Merge branch 'gitlab-shell' of dev.gitlabhq.com:gitlab/gitlabhq

Gemfile

@@ -32,9 +32,6 @@ gem 'gitlab_omniauth-ldap', '1.0.2', require: "omniauth-ldap"
 # Dump db to yml file. Mostly used to migrate from sqlite to mysql
 gem 'gitlab_yaml_db', '1.0.0', require: "yaml_db"
 
-# Gitolite client (for work with gitolite-admin repo)
-gem "gitolite", '1.1.0'
-
 # Syntax highlighter
 gem "pygments.rb",  git: "https://github.com/gitlabhq/pygments.rb.git", branch: "master"
 

Gemfile.lock

@@ -107,7 +107,6 @@ GEM
       coderay (>= 1.0.0)
       erubis (>= 2.7.0)
     binding_of_caller (0.6.8)
-    blankslate (3.1.2)
     bootstrap-sass (2.2.1.1)
       sass (~> 3.2)
     builder (3.0.4)
@@ -195,10 +194,6 @@ GEM
       pyu-ruby-sasl (~> 0.0.3.1)
       rubyntlm (~> 0.1.1)
     gitlab_yaml_db (1.0.0)
-    gitolite (1.1.0)
-      gratr19 (~> 0.4.4.1)
-      grit (~> 2.5.0)
-      hashery (~> 1.5.0)
     grape (0.2.2)
       activesupport
       hashie (~> 1.2)
@@ -208,7 +203,6 @@ GEM
       rack-accept
       rack-mount
       virtus
-    gratr19 (0.4.4.1)
     growl (1.0.3)
     guard (1.5.4)
       listen (>= 0.4.2)
@@ -227,8 +221,6 @@ GEM
       activesupport (>= 3.1, < 4.1)
       haml (~> 3.1)
       railties (>= 3.1, < 4.1)
-    hashery (1.5.0)
-      blankslate
     hashie (1.2.0)
     hike (1.2.1)
     http_parser.rb (0.5.3)
@@ -497,7 +489,6 @@ DEPENDENCIES
   gitlab_meta (= 4.0)
   gitlab_omniauth-ldap (= 1.0.2)
   gitlab_yaml_db (= 1.0.0)
-  gitolite (= 1.1.0)
   grack!
   grape (~> 0.2.1)
   grit!

app/controllers/application_controller.rb

@@ -10,11 +10,6 @@ class ApplicationController < ActionController::Base
 
   helper_method :abilities, :can?
 
-  rescue_from Gitlab::Gitolite::AccessDenied do |exception|
-    log_exception(exception)
-    render "errors/gitolite", layout: "errors", status: 500
-  end
-
   rescue_from Encoding::CompatibilityError do |exception|
     log_exception(exception)
     render "errors/encoding", layout: "errors", status: 500

app/models/key.rb

@@ -24,8 +24,8 @@ class Key < ActiveRecord::Base
   before_save :set_identifier
 
   validates :title, presence: true, length: { within: 0..255 }
-  validates :key, presence: true, length: { within: 0..5000 }, format: { :with => /ssh-.{3} / }
-  validate :unique_key, :fingerprintable_key
+  validates :key, presence: true, length: { within: 0..5000 }, format: { :with => /ssh-.{3} / }, uniqueness: true
+  validate :fingerprintable_key
 
   delegate :name, :email, to: :user, prefix: true
 
@@ -33,14 +33,6 @@ class Key < ActiveRecord::Base
     self.key = self.key.strip unless self.key.blank?
   end
 
-  def unique_key
-    query = Key.where(key: key)
-    query = query.where('(project_id IS NULL OR project_id = ?)', project_id) if project_id
-    if (query.count > 0)
-      errors.add :key, 'already exist.'
-    end
-  end
-
   def fingerprintable_key
     return true unless key # Don't test if there is no key.
     # `ssh-keygen -lf /dev/stdin <<< "#{key}"` errors with: redirection unexpected
@@ -65,7 +57,7 @@ class Key < ActiveRecord::Base
   end
 
   def is_deploy_key
-    true if project_id
+    !!project_id
   end
 
   # projects that has this key
@@ -77,7 +69,7 @@ class Key < ActiveRecord::Base
     end
   end
 
-  def last_deploy?
-    Key.where(identifier: identifier).count == 0
+  def shell_id
+    "key-#{self.id}"
   end
 end

app/models/namespace.rb

@@ -27,7 +27,6 @@ class Namespace < ActiveRecord::Base
 
   after_create :ensure_dir_exist
   after_update :move_dir
-  after_commit :update_gitolite, on: :update, if: :require_update_gitolite
   after_destroy :rm_dir
 
   scope :root, where('type IS NULL')
@@ -89,11 +88,6 @@ class Namespace < ActiveRecord::Base
     end
   end
 
-  def update_gitolite
-    @require_update_gitolite = false
-    projects.each(&:update_repository)
-  end
-
   def rm_dir
     dir_path = File.join(Gitlab.config.gitolite.repos_path, path)
     FileUtils.rm_r( dir_path, force: true )

app/models/project.rb

@@ -262,8 +262,6 @@ class Project < ActiveRecord::Base
 
       Gitlab::ProjectMover.new(self, old_dir, new_dir).execute
 
-      gitolite.move_repository(old_repo, self)
-
       save!
     end
   rescue Gitlab::ProjectMover::ProjectMoveError => ex
@@ -459,20 +457,6 @@ class Project < ActiveRecord::Base
     namespace.try(:path) || ''
   end
 
-  def update_repository
-    GitoliteWorker.perform_async(
-      :update_repository,
-      self.id
-    )
-  end
-
-  def destroy_repository
-    GitoliteWorker.perform_async(
-      :remove_repository,
-      self.path_with_namespace
-    )
-  end
-
   def repo_exists?
     @repo_exists ||= (repository && repository.branches.present?)
   rescue

app/models/project_team.rb

@@ -112,7 +112,6 @@ class ProjectTeam
       source_team.each do |tm|
         tm.save
       end
-      target_project.update_repository
     end
 
     true

app/models/protected_branch.rb

@@ -18,13 +18,6 @@ class ProtectedBranch < ActiveRecord::Base
   validates :name, presence: true
   validates :project, presence: true
 
