#!/usr/bin/perl
-#man{{{
-
=head1 NAME
mr - a Multiple Repository management tool
B<mr> [options] log
+B<mr> [options] bootstrap url
+
B<mr> [options] register [repository]
B<mr> [options] config section ["parameter=[value]" ...]
contains no other registered repositories, it will stay in that directory,
and work on only that repository,
+B<mr> is configured by .mrconfig files, which list the repositories. It
+starts by reading the .mrconfig file in your home directory, and this can
+in turn chain load .mrconfig files from repositories.
+
These predefined commands should be fairly familiar to users of any revision
control system:
=over 4
+=item bootstrap url
+
+Causes mr to download the url, save it to a .mrconfig file in the
+current directory, and then check out all repositories listed in it.
+
=item list (or ls)
List the repositories that mr will act on.
Use the specified mrconfig file. The default is B<~/.mrconfig>
+=item -p
+
+Search in the current directory, and its parent directories and use
+the first B<.mrconfig> found, instead of the default B<~/.mrconfig>.
+
=item -v
Be verbose.
It is not recommended for interactive operations.
Note that running more than 10 jobs at a time is likely to run afoul of
-ssh connection limits. Running between 3 and 5 jobs at a time will yeild
+ssh connection limits. Running between 3 and 5 jobs at a time will yield
a good speedup in updates without loading the machine too much.
-=back
+=item -t
-=head1 FILES
+Trust all mrconfig files even if they are not listed in ~/.mrtrust.
+Use with caution.
-The ~/.mrlog file contains commands that mr has remembered to run later,
-due to being offline. You can delete or edit this file to remove commands,
-or even to add other commands for 'mr online' to run. If the file is
-present, mr assumes it is in offline mode.
+=back
-B<mr> is configured by .mrconfig files. It starts by reading the .mrconfig
-file in your home directory, and this can in turn chain load .mrconfig files
-from repositories.
+=head1 "MRCONFIG FILES"
Here is an example .mrconfig file:
=item chain
If the "chain" parameter is set and its command returns true, then B<mr>
-will try to load a .mrconfig file from the root of the repository. (You
-should avoid chaining from repositories with untrusted committers.)
+will try to load a .mrconfig file from the root of the repository.
=item include
override these rcs specific actions. To add a new revision control system,
you can just add rcs specific actions for it.
+The ~/.mrlog file contains commands that mr has remembered to run later,
+due to being offline. You can delete or edit this file to remove commands,
+or even to add other commands for 'mr online' to run. If the file is
+present, mr assumes it is in offline mode.
+
+=head "UNTRUSTED MRCONFIG FILES"
+
+Since mrconfig files can contain arbitrary shell commands, they can do
+anything. This flexability is good, but it also allows a malicious mrconfig
+file to delete your whole home directory. Such a file might be contained
+inside a repository that your main ~/.mrconfig checks out and chains to. To
+avoid worries about evil commands in a mrconfig file, mr
+has the ability to read mrconfig files in untrusted mode. Such files are
+limited to running only known safe commands (like "git clone") in a
+carefully checked manner.
+
+By default, mr trusts all mrconfig files. (This default will change in a
+future release!) But if you have a ~/.mrtrust file, mr will only trust
+mrconfig files that are listed within it. (One file per line.) All other
+files will be treated as untrusted.
+
+=head1 EXTENSIONS
+
+mr can be extended to support things such as unison and git-svn. Some
+files providing such extensions are available in /usr/share/mr/. See
+the documentation in the files for details about using them.
+
=head1 AUTHOR
-Copyright 2007 Joey Hess <joey@kitenet.net>
+Copyright 2007-2009 Joey Hess <joey@kitenet.net>
Licensed under the GNU GPL version 2 or higher.
