X-Git-Url: https://git.madduck.net/code/myrepos.git/blobdiff_plain/9554e5ff116b47f88f110f6fd710d5b1da42d724..fca9fb631455f518ae828b36c0fe355a3c8c0665:/mr?ds=inline diff --git a/mr b/mr index 4dabe9a..0bf6655 100755 --- a/mr +++ b/mr @@ -1,7 +1,5 @@ #!/usr/bin/perl -#man{{{ - =head1 NAME mr - a Multiple Repository management tool @@ -22,6 +20,8 @@ B<mr> [options] diff B<mr> [options] log +B<mr> [options] bootstrap url [directory] + B<mr> [options] register [repository] B<mr> [options] config section ["parameter=[value]" ...] @@ -36,7 +36,7 @@ B<mr> [options] remember action [params ...] B<mr> is a Multiple Repository management tool. It can checkout, update, or perform other actions on a set of repositories as if they were one combined -repository. It supports any combination of subversion, git, cvs, mecurial, +repository. It supports any combination of subversion, git, cvs, mercurial, bzr and darcs repositories, and support for other revision control systems can easily be added. @@ -45,6 +45,10 @@ working directory. Or, if you are in a subdirectory of a repository that contains no other registered repositories, it will stay in that directory, and work on only that repository, +B<mr> is configured by .mrconfig files, which list the repositories. It +starts by reading the .mrconfig file in your home directory, and this can +in turn chain load .mrconfig files from repositories. + These predefined commands should be fairly familiar to users of any revision control system: @@ -100,6 +104,17 @@ These commands are also available: =over 4 +=item bootstrap url [directory] + +Causes mr to download the url, and use it as a .mrconfig file +to checkout the repositories listed in it, into the specified directory. + +The directory will be created if it does not exist. If no directory is +specified, the current directory will be used. + +If the .mrconfig file includes a repository named ".", that +is checked out into the top of the specified directory. + =item list (or ls) List the repositories that mr will act on. @@ -174,34 +189,61 @@ system. =item -d directory +=item --directory directory + Specifies the topmost directory that B<mr> should work in. The default is the current working directory. =item -c mrconfig +=item --config mrconfig + Use the specified mrconfig file. The default is B<~/.mrconfig> +=item -p + +=item --path + +Search in the current directory, and its parent directories and use +the first B<.mrconfig> found, instead of the default B<~/.mrconfig>. + =item -v +=item --verbose + Be verbose. =item -q +=item --quiet + Be quiet. +=item -k + +=item --insecure + +Accept untrusted SSL certificates when bootstrapping. + =item -s +=item --stats + Expand the statistics line displayed at the end to include information about exactly which repositories failed and were skipped, if any. =item -i +=item --interactive + Interactive mode. If a repository fails to be processed, a subshell will be started which you can use to resolve or investigate the problem. Exit the subshell to continue the mr run. =item -n [number] +=item --no-recurse [number] + If no number if specified, just operate on the repository for the current directory, do not recurse into deeper repositories. @@ -211,26 +253,26 @@ but not ./src/packages/bar. =item -j [number] +=item --jobs [number] + Run the specified number of jobs in parallel, or an unlimited number of jobs with no number specified. This can greatly speed up operations such as updates. It is not recommended for interactive operations. Note that running more than 10 jobs at a time is likely to run afoul of -ssh connection limits. Running between 3 and 5 jobs at a time