-  after_save :update_repository
-  after_destroy :update_repository
-
-  def update_repository
-    project.update_repository
-  end
-
   def commit
     project.repository.commit(self.name)
   end

app/models/users_project.rb

@@ -25,9 +25,6 @@ class UsersProject < ActiveRecord::Base
 
   attr_accessor :skip_git
 
-  after_save :update_repository, unless: :skip_git?
-  after_destroy :update_repository, unless: :skip_git?
-
   validates :user, presence: true
   validates :user_id, uniqueness: { scope: [:project_id], message: "already exists in project" }
   validates :project_access, inclusion: { in: [GUEST, REPORTER, DEVELOPER, MASTER] }, presence: true
@@ -84,11 +81,6 @@ class UsersProject < ActiveRecord::Base
         end
       end
 
-      GitoliteWorker.perform_async(
-        :update_repositories,
-        project_ids
-      )
-
       true
     rescue
       false
@@ -103,11 +95,6 @@ class UsersProject < ActiveRecord::Base
         end
       end
 
-      GitoliteWorker.perform_async(
-        :update_repositories,
-        project_ids
-      )
-
       true
     rescue
       false
@@ -136,10 +123,6 @@ class UsersProject < ActiveRecord::Base
     end
   end
 
-  def update_repository
-    project.update_repository
-  end
-
   def project_access_human
     Project.access_options.key(self.project_access)
   end

app/observers/key_observer.rb

@@ -3,20 +3,17 @@ class KeyObserver < ActiveRecord::Observer
 
   def after_save(key)
     GitoliteWorker.perform_async(
-      :set_key,
-      key.identifier,
-      key.key,
-      key.projects.map(&:id)
+      :add_key,
+      key.shell_id,
+      key.key
     )
   end
 
   def after_destroy(key)
-    return if key.is_deploy_key && !key.last_deploy?
-
     GitoliteWorker.perform_async(
       :remove_key,
-      key.identifier,
-      key.projects.map(&:id)
+      key.shell_id,
+      key.key,
     )
   end
 end

app/observers/project_observer.rb

 class ProjectObserver < ActiveRecord::Observer
   def after_create(project)
-    project.update_repository
+    GitoliteWorker.perform_async(
+      :add_repository,
+      project.path_with_namespace
+    )
+
+    log_info("#{project.owner.name} created a new project \"#{project.name_with_namespace}\"")
   end
 
   def after_update(project)
@@ -8,14 +13,14 @@ class ProjectObserver < ActiveRecord::Observer
   end
 
   def after_destroy(project)
-    log_info("Project \"#{project.name}\" was removed")
+    GitoliteWorker.perform_async(
+      :remove_repository,
+      project.path_with_namespace
+    )
 
     project.satellite.destroy
-    project.destroy_repository
-  end
 
-  def after_create project
-    log_info("#{project.owner.name} created a new project \"#{project.name_with_namespace}\"")
+    log_info("Project \"#{project.name}\" was removed")
   end
 
   protected

app/workers/post_receive.rb

@@ -27,11 +27,15 @@ class PostReceive
              User.find_by_email(email) if email
            elsif /^[A-Z0-9._%a-z\-]+@(?:[A-Z0-9a-z\-]+\.)+[A-Za-z]{2,4}$/.match(identifier)
              User.find_by_email(identifier)
-           else
-             Key.find_by_identifier(identifier).try(:user)
+           elsif identifier =~ /key/
+             key_id = identifier.gsub("key-", "")
+             Key.find_by_id(key_id).try(:user)
            end
 
-    return false unless user
+    unless user
+      Gitlab::GitLogger.error("POST-RECEIVE: Triggered hook for non-existing user \"#{identifier} \"")
+      return false
+    end
 
     project.trigger_post_receive(oldrev, newrev, ref, user)
   end

config/gitlab.yml.example

@@ -96,7 +96,7 @@ omniauth:
 # GitLab Satellites
 satellites:
   # Relative paths are relative to Rails.root (default: tmp/repo_satellites/)
-  path: /home/gitlab/gitlab-satellites/
+  path: /home/git/gitlab-satellites/
 
 ## Backup settings
 backup:
@@ -105,8 +105,6 @@ backup:
 
 ## Gitolite settings
 gitolite:
-  admin_uri: git@localhost:gitolite-admin
-
   # REPOS_PATH MUST NOT BE A SYMLINK!!!
   repos_path: /home/git/repositories/
   hooks_path: /home/git/.gitolite/hooks/

config/initializers/1_settings.rb

@@ -51,7 +51,7 @@ Settings.gitlab['protocol']   ||= Settings.gitlab.https ? "https" : "http"
 Settings.gitlab['email_from'] ||= "gitlab@#{Settings.gitlab.host}"
 Settings.gitlab['support_email']  ||= Settings.gitlab.email_from
 Settings.gitlab['url']        ||= Settings.send(:build_gitlab_url)
-Settings.gitlab['user']       ||= 'gitlab'
+Settings.gitlab['user']       ||= 'git'
 Settings.gitlab['signup_enabled'] ||= false
 
 Settings['gravatar'] ||= Settingslogic.new({})

config/initializers/5_backend.rb

 # GIT over HTTP
 require Rails.root.join("lib", "gitlab", "backend", "grack_auth")
 
-# GITOLITE backend
-require Rails.root.join("lib", "gitlab", "backend", "gitolite")
+# GIT over SSH
+require Rails.root.join("lib", "gitlab", "backend", "shell")

config/unicorn.rb.example

@@ -2,7 +2,7 @@
 # note that config/gitlab.yml web path should also be changed
 # ENV['RAILS_RELATIVE_URL_ROOT'] = "/gitlab"
 
