Add a test in receive commits for commit message first lines of over 50
characters and a boolean config option to enable checking for it.
Change-Id: I557d1ff72e6df97b991b05c36483c13873b706fb
The abandon and restore routines can fail if the change
is in the wrong state (abandoned already, or open still).
These failure lead to internal NPEs. Instead, create a
new exception and give a reason for the failure to the user.
Change-Id: Id7861d75e535c439c12329f7e891797c5b1f6eca
Allow users request SHA1 of multiple branches per command:
$ ssh -p 29418 review.example.com gerrit ls-projects -b eclair -b gingerbread
In case if a branch is not visible or does not exists then stub is shown. Here is
a sample of the command output:
---------------------------------------- d8a9e45c7ec6ff97b44fdbd0b21cabdb69f5f15b foo
---------------------------------------- 87e4297f8f508e9b73863b27c25a551a4d4b5ed5 bar
a7e9587229246f6eb876795bc45a09c17b3bed51 862b2ce84f38e93a50d29510e713475f11228b28 baz
405cd3f5d7df7bae701b313dad9ce2ef797eb754 6a7eb2f0c885d03320b58afb662ee4fc14659063 hello
---------------------------------------- 782effdaeba782a656f799c9584dcc82fbfb7fa7 world
b8240b951de6c03f72278dd3d7790c2355878197 e8099cc12a3b64aa4e58b319e61f0190e27bd3ac kext
Change-Id: Ib05a6fc770ed0b70a3c180b2a41bec5e95a7117b
Permissions are stored in the project.config file within the
refs/meta/config branch of each project. This makes the rules
more flexible in the future, as well as adds version control.
For example:
[access "refs/*"]
owner = group tools-owners
[access "refs/heads/*"]
label-Verified = -1..+1 group tools-dev
label-Verified = -1..+1 group tools-owners
label-Code-Review = -2..+2 group tools-owners
submit = group tools-dev
submit = group tools-owners
[access "refs/heads/stable"]
exclusiveGroupPermissions = read create push
read = group Anonymous Users
push = group tools-repo-maintainer
To enable easy remote editing of the configuration rules, the
following access block is added by default to -- All Projects --
and is thus inherited throughout the entire site:
[access "refs/meta/config"]
read = group Project Owners
push = group Project Owners
This configuration section permits any project owner or site
administrator (as they are indirectly always a project owner of
any project) to push changes to the project.config file within
the refs/meta/config branch, updating access (and other project
information) remotely without using the web UI.
Change-Id: Idb56f657a4bf88108ad40bbb19d831e6806b68c5
Signed-off-by: Shawn O. Pearce <sop@google.com>
By switching to the UUID we can have a globally unique identifier
for group membership throughout the server, even if group information
comes in from a different data source.
Change-Id: Icb49d6a6aff8e62864ac0f78ceedbe03f01de894
Signed-off-by: Shawn O. Pearce <sop@google.com>
Project settings are now saved in the project.config file of the
refs/meta/config branch within each Git repository. This offers
us free version control over the lifespan of the project, and will
help reduce schema version issues as the configuration file is
more free-form.
Project owners can edit the configuration of their project by
hand and push the results back up, possibly even going through
code review, if the proper access rules are assigned in the
project's access panel. Project users can inspect the history of
the configuration by reading the history of the refs/meta/config
branch with their favorite history browser.
Change-Id: Id63414d86dbfb9033021f76e1d5e782373525a77
Signed-off-by: Shawn O. Pearce <sop@google.com>
Rather than locating projects in the database table, perform a
recursive scan of the managed repository directory and pull up
anything that we find. This is a first step towards moving all
the project control metadata directly into Git.
Bug: issue 436
Change-Id: I08e0083f14f5c03eb9e49b4895c265d13b828534
Signed-off-by: Shawn O. Pearce <sop@google.com>
Make createRepository() actually create the project repository.