=cut
-#}}}
-
use warnings;
use strict;
use Getopt::Long;
my $max_depth;
my $no_chdir=0;
my $jobs=1;
+my $trust_all=0;
my $directory=getcwd();
$ENV{MR_CONFIG}="$ENV{HOME}/.mrconfig";
main();
my %rcs;
-sub rcs_test { #{{{
+sub rcs_test {
my ($action, $dir, $topdir, $subdir) = @_;
if (exists $rcs{$dir}) {
else {
return $rcs{$dir}=$rcs;
}
-} #}}}
+}
-sub findcommand { #{{{
+sub findcommand {
my ($action, $dir, $topdir, $subdir, $is_checkout) = @_;
if (exists $config{$topdir}{$subdir}{$action}) {
else {
return undef;
}
-} #}}}
+}
-sub action { #{{{
+sub action {
my ($action, $dir, $topdir, $subdir) = @_;
$ENV{MR_CONFIG}=$configfiles{$topdir};
return OK;
}
}
-} #}}}
+}
# run actions on multiple repos, in parallel
-sub mrs { #{{{
+sub mrs {
my $action=shift;
my @repos=@_;
}
}
}
-} #}}}
+}
-sub record { #{{{
+sub record {
my $dir=shift()->[0];
my $ret=shift;
else {
die "unknown exit status $ret";
}
-} #}}}
+}
-sub showstats { #{{{
+sub showstats {
my $action=shift;
if (! @ok && ! @failed && ! @skipped) {
die "mr $action: no repositories found to work on\n";
print STDERR "mr $action: (failed: ".join(" ", @failed).")\n";
}
}
-} #}}}
+}
-sub showstat { #{{{
+sub showstat {
my $count=shift;
my $singular=shift;
my $plural=shift;
return "$count ".($count > 1 ? $plural : $singular);
}
return;
-} #}}}
+}
# an ordered list of repos
-sub repolist { #{{{
+sub repolist {
my @list;
foreach my $topdir (sort keys %config) {
foreach my $subdir (sort keys %{$config{$topdir}}) {
||
$a->{subdir} cmp $b->{subdir}
} @list;
-} #}}}
+}
# figure out which repos to act on
-sub selectrepos { #{{{
+sub selectrepos {
my @repos;
foreach my $repo (repolist()) {
my $topdir=$repo->{topdir};
$no_chdir=1;
}
return @repos;
-} #}}}
+}
-sub expandenv { #{{{
+sub expandenv {
my $val=shift;
}
return $val;
-} #}}}
+}
+
+my %trusted;
+sub is_trusted_config {
+ my $config=shift; # must be abs_pathed already
+
+ # We always trust ~/.mrconfig.
+ return 1 if $config eq abs_path("$ENV{HOME}/.mrconfig");
+
+ return 1 if $trust_all;
+
+ my $trustfile=$ENV{HOME}."/.mrtrust";
+
+ if (! -e $trustfile) {
+ print "mr: Assuming $config is trusted.\n";
+ print "mr: For better security, you are encouraged to create ~/.mrtrust\n";
+ print "mr: and list all trusted mrconfig files in it.\n";
+ return 1;
+ }
+
+ if (! %trusted) {
+ $trusted{"$ENV{HOME}/.mrconfig"}=1;
+ open (TRUST, "<", $trustfile) || die "$trustfile: $!";
+ while (<TRUST>) {
+ chomp;
+ s/^~\//$ENV{HOME}\//;
+ $trusted{abs_path($_)}=1;
+ }
+ close TRUST;
+ }
+
+ return $trusted{$config};
+}
+
+
+sub is_trusted_repo {
+ my $repo=shift;
+
+ # Tightly limit what is allowed in a repo name.
+ # No ../, no absolute paths, and no unusual filenames
+ # that might try to escape to the shell.
+ return $repo =~ /^[-_.+\/A-Za-z0-9]+$/ &&
+ $repo !~ /\.\./ && $repo !~ /^\//;
+}
+
+sub is_trusted_checkout {
+ my $command=shift;
+
+ # To determine if the command is safe, compare it with the
+ # *_trusted_checkout config settings. Those settings are
+ # templates for allowed commands, so make sure that each word
+ # of the command matches the corresponding word of the template.
+
+ my @words;
+ foreach my $word (split(' ', $command)) {
+ # strip quoting
+ if ($word=~/^'(.*)'$/) {
+ $word=$1;
+ }
+ elsif ($word=~/^"(.*)"$/) {
+ $word=$1;
+ }
+
+ push @words, $word;
+ }
+
+ foreach my $key (grep { /_trusted_checkout$/ }
+ keys %{$config{''}{DEFAULT}}) {
+ my @twords=split(' ', $config{''}{DEFAULT}{$key});
+ next if @words > @twords;
+
+ my $match=1;
+ my $url;
+ for (my $c=0; $c < @twords && $match; $c++) {
+ if ($twords[$c] eq '$url') {
+ # Match all the typical characters found in
+ # urls, plus @ which svn can use. Note
+ # that the "url" might also be a local
+ # directory.