-app_dir = "/home/gitlab/gitlab/"
+app_dir = "/home/git/gitlab/"
 worker_processes 2
 working_directory app_dir
 

doc/install/installation.md

@@ -90,87 +90,27 @@ Install the Bundler Gem:
 
 # 3. System Users
 
-Create a user for Git and Gitolite:
+Create a `git` user for Gitlab:
 
-    sudo adduser \
-      --system \
-      --shell /bin/sh \
-      --gecos 'Git Version Control' \
-      --group \
-      --disabled-password \
-      --home /home/git \
-      git
+    sudo adduser --disabled-login --gecos 'GitLab' git
 
-Create a user for GitLab:
+# 4. GitLab shell
 
-    sudo adduser --disabled-login --gecos 'GitLab' gitlab
-
-    # Add it to the git group
-    sudo usermod -a -G git gitlab
-
-    # Generate the SSH key
-    sudo -u gitlab -H ssh-keygen -q -N '' -t rsa -f /home/gitlab/.ssh/id_rsa
-
-
-# 4. Gitolite
-
-Clone GitLab's fork of the Gitolite source code:
+    # login as git 
+    sudo su git
 
+    # go to home directory 
     cd /home/git
-    sudo -u git -H git clone -b gl-v320 https://github.com/gitlabhq/gitolite.git /home/git/gitolite
-
-Setup Gitolite with GitLab as its admin:
-
-**Important Note:**
-GitLab assumes *full and unshared* control over this Gitolite installation.
-
-    # Add Gitolite scripts to $PATH
-    sudo -u git -H mkdir /home/git/bin
-    sudo -u git -H sh -c 'printf "%b\n%b\n" "PATH=\$PATH:/home/git/bin" "export PATH" >> /home/git/.profile'
-    sudo -u git -H sh -c 'gitolite/install -ln /home/git/bin'
-
-    # Copy the gitlab user's (public) SSH key ...
-    sudo cp /home/gitlab/.ssh/id_rsa.pub /home/git/gitlab.pub
-    sudo chmod 0444 /home/git/gitlab.pub
-
-    # ... and use it as the admin key for the Gitolite setup
-    sudo -u git -H sh -c "PATH=/home/git/bin:$PATH; gitolite setup -pk /home/git/gitlab.pub"
-
-Fix the directory permissions for the configuration directory:
-
-    # Make sure the Gitolite config dir is owned by git
-    sudo chmod 750 /home/git/.gitolite/
-    sudo chown -R git:git /home/git/.gitolite/
 
-Fix the directory permissions for the repositories:
+    # clone gitlab shell
+    git clone https://dzaporozhets@dev.gitlab.org/gitlab/gitlab-shell.git
 
-    # Make sure the repositories dir is owned by git and it stays that way
-    sudo chmod -R ug+rwX,o-rwx /home/git/repositories/
-    sudo chown -R git:git /home/git/repositories/
-    find /home/git/repositories -type d -print0 | sudo xargs -0 chmod g+s
+    # setup
+    cd gitlab-shell
+    cp config.yml.example config.yml
+    ./bin/install 
 
 
-## Add domains to list to the list of known hosts
-
-    sudo -u gitlab -H ssh git@localhost
-    sudo -u gitlab -H ssh git@YOUR_DOMAIN_NAME
-    sudo -u gitlab -H ssh git@YOUR_GITOLITE_DOMAIN_NAME
-
-
-## Test if everything works so far
-
-    # Clone the admin repo so SSH adds localhost to known_hosts ...
-    # ... and to be sure your users have access to Gitolite
-    sudo -u gitlab -H git clone git@localhost:gitolite-admin.git /tmp/gitolite-admin
-
-    # If it succeeded without errors you can remove the cloned repo
-    sudo rm -rf /tmp/gitolite-admin
-
-**Important Note:**
-If you can't clone the `gitolite-admin` repository: **DO NOT PROCEED WITH INSTALLATION**!
-Check the [Trouble Shooting Guide](https://github.com/gitlabhq/gitlab-public-wiki/wiki/Trouble-Shooting-Guide)
-and make sure you have followed all of the above steps carefully.
-
 
 # 5. Database
 
@@ -179,46 +119,46 @@ To setup the MySQL/PostgreSQL database and dependencies please see [`doc/install
 
 # 6. GitLab
 
-    # We'll install GitLab into home directory of the user "gitlab"
-    cd /home/gitlab
+    # We'll install GitLab into home directory of the user "git"
+    cd /home/git
 
 ## Clone the Source
 
     # Clone GitLab repository
-    sudo -u gitlab -H git clone https://github.com/gitlabhq/gitlabhq.git gitlab
+    sudo -u git -H git clone https://github.com/gitlabhq/gitlabhq.git gitlab
 
     # Go to gitlab dir 
-    cd /home/gitlab/gitlab
+    cd /home/git/gitlab
    
     # Checkout to stable release
-    sudo -u gitlab -H git checkout 4-1-stable
+    sudo -u git -H git checkout 5-0-stable
 
 **Note:**
-You can change `4-1-stable` to `master` if you want the *bleeding edge* version, but
+You can change `5-0-stable` to `master` if you want the *bleeding edge* version, but
 do so with caution!
 
