Merge branch 'gitlab-shell' of dev.gitlabhq.com:gitlab/gitlabhq

4e1757bf · Dmitriy Zaporozhets · 4bfb98dd · d09d87e3 · 4e1757bf · 4e1757bf
Commit 4e1757bf authored Feb 07, 2013 by Dmitriy Zaporozhets
41 changed files
--- a/Gemfile
+++ b/Gemfile
@@ -32,9 +32,6 @@ gem 'gitlab_omniauth-ldap', '1.0.2', require: "omniauth-ldap"
 # Dump db to yml file. Mostly used to migrate from sqlite to mysql
 gem 'gitlab_yaml_db', '1.0.0', require: "yaml_db"
-# Gitolite client (for work with gitolite-admin repo)
-gem "gitolite", '1.1.0'
 # Syntax highlighter
 gem "pygments.rb",  git: "https://github.com/gitlabhq/pygments.rb.git", branch: "master"

--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -107,7 +107,6 @@ GEM
      coderay (>= 1.0.0)
      erubis (>= 2.7.0)
    binding_of_caller (0.6.8)
-    blankslate (3.1.2)
    bootstrap-sass (2.2.1.1)
      sass (~> 3.2)
    builder (3.0.4)
@@ -195,10 +194,6 @@ GEM
      pyu-ruby-sasl (~> 0.0.3.1)
      rubyntlm (~> 0.1.1)
    gitlab_yaml_db (1.0.0)
-    gitolite (1.1.0)
-      gratr19 (~> 0.4.4.1)
-      grit (~> 2.5.0)
-      hashery (~> 1.5.0)
    grape (0.2.2)
      activesupport
      hashie (~> 1.2)
@@ -208,7 +203,6 @@ GEM
      rack-accept
      rack-mount
      virtus
-    gratr19 (0.4.4.1)
    growl (1.0.3)
    guard (1.5.4)
      listen (>= 0.4.2)
@@ -227,8 +221,6 @@ GEM
      activesupport (>= 3.1, < 4.1)
      haml (~> 3.1)
      railties (>= 3.1, < 4.1)
-    hashery (1.5.0)
-      blankslate
    hashie (1.2.0)
    hike (1.2.1)
    http_parser.rb (0.5.3)
@@ -497,7 +489,6 @@ DEPENDENCIES
  gitlab_meta (= 4.0)
  gitlab_omniauth-ldap (= 1.0.2)
  gitlab_yaml_db (= 1.0.0)
-  gitolite (= 1.1.0)
  grack!
  grape (~> 0.2.1)
  grit!

--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -10,11 +10,6 @@ class ApplicationController < ActionController::Base
  helper_method :abilities, :can?
-  rescue_from Gitlab::Gitolite::AccessDenied do |exception|
-    log_exception(exception)
-    render "errors/gitolite", layout: "errors", status: 500
-  end
  rescue_from Encoding::CompatibilityError do |exception|
    log_exception(exception)
    render "errors/encoding", layout: "errors", status: 500

--- a/app/models/key.rb
+++ b/app/models/key.rb
@@ -24,8 +24,8 @@ class Key < ActiveRecord::Base
  before_save :set_identifier
  validates :title, presence: true, length: { within: 0..255 }
-  validates :key, presence: true, length: { within: 0..5000 }, format: { :with => /ssh-.{3} / }
+  validates :key, presence: true, length: { within: 0..5000 }, format: { :with => /ssh-.{3} / }, uniqueness: true
-  validate :unique_key, :fingerprintable_key
+  validate :fingerprintable_key
  delegate :name, :email, to: :user, prefix: true
@@ -33,14 +33,6 @@ class Key < ActiveRecord::Base
    self.key = self.key.strip unless self.key.blank?
  end
-  def unique_key
-    query = Key.where(key: key)
-    query = query.where('(project_id IS NULL OR project_id = ?)', project_id) if project_id
-    if (query.count > 0)
-      errors.add :key, 'already exist.'
-    end
-  end
  def fingerprintable_key
    return true unless key # Don't test if there is no key.
    # `ssh-keygen -lf /dev/stdin <<< "#{key}"` errors with: redirection unexpected
@@ -65,7 +57,7 @@ class Key < ActiveRecord::Base
  end
  def is_deploy_key
-    true if project_id
+    !!project_id
  end
  # projects that has this key
@@ -77,7 +69,7 @@ class Key < ActiveRecord::Base
    end
  end
-  def last_deploy?
+  def shell_id
-    Key.where(identifier: identifier).count == 0
+    "key-#{self.id}"
  end
 end
--- a/app/models/namespace.rb
+++ b/app/models/namespace.rb
@@ -27,7 +27,6 @@ class Namespace < ActiveRecord::Base
  after_create :ensure_dir_exist
  after_update :move_dir
-  after_commit :update_gitolite, on: :update, if: :require_update_gitolite
  after_destroy :rm_dir
  scope :root, where('type IS NULL')
@@ -89,11 +88,6 @@ class Namespace < ActiveRecord::Base
    end
  end
-  def update_gitolite
-    @require_update_gitolite = false
-    projects.each(&:update_repository)
-  end
  def rm_dir
    dir_path = File.join(Gitlab.config.gitolite.repos_path, path)
    FileUtils.rm_r( dir_path, force: true )

--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -262,8 +262,6 @@ class Project < ActiveRecord::Base
      Gitlab::ProjectMover.new(self, old_dir, new_dir).execute
-      gitolite.move_repository(old_repo, self)
      save!
    end
  rescue Gitlab::ProjectMover::ProjectMoveError => ex
@@ -459,20 +457,6 @@ class Project < ActiveRecord::Base
    namespace.try(:path) || ''
  end
-  def update_repository
-    GitoliteWorker.perform_async(
-      :update_repository,
-      self.id
-    )
-  end
-  def destroy_repository
-    GitoliteWorker.perform_async(
-      :remove_repository,
-      self.path_with_namespace
-    )
-  end
  def repo_exists?
    @repo_exists ||= (repository && repository.branches.present?)
  rescue