Change-Id: Ic10381440129f13919ad6cd67a32c22ae48e0f53
Signed-off-by: Shawn O. Pearce <sop@google.com>
SSH commands that accept a user as parameter (e.g.
create-group, receive-pack) fail if for a
specified user an account is not existing. With
this change the command is not immediately failing,
but if a user is specified that has no account it
tries to authenticate the user and if the
authentication is successful a user account is
automatically created so that the SSH command can
succeed.
This is e.g. useful if you have an automated
process that creates committer groups for new
projects. Since it can happen that the users that
should be assigned to the new committer group
have never logged in into Gerrit, some of these
users may not have a Gerrit account and so the group
creation fails. However these users are all known in
the used LDAP system and so a Gerrit account can be
automatically created for them. With this the group
creation can be successful even if some of the
members did not log in into Gerrit before.
Signed-off-by: Edwin Kempin <edwin.kempin@sap.com>
Change-Id: Ic3bc7b802ab5c8b0da4953fe207e47a43c54bcf7
The 'set-project-parent' SSH command allows to set a project as
parent for itself. If this is done the project is not anymore
inheriting from the '--All Projects--' so that we get multiple
project roots. A project owning itself is not anymore reported by
'ls-projects' command.
This change ensures that a project cannot be set as parent for
itself.
Change-Id: Idc19dc5383b51d06e4d0bcdf1025023e9f763e83
Signed-off-by: Edwin Kempin <edwin.kempin@sap.com>
Creating an SSH command for an incoming user request may require
looking up group information in LDAP if the user's groups are not hot
in the cache. This can take some time and may temporarily block an
NioProcessor thread preventing network IO from occurring for other
active user sessions.
Shift command creation onto a background work queue that only does
command construction for incoming requests. This way active commands
are not blocked by LDAP group lookups.
Two threads are used to try and avoid a single LDAP lookup from
blocking all new command creation on the server.
Change-Id: I1b49a836ba3443a9a85c29b7e3156558ca34ac47
Signed-off-by: Shawn O. Pearce <sop@google.com>
This fixes the keepalive@jsch.com error seen by some sites.
Change-Id: I19917d91ddeb2ab55119c71ea60e90d2034ab460
Signed-off-by: Shawn O. Pearce <sop@google.com>
This change adds a new item to the group configuration: a list of
groups whose members should be included in this one. This makes it
possible to set up a hierarchy of included groups, which can make it
easier to maintain complex access control lists.
To accomplish this, two new database tables were added,
called AccountGroupIncludes and AccountGroupIncludesAudit.
The relevant support code was added around them, largely based on
the existing code for handling indivdual account membership. In
addition, caches for group information were added, paralleling the
caches that already exist for accounts.
Change-Id: Ib6990c17739f28f38bc13961143db7ce79251567
When connecting via command line ssh with a non-ascii user name set,
the info message is not displayed, but an IllegalArgumentException
("Not ASCII string") is thrown. This change shows the message in
UTF-8.
Change-Id: I1c4da072a572b6a35bd020a00450ec7123c23ba9
Normally a group is only visible to the group owners and the Gerrit
administrators. In certain environments (corporate or open source) it
can make sense to have groups that are visible to all registered
users. E.g.:
- a user needs access rights for a certain project, if this user can
see the project owner group, he knows whom to contact to request
the access rights
- a user needs support from a Gerrit administrator, if this user can
see the administrator group, he knows whom to contact
This change adds a new group option that allows to make the group
visible to all registered users. Modifying the group is still only
allowed for the group owners. By default a newly created group will
only be visible to the group owners.
Change-Id: I2de0084a7842d73618ca48fa95804c22d5bb90cb
Signed-off-by: Edwin Kempin <edwin.kempin@sap.com>
Earlier I fixed the huge push problem, but only for smart HTTP. I
forgot to apply the same logic to the advertisements offered over SSH,
as the SSH variant doesn't require the cache to carry the ObjectIds
from one request into the next.
Move the logic to the common ReceiveCommits class, and apply it to
both the smart HTTP and SSH protocols.