 ## Configure it
 
-    cd /home/gitlab/gitlab
+    cd /home/git/gitlab
 
     # Copy the example GitLab config
-    sudo -u gitlab -H cp config/gitlab.yml.example config/gitlab.yml
+    sudo -u git -H cp config/gitlab.yml.example config/gitlab.yml
 
     # Make sure to change "localhost" to the fully-qualified domain name of your
     # host serving GitLab where necessary
-    sudo -u gitlab -H vim config/gitlab.yml
+    sudo -u git -H vim config/gitlab.yml
 
     # Make sure GitLab can write to the log/ and tmp/ directories
-    sudo chown -R gitlab log/
-    sudo chown -R gitlab tmp/
+    sudo chown -R git log/
+    sudo chown -R git tmp/
     sudo chmod -R u+rwX  log/
     sudo chmod -R u+rwX  tmp/
 
     # Make directory for satellites
-    sudo -u gitlab -H mkdir /home/gitlab/gitlab-satellites
+    sudo -u git -H mkdir /home/git/gitlab-satellites
 
     # Copy the example Unicorn config
-    sudo -u gitlab -H cp config/unicorn.rb.example config/unicorn.rb
+    sudo -u git -H cp config/unicorn.rb.example config/unicorn.rb
 
 **Important Note:**
 Make sure to edit both files to match your setup.
@@ -226,42 +166,29 @@ Make sure to edit both files to match your setup.
 ## Configure GitLab DB settings
 
     # Mysql
-    sudo -u gitlab cp config/database.yml.mysql config/database.yml
+    sudo -u git cp config/database.yml.mysql config/database.yml
 
     # PostgreSQL
-    sudo -u gitlab cp config/database.yml.postgresql config/database.yml
+    sudo -u git cp config/database.yml.postgresql config/database.yml
 
 Make sure to update username/password in config/database.yml.
 
 ## Install Gems
 
-    cd /home/gitlab/gitlab
+    cd /home/git/gitlab
 
     sudo gem install charlock_holmes --version '0.6.9'
 
     # For MySQL (note, the option says "without")
-    sudo -u gitlab -H bundle install --deployment --without development test postgres
+    sudo -u git -H bundle install --deployment --without development test postgres
 
     # Or for PostgreSQL
-    sudo -u gitlab -H bundle install --deployment --without development test mysql
-
-## Configure Git
-
-GitLab needs to be able to commit and push changes to Gitolite. In order to do
-that Git requires a username and email. (We recommend using the same address
-used for the `email.from` setting in `config/gitlab.yml`)
-
-    sudo -u gitlab -H git config --global user.name "GitLab"
-    sudo -u gitlab -H git config --global user.email "gitlab@localhost"
-
-## Setup GitLab Hooks
+    sudo -u git -H bundle install --deployment --without development test mysql
 
-    sudo cp ./lib/hooks/post-receive /home/git/.gitolite/hooks/common/post-receive
-    sudo chown git:git /home/git/.gitolite/hooks/common/post-receive
 
 ## Initialise Database and Activate Advanced Features
 
-    sudo -u gitlab -H bundle exec rake gitlab:setup RAILS_ENV=production
+    sudo -u git -H bundle exec rake gitlab:setup RAILS_ENV=production
 
 
 ## Install Init Script
@@ -280,11 +207,11 @@ Make GitLab start on boot:
 
 Check if GitLab and its environment is configured correctly:
 
-    sudo -u gitlab -H bundle exec rake gitlab:env:info RAILS_ENV=production
+    sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production
 
 To make sure you didn't miss anything run a more thorough check with:
 
-    sudo -u gitlab -H bundle exec rake gitlab:check RAILS_ENV=production
+    sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production
 
 If all items are green, then congratulations on successfully installing GitLab!
 However there are still a few steps left.
@@ -357,7 +284,7 @@ a different host, you can configure its connection string via the
 
 If you are running SSH on a non-standard port, you must change the gitlab user'S SSH config.
     
-    # Add to /home/gitlab/.ssh/config
+    # Add to /home/git/.ssh/config
     host localhost          # Give your setup a name (here: override localhost)
         user git            # Your remote git user
         port 2222           # Your port number

doc/install/structure.md

@@ -3,37 +3,23 @@
 This is the directory structure you will end up with following the instructions in the Installation Guide.
 
     |-- home
-    |   |-- gitlab
+    |   |-- git
     |       |-- .ssh
     |       |-- gitlab
     |       |-- gitlab-satellites
-    |   |-- git
-    |       |-- .gitolite
-    |       |-- .ssh
-    |       |-- bin
-    |       |-- gitolite
+    |       |-- gitlab-shell
     |       |-- repositories
 
 
-**/home/gitlab/.ssh**
-  Contains the Gitolite admin key GitLab uses to configure Gitolite.
+**/home/git/.ssh**
 
-**/home/gitlab/gitlab**
+**/home/git/gitlab**
   This is where GitLab lives.
 
-**/home/gitlab/gitlab-satellites**
+**/home/git/gitlab-satellites**
   Contains a copy of all repositories with a working tree.
   It's used for merge requests, editing files, etc.
 
-**/home/git/.ssh**
-  Contains the SSH access configuration managed by Gitolite.
-
-**/home/git/bin**
-  Contains Gitolite executables.
-
-**/home/git/gitolite**
-  This is where Gitolite lives.
-
 **/home/git/repositories**
   Holds all your repositories in bare format.
   This is the place Git uses when you pull/push to your projects.

features/support/env.rb

@@ -9,17 +9,12 @@ require 'spinach/capybara'
 require 'sidekiq/testing/inline'
 
 
-%w(gitolite_stub stubbed_repository valid_commit).each do |f|
+%w(stubbed_repository valid_commit).each do |f|
   require Rails.root.join('spec', 'support', f)
 end
 