--- a/app/models/project_team.rb
+++ b/app/models/project_team.rb
@@ -112,7 +112,6 @@ class ProjectTeam
      source_team.each do |tm|
        tm.save
      end
-      target_project.update_repository
    end
    true

--- a/app/models/protected_branch.rb
+++ b/app/models/protected_branch.rb
@@ -18,13 +18,6 @@ class ProtectedBranch < ActiveRecord::Base
  validates :name, presence: true
  validates :project, presence: true
-  after_save :update_repository
-  after_destroy :update_repository
-  def update_repository
-    project.update_repository
-  end
  def commit
    project.repository.commit(self.name)
  end

--- a/app/models/users_project.rb
+++ b/app/models/users_project.rb
@@ -25,9 +25,6 @@ class UsersProject < ActiveRecord::Base
  attr_accessor :skip_git
-  after_save :update_repository, unless: :skip_git?
-  after_destroy :update_repository, unless: :skip_git?
  validates :user, presence: true
  validates :user_id, uniqueness: { scope: [:project_id], message: "already exists in project" }
  validates :project_access, inclusion: { in: [GUEST, REPORTER, DEVELOPER, MASTER] }, presence: true
@@ -84,11 +81,6 @@ class UsersProject < ActiveRecord::Base
        end
      end
-      GitoliteWorker.perform_async(
-        :update_repositories,
-        project_ids
-      )
      true
    rescue
      false
@@ -103,11 +95,6 @@ class UsersProject < ActiveRecord::Base
        end
      end
-      GitoliteWorker.perform_async(
-        :update_repositories,
-        project_ids
-      )
      true
    rescue
      false
@@ -136,10 +123,6 @@ class UsersProject < ActiveRecord::Base
    end
  end
-  def update_repository
-    project.update_repository
-  end
  def project_access_human
    Project.access_options.key(self.project_access)
  end

--- a/app/observers/key_observer.rb
+++ b/app/observers/key_observer.rb
@@ -3,20 +3,17 @@ class KeyObserver < ActiveRecord::Observer
  def after_save(key)
    GitoliteWorker.perform_async(
-      :set_key,
+      :add_key,
-      key.identifier,
+      key.shell_id,
-      key.key,
+      key.key
-      key.projects.map(&:id)
    )
  end
  def after_destroy(key)
-    return if key.is_deploy_key && !key.last_deploy?
    GitoliteWorker.perform_async(
      :remove_key,
-      key.identifier,
+      key.shell_id,
-      key.projects.map(&:id)
+      key.key,
    )
  end
 end
--- a/app/observers/project_observer.rb
+++ b/app/observers/project_observer.rb
 class ProjectObserver < ActiveRecord::Observer
  def after_create(project)
-    project.update_repository
+    GitoliteWorker.perform_async(
+      :add_repository,
+      project.path_with_namespace
+    )
+    log_info("#{project.owner.name} created a new project \"#{project.name_with_namespace}\"")
  end
  def after_update(project)
@@ -8,14 +13,14 @@ class ProjectObserver < ActiveRecord::Observer
  end
  def after_destroy(project)
-    log_info("Project \"#{project.name}\" was removed")
+    GitoliteWorker.perform_async(
+      :remove_repository,
+      project.path_with_namespace
+    )
    project.satellite.destroy
-    project.destroy_repository
-  end
-  def after_create project
+    log_info("Project \"#{project.name}\" was removed")
-    log_info("#{project.owner.name} created a new project \"#{project.name_with_namespace}\"")
  end
  protected

--- a/app/workers/post_receive.rb
+++ b/app/workers/post_receive.rb
@@ -27,11 +27,15 @@ class PostReceive
             User.find_by_email(email) if email
           elsif /^[A-Z0-9._%a-z\-]+@(?:[A-Z0-9a-z\-]+\.)+[A-Za-z]{2,4}$/.match(identifier)
             User.find_by_email(identifier)
-           else
+           elsif identifier =~ /key/
-             Key.find_by_identifier(identifier).try(:user)
+             key_id = identifier.gsub("key-", "")
+             Key.find_by_id(key_id).try(:user)
           end
-    return false unless user
+    unless user
+      Gitlab::GitLogger.error("POST-RECEIVE: Triggered hook for non-existing user \"#{identifier} \"")
+      return false
+    end
    project.trigger_post_receive(oldrev, newrev, ref, user)
  end

--- a/config/gitlab.yml.example
+++ b/config/gitlab.yml.example
@@ -96,7 +96,7 @@ omniauth:
 # GitLab Satellites
 satellites:
  # Relative paths are relative to Rails.root (default: tmp/repo_satellites/)
-  path: /home/gitlab/gitlab-satellites/
+  path: /home/git/gitlab-satellites/
 ## Backup settings
 backup:
@@ -105,8 +105,6 @@ backup:
 ## Gitolite settings
 gitolite:
-  admin_uri: git@localhost:gitolite-admin
  # REPOS_PATH MUST NOT BE A SYMLINK!!!
  repos_path: /home/git/repositories/
  hooks_path: /home/git/.gitolite/hooks/

--- a/config/initializers/1_settings.rb
+++ b/config/initializers/1_settings.rb
@@ -51,7 +51,7 @@ Settings.gitlab['protocol']   ||= Settings.gitlab.https ? "https" : "http"
 Settings.gitlab['email_from'] ||= "gitlab@#{Settings.gitlab.host}"
 Settings.gitlab['support_email']  ||= Settings.gitlab.email_from
 Settings.gitlab['url']        ||= Settings.send(:build_gitlab_url)
-Settings.gitlab['user']       ||= 'gitlab'
+Settings.gitlab['user']       ||= 'git'
 Settings.gitlab['signup_enabled'] ||= false
 Settings['gravatar'] ||= Settingslogic.new({})

