forge_get_config('scm_single_host');
 $external_scm = 1;
+$redirect = 0;
 
 if (!forge_check_perm('scm', $Group->getID(), 'read')) {
 	exit_permission_denied('scm');
@@ -98,17 +99,22 @@ if ($external_scm) {
 	$script_url = $protocol . $scm_box . $server_script
 		. (isset($_SERVER['PATH_INFO']) ? $_SERVER['PATH_INFO'] : '/')
 		. '?' . $_SERVER["QUERY_STRING"];
-	$ch = curl_init();
-	curl_setopt($ch, CURLOPT_HEADER, true);
-	curl_setopt($ch, CURLOPT_URL, $script_url);
-	curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
-	curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
-	curl_setopt($ch, CURLOPT_COOKIE, $_SERVER['HTTP_COOKIE']);
-	$content = curl_exec($ch);
-	if ($content === false) {
-		exit_error("Error fetching $script_url : " . curl_error($ch), 'summary');
+	if ($redirect) {
+		header("Location: $script_url");
+		exit(0);
+	} else {
+		$ch = curl_init();
+		curl_setopt($ch, CURLOPT_HEADER, true);
+		curl_setopt($ch, CURLOPT_URL, $script_url);
+		curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
+		curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
+		curl_setopt($ch, CURLOPT_COOKIE, $_SERVER['HTTP_COOKIE']);
+		$content = curl_exec($ch);
+		if ($content === false) {
+			exit_error("Error fetching $script_url : " . curl_error($ch), 'summary');
+		}
+		curl_close($ch);
 	}
-	curl_close($ch);
 } else {
 	// Call to ViewCVS CGI locally (see viewcvs_utils.php)
 

commit 2f69ab2be27c9b806122c52a8cd8dd5531571feb
Author: Sylvain Beucler <sylvain.beucler at inria.fr>
Date:   Wed Feb 18 18:00:25 2015 +0100

    reactivity: allow running crons manually (don't still cronjobs locks forever)

diff --git a/src/bin/systasksd b/src/bin/systasksd
index 3ab9117..4fc068a 100755
--- a/src/bin/systasksd
+++ b/src/bin/systasksd
@@ -130,6 +130,7 @@ while (true) {
 		$ret = null;
 		if ($verbose) print "Running: $script... ";
 		system("$script\n", $ret);
+		cron_release_lock($script);
 		if ($ret == 0) {
 			if ($verbose) print "DONE\n";
 			db_query_params("UPDATE systasks SET status=$1, stopped=now() WHERE systask_id=$2",
diff --git a/src/common/include/cron_utils.php b/src/common/include/cron_utils.php
index 4ce3254..ec2576a 100644
--- a/src/common/include/cron_utils.php
+++ b/src/common/include/cron_utils.php
@@ -89,16 +89,23 @@ function checkChroot() {
 // Locking: for a single script
 // flock() locks are automatically lost on program termination, however
 // that happened (clean, segfault...)
+// Global, otherwise auto-closed by PHP and we lose the lock!
+$locks = array();
 function cron_acquire_lock($script) {
 	// Script lock: http://perl.plover.com/yak/flock/samples/slide006.html
-	static $lock;  // static, otherwise auto-closed by PHP and we lose the lock!
-	$lock = fopen($script, 'r') or die("Failed to ask lock.\n");
+	if (!isset($locks[$script]))
+		$locks[$script] = fopen($script, 'r') or die("Failed to ask lock.\n");
 
-	if (!flock($lock, LOCK_EX | LOCK_NB)) {
+	if (!flock($locks[$script], LOCK_EX | LOCK_NB)) {
 		die("There's a lock for '$script', exiting\n");
 	}
 }
 
+function cron_release_lock($script) {
+	flock($locks[$script], LOCK_UN);
+	unset($locks[$script]);
+}
+
 //
 // Reload NSCD, in particular when replicating new groups, users or
 // project memberships

-----------------------------------------------------------------------

Summary of changes:
 src/bin/systasksd                                  |    1 +
 src/common/include/cron_utils.php                  |   13 ++++--
 src/plugins/scmsvn/cgi-bin/viewvc.cgi              |   15 ++++---
 src/plugins/scmsvn/common/SVNPlugin.class.php      |    6 ---
 .../etc/httpd.conf.d/05-config-macros-scmsvn.conf  |   22 +++-------
 .../scmsvn/etc/httpd.conf.d/plugin-scmsvn.inc      |   44 ++++++++++++++------
 src/www/scm/viewvc.php                             |   26 +++++++-----
 7 files changed, 74 insertions(+), 53 deletions(-)


hooks/post-receive
-- 
FusionForge



More information about the Fusionforge-commits mailing list