Change-Id: I96be6ec4c15d05f7667c9cb3adf221e29a1c3a33
Signed-off-by: Shawn O. Pearce <sop@google.com>
The review command could only do approvals, verifies,
comments, and submits. It now can also do abandons and
restores like the WUI. Also refactor the abandon and
restore logic out of the AbandonChange and RestoreChange
classes and into the ChangeUtil class since it is used by
both the WUI and SSH now.
Bug: issue 674
Change-Id: I7ac24a0ff47f3edaebb6fcad8ad3127f370e5672
When a user is added to a group, the new group membership gets not
active as long as the old user information stays in the AccountCache.
This is why the user needs to be evicted from the AccountCache when
he is added to a group. Then the user information together with the
new group membership is reloaded from the database.
If a new group membership is assigned in the WebUI the user is
properly evicted from the AccountCache and the new group membership
is immediately active.
If a group gets created by an SSH command and initial members get
added to the new group, the initial members are not evicted from the
AccountCache. This is why the new group membership does not get
active immediatley if the user information is already in the
AccountCache.
This change now ensures that the initial members of a group created
by an SSH command get evicted from the AccountCache. The fix is done
in such a way that there is now only one implementation of the group
creation functionality which is used from both WebUI and SSH command.
Change-Id: I605277d564d3e2d45d6366afbf3af48cc04458d5
Signed-off-by: Edwin Kempin <edwin.kempin@sap.com>
Bug: issue 814
If a new project is created with an initial empty commit, the
replication of this commit is always failing. The reason is that the
replication is triggered before the project is created in the Gerrit
database.
This fix ensures that the replication of the initial commit is
triggered only after the project was created in the Gerrit database.
Change-Id: Ica2f53392f26cb2ddab568f77d04e1c040d5cb9b
Signed-off-by: Edwin Kempin <edwin.kempin@sap.com>
Bug: issue 879
Gerrit changed it's behavior with JGit commit
ffc8b42957a2f294960d5ad027e2c7e41d3f70cd and since then sets
core.logallrefupdates = false for new projects. Prior to that
change Gerrit did set core.logallrefupdates = true for newly created
projects. Reverting to the old behavior as being able to inspect the
reflog is desirable.
Change-Id: If6ffa8c98658c996a01811ccaa8823c7042af08a
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
This simplifies all of the calling sites, where they have a
Project.NameKey on hand and would prefer not to invoke .get() to
convert it into a String.
Change-Id: If661fc07cff542a57af3c28f27ab401ce7b3a656
Signed-off-by: Shawn O. Pearce <sop@google.com>
No user (even site administrators) is permitted to make modifications
to the refs/changes/ namespace during push. This restriction
prevents commits needed to remember patch sets of a change from
being deleted or replaced after the review has already started.
The primary reason the git receive-pack server advertises references
to the send-pack client is to let it know what references the client
can change, and allow the client to detect if the change should
require the --force flag. The secondary reason is to help the
client compute a common ancestor with the server, and reduce the
amount of objects it must upload. Either way the client doesn't
need the list of all commits submitted for review, it can function
perfectly fine without the refs/changes/ names.
For some really busy repositories, this can save megabytes worth
of text that needs to be sent from server to client each time the
client tries to push a change for review.
Change-Id: I4815adcdb58b8fea24b77b6b5e92a0d073dddb0f
Signed-off-by: Shawn O. Pearce <sop@google.com>
By batch submitting all of the changes to the MergeQueue we ensure
that the merge queue can sort them by topological order and doesn't
create unnecessary merge commits. This can be relevant if the user
accidentally uses --reverse flag when submitting changes in bulk or
when there is clock skew on the branch:
ssh r gerrit review -s $(git rev-list --reverse origin/master..)
Unfortunately we can't do a full batch submit, as there isn't that
level of transaction support avaliable in the database API. But we
can avoid starting the merger on the branch until after all of the
affected changes have been marked SUBMITTED.
The better way to ensure submits happen correctly is to perform a
topological sort of the changes using the same sorter as MergeOp, and
then submit them from the root down. This ensures that an early merge
attempt started by a different thread will be unable to merge the
change, because its parent isn't yet marked SUBMITTED. Unfortunately
reusing that code here is non-trivial, so I'm punting on it for now.