--- a/config/initializers/5_backend.rb
+++ b/config/initializers/5_backend.rb
 # GIT over HTTP
 require Rails.root.join("lib", "gitlab", "backend", "grack_auth")
-# GITOLITE backend
+# GIT over SSH
-require Rails.root.join("lib", "gitlab", "backend", "gitolite")
+require Rails.root.join("lib", "gitlab", "backend", "shell")
--- a/config/unicorn.rb.example
+++ b/config/unicorn.rb.example
@@ -2,7 +2,7 @@
 # note that config/gitlab.yml web path should also be changed
 # ENV['RAILS_RELATIVE_URL_ROOT'] = "/gitlab"
-app_dir = "/home/gitlab/gitlab/"
+app_dir = "/home/git/gitlab/"
 worker_processes 2
 working_directory app_dir

--- a/doc/install/installation.md
+++ b/doc/install/installation.md
@@ -90,87 +90,27 @@ Install the Bundler Gem:
 # 3. System Users
-Create a user for Git and Gitolite:
+Create a `git` user for Gitlab:
-    sudo adduser \
+    sudo adduser --disabled-login --gecos 'GitLab' git
-      --system \
-      --shell /bin/sh \
-      --gecos 'Git Version Control' \
-      --group \
-      --disabled-password \
-      --home /home/git \
-      git
-Create a user for GitLab:
+# 4. GitLab shell
-    sudo adduser --disabled-login --gecos 'GitLab' gitlab
+    # login as git 
+    sudo su git
-    # Add it to the git group
-    sudo usermod -a -G git gitlab
-    # Generate the SSH key
-    sudo -u gitlab -H ssh-keygen -q -N '' -t rsa -f /home/gitlab/.ssh/id_rsa
-# 4. Gitolite
-Clone GitLab's fork of the Gitolite source code:
+    # go to home directory 
    cd /home/git
-    sudo -u git -H git clone -b gl-v320 https://github.com/gitlabhq/gitolite.git /home/git/gitolite
-Setup Gitolite with GitLab as its admin:
-**Important Note:**
-GitLab assumes *full and unshared* control over this Gitolite installation.
-    # Add Gitolite scripts to $PATH
-    sudo -u git -H mkdir /home/git/bin
-    sudo -u git -H sh -c 'printf "%b\n%b\n" "PATH=\$PATH:/home/git/bin" "export PATH" >> /home/git/.profile'
-    sudo -u git -H sh -c 'gitolite/install -ln /home/git/bin'
-    # Copy the gitlab user's (public) SSH key ...
-    sudo cp /home/gitlab/.ssh/id_rsa.pub /home/git/gitlab.pub
-    sudo chmod 0444 /home/git/gitlab.pub
-    # ... and use it as the admin key for the Gitolite setup
-    sudo -u git -H sh -c "PATH=/home/git/bin:$PATH; gitolite setup -pk /home/git/gitlab.pub"
-Fix the directory permissions for the configuration directory:
-    # Make sure the Gitolite config dir is owned by git
-    sudo chmod 750 /home/git/.gitolite/
-    sudo chown -R git:git /home/git/.gitolite/
-Fix the directory permissions for the repositories:
+    # clone gitlab shell
+    git clone https://dzaporozhets@dev.gitlab.org/gitlab/gitlab-shell.git
-    # Make sure the repositories dir is owned by git and it stays that way
+    # setup
-    sudo chmod -R ug+rwX,o-rwx /home/git/repositories/
+    cd gitlab-shell
-    sudo chown -R git:git /home/git/repositories/
+    cp config.yml.example config.yml
-    find /home/git/repositories -type d -print0 | sudo xargs -0 chmod g+s
+    ./bin/install 
-## Add domains to list to the list of known hosts
-    sudo -u gitlab -H ssh git@localhost
-    sudo -u gitlab -H ssh git@YOUR_DOMAIN_NAME
-    sudo -u gitlab -H ssh git@YOUR_GITOLITE_DOMAIN_NAME
-## Test if everything works so far
-    # Clone the admin repo so SSH adds localhost to known_hosts ...
-    # ... and to be sure your users have access to Gitolite
-    sudo -u gitlab -H git clone git@localhost:gitolite-admin.git /tmp/gitolite-admin
-    # If it succeeded without errors you can remove the cloned repo
-    sudo rm -rf /tmp/gitolite-admin
-**Important Note:**
-If you can't clone the `gitolite-admin` repository: **DO NOT PROCEED WITH INSTALLATION**!
-Check the [Trouble Shooting Guide](https://github.com/gitlabhq/gitlab-public-wiki/wiki/Trouble-Shooting-Guide)
-and make sure you have followed all of the above steps carefully.
 # 5. Database
@@ -179,46 +119,46 @@ To setup the MySQL/PostgreSQL database and dependencies please see [`doc/install
 # 6. GitLab
-    # We'll install GitLab into home directory of the user "gitlab"
+    # We'll install GitLab into home directory of the user "git"
-    cd /home/gitlab
+    cd /home/git
 ## Clone the Source
    # Clone GitLab repository
-    sudo -u gitlab -H git clone https://github.com/gitlabhq/gitlabhq.git gitlab
+    sudo -u git -H git clone https://github.com/gitlabhq/gitlabhq.git gitlab
    # Go to gitlab dir 
-    cd /home/gitlab/gitlab
+    cd /home/git/gitlab
    # Checkout to stable release
-    sudo -u gitlab -H git checkout 4-1-stable
+    sudo -u git -H git checkout 5-0-stable
 **Note:**
-You can change `4-1-stable` to `master` if you want the *bleeding edge* version, but
+You can change `5-0-stable` to `master` if you want the *bleeding edge* version, but
 do so with caution!
 ## Configure it
-    cd /home/gitlab/gitlab
+    cd /home/git/gitlab
    # Copy the example GitLab config
-    sudo -u gitlab -H cp config/gitlab.yml.example config/gitlab.yml
+    sudo -u git -H cp config/gitlab.yml.example config/gitlab.yml
    # Make sure to change "localhost" to the fully-qualified domain name of your
    # host serving GitLab where necessary
-    sudo -u gitlab -H vim config/gitlab.yml
+    sudo -u git -H vim config/gitlab.yml
    # Make sure GitLab can write to the log/ and tmp/ directories
-    sudo chown -R gitlab log/
+    sudo chown -R git log/
-    sudo chown -R gitlab tmp/
+    sudo chown -R git tmp/
    sudo chmod -R u+rwX  log/
    sudo chmod -R u+rwX  tmp/
    # Make directory for satellites
-    sudo -u gitlab -H mkdir /home/gitlab/gitlab-satellites
+    sudo -u git -H mkdir /home/git/gitlab-satellites
    # Copy the example Unicorn config
-    sudo -u gitlab -H cp config/unicorn.rb.example config/unicorn.rb
+    sudo -u git -H cp config/unicorn.rb.example config/unicorn.rb
 **Important Note:**
 Make sure to edit both files to match your setup.
@@ -226,42 +166,29 @@ Make sure to edit both files to match your setup.
 ## Configure GitLab DB settings
    # Mysql
-    sudo -u gitlab cp config/database.yml.mysql config/database.yml
+    sudo -u git cp config/database.yml.mysql config/database.yml
    # PostgreSQL
-    sudo -u gitlab cp config/database.yml.postgresql config/database.yml
+    sudo -u git cp config/database.yml.postgresql config/database.yml
 Make sure to update username/password in config/database.yml.
 ## Install Gems
-    cd /home/gitlab/gitlab
+    cd /home/git/gitlab
    sudo gem install charlock_holmes --version '0.6.9'
    # For MySQL (note, the option says "without")
-    sudo -u gitlab -H bundle install --deployment --without development test postgres
+    sudo -u git -H bundle install --deployment --without development test postgres
    # Or for PostgreSQL
-    sudo -u gitlab -H bundle install --deployment --without development test mysql
+    sudo -u git -H bundle install --deployment --without development test mysql
-## Configure Git
-GitLab needs to be able to commit and push changes to Gitolite. In order to do
-that Git requires a username and email. (We recommend using the same address
-used for the `email.from` setting in `config/gitlab.yml`)
-    sudo -u gitlab -H git config --global user.name "GitLab"
-    sudo -u gitlab -H git config --global user.email "gitlab@localhost"
-## Setup GitLab Hooks
-    sudo cp ./lib/hooks/post-receive /home/git/.gitolite/hooks/common/post-receive
-    sudo chown git:git /home/git/.gitolite/hooks/common/post-receive
 ## Initialise Database and Activate Advanced Features
-    sudo -u gitlab -H bundle exec rake gitlab:setup RAILS_ENV=production
+    sudo -u git -H bundle exec rake gitlab:setup RAILS_ENV=production
 ## Install Init Script
@@ -280,11 +207,11 @@ Make GitLab start on boot:
 Check if GitLab and its environment is configured correctly:
-    sudo -u gitlab -H bundle exec rake gitlab:env:info RAILS_ENV=production
+    sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production
 To make sure you didn't miss anything run a more thorough check with:
-    sudo -u gitlab -H bundle exec rake gitlab:check RAILS_ENV=production
+    sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production
 If all items are green, then congratulations on successfully installing GitLab!
 However there are still a few steps left.
@@ -357,7 +284,7 @@ a different host, you can configure its connection string via the
 If you are running SSH on a non-standard port, you must change the gitlab user'S SSH config.
-    # Add to /home/gitlab/.ssh/config
+    # Add to /home/git/.ssh/config
    host localhost          # Give your setup a name (here: override localhost)
        user git            # Your remote git user
        port 2222           # Your port number

