From 3dd30e134ac0c3f031bc18c86415cdd856a888a0 Mon Sep 17 00:00:00 2001
From: Sitaram Chamarty <sitaram@atc.tcs.com>
Date: Tue, 7 Aug 2012 07:48:07 +0530
Subject: [PATCH 1/3] EXPERIMENTAL: git-annex support migrated

---
 src/commands/git-annex-shell | 80 ++++++++++++++++++++++++++++++++++++
 src/gitolite-shell           |  3 +-
 2 files changed, 82 insertions(+), 1 deletion(-)
 create mode 100755 src/commands/git-annex-shell

diff --git a/src/commands/git-annex-shell b/src/commands/git-annex-shell
new file mode 100755
index 000000000..7f5310e59
--- /dev/null
+++ b/src/commands/git-annex-shell
@@ -0,0 +1,80 @@
+#!/usr/bin/perl
+
+use lib $ENV{GL_LIBDIR};
+use Gitolite::Easy;
+
+# This command requires unrestricted arguments, so instead of adding it to the
+# COMMANDS hash in the usual way, you need to add it like so:
+#   'git-annex-shell' => 'ua',
+# (i.e., the value for the key should be the string 'ua').
+#
+# This requires git-annex version 20111016 or newer. Older versions won't
+# be secure.
+
+use strict;
+use warnings;
+
+# ignore @ARGV and look at the original unmodified command
+my $cmd = $ENV{SSH_ORIGINAL_COMMAND};
+
+# Expect commands like:
+#   git-annex-shell 'configlist' '/~/repo'
+#   git-annex-shell 'sendkey' '/~/repo' 'key'
+# The parameters are always single quoted, and the repo path is always
+# the second parameter.
+# Further parameters are not validated here (see below).
+die "bad git-annex-shell command: $cmd"
+  unless $cmd =~ m#^(git-annex-shell '\w+' ')/\~/([0-9a-zA-Z][0-9a-zA-Z._\@/+-]*)('( .*|))$#;
+my $start = $1;
+my $repo  = $2;
+my $end   = $3;
+die "I dont like some of the characters in $repo\n" unless $repo =~ $REPONAME_PATT;
+die "I dont like absolute paths in $cmd\n" if $repo =~ /^\//;
+die "I dont like '..' paths in $cmd\n"     if $repo =~ /\.\./;
+
+# Modify $cmd, fixing up the path to the repo to include GL_REPO_BASE.
+my $newcmd = "$start$rc{GL_REPO_BASE}/$repo$end";
+
+# Rather than keeping track of which git-annex-shell commands
+# require write access and which are readonly, we tell it
+# when readonly access is needed.
+if ( can_write($repo) ) {
+} elsif ( can_read($repo) ) {
+    $ENV{GIT_ANNEX_SHELL_READONLY} = 1;
+} else {
+    die "$repo $ENV{GL_USER} DENIED\n";
+}
+# Further limit git-annex-shell to safe commands (avoid it passing
+# unknown commands on to git-shell)
+$ENV{GIT_ANNEX_SHELL_LIMITED} = 1;
+
+# Note that $newcmd does *not* get evaluated by the unix shell.
+# Instead it is passed as a single parameter to git-annex-shell for
+# it to parse and handle the command. This is why we do not need to
+# fully validate $cmd above.
+gl_log( $ENV{SSH_ORIGINAL_COMMAND} );
+exec "git-annex-shell", "-c", $newcmd;
+
+__END__
+
+INSTRUCTIONS... (NEED TO BE VALIDATED BY SOMEONE WHO KNOWS GIT-ANNEX WELL).
+
+based on http://git-annex.branchable.com/tips/using_gitolite_with_git-annex/
+ONLY VARIATIONS FROM THAT PAGE ARE WRITTEN HERE.
+
+requirements:
+
+  * gitolite v3.04+ (whatever version has src/commands/git-annex-shell,
+    because I haven't tagged it yet).
+  * git-annex as per that
+
+setup
+
+  * in COMMANDS hash in the rc file, add an entry like this:
+        'git-annex-shell'   =>  'ua',
+    (there is no GL_ADC_PATH and no "ua" subdirectory here, and nothing to
+    "install"; the command already comes with gitolite)
+
+That should be it; everything else should be as in that page.
+
+Once this is tested I'll move it to 'master'.
diff --git a/src/gitolite-shell b/src/gitolite-shell
index 4bbae489d..32ced23b1 100755
--- a/src/gitolite-shell
+++ b/src/gitolite-shell
@@ -152,10 +152,11 @@ sub parse_soc {
     # after this we should not return; caller expects us to handle it all here
     # and exit out
 