 Dir["#{Rails.root}/features/steps/shared/*.rb"].each {|file| require file}
 
-#
-# Stub gitolite
-#
-include GitoliteStub
-
 WebMock.allow_net_connect!
 #
 # JS driver
@@ -49,6 +44,4 @@ Spinach.hooks.before_run do
   RSpec::Mocks::setup self
 
   include FactoryGirl::Syntax::Methods
-
-  stub_gitolite!
 end

lib/api.rb

@@ -20,5 +20,6 @@ module Gitlab
     mount Session
     mount MergeRequests
     mount Notes
+    mount Internal
   end
 end

lib/api/internal.rb

+module Gitlab
+  # Internal access API
+  class Internal < Grape::API
+    namespace 'internal' do
+      #
+      # Check if ssh key has access to project code
+      #
+      get "/allowed" do
+        key = Key.find(params[:key_id])
+        project = Project.find_with_namespace(params[:project])
+        git_cmd = params[:action]
+
+        if key.is_deploy_key
+          project == key.project && git_cmd == 'git-upload-pack'
+        else
+          user = key.user
+          action = case git_cmd
+                   when 'git-upload-pack'
+                     then :download_code
+                   when 'git-receive-pack'
+                     then
+                     if project.protected_branch?(params[:ref])
+                       :push_code_to_protected_branches
+                     else
+                       :push_code
+                     end
+                   end
+
+          user.can?(action, project)
+        end
+      end
+
+      #
+      # Discover user by ssh key
+      #
+      get "/discover" do
+        key = Key.find(params[:key_id])
+        present key.user, with: Entities::User
+      end
+
+      get "/check" do
+        {
+          api_version: '3'
+        }
+      end
+    end
+  end
+end
+

lib/gitlab/backend/gitolite.rb

-require_relative 'gitolite_config'
-
-module Gitlab
-  class Gitolite
-    class AccessDenied < StandardError; end
-
-    def config
-      Gitlab::GitoliteConfig.new
-    end
-
-    # Update gitolite config with new key
-    #
-    # Ex.
-    #   set_key("m_gitlab_com_12343", "sha-rsa ...", [2, 3, 6])
-    #
-    def set_key(key_id, key_content, project_ids)
-      projects = Project.where(id: project_ids)
-
-      config.apply do |config|
-        config.write_key(key_id, key_content)
-        config.update_projects(projects)
-      end
-    end
-
-    # Remove ssh key from gitolite config
-    #
-    # Ex.
-    #   remove_key("m_gitlab_com_12343", [2, 3, 6])
-    #
-    def remove_key(key_id, project_ids)
-      projects = Project.where(id: project_ids)
-
-      config.apply do |config|
-        config.rm_key(key_id)
-        config.update_projects(projects)
-      end
-    end
-
-    # Update project config in gitolite by project id
-    #
-    # Ex.
-    #   update_repository(23)
-    #
-    def update_repository(project_id)
-      project = Project.find(project_id)
-      config.update_project!(project)
-    end
-
-    def move_repository(old_repo, project)
-      config.apply do |config|
-        config.clean_repo(old_repo)
-        config.update_project(project)
-      end
-    end
-
-    # Remove repository from gitolite
-    #
-    # name - project path with namespace
-    #
-    # Ex.
-    #   remove_repository("gitlab/gitlab-ci")
-    #
-    def remove_repository(name)
-      config.destroy_project!(name)
-    end
-
-    # Update projects configs in gitolite by project ids
-    #
-    # Ex.
-    #   update_repositories([1, 4, 6])
-    #
-    def update_repositories(project_ids)
-      projects = Project.where(id: project_ids)
-
-      config.apply do |config|
-        config.update_projects(projects)
-      end
-    end
-
-    def url_to_repo path
-      Gitlab.config.gitolite.ssh_path_prefix + "#{path}.git"
-    end
-
-    def enable_automerge
-      config.admin_all_repo!
-    end
-
-    alias_method :create_repository, :update_repository
-  end
-end