--- a/doc/install/structure.md
+++ b/doc/install/structure.md
@@ -3,37 +3,23 @@
 This is the directory structure you will end up with following the instructions in the Installation Guide.
    |-- home
-    |   |-- gitlab
+    |   |-- git
    |       |-- .ssh
    |       |-- gitlab
    |       |-- gitlab-satellites
-    |   |-- git
+    |       |-- gitlab-shell
-    |       |-- .gitolite
-    |       |-- .ssh
-    |       |-- bin
-    |       |-- gitolite
    |       |-- repositories
-**/home/gitlab/.ssh**
+**/home/git/.ssh**
-  Contains the Gitolite admin key GitLab uses to configure Gitolite.
-**/home/gitlab/gitlab**
+**/home/git/gitlab**
  This is where GitLab lives.
-**/home/gitlab/gitlab-satellites**
+**/home/git/gitlab-satellites**
  Contains a copy of all repositories with a working tree.
  It's used for merge requests, editing files, etc.
-**/home/git/.ssh**
-  Contains the SSH access configuration managed by Gitolite.
-**/home/git/bin**
-  Contains Gitolite executables.
-**/home/git/gitolite**
-  This is where Gitolite lives.
 **/home/git/repositories**
  Holds all your repositories in bare format.
  This is the place Git uses when you pull/push to your projects.

