http://projects.andriylesyuk.com/http://projects.andriylesyuk.com/plugin_assets/andriy_lesyuk/images/s-andy.ico2011-04-22T19:09:57ZProjectsSCM Creator (+Github) - Feature #1707: Git supporthttp://projects.andriylesyuk.com/issues/1707?journal_id=6492011-04-22T19:09:57ZAndriy Lesyuks-andy@andriylesyuk.com
<ul><li><strong>Target version</strong> set to <i>0.1.0</i></li><li><strong>% Done</strong> changed from <i>0</i> to <i>40</i></li></ul> SCM Creator (+Github) - Feature #1707: Git supporthttp://projects.andriylesyuk.com/issues/1707?journal_id=6502011-04-22T19:10:09ZAndriy Lesyuks-andy@andriylesyuk.com
<ul><li><strong>File</strong> deleted (<del><i>add_git_support.diff</i></del>)</li></ul> SCM Creator (+Github) - Feature #1707: Git supporthttp://projects.andriylesyuk.com/issues/1707?journal_id=6512011-04-22T19:11:47ZAndriy Lesyuks-andy@andriylesyuk.com
<ul><li><strong>Status</strong> changed from <i>Open</i> to <i>In Progress</i></li></ul> SCM Creator (+Github) - Feature #1707: Git supporthttp://projects.andriylesyuk.com/issues/1707?journal_id=6952011-05-26T21:44:52ZAndriy Lesyuks-andy@andriylesyuk.com
<ul></ul><p>Maybe even so:<br /><pre><code class="yaml syntaxhl"><span class="CodeRay"><span class="key">production</span>:
<span class="key">svn</span>:
<span class="key">path</span>: <span class="string"><span class="content">/var/lib/svn</span></span>
<span class="key">svnadmin</span>: <span class="string"><span class="content">/usr/bin/svnadmin</span></span>
<span class="key">git</span>:
<span class="key">path</span>: <span class="string"><span class="content">/var/lib/git</span></span>
<span class="key">git</span>: <span class="string"><span class="content">/usr/bin/git</span></span>
</span></code></pre></p> SCM Creator (+Github) - Feature #1707: Git supporthttp://projects.andriylesyuk.com/issues/1707?journal_id=6982011-05-28T11:15:08ZAndriy Lesyuks-andy@andriylesyuk.com
<ul><li><strong>Due date</strong> set to <i>28 May 2011</i></li><li><strong>% Done</strong> changed from <i>40</i> to <i>100</i></li></ul><p>It would be great if someone tested this...</p> SCM Creator (+Github) - Feature #1707: Git supporthttp://projects.andriylesyuk.com/issues/1707?journal_id=7202011-05-30T16:14:25ZJean-Sébastien Bourjsb@zenexity.com
<ul></ul><p>No real problem here; “destroy” doesn’t destroy the repository but it’s not related to git, it just doesn’t look implemented yet <span class="wiking smiley smiley-smiley" title=":-)"></span></p>
<p>We have a problem with file permissions on disk, but it’s related to Ruby people who seem to think that it’s cool to put “File.umask 0000 # Insure sensible umask” all around daemonize.rb, because security is for boring people I guess <span class="wiking smiley smiley-smiley" title=":-)"></span> I think I’ll add a “chmod o-a” after the system call to git <span class="wiking smiley smiley-laughing" title=":-D"></span></p> SCM Creator (+Github) - Feature #1707: Git supporthttp://projects.andriylesyuk.com/issues/1707?journal_id=7222011-05-30T16:30:59ZAndriy Lesyuks-andy@andriylesyuk.com
<ul></ul><blockquote>
<p>No real problem here; “destroy” doesn’t destroy the repository but it’s not related to git, it just doesn’t look implemented yet <span class="wiking smiley smiley-smiley" title=":-)"></span></p>
</blockquote>
<p>I guess this is going to remain this way... Destroying just a repository in Redmine is one thing and destroying the repo itself... not sure if this is good/wanted. <span class="wiking smiley smiley-smiley" title=":)"></span> Let it be “backup”... <span class="wiking smiley smiley-smiley" title=":)"></span></p>
<blockquote>
<p>We have a problem with file permissions on disk, but it’s related to Ruby people who seem to think that it’s cool to put “File.umask 0000 # Insure sensible umask” all around daemonize.rb, because security is for boring people I guess <span class="wiking smiley smiley-smiley" title=":-)"></span> I think I’ll add a “chmod o-a” after the system call to git <span class="wiking smiley smiley-laughing" title=":-D"></span></p>
</blockquote>
<p>This is interesting! Bertrand used <code>chmod</code> (or maybe <code>chown</code> - don’t remembder) also... When I tested I figured out that chmod is not needed. Where did you find this line?</p> SCM Creator (+Github) - Feature #1707: Git supporthttp://projects.andriylesyuk.com/issues/1707?journal_id=7242011-05-30T16:42:14ZJean-Sébastien Bourjsb@zenexity.com
<ul></ul><p>Andriy Lesyuk wrote:</p>
<blockquote><blockquote>