+ $match=(
+ defined $words[$c] &&
+ $words[$c] =~ /^[-_.+:@\/A-Za-z0-9]+$/
+ );
+ $url=$words[$c];
+ }
+ elsif ($twords[$c] eq '$repo') {
+ # If a repo is not specified, assume it
+ # will be the last path component of the
+ # url, or something derived from it, and
+ # check that.
+ if (! defined $words[$c] && defined $url) {
+ ($words[$c])=$url=~/\/([^\/]+)\/?$/;
+ }
+
+ $match=(
+ defined $words[$c] &&
+ is_trusted_repo($words[$c])
+ );
+ }
+ elsif (defined $words[$c] && $twords[$c] eq $words[$c]) {
+ $match=1;
+ }
+ else {
+ $match=0;
+ }
+ }
+ return 1 if $match;
+ }
+
+ return 0;
+}
my %loaded;
-sub loadconfig { #{{{
+sub loadconfig {
my $f=shift;
my @toload;
my $in;
my $dir;
+ my $trusted;
if (ref $f eq 'GLOB') {
$dir="";
- $in=$f;
+ $in=$f;
+ $trusted=1;
}
else {
if (! -e $f) {
}
$loaded{$absf}=1;
+ $trusted=is_trusted_config($absf);
+
($dir)=$f=~/^(.*\/)[^\/]+$/;
if (! defined $dir) {
$dir=".";
chomp;
next if /^\s*\#/ || /^\s*$/;
if (/^\[([^\]]*)\]\s*$/) {
- $section=expandenv($1);
+ $section=$1;
+
+ if (! $trusted) {
+ if (! is_trusted_repo($section) ||
+ $section eq 'ALIAS' ||
+ $section eq 'DEFAULT') {
+ die "mr: illegal section \"[$section]\" in untrusted $f line $line\n";
+ }
+ }
+ $section=expandenv($section) if $trusted;
}
elsif (/^(\w+)\s*=\s*(.*)/) {
my $parameter=$1;
chomp $value;
}
+ if (! $trusted) {
+ # Untrusted files can only contain checkout
+ # parameters.
+ if ($parameter ne 'checkout') {
+ die "mr: illegal setting \"$parameter=$value\" in untrusted $f line $line\n";
+ }
+ if (! is_trusted_checkout($value)) {
+ die "mr: illegal checkout command \"$value\" in untrusted $f line $line\n";
+ }
+ }
+
if ($parameter eq "include") {
print "mr: including output of \"$value\"\n" if $verbose;
unshift @lines, `$value`;
foreach (@toload) {
loadconfig($_);
}
-} #}}}
+}
-sub modifyconfig { #{{{
+sub modifyconfig {
my $f=shift;
# the section to modify or add
my $targetsection=shift;
open(my $out, ">", $f) || die "mr: write $f: $!\n";
print $out @out;
close $out;
-} #}}}
+}
-sub dispatch { #{{{
+sub dispatch {
my $action=shift;
# actions that do not operate on all repos
elsif ($action eq 'register') {
register(@ARGV);
}
+ elsif ($action eq 'bootstrap') {
+ bootstrap();
+ }
elsif ($action eq 'remember' ||
$action eq 'offline' ||
$action eq 'online') {
record($repo, action($action, @$repo));
}
}
-} #}}}
+}
-sub help { #{{{
+sub help {
exec($config{''}{DEFAULT}{help}) || die "exec: $!";
-} #}}}
+}
-sub config { #{{{
+sub config {
if (@_ < 2) {
die "mr config: not enough parameters\n";
}
}
modifyconfig($ENV{MR_CONFIG}, $section, %changefields) if %changefields;
exit 0;