--- a/features/support/env.rb
+++ b/features/support/env.rb
@@ -9,17 +9,12 @@ require 'spinach/capybara'
 require 'sidekiq/testing/inline'
-%w(gitolite_stub stubbed_repository valid_commit).each do |f|
+%w(stubbed_repository valid_commit).each do |f|
  require Rails.root.join('spec', 'support', f)
 end
 Dir["#{Rails.root}/features/steps/shared/*.rb"].each {|file| require file}
-#
-# Stub gitolite
-#
-include GitoliteStub
 WebMock.allow_net_connect!
 #
 # JS driver
@@ -49,6 +44,4 @@ Spinach.hooks.before_run do
  RSpec::Mocks::setup self
  include FactoryGirl::Syntax::Methods
-  stub_gitolite!
 end
--- a/lib/api.rb
+++ b/lib/api.rb
@@ -20,5 +20,6 @@ module Gitlab
    mount Session
    mount MergeRequests
    mount Notes
+    mount Internal
  end
 end
--- a/lib/api/internal.rb
+++ b/lib/api/internal.rb
+module Gitlab
+  # Internal access API
+  class Internal < Grape::API
+    namespace 'internal' do
+      #
+      # Check if ssh key has access to project code
+      #
+      get "/allowed" do
+        key = Key.find(params[:key_id])
+        project = Project.find_with_namespace(params[:project])
+        git_cmd = params[:action]
+        if key.is_deploy_key
+          project == key.project && git_cmd == 'git-upload-pack'
+        else
+          user = key.user
+          action = case git_cmd
+                   when 'git-upload-pack'
+                     then :download_code
+                   when 'git-receive-pack'
+                     then
+                     if project.protected_branch?(params[:ref])
+                       :push_code_to_protected_branches
+                     else
+                       :push_code
+                     end
+                   end
+          user.can?(action, project)
+        end
+      end
+      #
+      # Discover user by ssh key
+      #
+      get "/discover" do
+        key = Key.find(params[:key_id])
+        present key.user, with: Entities::User
+      end
+      get "/check" do
+        {
+          api_version: '3'
+        }
+      end
+    end
+  end
+end
--- a/lib/gitlab/backend/gitolite.rb
+++ b/lib/gitlab/backend/gitolite.rb
-require_relative 'gitolite_config'
-module Gitlab
-  class Gitolite
-    class AccessDenied < StandardError; end
-    def config
-      Gitlab::GitoliteConfig.new
-    end
-    # Update gitolite config with new key
-    #
-    # Ex.
-    #   set_key("m_gitlab_com_12343", "sha-rsa ...", [2, 3, 6])
-    #
-    def set_key(key_id, key_content, project_ids)
-      projects = Project.where(id: project_ids)
-      config.apply do |config|
-        config.write_key(key_id, key_content)
-        config.update_projects(projects)
-      end
-    end
-    # Remove ssh key from gitolite config
-    #
-    # Ex.
-    #   remove_key("m_gitlab_com_12343", [2, 3, 6])
-    #
-    def remove_key(key_id, project_ids)
-      projects = Project.where(id: project_ids)
-      config.apply do |config|
-        config.rm_key(key_id)
-        config.update_projects(projects)
-      end
-    end
-    # Update project config in gitolite by project id
-    #
-    # Ex.
-    #   update_repository(23)
-    #
-    def update_repository(project_id)
-      project = Project.find(project_id)
-      config.update_project!(project)
-    end
-    def move_repository(old_repo, project)
-      config.apply do |config|
-        config.clean_repo(old_repo)
-        config.update_project(project)
-      end
-    end
-    # Remove repository from gitolite
-    #
-    # name - project path with namespace
-    #
-    # Ex.
-    #   remove_repository("gitlab/gitlab-ci")
-    #
-    def remove_repository(name)
-      config.destroy_project!(name)
-    end
-    # Update projects configs in gitolite by project ids
-    #
-    # Ex.
-    #   update_repositories([1, 4, 6])
-    #
-    def update_repositories(project_ids)
-      projects = Project.where(id: project_ids)
-      config.apply do |config|
-        config.update_projects(projects)
-      end
-    end
-    def url_to_repo path
-      Gitlab.config.gitolite.ssh_path_prefix + "#{path}.git"
-    end
-    def enable_automerge
-      config.admin_all_repo!
-    end
-    alias_method :create_repository, :update_repository
-  end
-end
--- a/lib/gitlab/backend/gitolite_config.rb
+++ b/lib/gitlab/backend/gitolite_config.rb
-require 'gitolite'
-require 'timeout'
-require 'fileutils'
-module Gitlab
-  class GitoliteConfig
-    include Gitlab::Popen
-    class PullError < StandardError; end
-    class PushError < StandardError; end
-    class BrokenGitolite < StandardError; end
-    attr_reader :config_tmp_dir, :tmp_dir, :ga_repo, :conf
-    def initialize
-      @tmp_dir = Rails.root.join("tmp").to_s
-      @config_tmp_dir = File.join(@tmp_dir,"gitlabhq-gitolite-#{Time.now.to_i}")
-    end
-    def ga_repo
-      @ga_repo ||= ::Gitolite::GitoliteAdmin.new(
-        File.join(config_tmp_dir,'gitolite'),
-        conf: Gitlab.config.gitolite.config_file
-      )
-    end
-    def apply
-      Timeout::timeout(30) do
-        File.open(File.join(tmp_dir, "gitlabhq-gitolite.lock"), "w+") do |f|
-          begin
-            # Set exclusive lock
-            # to prevent race condition
-            f.flock(File::LOCK_EX)
-            # Pull gitolite-admin repo
-            # in tmp dir before do any changes
-            pull
-            # Build ga_repo object and @conf
-            # to access gitolite-admin configuration
-            @conf = ga_repo.config
-            # Do any changes
-            # in gitolite-admin
-            # config here
-            yield(self)
-            # Save changes in
-            # gitolite-admin repo
-            # before push it
-            ga_repo.save
-            # Push gitolite-admin repo
-            # to apply all changes
-            push
-          ensure
-            # Remove tmp dir
-            # removing the gitolite folder first is important to avoid
-            # NFS issues.
-            FileUtils.rm_rf(File.join(config_tmp_dir, 'gitolite'))
-            # Remove parent tmp dir
-            FileUtils.rm_rf(config_tmp_dir)
-            # Unlock so other task can access
-            # gitolite configuration
-            f.flock(File::LOCK_UN)
-          end
-        end
-      end
-    rescue PullError => ex
-      log("Pull error ->  " + ex.message)
-      raise Gitolite::AccessDenied, ex.message
-    rescue PushError => ex
-      log("Push error ->  " + " " + ex.message)
-      raise Gitolite::AccessDenied, ex.message
-    rescue BrokenGitolite => ex
-      log("Gitolite error ->  " + " " + ex.message)
-      raise Gitolite::AccessDenied, ex.message
-    rescue Exception => ex
-      log(ex.class.name + " " + ex.message)
-      raise Gitolite::AccessDenied.new("gitolite timeout")
-    end
-    def log message
-      Gitlab::GitLogger.error(message)
-    end
-    def path_to_repo(name)
-      File.join(Gitlab.config.gitolite.repos_path, "#{name}.git")
-    end
-    def destroy_project(name)
-      full_path = path_to_repo(name)
-      FileUtils.rm_rf(full_path) if File.exists?(full_path)
-      conf.rm_repo(name)
-    end
-    def clean_repo repo_name
-      conf.rm_repo(repo_name)
-    end
-    def destroy_project!(project)
-      apply do |config|
-        config.destroy_project(project)
-      end
-    end
-    def write_key(id, key)
-      File.open(File.join(config_tmp_dir, 'gitolite/keydir',"#{id}.pub"), 'w') do |f|
-        f.write(key.gsub(/\n/,''))
-      end
-    end
-    def rm_key(user)
-      key_path = File.join(config_tmp_dir, 'gitolite/keydir', "#{user}.pub")
-      ga_key = ::Gitolite::SSHKey.from_file(key_path)
-      ga_repo.rm_key(ga_key)
-    end
-    # update or create
-    def update_project(project)
-      repo = update_project_config(project, conf)
-      conf.add_repo(repo, true)
-    end
-    def update_project!( project)
-      apply do |config|
-        config.update_project(project)
-      end
-    end
-    # Updates many projects and uses project.path_with_namespace as the repo path
-    # An order of magnitude faster than update_project
-    def update_projects(projects)
-      projects.each do |project|
-        repo = update_project_config(project, conf)
-        conf.add_repo(repo, true)
-      end
-    end
-    def update_project_config(project, conf)
-      repo_name = project.path_with_namespace
-      repo = if conf.has_repo?(repo_name)
-               conf.get_repo(repo_name)
-             else
-               ::Gitolite::Config::Repo.new(repo_name)
-             end
-      name_readers = project.team.repository_readers
-      name_writers = project.team.repository_writers
-      name_masters = project.team.repository_masters
-      pr_br = project.protected_branches.map(&:name).join("$ ")
-      repo.clean_permissions
-      # Deny access to protected branches for writers
-      unless name_writers.blank? || pr_br.blank?
-        repo.add_permission("-", pr_br.strip + "$ ", name_writers)
-      end
-      # Add read permissions
-      repo.add_permission("R", "", name_readers) unless name_readers.blank?
-      # Add write permissions
-      repo.add_permission("RW+", "", name_writers) unless name_writers.blank?
-      repo.add_permission("RW+", "", name_masters) unless name_masters.blank?
-      # Add sharedRepository config
-      repo.set_git_config("core.sharedRepository", "0660")
-      repo
-    end
-    # Enable access to all repos for gitolite admin.
-    # We use it for accept merge request feature
-    def admin_all_repo
-      owner_name = Gitlab.config.gitolite.admin_key
-      # @ALL repos premission for gitolite owner
-      repo_name = "@all"
-      repo = if conf.has_repo?(repo_name)
-               conf.get_repo(repo_name)
-             else
-               ::Gitolite::Config::Repo.new(repo_name)
-             end
-      repo.add_permission("RW+", "", owner_name)
-      conf.add_repo(repo, true)
-    end
-    def admin_all_repo!
-      apply { |config| config.admin_all_repo }
-    end
-    private
-    def pull
-      # Create config tmp dir like "RAILS_ROOT/tmp/gitlabhq-gitolite-132545"
-      Dir.mkdir config_tmp_dir
-      # Clone gitolite-admin repo into tmp dir
-      popen("git clone #{Gitlab.config.gitolite.admin_uri} #{config_tmp_dir}/gitolite", tmp_dir)
-      # Ensure file with config presents after cloning
-      unless File.exists?(File.join(config_tmp_dir, 'gitolite', 'conf', 'gitolite.conf'))
-        raise PullError, "unable to clone gitolite-admin repo"
-      end
-    end
-    def push
-      output, status = popen('git add -A', tmp_conf_path)
-      raise "Git add failed." unless status.zero?
-      # git commit returns 0 on success, and 1 if there is nothing to commit
-      output, status = popen('git commit -m "GitLab"', tmp_conf_path)
-      raise "Git add failed." unless [0,1].include?(status)
-      output, status = popen('git push', tmp_conf_path)
-      if output =~ /remote\: FATAL/
-        raise BrokenGitolite, output
-      end
-      if status.zero? || output =~ /Everything up\-to\-date/
-        return true
-      else
-        raise PushError, "unable to push gitolite-admin repo"
-      end
-    end
-    def tmp_conf_path
-      File.join(config_tmp_dir,'gitolite')
-    end
-  end
-end
--- a/lib/gitlab/backend/shell.rb
+++ b/lib/gitlab/backend/shell.rb
+module Gitlab
+  class Shell
+    class AccessDenied < StandardError; end
+    # Init new repository
+    #
+    # name - project path with namespace
+    #
+    # Ex.
+    #   add_repository("gitlab/gitlab-ci")
+    #
+    def add_repository(name)
+      system("/home/git/gitlab-shell/bin/gitlab-projects add-project #{name}.git")
+    end
+    # Remove repository from file system
+    #
+    # name - project path with namespace
+    #
+    # Ex.
+    #   remove_repository("gitlab/gitlab-ci")
+    #
+    def remove_repository(name)
+      system("/home/git/gitlab-shell/bin/gitlab-projects rm-project #{name}.git")
+    end
+    # Add new key to gitlab-shell
+    #
+    # Ex.
+    #   add_key("key-42", "sha-rsa ...")
+    #
+    def add_key(key_id, key_content)
+      system("/home/git/gitlab-shell/bin/gitlab-keys add-key #{key_id} \"#{key_content}\"")
+    end
+    # Remove ssh key from gitlab shell
+    #
+    # Ex.
+    #   remove_key("key-342", "sha-rsa ...")
+    #
+    def remove_key(key_id, key_content)
+      system("/home/git/gitlab-shell/bin/gitlab-keys rm-key #{key_id} \"#{key_content}\"")
+    end
+    def url_to_repo path
+      Gitlab.config.gitolite.ssh_path_prefix + "#{path}.git"
+    end
+  end
+end
--- a/lib/gitlab/satellite/satellite.rb
+++ b/lib/gitlab/satellite/satellite.rb
@@ -30,10 +30,10 @@ module Gitlab
      end
      def create
-        output, status = popen("git clone #{project.url_to_repo} #{path}",
+        output, status = popen("git clone #{project.repository.path_to_repo} #{path}",
                               Gitlab.config.satellites.path)
-        log("PID: #{project.id}: git clone #{project.url_to_repo} #{path}")
+        log("PID: #{project.id}: git clone #{project.repository.path_to_repo} #{path}")
        log("PID: #{project.id}: -> #{output}")
        if status.zero?