-    _die "suspicious characters loitering about '$soc'" if $soc !~ $REMOTE_COMMAND_PATT;
 
     my @words = split ' ', $soc;
     if ( $rc{COMMANDS}{ $words[0] } ) {
+        _die "suspicious characters loitering about '$soc'"
+          if $rc{COMMANDS}{ $words[0] } ne 'ua' and $soc !~ $REMOTE_COMMAND_PATT;
         trace( 2, "gitolite command", $soc );
         _system( "gitolite", @words );
         exit 0;

From eb8cbb48038272c383fe7cf45f214b766ec50063 Mon Sep 17 00:00:00 2001
From: Sitaram Chamarty <sitaram@atc.tcs.com>
Date: Wed, 8 Aug 2012 04:37:57 +0530
Subject: [PATCH 2/3] add package quals

---
 src/commands/git-annex-shell | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/commands/git-annex-shell b/src/commands/git-annex-shell
index 7f5310e59..a32ac20f8 100755
--- a/src/commands/git-annex-shell
+++ b/src/commands/git-annex-shell
@@ -28,7 +28,7 @@ die "bad git-annex-shell command: $cmd"
 my $start = $1;
 my $repo  = $2;
 my $end   = $3;
-die "I dont like some of the characters in $repo\n" unless $repo =~ $REPONAME_PATT;
+die "I dont like some of the characters in $repo\n" unless $repo =~ $Gitolite::Rc::REPONAME_PATT;
 die "I dont like absolute paths in $cmd\n" if $repo =~ /^\//;
 die "I dont like '..' paths in $cmd\n"     if $repo =~ /\.\./;
 
@@ -52,7 +52,7 @@ $ENV{GIT_ANNEX_SHELL_LIMITED} = 1;
 # Instead it is passed as a single parameter to git-annex-shell for
 # it to parse and handle the command. This is why we do not need to
 # fully validate $cmd above.
-gl_log( $ENV{SSH_ORIGINAL_COMMAND} );
+Gitolite::Common::gl_log( $ENV{SSH_ORIGINAL_COMMAND} );
 exec "git-annex-shell", "-c", $newcmd;
 
 __END__

From bafd20257b44866e392905630e9dc8b611d18c76 Mon Sep 17 00:00:00 2001
From: Oleg Chunikhin <oleg.chunikhin@gmail.com>
Date: Mon, 4 Feb 2013 17:43:32 -0500
Subject: [PATCH 3/3] Fixed 3 issues

- repository urls ending with .git,
- git-annex-shell command in .gitolite.rc
- custome command pattern not allowing for some characters in git-annex command arguments
---
 src/commands/git-annex-shell | 2 +-
 src/lib/Gitolite/Rc.pm       | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/commands/git-annex-shell b/src/commands/git-annex-shell
index a32ac20f8..bbdf67844 100755
--- a/src/commands/git-annex-shell
+++ b/src/commands/git-annex-shell
@@ -24,7 +24,7 @@ my $cmd = $ENV{SSH_ORIGINAL_COMMAND};
 # the second parameter.
 # Further parameters are not validated here (see below).
 die "bad git-annex-shell command: $cmd"
-  unless $cmd =~ m#^(git-annex-shell '\w+' ')/\~/([0-9a-zA-Z][0-9a-zA-Z._\@/+-]*)('( .*|))$#;
+  unless $cmd =~ m#^(git-annex-shell '\w+' ')/\~/([0-9a-zA-Z][0-9a-zA-Z._\@/+-]*)(?:\.git(\d)?)?('( .*|))$#;
 my $start = $1;
 my $repo  = $2;
 my $end   = $3;
diff --git a/src/lib/Gitolite/Rc.pm b/src/lib/Gitolite/Rc.pm
index de7d53f12..119982e93 100644
--- a/src/lib/Gitolite/Rc.pm
+++ b/src/lib/Gitolite/Rc.pm
@@ -45,7 +45,7 @@ $rc{LOG_TEMPLATE}  = "$ENV{HOME}/.gitolite/logs/gitolite-%y-%m.log";
 # ----------------------------------------------------------------------
 
 #<<<
-$REMOTE_COMMAND_PATT  =                qr(^[-0-9a-zA-Z._\@/+ :,\%=]*$);
+$REMOTE_COMMAND_PATT  =                qr(^[-0-9a-zA-Z._\@/+ :,\%=\'\~]*$);
 $REF_OR_FILENAME_PATT =     qr(^[0-9a-zA-Z][-0-9a-zA-Z._\@/+ :,]*$);
 $REPONAME_PATT        =  qr(^\@?[0-9a-zA-Z][-0-9a-zA-Z._\@/+]*$);
 $REPOPATT_PATT        = qr(^\@?[[0-9a-zA-Z][-0-9a-zA-Z._\@/+\\^$|()[\]*?{},]*$);
@@ -369,6 +369,7 @@ __DATA__
             # 'sskm'            =>  1,
             'writable'          =>  1,
             # 'D'               =>  1,
+            # 'git-annex-shell' =>  1,
         },
 
     # comment out or uncomment as needed