-} #}}}
+}
-sub register { #{{{
+sub register {
if ($config_overridden) {
# Find the directory that the specified config file is
# located in.
join(" ", map { s/\//\/\//g; s/"/\"/g; '"'.$_.'"' } @ARGV);
print "mr register: running >>$command<<\n" if $verbose;
exec($command) || die "exec: $!";
-} #}}}
+}
+
+sub bootstrap {
+ my $url=shift @ARGV;
+
+ if (! defined $url || ! length $url) {
+ die "mr: bootstrap requires url\n";
+ }
+
+ if (-e ".mrconfig") {
+ die "mr: .mrconfig file already exists, not overwriting with $url\n";
+ }
+
+ if (system("curl", "-s", $url, "-o", ".mrconfig") != 0) {
+ die "mr: download of $url failed\n";
+ }
+
+ exec("mr $ENV{MR_SWITCHES} -c .mrconfig checkout");
+ die "failed to run mr checkout";
+}
# alias expansion and command stemming
-sub expandaction { #{{{
+sub expandaction {
my $action=shift;
if (exists $alias{$action}) {
$action=$alias{$action};
}
}
return $action;
-} #}}}
+}
-sub getopts { #{{{
+sub find_nearest_mrconfig {
+ my $dir=getcwd();
+ while (length $dir) {
+ if (-e "$dir/.mrconfig") {
+ return "$dir/.mrconfig";
+ }
+ $dir=~s/\/[^\/]*$//;
+ }
+ die "no .mrconfig found in path\n";
+}
+
+sub getopts {
my @saved=@ARGV;
Getopt::Long::Configure("bundling", "no_permute");
my $result=GetOptions(
"d|directory=s" => sub { $directory=abs_path($_[1]) },
"c|config=s" => sub { $ENV{MR_CONFIG}=$_[1]; $config_overridden=1 },
+ "p|path" => sub { $ENV{MR_CONFIG}=find_nearest_mrconfig(); $config_overridden=1 },
"v|verbose" => \$verbose,
"q|quiet" => \$quiet,
"s|stats" => \$stats,
"i|interactive" => \$interactive,
"n|no-recurse:i" => \$max_depth,
"j|jobs:i" => \$jobs,
+ "t|trust-all" => \$trust_all,
);
if (! $result || @ARGV < 1) {
- die("Usage: mr [-d directory] action [params ...]\n".
+ die("Usage: mr [options] action [params ...]\n".
"(Use mr help for man page.)\n");
}
last if $option eq $ARGV[0];
$ENV{MR_SWITCHES}.="$option ";
}
-} #}}}
+}
-sub init { #{{{
+sub init {
$SIG{INT}=sub {
print STDERR "mr: interrupted\n";
exit 2;
use FindBin qw($Bin $Script);
$ENV{MR_PATH}=$Bin."/".$Script;
};
-} #}}}
+}
-sub main { #{{{
+sub main {
getopts();
init();
else {
exit 0;
}
-} #}}}
+}
# Finally, some useful actions that mr knows about by default.
# These can be overridden in ~/.mrconfig.
-#DATA{{{
__DATA__
[ALIAS]
co = checkout
svn_update = svn update "$@"
git_update = git pull "$@"
-bzr_update = bzr merge "$@"
+bzr_update = bzr merge --pull "$@"
cvs_update = cvs update "$@"
hg_update = hg pull "$@" && hg update "$@"
darcs_update = darcs pull -a "$@"
bzr_push = bzr push "$@"
cvs_push = :
hg_push = hg push "$@"
-darcs_push = darcs push -a
+darcs_push = darcs push -a "$@"
svn_diff = svn diff "$@"
git_diff = git diff "$@"
echo "Registering git url: $url in $MR_CONFIG"
mr -c "$MR_CONFIG" config "`pwd`" checkout="git clone --bare '$url' '$MR_REPO'"
+svn_trusted_checkout = svn co $url $repo
+svn_alt_trusted_checkout = svn checkout $url $repo
+git_trusted_checkout = git clone $url $repo
+bzr_trusted_checkout = bzr clone $url $repo
+# cvs: too hard
+hg_trusted_checkout = hg clone $url $repo
+darcs_trusted_checkout = darcs get $url $repo
+git_bare_trusted_checkout = git clone --bare $url $repo
+
help =
if [ ! -e "$MR_PATH" ]; then
error "cannot find program path"
man -l "$tmp" || error "man failed"
list = true
config =
+bootstrap =
online =
if [ -s ~/.mrlog ]; then
info "no offline commands to run"
fi
offline =
+ umask 077
touch ~/.mrlog
info "offline mode enabled"
remember =
ed = echo "A horse is a horse, of course, of course.."
T = echo "I pity the fool."
right = echo "Not found."
-#}}}
# vim:sw=8:sts=0:ts=8:noet
projects / code / myrepos.git / blobdiff