--- a/lib/gitolited.rb
+++ b/lib/gitolited.rb
@@ -6,6 +6,6 @@
 #
 module Gitolited
  def gitolite
-    Gitlab::Gitolite.new
+    Gitlab::Shell.new
  end
 end
--- a/lib/hooks/post-receive
+++ b/lib/hooks/post-receive
-#!/usr/bin/env bash
-# Version 4.1
-# This file was placed here by GitLab. It makes sure that your pushed commits
-# will be processed properly.
-while read oldrev newrev ref
-do
-  # For every branch or tag that was pushed, create a Resque job in redis.
-  repo_path=`pwd`
-  env -i redis-cli rpush "resque:gitlab:queue:post_receive" "{\"class\":\"PostReceive\",\"args\":[\"$repo_path\",\"$oldrev\",\"$newrev\",\"$ref\",\"$GL_USER\"]}" > /dev/null 2>&1
-done
--- a/lib/support/rewrite-hooks.sh
+++ b/lib/support/rewrite-hooks.sh
-#!/bin/bash
-src="/home/git/repositories"
-for dir in `ls "$src/"`
-do
-  if [ -d "$src/$dir" ]; then
-    if [ "$dir" = "gitolite-admin.git" ]
-    then
-      continue 
-    fi
-    if [[ "$dir" =~ ^.*.git$ ]]
-    then
-      project_hook="$src/$dir/hooks/post-receive"
-      gitolite_hook="/home/git/.gitolite/hooks/common/post-receive"
-      ln -s -f $gitolite_hook $project_hook
-    else
-      for subdir in `ls "$src/$dir/"`
-      do
-        if [ -d "$src/$dir/$subdir" ] && [[ "$subdir" =~ ^.*.git$ ]]; then
-          project_hook="$src/$dir/$subdir/hooks/post-receive"
-          gitolite_hook="/home/git/.gitolite/hooks/common/post-receive"
-          ln -s -f $gitolite_hook $project_hook
-        fi
-      done
-    fi
-  fi
-done
--- a/lib/support/truncate_repositories.sh
+++ b/lib/support/truncate_repositories.sh
-#!/bin/bash
-echo "Danger!!! Data Loss"
-while true; do
-  read -p "Do you wish to all directories except gitolite-admin.git from /home/git/repositories/ (y/n) ?:  " yn
-  case $yn in
-    [Yy]* ) sh -c "find /home/git/repositories/. -maxdepth 1  -not -name 'gitolite-admin.git' -not -name '.' | xargs sudo rm -rf"; break;;
-    [Nn]* ) exit;;
-    * ) echo "Please answer yes or no.";;
-  esac
-done
--- a/lib/tasks/gitlab/enable_automerge.rake
+++ b/lib/tasks/gitlab/enable_automerge.rake
@@ -3,11 +3,6 @@ namespace :gitlab do
  task :enable_automerge => :environment do
    warn_user_is_not_gitlab
-    puts "Updating repo permissions ..."
-    Gitlab::Gitolite.new.enable_automerge
-    puts "... #{"done".green}"
-    puts ""
    print "Creating satellites for ..."
    unless Project.count > 0
      puts "skipping, because you have no projects".magenta