will yeild +ssh connection limits. Running between 3 and 5 jobs at a time will yield a good speedup in updates without loading the machine too much. -=back +=item -t -=head1 FILES +=item --trust-all -The ~/.mrlog file contains commands that mr has remembered to run later, -due to being offline. You can delete or edit this file to remove commands, -or even to add other commands for 'mr online' to run. If the file is -present, mr assumes it is in offline mode. +Trust all mrconfig files even if they are not listed in ~/.mrtrust. +Use with caution. + +=back -B<mr> is configured by .mrconfig files. It starts by reading the .mrconfig -file in your home directory, and this can in turn chain load .mrconfig files -from repositories. +=head1 "MRCONFIG FILES" Here is an example .mrconfig file: @@ -311,8 +353,7 @@ repository, ordering it to be processed earlier is not recommended. =item chain If the "chain" parameter is set and its command returns true, then B<mr> -will try to load a .mrconfig file from the root of the repository. (You -should avoid chaining from repositories with untrusted committers.) +will try to load a .mrconfig file from the root of the repository. =item include @@ -343,9 +384,36 @@ the action that is performed for a given revision control system, you can override these rcs specific actions. To add a new revision control system, you can just add rcs specific actions for it. +The ~/.mrlog file contains commands that mr has remembered to run later, +due to being offline. You can delete or edit this file to remove commands, +or even to add other commands for 'mr online' to run. If the file is +present, mr assumes it is in offline mode. + +=head1 "UNTRUSTED MRCONFIG FILES" + +Since mrconfig files can contain arbitrary shell commands, they can do +anything. This flexability is good, but it also allows a malicious mrconfig +file to delete your whole home directory. Such a file might be contained +inside a repository that your main ~/.mrconfig checks out and chains to. To +avoid worries about evil commands in a mrconfig file, mr +has the ability to read mrconfig files in untrusted mode. Such files are +limited to running only known safe commands (like "git clone") in a +carefully checked manner. + +By default, mr trusts all mrconfig files. (This default will change in a +future release!) But if you have a ~/.mrtrust file, mr will only trust +mrconfig files that are listed within it. (One file per line.) All other +files will be treated as untrusted. + +=head1 EXTENSIONS + +mr can be extended to support things such as unison and git-svn. Some +files providing such extensions are available in /usr/share/mr/. See +the documentation in the files for details about using them. + =head1 AUTHOR -Copyright 2007 Joey Hess <joey@kitenet.net> +Copyright 2007-2009 Joey Hess <joey@kitenet.net> Licensed under the GNU GPL version 2 or higher. @@ -353,8 +421,6 @@ http://kitenet.net/~joey/code/mr/ =cut -#}}} - use warnings; use strict; use Getopt::Long; @@ -373,10 +439,12 @@ my $config_overridden=0; my $verbose=0; my $quiet=0; my $stats=0; +my $insecure=0; my $interactive=0; my $max_depth; my $no_chdir=0; my $jobs=1; +my $trust_all=0; my $directory=getcwd(); $ENV{MR_CONFIG}="$ENV{HOME}/.mrconfig"; @@ -390,7 +458,7 @@ my (@ok, @failed, @skipped); main(); my %rcs; -sub rcs_test { #{{{ +sub rcs_test { my ($action, $dir, $topdir, $subdir) = @_; if (exists $rcs{$dir}) { @@ -425,9 +493,9 @@ sub rcs_test { #{{{ else { return $rcs{$dir}=$rcs; } -} #}}} +} -sub findcommand { #{{{ +sub findcommand { my ($action, $dir, $topdir, $subdir, $is_checkout) = @_; if (exists $config{$topdir}{$subdir}{$action}) { @@ -447,10 +515,10 @@ sub findcommand { #{{{ else { return undef; } -} #}}} +} -sub action { #{{{ - my ($action, $dir, $topdir, $subdir) = @_; +sub action { + my ($action, $dir, $topdir, $subdir, $force_checkout) = @_; $ENV{MR_CONFIG}=$configfiles{$topdir}; my $lib=exists $config{$topdir}{$subdir}{lib} ? @@ -460,12 +528,14 @@ sub action { #{{{ $ENV{MR_REPO}=$dir; if ($is_checkout) { - if (-d $dir) { - print "mr $action: $dir already exists, skipping checkout\n" if $verbose; - return SKIPPED; + if (! $force_checkout) { + if (-d $dir) { + print "mr $action: $dir already exists, skipping checkout\n" if $verbose; + return SKIPPED; + } + + $dir=~s/^(.*)\/[^\/]+\/?$/$1/; } - - $dir=~s/^(.*)\/[^\/]+\/?$/$1/; } elsif ($action =~ /update/) { if (! -d $dir) { @@ -566,10 +636,10 @@ sub action { #{{{ return OK; } } -} #}}} +} # run actions on multiple repos, in parallel -sub mrs { #{{{ +sub mrs { my $action=shift; my @repos=@_; @@ -636,24 +706,24 @@ sub mrs { #{{{ } } } -} #}}} +} -sub record { #{{{ +sub record { my $dir=shift()->[0]; my $ret=shift; if ($ret == OK) { push @ok, $dir; - print "\n"; + print "\n" unless $quiet; } elsif ($ret == FAILED) { if ($interactive) { chdir($dir) unless $no_chdir; print STDERR "mr: Starting interactive shell. Exit shell to continue.\n"; - system((getpwuid($<))[8]); + system((getpwuid($<))[8], "-i"); } push @failed, $dir; - print "\n"; + print "\n" unless $quiet; } elsif ($ret == SKIPPED) { push @skipped, $dir; @@ -664,9 +734,9 @@ sub record { #{{{ else { die "unknown exit status $ret"; } -} #}}} +} -sub showstats { #{{{ +sub showstats { my $action=shift; if (! @ok && ! @failed && ! @skipped) { die "mr $action: no repositories found to work on\n"; @@ -684,9 +754,9 @@ sub showstats { #{{{ print STDERR "mr $action: (failed: ".join(" ", @failed).")\n"; } } -} #}}} +} -sub showstat { #{{{ +sub showstat { my $count=shift; my $singular=shift; my $plural=shift; @@ -694,10 +764,10 @@ sub showstat { #{{{ return "$count ".($count > 1 ? $plural : $singular); } return; -} #}}} +} # an ordered list of repos -sub repolist { #{{{ +sub repolist { my @list; foreach my $topdir (sort keys %config) { foreach my $subdir (sort keys %{$config{$topdir}}) { @@ -715,17 +785,26 @@ sub repolist { #{{{ || $a->{subdir} cmp $b->{subdir} } @list; -} #}}} +} + +sub repodir { + my $repo=shift; + my $topdir=$repo->{topdir}; + my $subdir=$repo->{subdir}; + my $ret=($subdir =~/^\//) ? $subdir : $topdir.$subdir; + $ret=~s/\/\.$//; + return $ret; +} # figure out which repos to act on -sub selectrepos { #{{{ +sub selectrepos { my @repos; foreach my $repo (repolist()) { my $topdir=$repo->{topdir}; my $subdir=$repo->{subdir}; next if $subdir eq 'DEFAULT'; - my $dir=($subdir =~/^\//) ? $subdir : $topdir.$subdir; + my $dir=repodir($repo); my $d=$directory; $dir.="/" unless $dir=~/\/$/; $d.="/" unless $d=~/\/$/; @@ -745,7 +824,7 @@ sub selectrepos { #{{{ my $subdir=$repo->{subdir}; next if $subdir eq 'DEFAULT'; - my $dir=($subdir =~/^\//) ? $subdir : $topdir.$subdir; + my $dir=repodir($repo); my $d=$directory; $dir.="/" unless $dir=~/\/$/; $d.="/" unless $d=~/\/$/; @@ -757,9 +836,9 @@ sub selectrepos { #{{{ $no_chdir=1; } return @repos; -} #}}} +} -sub expandenv { #{{{ +sub expandenv { my $val=shift; @@ -769,19 +848,131 @@ sub expandenv { #{{{ } return $val; -} #}}} +} + +my %trusted; +sub is_trusted_config { + my $config=shift; # must be abs_pathed already + + # We always trust ~/.mrconfig. + return 1 if $config eq abs_path("$ENV{HOME}/.mrconfig"); + + return 1 if $trust_all; + + my $trustfile=$ENV{HOME}."/.mrtrust"; + + if (! -e $trustfile) { + print "mr: Assuming $config is trusted.