<p>No real problem here; “destroy” doesn’t destroy the repository but it’s not related to git, it just doesn’t look implemented yet <span class="wiking smiley smiley-smiley" title=":-)"></span></p>
</blockquote>
<p>I guess this is going to remain this way... Destroying just a repository in Redmine is one thing and destroying the repo itself... not sure if this is good/wanted. <span class="wiking smiley smiley-smiley" title=":)"></span> Let it be “backup”... <span class="wiking smiley smiley-smiley" title=":)"></span></p>
</blockquote>
<p>Indeed. However I thought about this from a “use <code>auto_*</code> features and let the machine handle EVERYTHING” point of view. And remember I speak on git fans behalf, so who really cares about the “server” repository when everyone has a copy? <span class="wiking smiley smiley-smiley" title=":-)"></span></p>
<blockquote>
<p>This is interesting! Bertrand used <code>chmod</code> (or maybe <code>chown</code> - don’t remembder) also... When I tested I figured out that chmod is not needed. Where did you find this line?</p>
</blockquote>
<pre>
~# grep -hn umask /usr/lib/ruby/gems/1.8/gems/daemons-1.0.10/lib/daemons/daemonize.rb
119: File.umask 0000 # Insure sensible umask
176: File.umask 0000 # Insure sensible umask
219: File.umask 0000 # Insure sensible umask
</pre>
<p>and <code>umask</code> command ran from a shell with our redmine system account outputs 0022, while ran from a system() call I added in a Redmine controller just to see, outputs 0000...</p>
<p>It ends up with a repo full of files with 777 UNIX rights, which is not a real huge security flaw ATM since we use group-shared git repos and everyone is in the dev group (or, just doesn’t have access to the server), but in other situations it might...</p> SCM Creator (+Github) - Feature #1707: Git supporthttp://projects.andriylesyuk.com/issues/1707?journal_id=7392011-06-01T15:44:16ZAndriy Lesyuks-andy@andriylesyuk.com
<ul><li><strong>Status</strong> changed from <i>In Progress</i> to <i>Closed</i></li></ul><p>Jean-Sébastien Bour wrote:</p>
<blockquote>
<p>Indeed. However I thought about this from a “use <code>auto_*</code> features and let the machine handle EVERYTHING” point of view. And remember I speak on git fans behalf, so who really cares about the “server” repository when everyone has a copy? <span class="wiking smiley smiley-smiley" title=":-)"></span></p>
</blockquote>
<p>Created issue <a class="issue tracker-2 status-5 priority-5 priority-default closed" title="Should destroy remove the repository as well? (Closed)" href="http://projects.andriylesyuk.com/issues/1770">#1770</a>... <span class="wiking smiley smiley-smiley" title=":)"></span> This means that perhaps I will implement this in future...</p>
<blockquote>
<p>It ends up with a repo full of files with 777 UNIX rights, which is not a real huge security flaw ATM since we use group-shared git repos and everyone is in the dev group (or, just doesn’t have access to the server), but in other situations it might...</p>
</blockquote>
<p>This can be (and perhaps should be) solved by setting the correct umask or whatever somewhere else (e.g. in system - I don’t know). I have access to several Redmine installation using different distros and did not see such permission issue... What makes me think this is an issue not related to the plugin but to the system (even if you solve this in plugin you potentially have a security “bug” which can lead to 777 files created by other applications)!</p> SCM Creator (+Github) - Feature #1707: Git supporthttp://projects.andriylesyuk.com/issues/1707?journal_id=7772011-06-09T09:18:56ZJean-Sébastien Bourjsb@zenexity.com
<ul></ul><p>I can confirm this umask problem is not a bug in the system, we have a 0022 umask set at system level, and the Redmine system user creates files with correct permissions from the shell for example. This 0000 umask is clearly set by the ruby daemonize library. Maybe you don’t have a setup with this particular version and they fixed it?</p>
<p>However it is indeed not a problem in your plugin.</p> SCM Creator (+Github) - Feature #1707: Git supporthttp://projects.andriylesyuk.com/issues/1707?journal_id=7792011-06-09T14:01:29ZAndriy Lesyuks-andy@andriylesyuk.com
<ul></ul><blockquote>
<p>This 0000 umask is clearly set by the ruby daemonize library. Maybe you don’t have a setup with this particular version and they fixed it?</p>
</blockquote>
<p>I’m using Redmine from Debian repository... I guess Debian package maintainer fixed it.</p>