--- a/lib/tasks/gitlab/shell.rake
+++ b/lib/tasks/gitlab/shell.rake
+namespace :gitlab do
+  namespace :shell do
+    desc "GITLAB | Setup gitlab-shell"
+    task :setup => :environment do
+      setup
+    end
+  end
+  def setup
+    warn_user_is_not_gitlab
+    puts "This will rebuild an authorized_keys file."
+    puts "You will lose any data stored in /home/git/.ssh/authorized_keys."
+    ask_to_continue
+    puts ""
+    system("echo '# Managed by gitlab-shell' > /home/git/.ssh/authorized_keys")
+    Key.find_each(:batch_size => 1000) do |key|
+      if Gitlab::Shell.new.add_key(key.shell_id, key.key)
+        print '.'
+      else
+        print 'F'
+      end
+    end
+  rescue Gitlab::TaskAbortedByUserError
+    puts "Quitting...".red
+    exit 1
+  end
+end
--- a/spec/lib/gitolite_config_spec.rb
+++ b/spec/lib/gitolite_config_spec.rb
-require 'spec_helper'
-describe Gitlab::GitoliteConfig do
-  let(:gitolite) { Gitlab::GitoliteConfig.new }
-  it { should respond_to :write_key }
-  it { should respond_to :rm_key }
-  it { should respond_to :update_project }
-  it { should respond_to :update_project! }
-  it { should respond_to :update_projects }
-  it { should respond_to :destroy_project }
-  it { should respond_to :destroy_project! }
-  it { should respond_to :apply }
-  it { should respond_to :admin_all_repo }
-  it { should respond_to :admin_all_repo! }
-end
--- a/spec/lib/gitolite_spec.rb
+++ b/spec/lib/gitolite_spec.rb
 require 'spec_helper'
-describe Gitlab::Gitolite do
+describe Gitlab::Shell do
  let(:project) { double('Project', id: 7, path: 'diaspora') }
-  let(:gitolite_config) { double('Gitlab::GitoliteConfig') }
+  let(:gitolite) { Gitlab::Shell.new }
-  let(:gitolite) { Gitlab::Gitolite.new }
  before do
-    gitolite.stub(config: gitolite_config)
    Project.stub(find: project)
  end
-  it { should respond_to :set_key }
+  it { should respond_to :add_key }
  it { should respond_to :remove_key }
+  it { should respond_to :add_repository }
-  it { should respond_to :update_repository }
-  it { should respond_to :create_repository }
  it { should respond_to :remove_repository }
  it { gitolite.url_to_repo('diaspora').should == Gitlab.config.gitolite.ssh_path_prefix + "diaspora.git" }
-  it "should call config update" do
-    gitolite_config.should_receive(:update_project!)
-    gitolite.update_repository(project.id)
-  end
 end
--- a/spec/models/key_spec.rb
+++ b/spec/models/key_spec.rb
@@ -46,9 +46,9 @@ describe Key do
        key.should_not be_valid
      end
-      it "does accept the same key for another project" do
+      it "does not accept the same key for another project" do
        key = build(:key, project_id: 0)
-        key.should be_valid
+        key.should_not be_valid
      end
    end