lib/gitlab/backend/gitolite_config.rb

-require 'gitolite'
-require 'timeout'
-require 'fileutils'
-
-module Gitlab
-  class GitoliteConfig
-    include Gitlab::Popen
-
-    class PullError < StandardError; end
-    class PushError < StandardError; end
-    class BrokenGitolite < StandardError; end
-
-    attr_reader :config_tmp_dir, :tmp_dir, :ga_repo, :conf
-
-    def initialize
-      @tmp_dir = Rails.root.join("tmp").to_s
-      @config_tmp_dir = File.join(@tmp_dir,"gitlabhq-gitolite-#{Time.now.to_i}")
-    end
-
-    def ga_repo
-      @ga_repo ||= ::Gitolite::GitoliteAdmin.new(
-        File.join(config_tmp_dir,'gitolite'),
-        conf: Gitlab.config.gitolite.config_file
-      )
-    end
-
-    def apply
-      Timeout::timeout(30) do
-        File.open(File.join(tmp_dir, "gitlabhq-gitolite.lock"), "w+") do |f|
-          begin
-            # Set exclusive lock
-            # to prevent race condition
-            f.flock(File::LOCK_EX)
-
-            # Pull gitolite-admin repo
-            # in tmp dir before do any changes
-            pull
-
-            # Build ga_repo object and @conf
-            # to access gitolite-admin configuration
-            @conf = ga_repo.config
-
-            # Do any changes
-            # in gitolite-admin
-            # config here
-            yield(self)
-
-            # Save changes in
-            # gitolite-admin repo
-            # before push it
-            ga_repo.save
-
-            # Push gitolite-admin repo
-            # to apply all changes
-            push
-          ensure
-            # Remove tmp dir
-            # removing the gitolite folder first is important to avoid
-            # NFS issues.
-            FileUtils.rm_rf(File.join(config_tmp_dir, 'gitolite'))
-
-            # Remove parent tmp dir
-            FileUtils.rm_rf(config_tmp_dir)
-
-            # Unlock so other task can access
-            # gitolite configuration
-            f.flock(File::LOCK_UN)
-          end
-        end
-      end
-    rescue PullError => ex
-      log("Pull error ->  " + ex.message)
-      raise Gitolite::AccessDenied, ex.message
-
-    rescue PushError => ex
-      log("Push error ->  " + " " + ex.message)
-      raise Gitolite::AccessDenied, ex.message
-
-    rescue BrokenGitolite => ex
-      log("Gitolite error ->  " + " " + ex.message)
-      raise Gitolite::AccessDenied, ex.message
-
-    rescue Exception => ex
-      log(ex.class.name + " " + ex.message)
-      raise Gitolite::AccessDenied.new("gitolite timeout")
-    end
-
-    def log message
-      Gitlab::GitLogger.error(message)
-    end
-
-    def path_to_repo(name)
-      File.join(Gitlab.config.gitolite.repos_path, "#{name}.git")
-    end
-
-    def destroy_project(name)
-      full_path = path_to_repo(name)
-      FileUtils.rm_rf(full_path) if File.exists?(full_path)
-      conf.rm_repo(name)
-    end
-
-    def clean_repo repo_name
-      conf.rm_repo(repo_name)
-    end
-
-    def destroy_project!(project)
-      apply do |config|
-        config.destroy_project(project)
-      end
-    end
-
-    def write_key(id, key)
-      File.open(File.join(config_tmp_dir, 'gitolite/keydir',"#{id}.pub"), 'w') do |f|
-        f.write(key.gsub(/\n/,''))
-      end
-    end
-
-    def rm_key(user)
-      key_path = File.join(config_tmp_dir, 'gitolite/keydir', "#{user}.pub")
-      ga_key = ::Gitolite::SSHKey.from_file(key_path)
-      ga_repo.rm_key(ga_key)
-    end
-
-    # update or create
-    def update_project(project)
-      repo = update_project_config(project, conf)
-      conf.add_repo(repo, true)
-    end
-
-    def update_project!( project)
-      apply do |config|
-        config.update_project(project)
-      end
-    end
-
-    # Updates many projects and uses project.path_with_namespace as the repo path
-    # An order of magnitude faster than update_project
-    def update_projects(projects)
-      projects.each do |project|
-        repo = update_project_config(project, conf)
-        conf.add_repo(repo, true)
-      end
-    end
-
-    def update_project_config(project, conf)
-      repo_name = project.path_with_namespace
-
-      repo = if conf.has_repo?(repo_name)
-               conf.get_repo(repo_name)
-             else
-               ::Gitolite::Config::Repo.new(repo_name)
-             end
-
-      name_readers = project.team.repository_readers
-      name_writers = project.team.repository_writers
-      name_masters = project.team.repository_masters
-
-      pr_br = project.protected_branches.map(&:name).join("$ ")
-
-      repo.clean_permissions
-
-      # Deny access to protected branches for writers
-      unless name_writers.blank? || pr_br.blank?
-        repo.add_permission("-", pr_br.strip + "$ ", name_writers)
-      end
-
-      # Add read permissions
-      repo.add_permission("R", "", name_readers) unless name_readers.blank?
-
-      # Add write permissions
-      repo.add_permission("RW+", "", name_writers) unless name_writers.blank?
-      repo.add_permission("RW+", "", name_masters) unless name_masters.blank?
-
-      # Add sharedRepository config
-      repo.set_git_config("core.sharedRepository", "0660")
-
-      repo
-    end
-
-    # Enable access to all repos for gitolite admin.
-    # We use it for accept merge request feature
-    def admin_all_repo
-      owner_name = Gitlab.config.gitolite.admin_key
-
-      # @ALL repos premission for gitolite owner
-      repo_name = "@all"
-      repo = if conf.has_repo?(repo_name)
-               conf.get_repo(repo_name)
-             else
-               ::Gitolite::Config::Repo.new(repo_name)
-             end
-
-      repo.add_permission("RW+", "", owner_name)
-      conf.add_repo(repo, true)
-    end
-
-    def admin_all_repo!
-      apply { |config| config.admin_all_repo }
-    end
-
-    private
-
-    def pull
-      # Create config tmp dir like "RAILS_ROOT/tmp/gitlabhq-gitolite-132545"
-      Dir.mkdir config_tmp_dir
-
-      # Clone gitolite-admin repo into tmp dir
-      popen("git clone #{Gitlab.config.gitolite.admin_uri} #{config_tmp_dir}/gitolite", tmp_dir)
-
-      # Ensure file with config presents after cloning
-      unless File.exists?(File.join(config_tmp_dir, 'gitolite', 'conf', 'gitolite.conf'))
-        raise PullError, "unable to clone gitolite-admin repo"
-      end
-    end
-
-    def push
-      output, status = popen('git add -A', tmp_conf_path)
-      raise "Git add failed." unless status.zero?
-
-      # git commit returns 0 on success, and 1 if there is nothing to commit
-      output, status = popen('git commit -m "GitLab"', tmp_conf_path)
-      raise "Git add failed." unless [0,1].include?(status)
-
-      output, status = popen('git push', tmp_conf_path)
-
-      if output =~ /remote\: FATAL/
-        raise BrokenGitolite, output
-      end
-
-      if status.zero? || output =~ /Everything up\-to\-date/
-        return true
-      else
-        raise PushError, "unable to push gitolite-admin repo"
-      end
-    end
-
-    def tmp_conf_path
-      File.join(config_tmp_dir,'gitolite')
-    end
-  end
-end

lib/gitlab/backend/shell.rb

+module Gitlab
+  class Shell
+    class AccessDenied < StandardError; end
+
+    # Init new repository
+    #
+    # name - project path with namespace
+    #
+    # Ex.
+    #   add_repository("gitlab/gitlab-ci")
+    #
+    def add_repository(name)
+      system("/home/git/gitlab-shell/bin/gitlab-projects add-project #{name}.git")
+    end
+
+    # Remove repository from file system
+    #
+    # name - project path with namespace
+    #
+    # Ex.
+    #   remove_repository("gitlab/gitlab-ci")
+    #
+    def remove_repository(name)
+      system("/home/git/gitlab-shell/bin/gitlab-projects rm-project #{name}.git")
+    end
+
+    # Add new key to gitlab-shell
+    #
+    # Ex.
+    #   add_key("key-42", "sha-rsa ...")
+    #
+    def add_key(key_id, key_content)
+      system("/home/git/gitlab-shell/bin/gitlab-keys add-key #{key_id} \"#{key_content}\"")
+    end
+
+    # Remove ssh key from gitlab shell
+    #
+    # Ex.
+    #   remove_key("key-342", "sha-rsa ...")
+    #
+    def remove_key(key_id, key_content)
+      system("/home/git/gitlab-shell/bin/gitlab-keys rm-key #{key_id} \"#{key_content}\"")
+    end
+
+
+    def url_to_repo path
+      Gitlab.config.gitolite.ssh_path_prefix + "#{path}.git"
+    end
+  end
+end

lib/gitlab/satellite/satellite.rb

@@ -30,10 +30,10 @@ module Gitlab
       end
 
       def create
-        output, status = popen("git clone #{project.url_to_repo} #{path}",
+        output, status = popen("git clone #{project.repository.path_to_repo} #{path}",
                                Gitlab.config.satellites.path)
 