\n"; + print "mr: For better security, you are encouraged to create ~/.mrtrust\n"; + print "mr: and list all trusted mrconfig files in it.\n"; + return 1; + } + + if (! %trusted) { + $trusted{"$ENV{HOME}/.mrconfig"}=1; + open (TRUST, "<", $trustfile) || die "$trustfile: $!"; + while (<TRUST>) { + chomp; + s/^~\//$ENV{HOME}\//; + $trusted{abs_path($_)}=1; + } + close TRUST; + } + + return $trusted{$config}; +} + + +sub is_trusted_repo { + my $repo=shift; + + # Tightly limit what is allowed in a repo name. + # No ../, no absolute paths, and no unusual filenames + # that might try to escape to the shell. + return $repo =~ /^[-_.+\/A-Za-z0-9]+$/ && + $repo !~ /\.\./ && $repo !~ /^\//; +} + +sub is_trusted_checkout { + my $command=shift; + + # To determine if the command is safe, compare it with the + # *_trusted_checkout config settings. Those settings are + # templates for allowed commands, so make sure that each word + # of the command matches the corresponding word of the template. + + my @words; + foreach my $word (split(' ', $command)) { + # strip quoting + if ($word=~/^'(.*)'$/) { + $word=$1; + } + elsif ($word=~/^"(.*)"$/) { + $word=$1; + } + + push @words, $word; + } + + foreach my $key (grep { /_trusted_checkout$/ } + keys %{$config{''}{DEFAULT}}) { + my @twords=split(' ', $config{''}{DEFAULT}{$key}); + next if @words > @twords; + + my $match=1; + my $url; + for (my $c=0; $c < @twords && $match; $c++) { + if ($twords[$c] eq '$url') { + # Match all the typical characters found in + # urls, plus @ which svn can use. Note + # that the "url" might also be a local + # directory. + $match=( + defined $words[$c] && + $words[$c] =~ /^[-_.+:@\/A-Za-z0-9]+$/ + ); + $url=$words[$c]; + } + elsif ($twords[$c] eq '$repo') { + # If a repo is not specified, assume it + # will be the last path component of the + # url, or something derived from it, and + # check that. + if (! defined $words[$c] && defined $url) { + ($words[$c])=$url=~/\/([^\/]+)\/?$/; + } + + $match=( + defined $words[$c] && + is_trusted_repo($words[$c]) + ); + } + elsif (defined $words[$c] && $twords[$c] eq $words[$c]) { + $match=1; + } + else { + $match=0; + } + } + return 1 if $match; + } + + return 0; +} my %loaded; -sub loadconfig { #{{{ +sub loadconfig { my $f=shift; + my $dir=shift; my @toload; my $in; - my $dir; + my $trusted; if (ref $f eq 'GLOB') { $dir=""; - $in=$f; + $in=$f; + $trusted=1; } else { if (! -e $f) { @@ -794,10 +985,15 @@ sub loadconfig { #{{{ } $loaded{$absf}=1; - ($dir)=$f=~/^(.*\/)[^\/]+$/; + $trusted=is_trusted_config($absf); + if (! defined $dir) { - $dir="."; + ($dir)=$f=~/^(.*\/)[^\/]+$/; + if (! defined $dir) { + $dir="."; + } } + $dir=abs_path($dir)."/"; if (! exists $configfiles{$dir}) { @@ -821,7 +1017,7 @@ sub loadconfig { #{{{ open($in, "<", $f) || die "mr: open $f: $!\n"; } my @lines=<$in>; - close $in; + close $in unless ref $f eq 'GLOB'; my $section; my $line=0; @@ -831,7 +1027,16 @@ sub loadconfig { #{{{ chomp; next if /^\s*\#/ || /^\s*$/; if (/^\[([^\]]*)\]\s*$/) { - $section=expandenv($1); + $section=$1; + + if (! $trusted) { + if (! is_trusted_repo($section) || + $section eq 'ALIAS' || + $section eq 'DEFAULT') { + die "mr: illegal section \"[$section]\" in untrusted $f line $line\n"; + } + } + $section=expandenv($section) if $trusted; } elsif (/^(\w+)\s*=\s*(.