--- a/spec/models/project_spec.rb
+++ b/spec/models/project_spec.rb
@@ -77,8 +77,6 @@ describe Project do
    it { should respond_to(:url_to_repo) }
    it { should respond_to(:repo_exists?) }
    it { should respond_to(:satellite) }
-    it { should respond_to(:update_repository) }
-    it { should respond_to(:destroy_repository) }
    it { should respond_to(:observe_push) }
    it { should respond_to(:update_merge_requests) }
    it { should respond_to(:execute_hooks) }

--- a/spec/models/protected_branch_spec.rb
+++ b/spec/models/protected_branch_spec.rb
@@ -24,19 +24,4 @@ describe ProtectedBranch do
    it { should validate_presence_of(:project) }
    it { should validate_presence_of(:name) }
  end
-  describe 'Callbacks' do
-    let(:branch) { build(:protected_branch) }
-    it 'call update_repository after save' do
-      branch.should_receive(:update_repository)
-      branch.save
-    end
-    it 'call update_repository after destroy' do
-      branch.save
-      branch.should_receive(:update_repository)
-      branch.destroy
-    end
-  end
 end
--- a/spec/observers/key_observer_spec.rb
+++ b/spec/observers/key_observer_spec.rb
@@ -3,7 +3,7 @@ require 'spec_helper'
 describe KeyObserver do
  before do
    @key = double('Key',
-      identifier: 'admin_654654',
+      shell_id: 'key-32',
      key: '== a vaild ssh key',
      projects: [],
      is_deploy_key: false
@@ -14,14 +14,14 @@ describe KeyObserver do
  context :after_save do
    it do
-      GitoliteWorker.should_receive(:perform_async).with(:set_key, @key.identifier, @key.key, @key.projects.map(&:id))
+      GitoliteWorker.should_receive(:perform_async).with(:add_key, @key.shell_id, @key.key)
      @observer.after_save(@key)
    end
  end
  context :after_destroy do
    it do
-      GitoliteWorker.should_receive(:perform_async).with(:remove_key, @key.identifier, @key.projects.map(&:id))
+      GitoliteWorker.should_receive(:perform_async).with(:remove_key, @key.shell_id, @key.key)
      @observer.after_destroy(@key)
    end
  end

--- a/spec/spec_helper.rb
+++ b/spec/spec_helper.rb
@@ -24,7 +24,6 @@ RSpec.configure do |config|
  config.mock_with :rspec
  config.include LoginHelpers, type: :request
-  config.include GitoliteStub
  config.include FactoryGirl::Syntax::Methods
  config.include Devise::TestHelpers, type: :controller
@@ -34,8 +33,6 @@ RSpec.configure do |config|
  config.use_transactional_fixtures = false
  config.before do
-    stub_gitolite!
    # Use tmp dir for FS manipulations
    temp_repos_path = Rails.root.join('tmp', 'test-git-base-path')
    Gitlab.config.gitolite.stub(repos_path: temp_repos_path)

--- a/spec/support/gitolite_stub.rb
+++ b/spec/support/gitolite_stub.rb
-module GitoliteStub
-  def stub_gitolite!
-    stub_gitlab_gitolite
-    stub_gitolite_admin
-  end
-  def stub_gitolite_admin
-    gitolite_admin = double('Gitolite::GitoliteAdmin')
-    gitolite_admin.as_null_object
-    Gitolite::GitoliteAdmin.stub(new: gitolite_admin)
-  end
-  def stub_gitlab_gitolite
-    gitolite_config = double('Gitlab::GitoliteConfig')
-    gitolite_config.stub(apply: ->() { yield(self) })
-    gitolite_config.as_null_object
-    Gitlab::GitoliteConfig.stub(new: gitolite_config)
-  end
-end
--- a/spec/support/stubbed_repository.rb
+++ b/spec/support/stubbed_repository.rb
 require "repository"
 require "project"
+require "shell"
 # Stubs out all Git repository access done by models so that specs can run
 # against fake repositories without Grit complaining that they don't exist.
@@ -36,3 +37,23 @@ class GitLabTestRepo < Repository
    @repo ||= Grit::Repo.new(Rails.root.join('tmp', 'repositories', 'gitlabhq'))
  end
 end
+module Gitlab
+  class Shell
+    def add_repository name
+      true
+    end
+    def remove_repository name
+      true
+    end
+    def add_key id, key
+      true
+    end
+    def remove_key id, key
+      true
+    end
+  end
+end
--- a/spec/workers/post_receive_spec.rb
+++ b/spec/workers/post_receive_spec.rb
@@ -11,7 +11,7 @@ describe PostReceive do
  context "web hook" do
    let(:project) { create(:project) }
    let(:key) { create(:key, user: project.owner) }
-    let(:key_id) { key.identifier }
+    let(:key_id) { key.shell_id }
    it "fetches the correct project" do
      Project.should_receive(:find_with_namespace).with(project.path_with_namespace).and_return(project)
@@ -19,7 +19,7 @@ describe PostReceive do
    end
    it "does not run if the author is not in the project" do
-      Key.stub(find_by_identifier: nil)
+      Key.stub(find_by_id: nil)
      project.should_not_receive(:observe_push)
      project.should_not_receive(:execute_hooks)