-        log("PID: #{project.id}: git clone #{project.url_to_repo} #{path}")
+        log("PID: #{project.id}: git clone #{project.repository.path_to_repo} #{path}")
         log("PID: #{project.id}: -> #{output}")
 
         if status.zero?

lib/gitolited.rb

@@ -6,6 +6,6 @@
 #
 module Gitolited
   def gitolite
-    Gitlab::Gitolite.new
+    Gitlab::Shell.new
   end
 end

lib/hooks/post-receive

-#!/usr/bin/env bash
-
-# Version 4.1
-# This file was placed here by GitLab. It makes sure that your pushed commits
-# will be processed properly.
-
-while read oldrev newrev ref
-do
-  # For every branch or tag that was pushed, create a Resque job in redis.
-  repo_path=`pwd`
-  env -i redis-cli rpush "resque:gitlab:queue:post_receive" "{\"class\":\"PostReceive\",\"args\":[\"$repo_path\",\"$oldrev\",\"$newrev\",\"$ref\",\"$GL_USER\"]}" > /dev/null 2>&1
-done

lib/support/rewrite-hooks.sh

-#!/bin/bash
-
-src="/home/git/repositories"
-
-for dir in `ls "$src/"`
-do
-  if [ -d "$src/$dir" ]; then
-
-    if [ "$dir" = "gitolite-admin.git" ]
-    then
-      continue 
-    fi
-
-    if [[ "$dir" =~ ^.*.git$ ]]
-    then
-      project_hook="$src/$dir/hooks/post-receive"
-      gitolite_hook="/home/git/.gitolite/hooks/common/post-receive"
-
-      ln -s -f $gitolite_hook $project_hook
-    else
-      for subdir in `ls "$src/$dir/"`
-      do
-        if [ -d "$src/$dir/$subdir" ] && [[ "$subdir" =~ ^.*.git$ ]]; then
-          project_hook="$src/$dir/$subdir/hooks/post-receive"
-          gitolite_hook="/home/git/.gitolite/hooks/common/post-receive"
-
-          ln -s -f $gitolite_hook $project_hook
-        fi
-      done
-    fi
-  fi
-done

lib/support/truncate_repositories.sh

-#!/bin/bash
-
-echo "Danger!!! Data Loss"
-while true; do
-  read -p "Do you wish to all directories except gitolite-admin.git from /home/git/repositories/ (y/n) ?:  " yn
-  case $yn in
-    [Yy]* ) sh -c "find /home/git/repositories/. -maxdepth 1  -not -name 'gitolite-admin.git' -not -name '.' | xargs sudo rm -rf"; break;;
-    [Nn]* ) exit;;
-    * ) echo "Please answer yes or no.";;
-  esac
-done

lib/tasks/gitlab/enable_automerge.rake

@@ -3,11 +3,6 @@ namespace :gitlab do
   task :enable_automerge => :environment do
     warn_user_is_not_gitlab
 
-    puts "Updating repo permissions ..."
-    Gitlab::Gitolite.new.enable_automerge
-    puts "... #{"done".green}"
-    puts ""
-
     print "Creating satellites for ..."
     unless Project.count > 0
       puts "skipping, because you have no projects".magenta

lib/tasks/gitlab/shell.rake

+namespace :gitlab do
+  namespace :shell do
+    desc "GITLAB | Setup gitlab-shell"
+    task :setup => :environment do
+      setup
+    end
+  end
+
+  def setup
+    warn_user_is_not_gitlab
+
+    puts "This will rebuild an authorized_keys file."
+    puts "You will lose any data stored in /home/git/.ssh/authorized_keys."
+    ask_to_continue
+    puts ""
+
+    system("echo '# Managed by gitlab-shell' > /home/git/.ssh/authorized_keys")
+
+    Key.find_each(:batch_size => 1000) do |key|
+      if Gitlab::Shell.new.add_key(key.shell_id, key.key)
+        print '.'
+      else
+        print 'F'
+      end
+    end
+
+  rescue Gitlab::TaskAbortedByUserError
+    puts "Quitting...".red
+    exit 1
+  end
+end
+

spec/lib/gitolite_config_spec.rb

-require 'spec_helper'
-
-describe Gitlab::GitoliteConfig do
-  let(:gitolite) { Gitlab::GitoliteConfig.new }
-
-  it { should respond_to :write_key }
-  it { should respond_to :rm_key }
-  it { should respond_to :update_project }
-  it { should respond_to :update_project! }
-  it { should respond_to :update_projects }
-  it { should respond_to :destroy_project }
-  it { should respond_to :destroy_project! }
-  it { should respond_to :apply }
-  it { should respond_to :admin_all_repo }
-  it { should respond_to :admin_all_repo! }
-end

spec/lib/gitolite_spec.rb → spec/lib/shell_spec.rb

 require 'spec_helper'
 
-describe Gitlab::Gitolite do
+describe Gitlab::Shell do
   let(:project) { double('Project', id: 7, path: 'diaspora') }
-  let(:gitolite_config) { double('Gitlab::GitoliteConfig') }
-  let(:gitolite) { Gitlab::Gitolite.new }
+  let(:gitolite) { Gitlab::Shell.new }
 
   before do
-    gitolite.stub(config: gitolite_config)
     Project.stub(find: project)
   end
 