Change-Id: I0242a360fcd8ba8f8c7fa5dcee021867f91352f8
Signed-off-by: Shawn O. Pearce <sop@google.com>
Present users with a more useful message that explains they have
logged in, but aren't able to run commands directly through SSH.
Change-Id: I9763ae6f28c2dd2aa7a3f3e41a9b13ef997a1f45
Signed-off-by: Shawn O. Pearce <sop@google.com>
Enable the site administrator to control the SSHD server's limits by
defining how many times a user can prevent an SSH key before we give
up, how long the session is allowed to sit without authentication,
and how many sessions any single user may have.
Change-Id: Ia7da504caa6e741a412dc03cf0e2e167d6d4c612
Signed-off-by: Shawn O. Pearce <sop@google.com>
The new version contains a work-around for failed sftp connections,
resolving a common NullPointerException error in server error logs.
Change-Id: Iebe667e8cd81cb79848833e2a5de68447fcd42fa
Signed-off-by: Shawn O. Pearce <sop@google.com>
Add new option '--empty-commit' for the
'create-project' SSH command that creates an
initial empty commit for the newly created
project.
The idea of introducing this option was discussed
on the mailing list:
http://groups.google.com/group/repo-discuss/browse_thread/thread/945f313be4f26167?pli=1
Signed-off-by: Edwin Kempin <edwin.kempin@gmail.com>
Change-Id: I54cee094a4d465cd05cbc13ffcf90666b205ba72
Use new content merge functionality in JGit for automatic
resolution of conflicts within a file.
Change-Id: Ifae8a94709fb60f13e4c79fb6bb77a214ef5f0b7
Signed-off-by: Shawn O. Pearce <sop@google.com>
The new --all-approvals option in queries enables
the approvals to be displayed inline with each patchset.
This option therefore implies the --patch-sets option.
Bug: issue 729
Change-Id: Iace6ce9673f3d54c102af5550ebed0c4c5cb5053
If we catch an UnpackException it might be caused by a bug deep
within the check connectivity code of ReceivePack. Log a lot more
detail than we have in the past to try and narrow down the problem.
Change-Id: I28b2e9e3183359eea6d0f33cb16ffc579f8a837e
Signed-off-by: Shawn O. Pearce <sop@google.com>
The new --permissions-only option permits creating a project only
for use as a parent of other projects, for permissions inheritance.
This bypasses the creation of an otherwise empty git repository in
the server's repository forest.
Bug: issue 613
Change-Id: I86c53b11597a3d0cddfae01b2195944b458727a1
Signed-off-by: Shawn O. Pearce <sop@google.com>
In several places a git repository was opened
but not closed or not closed in case of exception.
This commit fixes these places and ensures that
the opened git repository is properly closed after
use.
Signed-off-by: Edwin Kempin <edwin.kempin@gmail.com>
This feature adds two new options to gerrit.config file: upload and
receive with the allowGroup attribute, that restrict to some specific
groups the ability to run upload/receive commands on the server.
[sp: All bugs are mine, I refactored the code a bit from the original]
Change-Id: Ibd31bd11234e429f8b0201bbb03099f737281f21
Signed-off-by: Shawn O. Pearce <sop@google.com>
I meant to keep reusing the 2.1 version number for the entire
2.1 series during development, but botched it during the 2.1.4
development cycle and set it to 2.1.4-SNAPSHOT by mistake. Put
it back to 2.1-SNAPSHOT since 2.1.4 is released.
Change-Id: I37e206c0609bf3fd94a5aab8ea301c98b7fb013e
Signed-off-by: Shawn O. Pearce <sop@google.com>
Add a inactive column to the Account object. Use the inactive
status to disable the user's web and ssh logins, sending
emails to the user on behalf of gerrit, adding the user as a
reviewer or to a group, and making the user appear in the
"add reviewer" and group "add member" auto completion boxes.
Bug: issue 503
Change-Id: Ib002788ebf8204dfea608d9f5ac3a5cdff20f817