*)/) { my $parameter=$1; @@ -845,6 +1050,17 @@ sub loadconfig { #{{{ chomp $value; } + if (! $trusted) { + # Untrusted files can only contain checkout + # parameters. + if ($parameter ne 'checkout') { + die "mr: illegal setting \"$parameter=$value\" in untrusted $f line $line\n"; + } + if (! is_trusted_checkout($value)) { + die "mr: illegal checkout command \"$value\" in untrusted $f line $line\n"; + } + } + if ($parameter eq "include") { print "mr: including output of \"$value\"\n" if $verbose; unshift @lines, `$value`; @@ -904,9 +1120,16 @@ sub loadconfig { #{{{ foreach (@toload) { loadconfig($_); } -} #}}} +} + +sub startingconfig { + %alias=%config=%configfiles=%knownactions=%loaded=(); + my $datapos=tell(DATA); + loadconfig(\*DATA); + seek(DATA,$datapos,0); # rewind +} -sub modifyconfig { #{{{ +sub modifyconfig { my $f=shift; # the section to modify or add my $targetsection=shift; @@ -1001,9 +1224,9 @@ sub modifyconfig { #{{{ open(my $out, ">", $f) || die "mr: write $f: $!\n"; print $out @out; close $out; -} #}}} +} -sub dispatch { #{{{ +sub dispatch { my $action=shift; # actions that do not operate on all repos @@ -1016,6 +1239,9 @@ sub dispatch { #{{{ elsif ($action eq 'register') { register(@ARGV); } + elsif ($action eq 'bootstrap') { + bootstrap(); + } elsif ($action eq 'remember' || $action eq 'offline' || $action eq 'online') { @@ -1032,13 +1258,13 @@ sub dispatch { #{{{ record($repo, action($action, @$repo)); } } -} #}}} +} -sub help { #{{{ +sub help { exec($config{''}{DEFAULT}{help}) || die "exec: $!"; -} #}}} +} -sub config { #{{{ +sub config { if (@_ < 2) { die "mr config: not enough parameters\n"; } @@ -1074,9 +1300,9 @@ sub config { #{{{ } modifyconfig($ENV{MR_CONFIG}, $section, %changefields) if %changefields; exit 0; -} #}}} +} -sub register { #{{{ +sub register { if ($config_overridden) { # Find the directory that the specified config file is # located in. @@ -1119,10 +1345,60 @@ sub register { #{{{ join(" ", map { s/\//\/\//g; s/"/\"/g; '"'.$_.'"' } @ARGV); print "mr register: running >>$command<<\n" if $verbose; exec($command) || die "exec: $!"; -} #}}} +} + +sub bootstrap { + my $url=shift @ARGV; + my $dir=shift @ARGV || "."; + + if (! defined $url || ! length $url) { + die "mr: bootstrap requires url\n"; + } + + # Download the config file to a temporary location. + eval q{use File::Temp}; + die $@ if $@; + my $tmpconfig=File::Temp->new(); + my @curlargs = ("curl", "-A", "mr", "-L", "-s", $url, "-o", $tmpconfig); + push(@curlargs, "-k") if $insecure; + my $curlstatus = system(@curlargs); + die "mr bootstrap: invalid SSL certificate for $url (consider -k)\n" if $curlstatus >> 8 == 60; + die "mr bootstrap: download of $url failed\n" if $curlstatus != 0; + + if (! -e $dir) { + system("mkdir", "-p", $dir); + } + chdir($dir) || die "chdir $dir: $!"; + + # Special case to handle checkout of the "." repo, which + # would normally be skipped. + my $topdir=abs_path(".")."/"; + my @repo=($topdir, $topdir, "."); + loadconfig($tmpconfig, $topdir); + record(\@repo, action("checkout", @repo, 1)) + if exists $config{$topdir}{"."}{"checkout"}; + + if (-e ".mrconfig") { + print STDERR "mr bootstrap: .mrconfig file already exists, not overwriting with $url\n"; + } + else { + eval q{use File::Copy}; + die $@ if $@; + move($tmpconfig, ".mrconfig") || die "rename: $!"; + } + + # Reload the config file (in case we got a different version) + # and checkout everything else. + startingconfig(); + loadconfig(".mrconfig"); + dispatch("checkout"); + @skipped=grep { abs_path($_) ne abs_path($topdir) } @skipped; + showstats("bootstrap"); + exitstats(); +} # alias expansion and command stemming -sub expandaction { #{{{ +sub expandaction { my $action=shift; if (exists $alias{$action}) { $action=$alias{$action}; @@ -1143,23 +1419,37 @@ sub expandaction { #{{{ } } return $action; -} #}}} +} -sub getopts { #{{{ +sub find_nearest_mrconfig { + my $dir=getcwd(); + while (length $dir) { + if (-e "$dir/.mrconfig") { + return "$dir/.mrconfig"; + } + $dir=~s/\/[^\/]*$//; + } + die "no .mrconfig found in path\n"; +} + +sub getopts { my @saved=@ARGV; Getopt::Long::Configure("bundling", "no_permute"); my $result=GetOptions( "d|directory=s" => sub { $directory=abs_path($_[1]) }, "c|config=s" => sub { $ENV{MR_CONFIG}=$_[1]; $config_overridden=1 }, + "p|path" => sub { $ENV{MR_CONFIG}=find_nearest_mrconfig(); $config_overridden=1 }, "v|verbose" => \$verbose, "q|quiet" => \$quiet, "s|stats" => \$stats, + "k|insecure" => \$insecure, "i|interactive" => \$interactive, "n|no-recurse:i" => \$max_depth, "j|jobs:i" => \$jobs, + "t|trust-all" => \$trust_all, ); if (! $result || @ARGV < 1) { - die("Usage: mr [-d directory] action [params ...]\n". + die("Usage: mr [options] action [params ...]\n". "(Use mr help for man page.)\n"); } @@ -1168,9 +1458,9 @@ sub getopts { #{{{ last if $option eq $ARGV[0]; $ENV{MR_SWITCHES}.="$option "; } -} #}}} +} -sub init { #{{{ +sub init { $SIG{INT}=sub { print STDERR "mr: interrupted\n"; exit 2; @@ -1192,20 +1482,9 @@ sub init { #{{{ use FindBin qw($Bin $Script); $ENV{MR_PATH}=$Bin."/".$Script; }; -} #}}} - -sub main { #{{{ - getopts(); - init(); - - loadconfig(\*DATA); - loadconfig($ENV{MR_CONFIG}); - #use Data::Dumper; print Dumper(\%config); +} - my $action=expandaction(shift @ARGV); - dispatch($action); - showstats($action); - +sub exitstats { if (@failed) { exit 1; } @@ -1215,11 +1494,25 @@ sub main { #{{{ else { exit 0; } -} #}}} +} + +sub main { + getopts(); + init(); + + startingconfig(); + loadconfig($ENV{MR_CONFIG}); + #use Data::Dumper; print Dumper(\%config); + + my $action=expandaction(shift @ARGV); + dispatch($action); + + showstats($action); + exitstats(); +} # Finally, some useful actions that mr knows about by default. # These can be overridden in ~/.mrconfig. -#DATA{{{ __DATA__ [ALIAS] co = checkout @@ -1274,7 +1567,7 @@ git_bare_test = svn_update = svn update "$@" git_update = git pull "$@" -bzr_update = bzr merge "$@" +bzr_update = bzr merge --pull "$@" cvs_update = cvs update "$@" hg_update = hg pull "$@" && hg update "$@" darcs_update = darcs pull -a "$@" @@ -1303,7 +1596,7 @@ git_push = git push "$@" bzr_push = bzr push "$@" cvs_push = : hg_push = hg push "$@" -darcs_push = darcs push -a +darcs_push = darcs push -a "$@" svn_diff = svn diff "$@" git_diff = git diff "$@" @@ -1365,16 +1658,38 @@ git_bare_register = echo "Registering git url: $url in $MR_CONFIG" mr -c "$MR_CONFIG" config "`pwd`" checkout="git clone --bare '$url' '$MR_REPO'" +svn_trusted_checkout = svn co $url $repo +svn_alt_trusted_checkout = svn checkout $url $repo +git_trusted_checkout = git clone $url $repo +bzr_trusted_checkout = bzr clone $url $repo +# cvs: too hard +hg_trusted_checkout = hg clone $url $repo +darcs_trusted_checkout = darcs get $url $repo +git_bare_trusted_checkout = git clone --bare $url $repo + + help = + case `uname -s` in + SunOS) + SHOWMANFILE="man -f" + ;; + Darwin) + SHOWMANFILE="man" + ;; + *) + SHOWMANFILE="man -l" + ;; + esac if [ ! -e "$MR_PATH" ]; then error "cannot find program path" fi tmp=$(mktemp -t mr.XXXXXXXXXX) || error "mktemp failed" trap "rm -f $tmp" exit pod2man -c mr "$MR_PATH" > "$tmp" || error "pod2man failed" - man -l "$tmp" || error "man failed" + $SHOWMANFILE "$tmp" || error "man failed" list = true config = +bootstrap = online = if [ -s ~/.mrlog ]; then @@ -1388,6 +1703,7 @@ online = info "no offline commands to run" fi offline = + umask 077 touch ~/.mrlog info "offline mode enabled" remember = @@ -1403,6 +1719,5 @@ remember = ed = echo "A horse is a horse, of course, of course.." T = echo "I pity the fool." right = echo "Not found." -#}}} # vim:sw=8:sts=0:ts=8:noet