-  it { should respond_to :set_key }
+  it { should respond_to :add_key }
   it { should respond_to :remove_key }
-
-  it { should respond_to :update_repository }
-  it { should respond_to :create_repository }
+  it { should respond_to :add_repository }
   it { should respond_to :remove_repository }
 
   it { gitolite.url_to_repo('diaspora').should == Gitlab.config.gitolite.ssh_path_prefix + "diaspora.git" }
-
-  it "should call config update" do
-    gitolite_config.should_receive(:update_project!)
-    gitolite.update_repository(project.id)
-  end
 end

spec/models/key_spec.rb

@@ -46,9 +46,9 @@ describe Key do
         key.should_not be_valid
       end
 
-      it "does accept the same key for another project" do
+      it "does not accept the same key for another project" do
         key = build(:key, project_id: 0)
-        key.should be_valid
+        key.should_not be_valid
       end
     end
 

spec/models/project_spec.rb

@@ -77,8 +77,6 @@ describe Project do
     it { should respond_to(:url_to_repo) }
     it { should respond_to(:repo_exists?) }
     it { should respond_to(:satellite) }
-    it { should respond_to(:update_repository) }
-    it { should respond_to(:destroy_repository) }
     it { should respond_to(:observe_push) }
     it { should respond_to(:update_merge_requests) }
     it { should respond_to(:execute_hooks) }

spec/models/protected_branch_spec.rb

@@ -24,19 +24,4 @@ describe ProtectedBranch do
     it { should validate_presence_of(:project) }
     it { should validate_presence_of(:name) }
   end
-
-  describe 'Callbacks' do
-    let(:branch) { build(:protected_branch) }
-
-    it 'call update_repository after save' do
-      branch.should_receive(:update_repository)
-      branch.save
-    end
-
-    it 'call update_repository after destroy' do
-      branch.save
-      branch.should_receive(:update_repository)
-      branch.destroy
-    end
-  end
 end

spec/observers/key_observer_spec.rb

@@ -3,7 +3,7 @@ require 'spec_helper'
 describe KeyObserver do
   before do
     @key = double('Key',
-      identifier: 'admin_654654',
+      shell_id: 'key-32',
       key: '== a vaild ssh key',
       projects: [],
       is_deploy_key: false
@@ -14,14 +14,14 @@ describe KeyObserver do
 
   context :after_save do
     it do
-      GitoliteWorker.should_receive(:perform_async).with(:set_key, @key.identifier, @key.key, @key.projects.map(&:id))
+      GitoliteWorker.should_receive(:perform_async).with(:add_key, @key.shell_id, @key.key)
       @observer.after_save(@key)
     end
   end
 
   context :after_destroy do
     it do
-      GitoliteWorker.should_receive(:perform_async).with(:remove_key, @key.identifier, @key.projects.map(&:id))
+      GitoliteWorker.should_receive(:perform_async).with(:remove_key, @key.shell_id, @key.key)
       @observer.after_destroy(@key)
     end
   end

spec/spec_helper.rb

@@ -24,7 +24,6 @@ RSpec.configure do |config|
   config.mock_with :rspec
 
   config.include LoginHelpers, type: :request
-  config.include GitoliteStub
   config.include FactoryGirl::Syntax::Methods
   config.include Devise::TestHelpers, type: :controller
 
@@ -34,8 +33,6 @@ RSpec.configure do |config|
   config.use_transactional_fixtures = false
 
   config.before do
-    stub_gitolite!
-
     # Use tmp dir for FS manipulations
     temp_repos_path = Rails.root.join('tmp', 'test-git-base-path')
     Gitlab.config.gitolite.stub(repos_path: temp_repos_path)

spec/support/gitolite_stub.rb

-module GitoliteStub
-  def stub_gitolite!
-    stub_gitlab_gitolite
-    stub_gitolite_admin
-  end
-
-  def stub_gitolite_admin
-    gitolite_admin = double('Gitolite::GitoliteAdmin')
-    gitolite_admin.as_null_object
-
-    Gitolite::GitoliteAdmin.stub(new: gitolite_admin)
-  end
-
-  def stub_gitlab_gitolite
-    gitolite_config = double('Gitlab::GitoliteConfig')
-    gitolite_config.stub(apply: ->() { yield(self) })
-    gitolite_config.as_null_object
-
-    Gitlab::GitoliteConfig.stub(new: gitolite_config)
-  end
-end

spec/support/stubbed_repository.rb

 require "repository"
 require "project"
+require "shell"
 
 # Stubs out all Git repository access done by models so that specs can run
 # against fake repositories without Grit complaining that they don't exist.
@@ -36,3 +37,23 @@ class GitLabTestRepo < Repository
     @repo ||= Grit::Repo.new(Rails.root.join('tmp', 'repositories', 'gitlabhq'))
   end
 end
+
+module Gitlab
+  class Shell
+    def add_repository name
+      true
+    end
+
+    def remove_repository name
+      true
+    end
+
+    def add_key id, key
+      true
+    end
+
+    def remove_key id, key
+      true
+    end
+  end
+end

spec/workers/post_receive_spec.rb

@@ -11,7 +11,7 @@ describe PostReceive do
   context "web hook" do
     let(:project) { create(:project) }
     let(:key) { create(:key, user: project.owner) }
-    let(:key_id) { key.identifier }
+    let(:key_id) { key.shell_id }
 
     it "fetches the correct project" do
       Project.should_receive(:find_with_namespace).with(project.path_with_namespace).and_return(project)
@@ -19,7 +19,7 @@ describe PostReceive do
     end
 
     it "does not run if the author is not in the project" do
-      Key.stub(find_by_identifier: nil)
+      Key.stub(find_by_id: nil)
 
       project.should_not_receive(:observe_push)
       project.should_not_receive(:execute_hooks)